Today we are releasing the versions 8.8.5, 8.7.7, 8.6.9, 8.5.13, 8.4.11, 8.3.10 and 8.2.6 for GitLab Community Edition (CE) and Enterprise Edition (EE).
These versions contain a number of security fixes, and we recommend that all GitLab installations be upgraded to one of these versions.
Please read on for more details.
8.8.5 includes the following fixes:
In addition, 8.8.5, 8.7.7, 8.6.9, 8.5.13, 8.4.11, 8.3.10 and 8.2.6 include the following security fixes:
It was possible for users to view build traces, possibly exposing sensitive information to other users. See the issue for more details.
Thanks to Madhu Akula for responsibly disclosing this issue to us.
Notes in confidential issues could be viewed in JSON form by unauthorized users. See the issue for more details.
This version does not include any migrations, and should not require any downtime.
Please be aware that by default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. This behavior can be changed by adding a
To update, check out our update page.
Interested in GitLab Enterprise Edition? Check out the features exclusive to EE.
Access to GitLab Enterprise Edition is included with a subscription. No time to upgrade GitLab yourself? Subscribers receive upgrade and installation services.