Although the new version is now publicly available, the vulnerabilities details will not be made public on the GitLab issue tracker for approximately 30 days. The information disclosed to date is the following:
- Project template functionality could be used to access restricted project data (CVE-2019-16170)
- Security enhancements in GitLab pages
- Nginx HTTP 2 security update (CVE-2019-9511, CVE-2019-9513, and CVE-2019-9516)
- Mattermost updates
You can find more information about this issue in GitLab's official blog post.
Bitnami has released a new version of Bitnami GitLab 12.2.5 for both virtual machines and cloud images that fixes these vulnerabilities. If you are running an outdated version of GitLab, please follow the instructions to upgrade the application.
Do you have questions about Bitnami GitLab or this security issue? Please post them to our community forum. We will be happy to help you.