Skip to main content

March 13, 2025 By Bill Toulas

 

GitLab

GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws.

All flaws were addressed in GitLab CE/EE versions 17.7.7, 17.8.5, and 17.9.2, while all versions before those are vulnerable. 

GitLab.com is already patched, and GitLab Dedicated customers will be updated automatically, but users who maintain self-managed installations on their own infrastructure will need to apply the updates manually.

"We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible," warns the bulletin.

The two critical flaws GitLab addressed this time are CVE-2025-25291 and CVE-2025-25292, both in the ruby-saml library, which is used for SAML Single Sign-On (SSO) authentication at the instance or group level.

 

>>Full Article<<

Be the first to reply!

Reply