FreeBSD: VID-b299417a-5725-11ec-a587-001b217b3468 (CVE-2021-39936): Gitlab -- Multiple Vulnerabilities

Gitlab reports: Group members with developer role can escalate their privilege to maintainer on projects that they import When user registration is limited, external users that aren't developers shouldn't have access to the CI Lint API Collision in access memoization leads to potential elevated privileges on groups and projects Project access token names are returned for unauthenticated requesters Sensitive info disclosure in logs Disclosure of a user's custom project and group templates ReDoS in Maven package version Potential denial of service via the Diff feature Regular Expression Denial of Service via user comments Service desk email accessible by any project member Regular Expression Denial of Service via quick actions IDOR in "external status check" API leaks data about any status check on the instance Default branch name visible in public projects restricting access to the source code repository Deploy token allows access to disabled project Wiki Regular Expression Denial of Service via deploy Slash commands Users can reply to Vulnerability Report discussions despite Only Project Members settings Unauthorised deletion of protected branches Author can approve Merge Request after having access revoked HTML Injection via Swagger UI