FreeBSD: VID-8657eedd-b423-11ec-9559-001b217b3468 (CVE-2022-1190): Gitlab -- multiple vulnerabilities

Gitlab reports: Static passwords inadvertently set during OmniAuth-based registration Stored XSS in notes Stored XSS on Multi-word milestone reference Denial of service caused by a specially crafted RDoc file GitLab Pages access tokens can be reused on multiple domains GitLab Pages uses default (disabled) server Timeouts and a weak TCP Keep-Alive timeout Incorrect include in pipeline definition exposes masked CI variables in UI Regular expression denial of service in release asset link Latest Commit details from private projects leaked to guest users via Merge Requests CI/CD analytics are available even when public pipelines are disabled Absence of limit for the number of tags that can be added to a runner can cause performance issues Client DoS through rendering crafted comments Blind SSRF Through Repository Mirroring Bypass of branch restriction in Asana integration Readable approval rules by Guest user Redact InvalidURIError error messages Project import maps members' created_by_id users based on source user ID