today i’ve seen there are some security issues with node.js, and there are fixes available for node.js v18, v16 and v14.
So i checked the node version im my GitLab CE v14.10.5 and it says:
root@myGitLab:~# node --version
I’ve read a bit about node.js version numbers, and that doc states that odd version numbers are unsopported after six month. So i suppose that security fixes are not back-ported to odd node.js versions after this period.
So i have two questions here:
- why does GitLab uses odd version numbers of node.js?
- will there be a security fix for GitLab or do i have to upgrade node.js by myself (i don’t really want to…)?
Our GitLab(s) doesn’t have node.js installed and the debian packages of the omnibus installation doesn’t contain a binaryu called
node, so I think that you see the a version you have installed yourself. A consequence is that you have to manage upgrade yourself.
Hm, i’m pretty sure no i haven’t installed node.js by myself. But anyway i’ll check my own docs…
As @grove pointed out, GitLab does not ship Node.js with the GitLab product.
Binaries that are shipped with GitLab can be found in
/var/opt/gitlab/embedded/bin, and all GitLab dependencies (and their version numbers) can be viewed in
You can find the location where
node was installed by running
which node on the system. If it’s living in
/usr/local/bin, this indicates nodejs was definitely installed separate from GitLab.
You can see if it was installed via package manager with
apt list --installed node* or
yum list --installed | grep node.
Hi @gitlab-greg, hi @grove
you’re both perfectly right, turned out my colleague and me misunderstood the docs when installing GitLab, that is we followed the requirement for an install from source and we then installed the Omnibus package
Thanks for clarifications…