GitLab Announces Critical Security Releases
GitLab has announced the release of versions 16.7.2, 16.6.4, and 16.5.6 for GitLab Community Edition (CE) and Enterprise Edition (EE), which contain important security fixes, says Greg Myers in a recent blog post. The vulnerabilities addressed include a critical one that could allow account takeover via password reset without user interactions.
“We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible,” the announcement states. GitLab.com has already been updated.
The blog post also outlines the following steps to take if you believe your GitLab instance has been compromised:
- Apply the Critical Security Release to your GitLab instance.
- Enable Two-Factor Authentication (2FA) for all GitLab accounts.
- Rotate all secrets stored in GitLab.
- Follow the steps in GitLab’s incident response guide.
01/18/2024