GitLab kun je vergelijken met het bekendere GitHub, maar bevat een aantal subtiele verschillen. Het is een omgeving voor het beheren van Git-repositories on-premises en wordt uitgegeven onder de MIT Expat-licentie en ontwikkeld in Ruby on Rails. Het is beschikbaar in twee versies, namelijk de gratis te gebruiken Community Edition en een betaalde Enterprise Edition met meer functies die op grote bedrijven zijn gericht. De twee smaken worden op deze pagina uiteengezet. Het ontwikkelteam heeft updates voor GitLab versies 8.16, 8.15, 8.14 en 8.13 uitgebracht, om enkele beveiligingsproblemen te verhelpen.
GitLab 8.16.1, 8.15.5, 8.14.7, and 8.13.12 Security Release
Today we are releasing versions 8.16.1, 8.15.5, 8.14.7, and 8.13.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). These versions contain important security fixes, and we recommend that all affected GitLab installations be upgraded to one of these versions.
Prevent users from creating notes on resources they can't access
An attacker was able to use the API to post comments on resources that they would not otherwise be able to view, which would "subscribe" them to the notifications for that resource and allow them to receive future updates about it, which may contain sensitive information. See #26249 and #26250 for more details.
Prevent users from deleting system deploy keys via the project deploy key API
An attacker was able to delete a system-level deploy key by deleting it from a project they owned via the Deploy Key API. See #26243 for more details.
Ensure export files are removed after a namespace is deleted
If a user performed a project export and then deleted (or moved) its containing namespace, an attacker could claim the namespace and access the existing project export if less than an hour had passed. We now ensure that project exports are immediately removed along with the namespace. See #26242 for more details.