CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

GitLab Patch Release: 17.7.2

unknown
On January 15, 2025, we released versions 17.7.2 for GitLab Community Edition and Enterprise Edition. These versions resolve a number of regressions and bugs. This patch release does not include any security fixes. GitLab Community Edition and Enterprise Edition 17.7.2 Merge branch ‘azcopy-url-20250108’ into ‘17-7-stable’ Fixes issue where some merge request diffs with associated comments were not visible. This does not correct the display issue for existing records, but does prevent new instances of this occurrence. Remove download_code dependency from access to read merge requests Fix handling of short gzip metadata files Important notes on upgrading If you had previously upgraded to GitLab 17.7.0 or 17.7.1 this patch is recommended to prevent any further occurrences of merge request comments being unable to be displayed. A future release will correct the display issue for affected records. This version does not include any new migrations, and for multi-node deployments, should not require any downtime . Please be aware that by default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. This behavior can be changed by adding a /etc/gitlab/skip-auto-reconfigure file, which is only used for updates . Updating To update, check out our update page . GitLab subscriptions Access to GitLab Premium and Ultimate features is granted by a paid subscription . Alternatively, sign up for GitLab.com to use GitLab’s own infrastructure. We’re combining patch and security releases This improvement in our release process matches the industry standard and will help GitLab users get information about security and bug fixes sooner, read the blog post here .

CSIRTS triage

What
This patch release resolves a number of regressions and bugs.
Who is affected
All self-managed GitLab installations that upgrade to version 17.7.2.
Urgency
Remediation is recommended to prevent further issues with merge request comments.
Action
Upgrade to version 17.7.2.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch GitLab Community Edition

Get an email when a new GitLab Community Edition advisory drops — max one per day, one-click unsubscribe.

Details

Source
GitLab Security Releases (INTL · vendor-psirt · site)
Severity
unknown
Published
2025-01-15
Exploitation
Not in CISA KEV at last sync

Original advisory: https://docs.gitlab.com/releases/patches/patch-release-gitlab-17-7-2-released/

Recent advisories for GitLab Patch Release

A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.

More from GitLab Security Releases