Gitlab -- Multiple Vulnerabilities

Gitlab reports:

Stealing GitLab OAuth access tokens using XSLeaks in Safari
Denial of service through recursive triggered pipelines
Unauthenticated CI lint API may lead to information disclosure and SSRF
Server-side DoS through rendering crafted Markdown documents
Issue and merge request length limit is not being enforced
Insufficient Expired Password Validation
XSS in blob viewer of notebooks
Logging of Sensitive Information
On-call rotation information exposed when removing a member
Spoofing commit author for signed commits
Enable qsh verification for Atlassian Connect