Information Disclosure vulnerability in Nginx 1.16.1 - CVE-2019-20372

rcarpenter79 · May 26, 2020, 12:33pm

Are there plans to update the embedded version of Nginx?

The current version is being flagged by our security scanner. It recommends Nginx should be at 1.17.7, when this vulnerability is fixed.

We have updated today, to GitLab v13.

gitlab-greg · May 27, 2020, 3:41pm

Hi @rcarpenter79, welcome to the GitLab Community Forum!

Thanks for bringing this up, good question!

The work to upgrade nginx has been done, just waiting to ship it in the next version.

As of GitLab 13.1, the version of nginx shipped with GitLab will be upgraded to 1.18.0. GitLab 13.1 is set to be released on June 22nd.

Topic		Replies	Views
Nginx version General	5	2703	June 21, 2021
Git vulnerability? General security	1	383	September 15, 2021
Gitlab v16 security updates How to Use GitLab security	1	24	August 28, 2024
How to resolve the security issues in GitLab 14.10.5? Are there any updates available now? Community ci , runner , gitlab-pages	1	91	June 25, 2024
GitLab 14.1.0 version: Approach to fixing security vulnerabilities Community	2	396	January 6, 2023