Thursday, March 21, 2019

GitLab security release: 11.8.3

The GitLab project has released a new update that contains several important security fixes. We recommend that all GitLab installations be upgraded immediately to the new version of GitLab (GitLab 11.8.3).

Although the new version is publicly available now, the vulnerability details will not be made public on the GitLab issue tracker for approximately 30 days. The information disclosed to date is as follows:
  • Project Runner Token Exposed Through Issues Quick Actions. GitLab issues quick actions were vulnerable to an information disclosure issue that disclosed project runner tokens to unauthorized users. The issue is now mitigated in the latest release and is assigned CVE-2019-9866.
More information about this issue can be found in the official blog post.

Bitnami has released a new version of Bitnami GitLab 11.8.3 for both virtual machines and cloud images that fixes this vulnerability.

Do you have questions about Bitnami GitLab or this security issue? Please post them to our community forum. We will be happy to help you.

Thursday, March 14, 2019

Rails security issue (CVE 2019-5418, 2019-5419, and 2019-5420)

New versions of Rails have been released recently to address several security issues:

It is highly recommended that you upgrade Rails to the new patched versions: 4.2.11.1, 5.0.7.2, 5.1.6.2, 5.2.2.1, and 6.0.0.beta3

Bitnami is publishing updates which will be available in all formats soon.

For more details about these security issues, please check the information provided in the official Ruby On Rails blog. If you have further questions about Ruby or this security issue, please post to our community forums and we will be happy to help you.

Thursday, March 7, 2019

JasperReports 7.1.1 security release

TIBCO JasperReports has recently been updated to fix five security vulnerabilities in the application.

Community Edition versions 7.1.0 and below are affected by four vulnerabilities that allow unauthenticated read access to the contents of the host system and a race-condition vulnerability that may allow any user with domain save privileges to gain superuser privileges. More information about these security issues can be found in the official advisories:





TIBCO has released an updated version of the application which addresses these issues. For new application deployments, including the Bitnami Launchpad, we have released JasperReports 7.1.1 containers, installers, virtual machines and cloud images that include the security fixes to address these vulnerabilities. Users launching Bitnami JasperReports via a cloud marketplace are advised to select version 7.1.1, once it is published.

In case you already have a JasperReports server, use the official documentation to upgrade the application and address these issues.

If you have further questions about this security issue or about Bitnami JasperReports, please post in our community forum. Our support team will be happy to help you there!