GitLab kun je vergelijken met het bekendere GitHub, maar bevat een aantal subtiele verschillen. Het is een omgeving voor het beheren van Git-repositories on-premises en wordt uitgegeven onder de MIT Expat-licentie en ontwikkeld in Ruby on Rails. Het is beschikbaar in twee versies, namelijk de gratis te gebruiken Community Edition en een betaalde Enterprise Edition met meer functies die op grote bedrijven zijn gericht. De twee smaken worden op deze pagina uiteengezet. Het ontwikkelteam heeft GitLab 8.15.4, 8.14.6 en 8.13.11 uitgebracht met de volgende aankondiging:
GitLab 8.15.4, 8.14.6, and 8.13.11 Released
Today we are releasing versions 8.15.4, 8.14.6, and 8.13.11 for GitLab Community Edition (CE) and Enterprise Edition (EE). These versions contain important security fixes, and we recommend that all affected GitLab installations be upgraded to one of these versions. Additionally, the 8.15.4 version resolves a number of regressions and bugs in last month's 8.15 release.
Security fixes in 8.15.4, 8.14.6 and 8.13.11
Cross-Site Scripting Vulnerability in Turbolinks
These releases include a patch for a cross-site scripting vulnerability in the Ruby gem Turbolinks. Versions 2.5.4 and earlier of Turbolinks are vulnerable to cross-site scripting attacks when loading attachments with HTML content types. We've released a temporary GitLab fork of Turbolinks while we make a decision on migrating to Turbolinks version 5 or abandoning Turbolinks.
Cross-Site Scripting Vulnerability in GitLab-Markup
Also included with these releases is a patch for a cross-site scripting vulnerability in the GitLab Markup gem, forked from the GitHub Markup gem. This vulnerability can be exploited by tricking users into clicking on ReStructuredText files that specify a raw HTML format. Thanks to Jason Ritzke (@Rtzq0) for reporting this vulnerability.
Additional changes in 8.15.4Upgrade barometer
- CE/EE: Use #parts instead of #part to read all the parts of the Message.
- CE/EE: Re-add Google Cloud Storage as a backup strategy
- CE/EE: Don't instrument 405 Grape calls
- CE/EE: Speed up group milestone index by passing group_id to IssuesFinder
- CE/EE: With Gitea v1.0.0, notes are imported
- CE/EE: Make successful pipeline emails off for watchers
- Omnibus GitLab: Switch to using gitlab-psql for query against db
- Omnibus GitLab: Adding /bin/sh to command for analyze_new_cluster.sh call
These versions have no migrations and should not require any downtime. Please be aware that by default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. This behavior can be changed by adding a /etc/gitlab/skip-auto-migrations file.
:strip_exif()/i/2000869175.png?f=thumbmedium)
/u/533588/crop5c477836e5227_cropped.png?f=community){kind=small}
:strip_icc():strip_exif()/u/90600/1005246_647191608633641_119027804_n%252060x60.jpg?f=community){kind=small}
/u/416327/crop5dfb6ea68e892_cropped.png?f=community){kind=small}
:strip_icc():strip_exif()/u/289675/crop6401bf2c85501_cropped.jpg?f=community){kind=small}
/u/217510/crop660db19c1cf7b_cropped.png?f=community){kind=small}