May 2, 2016 Security Release Post-Mortem

Jun 29, 2016 On May 2, 2016, we released a major security update, primarily to fix a critical security issue that allowed a user to gain administrative access via the “impersonate” feature. Now that some time has passed and most of our users have had sufficient time to upgrade, we’d like to reflect on what happened, how it occurred, and what we’re doing in the future to improve security in the GitLab code base. Since May 2, we have released a number of security updates to address certain vulnerabilities, but none of the updates have addressed a bug as serious as the one in the “impersonate user” feature, which is now known as CVE-2016-4340. We released this feature in November of 2015 in GitLab 8.2. It enables admins to diagnose issues with their GitLab installation by allowing them to see what their users see. Since the initial implementation, members from


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/--dNqXzIUAw/

Original article

Comments are closed.

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: