Aug 19, 2016 - Robert Speicher

GitLab 8.10.7, 8.9.8, and 8.8.9 released

Today we are releasing versions 8.10.7, 8.9.8, and 8.8.9 for GitLab Community Edition (CE) and Enterprise Edition (EE).

These versions include a security fix in two GitLab dependencies and are a recommended upgrade for all installations.

Please read on for more details.

  • CE/EE: Upgrade Doorkeeper to 4.2.0. (!5881)
  • CE/EE: Upgrade Hamlit to 2.6.1. (!5873)

Upgrade Doorkeeper to 4.2.0

Doorkeeper 4.2.0 was recently released to address CVE-2016-6582 and we've updated the gem accordingly.

Upgrade Hamlit to 2.6.1

The Hamlit library was vulnerable to the same CVE-2016-6316 issue that recently prompted an update for Rails. See the issue for more details.

GitLab versions prior to 8.10 are not using Hamlit and do not require this fix.

We'd like to thank Dylan Katz for responsibly disclosing this issue to us, and to Hamlit author Takashi Kokubun for quickly releasing a fix after we traced the cause back to the gem.

Upgrade barometer

These versions do not include any migrations, and should not require any downtime.

Please be aware that by default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. This behavior can be changed by adding a /etc/gitlab/skip-auto-migrations file.

Updating

To update, check out our update page.

Sign up for security notices

Want to be alerted to new security patches as soon as they're available? Sign up for our Security Newsletter.

Enterprise Edition

Interested in GitLab Enterprise Edition? Check out the features exclusive to EE.

Access to GitLab Enterprise Edition is included with a subscription. No time to upgrade GitLab yourself? Subscribers receive upgrade and installation services.

For the latest and most detailed news follow @gitlab on Twitter. Future blog posts suggestions.

Install GitLab in 2 minutes

With Ubuntu, Debian, CentOS and Raspbian packages or from source

Install GitLab Now

Try GitLab Enterprise Edition risk-free for 30 days.

No credit card required. Have questions? Contact us.