GitLab 8.12.4 released

Oct 5, 2016

Today we are releasing version 8.12.4 for GitLab Community Edition (CE) and Enterprise Edition (EE).

This version contains two security fixes for GitLab, plus fixes for minor regressions and bugs in the recent 8.12 release.

Please read on for more details.

Further improvements for security of Import/Export projects.

Prevented access to foreign entities using the Import/Export functionality. This could be achieved altering the foreign key IDs in the project JSON of an exported GitLab project file. The foreign keys are now always being ignored at the time of importing a project. See #20821 for more information.

Exported projects were world-readable in the filesystem

Exported projects are no longer world-readable in the GitLab server filesystem as permissions are set to owner access only. See #22757 for more information.

Upgrade barometer

This version has no migrations and should not require any downtime.

Please be aware that by default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. This behavior can be changed by adding a /etc/gitlab/skip-auto-migrations file.


To update, check out our update page.

Enterprise Edition

Interested in GitLab Enterprise Edition? Check out the features exclusive to EE.

Access to GitLab Enterprise Edition is included with a subscription. No time to upgrade GitLab yourself? Subscribers receive upgrade and installation services.

Install GitLab on your own server in 2 minutes

Browse all posts

For the latest and most detailed news follow @gitlab on Twitter. Future blog posts suggestions.