Create project by import from GitHub suspended due to critical vulnerability
Posted: 2022-09-01 12:00:41 Expiration: 2022-09-07 09:40:41
Disclaimer: This news item was originally posted on 2022-09-01 12:00:41. Its content may no longer be timely or accurate.
Creating GitLab projects by import from GitHub will be suspended until GitLab is upgraded to version 15 this fall.
On August 22, GitLab announced a critical vulnerability that allows remote command execution when creating a GitLab project by import from GitHub. Patches for this vulnerability have been released only for GitLab version 15. Until the DoIT GitLab instance upgrades to v15 this fall, creating a GitLab project by import from GitHub will be suspended for the sake of security. All other options for project creation are still available.
Note that this change has no impact on GitLab projects that are already created.
-- Shared Tools: Benjamin Sousa