Back to company
Aug 19, 2014 - Jacob Vosmaer

GitLab not affected by Rails vulnerability CVE-2014-3514

Ruby on Rails released a security advisory for parameter injection vulnerability CVE-2014-3514. GitLab is not affected.

Yesterday the developers of Ruby on Rails released a security advisory for parameter injection vulnerability CVE-2014-3514. GitLab is not affected by this vulnerability.

Background

CVE-2014-3514 affects applications which pass unsanitized user input to the ActiveRecord create_with method. GitLab 7.1 nor its dependencies use create_with. GitLab 7.2 (to be released) does use create_with in two locations, but neither of those two call sites passes user input to the method.

We would like to thank Robert Schilling and Jeroen van Baarsen of the GitLab core team for their assistance in investigating this issue.

Please contact us at support@gitlab.com if you have any questions about this issue.

More Posts Like This:

We're working to empower Minorities in Tech with a new employee resource group

People of color are more likely than any other group to voluntarily leave their jobs in tech. Employee resource groups, mentorship opportunities, and allyship can create a more inclusive workplace.

Learn more

How diversity, inclusion, and belonging looks in the tech industry

The tech industry is predominantly white and male, which has historically made it challenging for underrepresented minorities to gain a foothold in leadership.

Learn more

Our journey to a more diverse and inclusive workplace

GitLab is taking action to create a more equitable and representative workplace for underrepresented groups.

Learn more

How GitLab boosts collaboration through visibility, accountability, and measurement

Find out how we’re tackling new enterprise challenges like DevOps at scale, collaboration and performance monitoring in our “best release ever.”

Learn more

GitLab 8.7 Release Webcast Recording and Slides

GitLab 8.7 Release Webcast Recording and Slides for GitLab Community Edition (CE) and Enterprise Edition (EE)

Learn more

Join us for a Tour of GitLab 8.5

Join us for a Tour of GitLab 8.5 for GitLab Community Edition (CE) and Enterprise Edition (EE)

Learn more

Try all GitLab features - free for 30 days

GitLab is more than just source code management or CI/CD. It is a full software development lifecycle & DevOps tool in a single application.

Try GitLab Free
Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license
View page source — Edit in Web IDE — please contribute. Creative Commons License

Try GitLab risk-free for 30 days.

No credit card required. Have questions? Contact us.

Get Your Free Trial Today
Gitlab x icon svg