Usage Ping Configuration Bug for Self Managed Instances

We recently discovered a Usage Ping configuration bug for self managed instances and have since published a patch release to fix the bug. The issue affects the ability to disable Usage Ping for self-managed GitLab via text configuration files, resulting in the collection and transmission of Usage Ping events from the instance. This bug affects any instance running GitLab version 9.3 to version 13.12.3, and was patched in 13.12.4.

What does this mean for existing users?

This issue does not affect customers who have disabled Usage Ping via the user interface or any users of our SaaS product.

You can check your instance configuration settings to see if this issue may have affected you. We’ve published more detailed instructions here.

What should I do?

Since we do not collect any configuration data from your instance, we have no way to detect if you unintentionally shared data with GitLab. Out of an abundance of caution we ask that you fill out this form if you suspect that Usage Ping data was shared after taking steps to opt-out in your GitLab configuration file. We will purge data from our systems and follow up with confirmation.

Please share your questions and feedback with us below.

This information was also shared on the GitLab blog.

2 Likes