The most critical security issue GitLab patched has the maximum severity score (10 out of 10) and is being tracked as CVE-2023-7028. Successful exploitation does not require any interaction.
It is an authentication problem that permits password reset requests to be sent to arbitrary, unverified email addresses, allowing account takeover. If two-factor authentication (2FA) is active, it is possible to reset the password but the second authentication factor is still needed for successful login.
To be honest they do a pretty good job of keeping people informed about the security issues. Self-hosted GitLab is the "$iznit" IMHO, keep it private and up to date and you have a great system, been using them for years, and no major issues...
"change oil" (as in apt update) and reboot when needed, keep working and tested backup and You G2G...YMMV tho
Yeah i need to backup my code for sure. I don't use GitLab, but no matter. Was thinking yesterday that i was essentially using a custodial service for my source code. Its not money, but its my time - which is about as valuable.
Self custody your code! Hosting service shouldnt own only copies of your code. Imma pleb so I'm not as advanced as you all who prolly know this already.
"change oil" (as in apt update) and reboot when needed, keep working and tested backup and You G2G...YMMV tho