Jun 12, 2015 - Jacob Vosmaer

Did you install GitLab from source? Check your Git version

Although the preferred way to install GitLab is to use our omnibus packages, you can also install GitLab Community Edition or Enterprise Edition 'from source'. If you used this installation method, and if you compiled Git from source in the process then please check whether your Git version defends against Git vulnerability CVE-2014-9390. This issue does not apply to our Omnibus packages (DEB or RPM).

Although GitLab itself is not affected by CVE-2014-9390, a GitLab server may be used to deliver 'poisoned' Git repositories to users on vulnerable systems. Upgrading Git on your GitLab server stops users from pushing poisoned repositories to your GitLab server.

Due to an oversight, the guide for installing GitLab from source still contained instructions telling administrators to install Git 2.1.2 if the version of Git provided by their Linux distribution was too old. Git 2.1.2 does not defend against CVE-2014-9390.

If your GitLab server uses /usr/local/bin/git please check your Git version using the instructions in this upgrade guide.

For the latest and most detailed news follow @gitlab on Twitter. Future blog posts suggestions.

Install GitLab in 2 minutes

With Ubuntu, Debian, CentOS and Raspbian packages or from source

Install GitLab Now

Try GitLab Enterprise Edition risk-free for 30 days.

No credit card required. Have questions? Contact us.