Jun 6, 2014 - Jacob Vosmaer

Omnibus-gitlab OpenSSL 1.0.1h security release

Learn more about Omnibus-gitlab OpenSSL 1.0.1h security release for GitLab Community Edition (CE) and Enterprise Edition (EE)

The OpenSSL developers released a security advisory yesterday advising all users of OpenSSL 1.0.1 to upgrade to version 1.0.1h in light of vulnerabilities CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298and CVE-2010-5298. This affects users of omnibus-gitlab because omnibus-gitlab packages contain their own copy of OpenSSL 1.0.1. Today we are releasing new omnibus packages for GitLab 6.9.2 CE and GitLab 6.9.3 EE which contain OpenSSL 1.0.1h.

Versions affected: omnibus-gitlab 6.9.2.omnibus and older, omnibus-gitlab 6.9.3-ee.omnibus and older.

Versions fixed: omnibus-gitlab 6.9.2.omnibus.1, omnibus-gitlab 6.9.3-ee.omnibus.1.

Checking your omnibus-gitlab OpenSSL version

You can check the version of OpenSSL in your omnibus-gitlab installation by running the following command.

grep openssl /opt/gitlab/version-manifest.txt

If the OpenSSL version is 1.0.1g or lower you need to update omnibus-gitlab to the latest version.


Updated omnibus-gitlab packages for GitLab Community Edition and GitLab Enterprise Edition are available for download.

Please contact us at support.gitlab.comif you have any questions.

Try all GitLab features - free for 30 days

GitLab is more than just source code management or CI/CD. It is a full software development lifecycle & DevOps tool in a single application.

Try GitLab Free
Open in Web IDE View source