GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws.

GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions.

Organizations with self-hosted GitLab instances configured for SAML-based authentication might want to update immediately to new versions of the DevOps platform that the company released this week.

A new vulnerability in GitLab’s Ultimate Enterprise Edition used for managing source code is “dangerous” and needs to be quickly patched, says an expert. The vulnerability, CVE-2025-5121, is one of 10 ...