GitLab 9.3.8 was affected by an infinite loop bug with the mudge/re2 library. The GitLab project released GitLab 9.3.9 that solves that issue.
Bitnami GitLab 9.3.9 virtual machines and cloud images are already available in Bitnami.
----
The GitLab project released a new update that contains several security fixes, including an important security fix for two authorization bypass vulnerabilities (post-authentication). We recommend that all GitLab installations be upgraded to GitLab's new version (GitLab 9.3.8) immediately.
We released new versions of Bitnami GitLab 9.3.8 virtual machines and cloud images that fix the following security issues.
- Projects in subgroups authorization bypass with SQL wildcards (CVE-2017-11438)
- An authenticated user could take advantage of a badly written SQL query to add themselves to any project inside a subgroup. Versions from 9.0 are affected but 9.3 and above are not vulnerable, so this issue does not affect the latest versions we released in bitnami.com.
- Unauthorized repository access by using project mirrors and CI (GitLab EE only) (CVE-2017-11437)
- This vulnerability affects all versions of GitLab except GitLab 9.3.8 or newer.
Do you have questions about Bitnami GitLab or the security issue? Please post to our community forum, and we will be happy to help you.