Apr 8, 2014 - Jacob Vosmaer

Security Release of omnibus-gitlab due to CVE-2014-0160 ('Heartbleed')

Learn more about Security Release of omnibus-gitlab due to CVE-2014-0160 ('Heartbleed')

Yesterday OpenSSL 1.0.1g was released to address the 'Heartbleed' security vulnerability (CVE-2014-0160). We have just released new omnibus-gitlab packages that update the version OpenSSL embedded in the package to version 1.0.1g. We advise all users of omnibus-gitlab to upgrade immediately.

Versions affected

Affected versions: all omnibus-gitlab packages prior to 6.7.3.omnibus.3 or 6.7.2-ee.omnibus.2.

Fixed versions: 6.7.3.omnibus.3 (CE) and 6.7.2-ee.omnibus.2 (EE).

You can check you omnibus-gitlab version by running dpkg-query -W gitlab (Ubuntu) or rpm -q gitlab (CentOS).


OpenSSL is used in the existing packages for omnibus-gitlab to make outgoing connections to remote hosts for e.g. HTTPS resources. Because omnibus-gitlab uses its own embedded copy of OpenSSL, it is required to update omnibus-gitlab in addition to updating your OS's copy of OpenSSL.


Omnibus-gitlab 6.7.3.omnibus.3 (CE) is available at the download page. Omnibus-gitlab 6.7.2-ee.omnibus.2 is available for subscribers only.

Upgrade instructions can be found in the omnibus-gitlab repository.

Try all GitLab features - free for 30 days

GitLab is more than just source code management or CI/CD. It is a full software development lifecycle & DevOps tool in a single application.

Try GitLab Free
Open in Web IDE View source