Sorry if this is somewhere else. But had a notification in GitLab itself (self-hosted) for a critical security release, but no information on the official releases page.
Just want to know if this is legitimate, and if I need to be worried about it? The link goes to the releases page which doesn’t show an article for the release stated.
Yes it’s legitimate. You have the option enabled for checking for updates, so this kind of update information will appear. It links to the gitlab-org repository for gitlab and shows the CHANGELOG/README.md that explains two critical updates.
Usually a blog post will also appear here on the forums, most likely will appear soon. You can also google gitlab blog or gitlab security releases to find this information as well.
Updating your server is simple as following the Gitlab Upgrade guide, which usually means using apt/yum/dnf commands to upgrade.
Yep, I see that now thank you. The link I got went straight to the normal Releases | GitLab page, so I didn’t see that changelog.
Thanks for your reply, yeah I’ll be able to sort out the upgrade. I was just having a tin foil hat moment 
And the blog post now arrived: GitLab Critical Security Release: 15.11.2, 15.10.6, and 15.9.7 just posting for completeness for others who may also find this post.
