16.3.0 Support Readiness - Golang update limits RSA keys to 8K

What is happening

A major security vulnerability in Golang has been patches in %16.3 across all GitLab Golang products. This will be included in %16.3 packages. More details are here and it has been documented here.

The change enforces a RSA key length of 8K. This should be a transparent change to all customers, but there is a small possibility that some customers have RSA keys in excess of 8K.

RSA keys longer than 8K will no longer work after 16.3 and will need to be replaced by new keys.

Status / What actions have been taken so far

Documentation https://docs.gitlab.com/ee/update/versions/gitlab_16_changes.html

Timeline / Important Dates

Related Issues/MRs/Epics

What impact will this have on users?

RSA keys longer than 8K will no longer function.

What this may look like for Support

Anticipated Support Impact:

What errors or messages users may report:

What workarounds/solutions are available?: Users must delete and replace RSA keys longer than 8K.

Do users need to be contacted?

  • No

DRIs/Contacts for questions and approvals for communications/action items

  • Support Manager DRI (if needed):

Support Resources

  • FAQ for Support:
  • Other resource:

User contact

  1. Categorize provided list by free/paid (if necessary)
  2. Message(s) to send to users created and approved by appropriate DRIs.
  3. Pull list of contacts using the runbook
  4. Send the message to the list of contact using the tickt generator form. Link to created issue:
  5. In the above issue, add a note at the top of the description or a comment that all tickets should be tagged with the tag ``.

Zendesk Macros

Zendesk tag: ``

  1. Macro MR:
    1. Macro adds appropriate tag
    2. Set DRIs as reviewers

Communication to Support team

  1. Announced to team in
    1. #support_gitlab-com or #support_self-managed or #support_team-chat
    2. SWIR
Edited by Sean Carroll