To be honest they do a pretty good job of keeping people informed about the security issues. Self-hosted GitLab is the "$iznit" IMHO, keep it private and up to date and you have a great system, been using them for years, and no major issues...
"change oil" (as in apt update) and reboot when needed, keep working and tested backup and You G2G...YMMV tho