March 13, 2025 By Bill Toulas
GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws.
All flaws were addressed in GitLab CE/EE versions 17.7.7, 17.8.5, and 17.9.2, while all versions before those are vulnerable.
GitLab.com is already patched, and GitLab Dedicated customers will be updated automatically, but users who maintain self-managed installations on their own infrastructure will need to apply the updates manually.
"We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible," warns the bulletin.
The two critical flaws GitLab addressed this time are CVE-2025-25291 and CVE-2025-25292, both in the ruby-saml library, which is used for SAML Single Sign-On (SSO) authentication at the instance or group level.