GitLab 8.11.7, 8.10.10 and 8.9.10 released

Sep 21, 2016

Today we are releasing versions 8.11.7, 8.10.10 and 8.9.10 for GitLab Community Edition (CE) and Enterprise Edition (EE).

Version 8.11.7 contains a security fix for GitLab, plus fixes for minor regressions. Version 8.10.10 and 8.9.10 only contain the security fix.

Please read on for more details.

Information disclosure through gon.private_token JavaScript variable

The private user token was available through the gon.private_token JavaScript variable, leading to a potential security risk since it could be stolen through XSS or other attacks. See the issue for more information.

Upgrade barometer

This version has no migrations and should not require any downtime.

Please be aware that by default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. This behavior can be changed by adding a /etc/gitlab/skip-auto-migrations file.


To update, check out our update page.

Sign up for security notices

Want to be alerted to new security patches as soon as they're available? Sign up for our Security Newsletter.

Enterprise Edition

Interested in GitLab Enterprise Edition? Check out the features exclusive to EE.

Access to GitLab Enterprise Edition is included with a subscription. No time to upgrade GitLab yourself? Subscribers receive upgrade and installation services.

Install GitLab on your own server in 2 minutes

Browse all posts

For the latest and most detailed news follow @gitlab on Twitter. Future blog posts suggestions.