Site original : GITLAB Blog
⇐ retour index
We are moving the gitlab.org website and this blog to www.gitlab.com and www.gitlab.com/blog. All the content is perserved and all the blog articles still have their comments intact. On www.gitlab.com will be one blog with all our blog posts served over https.
The reason for this move is that keeping both sites up to date was causing a lot of duplicate work. Both sites were being updated the same group of people, Dmitriy and the rest of the GitLab.com team.
Also, the complete website is in a public repo so that you can fork it and send merge requests with improvements.
As you know, Gitlab is open source software made for collaborative coding. Today we released a new version of GitLab Community Edition (CE), with new features and bug fixes.
The MVP of this release is Drew Blessing for his contribution “Mobile UI improvement”
In this release we updated Rails to 4.0.3, which solves some security issues. For more information see rails blog post. We advise everyone to upgrade.
For a full list of changes see the CHANGELOG.
We moved the file syntax highlighting from the server side to the client side, thanks to this awesome library. http://highlightjs.org/
If you are setting up a new GitLab installation see the installation section of the README.
If you have version 6.4.2 or 6.5 you can use the upgrade script.
If you still want to do it manually – see the Update Guide.
For LDAP group support and more have a look at the feature list of GitLab Enterprise Edition.
Access to GitLab Enterprise Edition is included with a GitLab.com subscription.
No time to upgrade or maintain Gitlab yourself? GitLab.com also offers upgrade and installation services as part of a GitLab.com subscription or alternatively on a consultancy basis.
Currently GitLab renders line-breaks in markdown files as line-breaks. We propose to change this behaviour to conform to the markdown specification and only render line-breaks when you end a line with two or more spaces. Paragraphs will continue to be rendered as before; when the text is separated by one or more blank lines.
The above change will ensure that markdown files in projects will look the way you expect them to look. But GitLab has just one markdown engine to render GitLab Flavored Markdown. Since descriptions & comments in both issues & merge requests also use GitLab Flavored Markdown they will also show the new behaviour. We think this is preferable above introducing different behaviour and rendering code for different cases. Please let us know what you think.
Few weeks ago I found a book about GitLab authored by Jonathan M. Hethey.
It includes next chapters:
Book is easy to read and gives basic information about GitLab application.
This book is a good option for people who are not familiar with GitLab. For developers – it explains application functionality and describe possible workflow. For administrators – how to setup, update application or where to look for help.
Here is a link to the website where you can buy a copy – packtpub.com
Want to know more about book? Its a good review from Axilleas Pipinellis (contributor to GitLab)
We have learned about a XSS vulnerability in GitLab. This issue was fixed in GitLab 6.5.
A cross-site scripting (XSS) vulnerability in GitLab allows remote attackers to inject arbitrary web script or HTML via a crafted HTML file. This vulnerability has been assigned the CVE identifier CVE-2013-7316.
Versions affected: 6.4 and earlier
Fixed versions: Community Edition 6.5.0, Enterprise Edition 6.5.0
In affected versions, when adding a README with voluntary extension the file would be rendered with markup. This would allow an attacker to add a script that would be executed on the client side.
This vulnerability was fixed in GitLab 6.5. All users running GitLab 6.4 and earlier versions should upgrade immediately.
Gitlab 6.5 Community Edition is available from https://gitlab.com/gitlab-org/gitlab-ce and https://github.com/gitlabhq/gitlabhq . GitLab 6.5 Enterprise Edition is available for subscribers from GitLab Cloud. Please follow the upgrade guides from your current version to version 6.5.
Thanks to ChenQin, Network and Information Security Lab @ Tsinghua University for reporting the vulnerability.