Jun 6, 2014 - Jacob Vosmaer

Omnibus-gitlab OpenSSL 1.0.1h security release

Learn more about Omnibus-gitlab OpenSSL 1.0.1h security release for GitLab Community Edition (CE) and Enterprise Edition (EE)

The OpenSSL developers released a security advisory yesterday advising all users of OpenSSL 1.0.1 to upgrade to version 1.0.1h in light of vulnerabilities CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298and CVE-2010-5298. This affects users of omnibus-gitlab because omnibus-gitlab packages contain their own copy of OpenSSL 1.0.1. Today we are releasing new omnibus packages for GitLab 6.9.2 CE and GitLab 6.9.3 EE which contain OpenSSL 1.0.1h.

Versions affected: omnibus-gitlab 6.9.2.omnibus and older, omnibus-gitlab 6.9.3-ee.omnibus and older.

Versions fixed: omnibus-gitlab 6.9.2.omnibus.1, omnibus-gitlab 6.9.3-ee.omnibus.1.

Checking your omnibus-gitlab OpenSSL version

You can check the version of OpenSSL in your omnibus-gitlab installation by running the following command.

grep openssl /opt/gitlab/version-manifest.txt

If the OpenSSL version is 1.0.1g or lower you need to update omnibus-gitlab to the latest version.

Downloads

Updated omnibus-gitlab packages for GitLab Community Edition and GitLab Enterprise Edition are available for download.

Please contact us at support.gitlab.comif you have any questions.

We want to hear from you

Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum.

Share your feedback

Take GitLab for a spin

See what your team could do with The DevSecOps Platform.

Get free trial

Have a question? We're here to help.

Talk to an expert
Edit this page View source