Admin message
Hello,
We’ve upgraded GitLab to v18.5.2 (from v18.4.2) as of Friday evening. This is a critical patch release. It includes a number of important security fixes, including:
Fix for a cross-site scripting issue in the Kubernetes proxy, Authorization vulnerability in workflows / Duo flows , Information disclosure via GraphQL subscriptions, Access control fixes for branch names and GitLab Pages , Removal of DoS risks in markdown rendering
There are also multiple bug fixes and dependency updates (OpenSSL, Rack, Redis, etc.) to improve stability.
Please monitor for any regressions or unusual behavior, especially around CI/CD, merge requests, Duo workflows, or user access.
If you spot any issues, report them to the #sysadmin Slack channel as usual.
Thanks & best regards,
— 20251117/sk
