hello all
i am using Gitlab Enterprise Edition 10.8.7 -EE , can anyone tell me is there any security vulnerability for this and how can this be fixed .
hello all
i am using Gitlab Enterprise Edition 10.8.7 -EE , can anyone tell me is there any security vulnerability for this and how can this be fixed .
That is a very old version, newest is 14.9.1, so there probably are security vulnerabilities in there, but noone tracks that.
My suggestion would be to upgrade it sooner rather than later, you haven’t said whcih OS you’re doing this on, so there is no chance of saying how painful it will be to upgrade, but waiting will only make it more painful.
We always recommend upgrading to newer versions for a variety of reasons, but for security especially. GitLab 10.8 was released in 2018, and we have released a new version every month on the 22nd.
You can see the upgrades we’ve made and new features you can get in the releases here
we are running it on a linux server ,
GitLab only supports running on Linux servers, so that is really not interesting. What I meant was which Linux distribution (i.e. Debian, Ubuntu, Redhat, Centos, …)?
what about the log4j Vulnerable issue to gitlab 10.8 and is there any know existing security vulnerabilities issue for this version , please help
As was already said, that version is 4 years old, so there most likely are vulnerabilities, especially the RCE that was heavily posted about on this forum that meant people compromising your server.
I suggest that you concentrate on actually upgrading your server to the latest version - there is zero point in continuing with the version you have. Because any vulnerabilities that do exist, will not be fixed because that version is now obsolete. Upgrade ASAP!
Please follow the upgrade path in Upgrading GitLab | GitLab to ensure you’ll run a secure and maintained GitLab version. In case you are a customer and run into trouble with upgrading, please reach out to our support teams.
I’d also recommend planning with more upgrade maintenance cycles, and reviewing the GitLab release and maintenance policy | GitLab
thanks