GitLab 12-2-stable is missing Gitaly security fixes
Two Gitaly security fixes were released via https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/, although they are not mentioned in the blog post.
- https://gitlab.com/gitlab-org/gitlab-ce/issues/60471 ~P3 ~S3
- https://gitlab.com/gitlab-org/gitlab-ce/issues/42616 ~P3 ~S3
We forgot to merge both of the Gitaly merge requests for master, and we since released Gitaly 1.59.0 which does not include these fixes. GitLab 12-2-stable contains Gitaly 1.59.0, meaning it does not have the fixes.
Dev.gitlab.org security issue: https://dev.gitlab.org/gitlab/gitlabhq/issues/2907
Edited by Jacob Vosmaer