GitLab security advisory (AV24-543)

Serial number: AV24-543
Date: September 26, 2024

On September 25, 2024, GitLab published security advisories to address a critical vulnerability in the following products:

• GitLab Community Edition (CE) – versions prior to 4.1, 17.3.4, 17.2.8, 16.10.10, 16.9.11, 16.8.10, 16.7.10, 16.6.10, 16.5.10, 16.4.7, 16.3.9, 16.2.11, 16.1.8 and 16.0.10
• GitLab Enterprise Edition (EE) – versions prior to 17.4.1, 17.3.4, 17.2.8, 16.10.10, 16.9.11, 16.8.10, 16.7.10, 16.6.10, 16.5.10, 16.4.7, 16.3.9, 16.2.11, 16.1.8 and 16.0.10

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• GitLab Critical Patch Release: 16.10.10, 16.9.11, 16.8.10, 16.7.10, 16.6.10, 16.5.10, 16.4.7, 16.3.9, 16.2.11, 16.1.8, 16.0.10
• GitLab Patch Release: 17.4.1, 17.3.4, 17.2.8
• GitLab Releases