People in every field can relate to the feeling of carefully moving down your checklist, triple-checking your work, and confidently sending that email, or posting that tweet, or merging those changes, only to at some later interval experience unmistakable stomach-sinking at some surprise snafu. That’s why we identify areas with potential for human error and build in review cycles with hopefully explicit steps and goals — like code reviews! So what about when you follow all of those steps and you’re still rudely greeted by code full of bugs, or a flood of user complaints?
Surprise is harder to achieve when you do everything in the open. But working in the open gives us the power to tell you why we're shipping what we're releasing today and how this release is setting up GitLab for something even better in the future.
Today we are releasing versions 9.3.8, 9.2.8, 9.1.8, 9.0.11, and 8.17.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).
These versions contain several security fixes, including an important security fixes for two authorization bypass vulnerabilities (post-authentication), protection against denial-of-service attacks in regular expressions, important security patches for Mattermost, and protections for exporting issues to Microsoft Excel via CSV files. We strongly recommend that all affected GitLab installations be upgraded to one of these versions immediately.
Please read on for more details.
It’s a well-known fact: GitHub has the market share when it comes to Git hosting, with Bitbucket following close behind due to their “unlimited private repositories” policy. But what if I told you that those weren’t your only options?
In 2015 the Unix operations team at the Province of Nova Scotia decided to implement GitLab for source control and Continuous Integration and Continuous Deployment. This was the beginning of our foray into DevOps practices. This article describes our automated testing, integration and release of Puppet code.
On Wednesday, July 19th, 2017 at 23:59 UTC, we will publish a critical GitLab security update. More details will be forthcoming on our blog, including which versions of GitLab are affected.
We recommend installations running affected versions to upgrade immediately. Please forward this alert to the appropriate people at your organization and have them subscribe to Security Notices.
At Trek10, we always try to consider the need for automation and repeatability with everything that we do. That’s why we focus on using tools like CloudFormation, Serverless, and CI, as well as building other tools. Recently, I was tasked with doing various maintenance tasks on a number of internal tools/projects. Some needed upgrades from Node.js 0.10, some needed code fixes, and most needed CI. Today, we’re just going to focus on the CI part.