GitLab Commit Virtual is here. Register Now for our 24 hour immersive DevOps experience.
Oct 31, 2014 - Jacob Vosmaer

GitLab not affected by Rails vulnerability CVE-2014-7818

Back to company

Yesterday the developers of Ruby on Rails released a security advisory for file existence disclosure vulnerability CVE-2014-7818. GitLab is not affected by this vulnerability.

Background

CVE-2014-7818 affects Rails applications which have the config.serve_static_assets = true setting. GitLab is shipped with config.serve_static_assets set to false in config/environments/production.rb because it lets NGINX (or Apache) serve static files.

Please contact us at support@gitlab.com if you have any questions about this issue.

More Posts Like This:

How we manage IT Alerts in GitLab

by Sarah Waldner

Triaging alerts just got easier with GitLab because you can investigate and remediate outages in a single tool.

Learn more

GitLab named a Visionary in 2020 Gartner Magic Quadrant for Enterprise Agile Planning Tools

by Cormac Foster

For the second consecutive year, Gartner validates our product vision.

Learn more

How recent acquisitions introduce fuzz testing to GitLab

by Sam Kerr

Learn more about fuzz testing and GitLab's recent acquisitions in the space.

Learn more

Try all GitLab features - free for 30 days

GitLab is more than just source code management or CI/CD. It is a full software development lifecycle & DevOps tool in a single application.

Try GitLab for Free
GIT is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license
Edit this page — open Web IDE — please contribute. Creative Commons License

Try GitLab risk-free for 30 days.

No credit card required. Have questions? Contact us.

Get Your Free Trial Today
Gitlab x icon svg