GitLab Critical Security Release: 15.1.1, 15.0.4, and 14.10.5

New blog post on the GitLab blog by Nikhil George! Check it out here:

This specific package version is still unavailable from the package repo:

An error occurred: 404  Not Found [IP: 443]
The URI failed to download, aborting

Unable to find here:

This is kinda annoying…

These bugs, cve’s are related to Gitlab itself rather than gitlab-runner (whilst they do mention runner, it’s actually related to the main Gitlab product rather than the runner itself). Although I did install gitlab-runner 15.1.1 perfectly fine under Debian 11 Bullseye yesterday (updated fine). Could be a mirror issue, needs time for the deb repo’s to get updated/in sync with each other, if distributed across multiple locations.

On the link you provided, it also doesn’t exist for Bullseye.

root@gitlab-runner:~# dpkg -l | grep gitlab-runner
ii  gitlab-runner                  15.1.1                         amd64        GitLab Runner

you made need to wait a short while for the repo’s to sync up, and for the packages to be published on the link you provided. They do usually appear 1-2 days after the main Gitlab release for the runners at least anyway. The main gitlab packages are already there: gitlab/gitlab-ce - Results for '15.1.1' in gitlab/gitlab-ce

Sorry for the troubles. The 15.1.1 runner package has been removed due to a regression. Suggest following Artifacts path do not honor job variable after v15.1.1 (#29141) · Issues · / gitlab-runner · GitLab

1 Like

Downgraded mine now with:

aptitude install gitlab-runner=15.1.0

if a regressions, prefer to revert for the time being, and upgrade later where needed :slight_smile: