FYI, fix has been backported, and released in 16.0.2: GitLab Security Release: 16.0.2, 15.11.7, and 15.10.8 | GitLab