I just got the following email. Security vulnerabilities have never been communicated like this before.<p>GitLab Security is writing to you to provide advanced notice of an upcoming critical security release scheduled for January 11, 2024. We highly recommend your team is prepared to immediately deploy the security upgrade to all affected self-hosted GitLab instances when the security release is available.<p>Please monitor the GitLab release page for security release details and upgrade instructions.<p>Affected GitLab versions:<p>16.1.0 - 16.5.4
16.6.0 - 16.6.2
16.7.0
Thank you,<p>The GitLab Security team
Blog post <a href="https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/" rel="nofollow">https://about.gitlab.com/releases/2024/01/11/critical-securi...</a>
The tags are up for it, but no blog post yet: <a href="https://gitlab.com/gitlab-org/gitlab/-/tags" rel="nofollow">https://gitlab.com/gitlab-org/gitlab/-/tags</a> <a href="https://about.gitlab.com/security-releases.xml" rel="nofollow">https://about.gitlab.com/security-releases.xml</a><p><a href="https://gitlab.com/gitlab-org/gitlab/-/blob/v16.7.2-ee/CHANGELOG.md?plain=1#L15-26" rel="nofollow">https://gitlab.com/gitlab-org/gitlab/-/blob/v16.7.2-ee/CHANG...</a> seems to be the tl;dr although strangely I don't see a v16.7.1-ee tag