2020-06-04 GitLab security release 13.0.4, 12.10.9, 12.9.9
On June 3rd, GitLab released a new version for several branches (13.0.4, 12.10.9, 12.9.9) that contain some important security updates. Although the new version is now publicly available, the details about these vulnerabilities will be published on the GitLab issue tracker in about 30 days.
The information disclosed to date is the following:
- An authorization issue discovered in the CI jobs token allowed read access to public projects with restricted repositories.
You can find more information about this issue in the following blog post.
These are the versions affected by this vulnerability:
- Versions in the 13.0 branch lower than 13.0.4 are affected
- Versions in the 12.10 branch lower than 12.10.9 are affected
- Versions in the 12.9 branch lower than 12.9.9 are affected
Check the GitLab version you are currently using to patch this issue in the case that your installation may be affected.
How to patch it
Bitnami has released the following new versions of Bitnami GitLab for both virtual machines and cloud images that fix these vulnerabilities:
If you are running an outdated version of GitLab or any of the versions mentioned in the previous section, upgrade your installation to the latest version as soon as possible.
Follow these instructions to learn how to upgrade the application.