CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

GitLab Patch Release: 18.2.4

unknown
On August 18, 2025, we released versions 18.2.4 for GitLab Community Edition and Enterprise Edition. These versions resolve a number of regressions and bugs. This patch release does not include any security fixes. GitLab Community Edition and Enterprise Edition 18.2.4 Build with Go 1.24.5 Update golang-fips/go Update gitlab-shell to v14.44.0 Backport “Use projectRootPath to compose breadcrumb links” Backport “Add custom encoding for repository path for commit data” Backport ‘Fixes reviewer drawer not opening when installed under relative URL’ Backport-Invalid search request resets the project/group selections in sidebar Backport ‘Update gitlab-chart digest to 9d9e150’ Exclude deleted projects from job token authorization logs graphql and csv export service backport to 18.2 Backport ‘Add job and script to update backport MR label after deployment’ Backport of “Fix undefined method markdown_placeholders_feature_flag_enabled? for a ProjectNamespace” Backport of ‘fix missing ref attribute’ Important notes on upgrading This version does not include any new migrations, and for multi-node deployments, should not require any downtime . Please be aware that by default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. This behavior can be changed by adding a /etc/gitlab/skip-auto-reconfigure file, which is only used for updates . Updating To update, check out our update page . Note: GitLab releases have skipped 18.2.3. There is no patch with that version number. GitLab subscriptions Access to GitLab Premium and Ultimate features is granted by a paid subscription . Alternatively, sign up for GitLab.com to use GitLab’s own infrastructure.

CSIRTS triage

What
This patch release resolves a number of regressions and bugs.
Who is affected
All self-managed GitLab installations.
Urgency
Remediation is not urgent as there are no security fixes.
Action
Consider upgrading to version 18.2.4 for bug fixes.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch GitLab Community Edition

Get an email when a new GitLab Community Edition advisory drops — max one per day, one-click unsubscribe.

Details

Source
GitLab Security Releases (INTL · vendor-psirt · site)
Severity
unknown
Published
2025-08-18
Exploitation
Not in CISA KEV at last sync

Original advisory: https://docs.gitlab.com/releases/patches/patch-release-gitlab-18-2-4-released/

Recent advisories for GitLab Patch Release

A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.

More from GitLab Security Releases