Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.
  • cheet@infosec.pubEnglish
    1·
    10 months ago

    We use gitlab ultimate at my work, I’m the main admin of the instance. Like 2 weeks ago when there was the cvss 10 vuln, gitlab sent us a .patch file to apply to the instance instead of releasing a new minor cause they didn’t wanna make the vuln public yet. I guess that’s coordinated disclosure, but I still found that remarkably jank.

  • reinar@distress.digitalEnglish
    0·
    10 months ago

    bruh, feels like gitlab has security update every other day, it’s some bullshit even for a project this size. And who knows how many 0-days are around.

      • rainynight65@feddit.deEnglish
        0·
        10 months ago

        No it doesn’t. Gitlab’s pricing has been pretty stable, with one increase in the premium tier in the past six years ($19 --> $29 per user per month).

        • bamboo@lemmy.blahaj.zoneEnglish
          1·
          10 months ago

          There were more increases, they just changed the tier names and billing terms, so it’s somewhat hard to find historical information of previous prices. Our company ditched it after the 52% increase in 2023, especially because we were still adjusting to the price increase from 2021, which for us was $6 per user per month. I think in 2018 or 2019 it was $3 per user per month, so there must have been another increase that happened between 2018 and 2021. This was all for self hosted, so we had the additional cost of hardware and to maintain the services.

          I really wanted to support GitLab, but the price simply became too much to justify.