2014-07-03-gitlab-not-affected-by-cve-2014-3483.html.md 771 Bytes
Newer Older
Robert Speicher's avatar
Robert Speicher committed
1 2 3
title: "GitLab not affected by Rails vulnerability CVE-2014-3483"
date: 2014-07-03 13:55
categories: company
Robert Speicher's avatar
Robert Speicher committed
5 6 7 8 9 10 11 12 13 14 15 16
author: Jacob Vosmaer

Yesterday the developers of Ruby on Rails released a [security advisory for SQL injection vulnerability CVE-2014-3483](https://groups.google.com/forum/#!topic/rubyonrails-security/wDxePLJGZdI).
GitLab is not affected by this vulnerability.

## Background

CVE-2014-3483 affects applications which use PostgreSQL [bitstring](http://www.postgresql.org/docs/9.2/static/datatype-bit.html) or [range](http://www.postgresql.org/docs/9.2/static/rangetypes.html) types in their database schema.
GitLab uses neither of these types in its database schema.

Please contact us at support@gitlab.com if you have any questions about this issue.