Aug 28, 2014 - Jacob Vosmaer

GitLab 7.2.1 Security Release

Learn more about GitLab Release 7.2.1 for GitLab Community Edition (CE) and Enterprise Edition (EE)

Today we released GitLab Community Edition 7.2.1 and GitLab Enterprise Edition 7.2.1. This is a security release which remedies an XSS vulnerability in GitLab. In addition to this 7.2.1 makes the tag-to-label migration for users upgrading from GitLab 7.1 and earlier more robust.

Affected versions

This XSS vulnerability affects GitLab 7.2.0 and earlier.

Impact

The vulnerability patched by this release allows an attacker to carry out a cross-site scripting (XSS) attack against users with a session on an affected GitLab server. In order to exploit this vulnerability, the attacker needs to have commit access to a repository on the affected GitLab server.

Upgrading

Omnibus-gitlab packages for GitLab 7.2.1 are now available. To upgrade an installation from source please use the upgrader or the patch update guide.

Acknowledgments

We would like to thank Jakub Zoczek for his responsible disclosure of this issue to us.

Update 2014-08-28 18:02 CEST: Add affected version and acknowledgments.

Update 2014-08-28 18:07 CEST: Add link to GitHub issue for the label migration.

We want to hear from you

Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum.

Share your feedback

Take GitLab for a spin

See what your team could do with The DevSecOps Platform.

Get free trial

Have a question? We're here to help.

Talk to an expert
Edit this page View source