Dec 24, 2014 - Patricio Cano

GitLab update for Git vulnerability

Updated versions of our Omnibus packages for the existing GitLab 7.6.1 Community Edition and GitLab 7.6.2 Enterprise Edition

Today we have released updated versions of our Omnibus packages for the existing GitLab 7.6.1 Community Edition and GitLab 7.6.2 Enterprise Edition. These updated packages contain an updated Git binary (2.0.5) that resolves the recent [Git vulnerability] (/blog/2014/12/19/gitlab-not-affected-by-CVE-2014-9390-git-vulnerability/).

This server side fix blocks incoming Git repositories that contain a malicious tree, so no exploits can be triggered using these updated GitLab versions. GitLab.com has already been updated.

If you recently updated your Omnibus GitLab installation to 7.6.1 CE or 7.6.2 EE, these packages will only update the Git binary. It is a painless upgrade.

If you are running GitLab on a manual installation, you can manually update the Git client on the server and run the following command: sudo git config --system receive.fsckObjects true

We encourage our users to update their GitLab installations, specially if they allow sign-ups and have public projects.

We want to hear from you

Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum.

Share your feedback

Take GitLab for a spin

See what your team could do with The DevSecOps Platform.

Get free trial

Have a question? We're here to help.

Talk to an expert
Edit this page View source