GitLab 8.4.4 Released

Feb 10, 2016

Today we are releasing version 8.4.4 for GitLab Community Edition (CE) and Enterprise Edition (EE).

This version includes more fixes for Elasticsearch, a re-introduction of the "Send email to users" administration link that was mistakenly removed, and addresses one potential security issue concerning public CI build logs.

Read on for all the details!

Possible information leak via GitLab CI logs

In GitLab 8.3, we made CI build logs share the visibility level of their parent project for the sake of simplicity. However, we failed to properly document this change and some users may have been surprised by previously-hidden build logs suddenly becoming visible, possibly exposing sensitive information such as environment variables.

We've addressed this in 8.4.4 by adding a project-level setting to allow anyone (including guests) to access the build logs for a public or internal project. This setting is enabled by default but can be disabled for additional security. Build logs in private projects will still be visible only to members of that project.

Elasticsearch Snippet indexing

If you enabled Elasticsearch indexing prior to this version, Snippets added since that time may not be properly indexed.

To ensure those Snippets are properly indexed, run one of the following commands:

# For Omnibus installations
sudo gitlab-rails runner "Snippet.import"

# For source installations
cd /home/git/gitlab && sudo -u git -H bundle exec rails runner "Snippet.import"

ruby-saml update

This release includes an update to the omniauth-saml gem (which itself includes an update to the ruby-saml gem) in order to properly allow SAML responses that did not include an X.509 certificate in the response body; it now properly fetches the certificate indicated in the settings and uses that one to validate the response.

Upgrade barometer

This release includes one minor database migration which can be run without causing any downtime.

Please be aware that by default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. This behavior can be changed by adding a /etc/gitlab/skip-auto-migrations file.

Updating

To update, check out our update page.

Enterprise Edition

Interested in GitLab Enterprise Edition? Check out the features exclusive to EE.

Access to GitLab Enterprise Edition is included with a subscription. No time to upgrade GitLab yourself? Subscribers receive upgrade and installation services.


Install GitLab on your own server in 2 minutes

Browse all posts

For the latest and most detailed news follow @gitlab on Twitter. Future blog posts suggestions.