FreeBSD: VID-33557582-3958-11ec-90ba-001b217b3468 (CVE-2021-39909): Gitlab -- Multiple Vulnerabilities

Gitlab reports: Stored XSS via ipynb files Pipeline schedules on imported projects can be set to automatically active after import Potential Denial of service via Workhorse Improper Access Control allows Merge Request creator to bypass locked status Projects API discloses ID and name of private groups Severity of an incident can be changed by a guest user System root password accidentally written to log file Potential DoS via a malformed TIFF image Bypass of CODEOWNERS Merge Request approval requirement Change project visibility to a restricted option Project exports leak external webhook token value SCIM token is visible after creation Invited group members, with access inherited from parent group, continue to have project access even after invited subgroup is transfered Regular expression denial of service issue when cleaning namespace path Prevent creation of scopeless apps using applications API Webhook data exposes assignee's private email address