@betty_zheng from a quick google: Gitlab Gitlab version 11.11.3 : Security vulnerabilities
there are a number of CVE’s for security vulnerabilities, with scores between 3.5 and 5.0. So moderate risks. If the system is accessible externally, then you would really want to be making upgrades to ensure that nobody that can gain access can exploit the system. If this server is only accessible internally, then the risks aren’t as great, but it would still be possible for an internal employee to exploit or for a compromised computer to take advantage and exploit it. So you would want to weigh up the risks on this.
I personally would upgrade, but as with all upgrades, especially considering the operating system, you have to ensure you have backup/recovery procedures in the event that it fails. Online upgrade from EL6 to EL7 is possible, and the upgrade process would let you know before starting if it sees any issues that need to be rectified before continuing. Hopefully the impact of these issues would be minimal so that the upgrade could easily be achieved.
Unfortunately, I don’t have such system, I used DEB based systems, but I do know RHEL products and use them. It would take me a couple of hours to do a test upgrade without data to check/verify some points, but that would only be unique to my system, as your server could be configured differently and have different packages installed that I might not have. So even that wouldn’t be an ideal way to confirm whether the upgrade would work for you or not without completely replicating your setup identically.
That’s also not including the fact that EL6 is no longer supported by RHEL, etc, so there will also be security risks for the operating system packages, as well as the CVE’s I mentioned that only related to Gitlab itself.