Upcoming critical Gitlab security issue
9 points by nerdbaggy 1 year ago | 3 commentsI just got the following email. Security vulnerabilities have never been communicated like this before.
GitLab Security is writing to you to provide advanced notice of an upcoming critical security release scheduled for January 11, 2024. We highly recommend your team is prepared to immediately deploy the security upgrade to all affected self-hosted GitLab instances when the security release is available.
Please monitor the GitLab release page for security release details and upgrade instructions.
Affected GitLab versions:
16.1.0 - 16.5.4 16.6.0 - 16.6.2 16.7.0 Thank you,
The GitLab Security team
- nerdbaggy 1 year ago
- mdaniel 1 year agoThe tags are up for it, but no blog post yet: https://gitlab.com/gitlab-org/gitlab/-/tagshttps://about.gitlab.com/security-releases.xml
https://gitlab.com/gitlab-org/gitlab/-/blob/v16.7.2-ee/CHANG... seems to be the tl;dr although strangely I don't see a v16.7.1-ee tag
- nerdbaggy 1 year agoOhh yup. Looking at the merge it allows people to reset other users passwords.
I was also able update my instance.
- nerdbaggy 1 year ago