GitLab 7.4.3 Security Release

Valery Sizov
Oct 30, 2014

Today we released GitLab Community Edition 7.4.3 and GitLab Enterprise Edition 7.4.3. This is a security release which fixes a groups API vulnerability. Snippet raw view and buildbox integration are fixed with this release as well.

Update 2014-11-03 10:02 CEST: The groups API vulnerability has been assigned the CVE identifier CVE-2014-8540.

Affected versions

The groups API vulnerability affects GitLab 6.0 and up.


The vulnerability patched by this release allows a guest user to delete the owner of a group and to assign any other member as owner through the groups API.


Omnibus-gitlab packages for GitLab 7.4.3 are now available. To upgrade an installation from source please use the upgrader or the patch update guide.

Install GitLab on your own server in 2 minutes

Browse all posts

For the latest and most detailed news follow @gitlab on Twitter. Future blog posts suggestions.