Thursday, March 21, 2019

GitLab security release: 11.8.3

The GitLab project has released a new update that contains several important security fixes. We recommend that all GitLab installations be upgraded immediately to the new version of GitLab (GitLab 11.8.3).

Although the new version is publicly available now, the vulnerability details will not be made public on the GitLab issue tracker for approximately 30 days. The information disclosed to date is as follows:
  • Project Runner Token Exposed Through Issues Quick Actions. GitLab issues quick actions were vulnerable to an information disclosure issue that disclosed project runner tokens to unauthorized users. The issue is now mitigated in the latest release and is assigned CVE-2019-9866.
More information about this issue can be found in the official blog post.

Bitnami has released a new version of Bitnami GitLab 11.8.3 for both virtual machines and cloud images that fixes this vulnerability.

Do you have questions about Bitnami GitLab or this security issue? Please post them to our community forum. We will be happy to help you.