Home / Companies / GitLab / Blog / Post Details
Content Deep Dive

3 reasons why GitLab is not vulnerable to the Gollum vulnerability and 1 tip

Blog post from GitLab

Post Details
Company
Date Published
Author
Job van der Voort
Word Count
226
Company Posts That Month
6
Language
English
Hacker News Points
-
Post removed?
No
Summary

A vulnerability in Gollum, the git-powered wiki used by GitLab, was recently disclosed, allowing potential code execution on servers running Gollum. However, GitLab installations are not affected by this issue due to their independent search implementation, which avoids the vulnerability by using Shellwords.shellescape(query) and switching to Rugged from Grit since version 7.4. While acknowledging that their own gem contributed to the vulnerability, GitLab has issued guidelines to prevent remote code execution vulnerabilities and is transitioning to Rugged for enhanced security. Ruby developers are encouraged to follow these best practices and contribute improvements through merge requests. Users can try GitLab by downloading the Community Edition or using the free GitLab.com instance, while the Enterprise Edition offers advanced features like LDAP integration and Jenkins support.

Trends Found in this Post

No tracked trend matches for this post yet.

Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.