Although the preferred way to install GitLab is to use our omnibus packages, you can also install GitLab Community Edition or Enterprise Edition 'from source'. If you used this installation method, and if you compiled Git from source in the process then please check whether your Git version defends against Git vulnerability CVE-2014-9390. This issue does not apply to our Omnibus packages (DEB or RPM).

Although GitLab itself is not affected by CVE-2014-9390, a GitLab server may be used to deliver 'poisoned' Git repositories to users on vulnerable systems. Upgrading Git on your GitLab server stops users from pushing poisoned repositories to your GitLab server.

Due to an oversight, the guide for installing GitLab from source still contained instructions telling administrators to install Git 2.1.2 if the version of Git provided by their Linux distribution was too old. Git 2.1.2 does not defend against CVE-2014-9390.

If your GitLab server uses /usr/local/bin/git please check your Git version using the instructions in this upgrade guide.

Try all GitLab features - free for 30 days

GitLab is more than just source code management or CI/CD. It is a full software development lifecycle & DevOps tool in a single application.

Try GitLab Free
Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license

Try the GitLab DevOps Platform for free for 30 days

Achieve higher productivity, faster and secure deployments

Start your free trial Maybe later