Information Disclosure vulnerability in Nginx 1.16.1 - CVE-2019-20372

Are there plans to update the embedded version of Nginx?

The current version is being flagged by our security scanner. It recommends Nginx should be at 1.17.7, when this vulnerability is fixed.

We have updated today, to GitLab v13.

Hi @rcarpenter79, welcome to the GitLab Community Forum! :tada:

Thanks for bringing this up, good question!

The work to upgrade nginx has been done, just waiting to ship it in the next version.

As of GitLab 13.1, the version of nginx shipped with GitLab will be upgraded to 1.18.0. GitLab 13.1 is set to be released on June 22nd.

1 Like