GitLabRelease

GitLab 중요한 보안 릴리즈: 12.6.4, 12.5.7 및 12.4.8 버전

Source: GitLab Blog | Author: Jeremy Matos

GitLab Community Edition (CE) 및 Enterprise Edition (EE)용 12.6.4, 12.5.7, 및 12.4.8 버전이 출시되었습니다.

이 버전에는 중요한 보안 픽스가 포함되어 있으므로 모든 GitLab 설치를 새로운 버전 중 하나로 즉시 업그레이드하는 것을 권장합니다.

취약성 세부 정보는 약 30 일 후에 이슈 트래커에 공개될 예정입니다.

Please read on for more information regarding this release.

Private objects exposed through project import

Using the project import feature, it was possible for someone to obtain issues from private projects. The issue is now mitigated in the latest release and is assigned CVE-2020-6832.

Thanks to @nyangawa of Chaitin Tech for responsibly reporting this vulnerability to us.

Versions Affected

Affects GitLab EE 8.9.0 and later.

Remediation

We strongly recommend that all installations running an affected version above are upgraded to the latest version as soon as possible.

댓글 남기기