Oct 30, 2014 - Valery Sizov

GitLab 7.4.3 Security Release

Today we released GitLab Community Edition 7.4.3 and GitLab Enterprise Edition 7.4.3. This is a security release which fixes a groups API vulnerability. Snippet raw view and buildbox integration are fixed with this release as well.

Update 2014-11-03 10:02 CEST: The groups API vulnerability has been assigned the CVE identifier CVE-2014-8540.

Affected versions

The groups API vulnerability affects GitLab 6.0 and up.

Impact

The vulnerability patched by this release allows a guest user to delete the owner of a group and to assign any other member as owner through the groups API.

Upgrading

Omnibus-gitlab packages for GitLab 7.4.3 are now available. To upgrade an installation from source please use the upgrader or the patch update guide.

Install GitLab in 2 minutes

With Ubuntu, Debian, CentOS, openSUSE, and Raspbian packages or from source

Install GitLab Now

Try GitLab Enterprise Edition risk-free for 30 days.

No credit card required. Have questions? Contact us.