GitLab Announces Critical Security Releases

By

All affected instances should be upgraded as soon as possible.

GitLab has announced the release of versions 16.7.2, 16.6.4, and 16.5.6 for GitLab Community Edition (CE) and Enterprise Edition (EE), which contain important security fixes, says Greg Myers in a recent blog post. The vulnerabilities addressed include a critical one that could allow account takeover via password reset without user interactions.

“We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible,” the announcement states. GitLab.com has already been updated.

The blog post also outlines the following steps to take if you believe your GitLab instance has been compromised:

  1. Apply the Critical Security Release to your GitLab instance.
  2. Enable Two-Factor Authentication (2FA) for all GitLab accounts.
  3. Rotate all secrets stored in GitLab.
  4. Follow the steps in GitLab’s incident response guide.

 
 
 

 
 
 

01/18/2024

Related content

  • GitLab 12.3 Brings More Security to DevOps Engineers
  • Continuous integration with Docker and GitLab
    GitLab provides the perfect environment for generating Docker containers that can help you operate critical infrastructure reliably and reproducibly.
  • News for Admins
    In the news: CIQ Offers Long-Term Support for Rocky Linux on AWS; Apple's PQ3 Brings Post-Quantum Security to iMessage; Google Open Sources Magika File-Type Detection System; Microsoft Announces Sudo for Windows; Linux Foundation Launches Post-Quantum Cryptography Alliance; Sys Admins Saw the Biggest Average Salary Increase in 2023, According to Dice; Use of Open Source Software Increased Significantly in 2023; Docker Build Cloud Announced; Wi-Fi CERTIFIED 7 Announced; EU Commissions Nostradamus Project for Quantum Testing; and NIST Identifies Main Types of Adversarial Machine Learning Threats, GitLab Announces Critical Security Releases.
  • Automatic build and deploy with OpenShift and GitLab CI
    OpenShift and GitLab CI/CD can build and deploy your apps automatically, so you can stay focused on writing code.
  • GitLab for DevOps teams
    We show you how one company uses GitLab CI as a platform for continuous integration and deployment processes.
comments powered by Disqus