this post was submitted on 11 Jul 2024
89 points (95.9% liked)
Opensource
1406 readers
5 users here now
A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!
⠀
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I would not do any work for Gitlab nor run any software on Gitlab due to how poor they are doing at software security. https://arstechnica.com/security/2024/05/0-click-gitlab-hijacking-flaw-under-active-exploit-with-thousands-still-unpatched/
Also while trying to look that up there's a another one that is making the news from just the last couple of days? https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-bug-that-lets-attackers-run-pipelines-as-an-arbitrary-user/
Good luck to anyone attempting to federate on top of a foundation like that.
I interviewed for them once, got rejected because I didn’t know some tiny corner of ruby on rails syntax despite working on it for 3 years. Huge bullet dodged..