Upgrade to ruby 2.7.4
Ruby 2.7.4 has been released.
https://www.ruby-lang.org/en/news/2021/07/07/ruby-2-7-4-released/
This includes security updates for issues that have been causing Critical / High findings in customer scans of Gitlab.
We should consider updating to this most recent patch.
Link to most recent ruby update:
Required MRs
-
gitlab-rails: !68363 (merged) -
gitaly-ruby: gitaly!3771 (merged) -
build images: gitlab-build-images!428 (merged) -
CNG: gitlab-org/build/CNG!739 (merged) -
omnibus: omnibus-gitlab!5545 (merged) -
gitlab chart: gitlab-org/charts/gitlab!2162 (merged) -
GDK: gitlab-development-kit!2137 (merged) -
GCK: gitlab-compose-kit!176 (merged) -
labkit: https://gitlab.com/gitlab-org/labkit-ruby/-/merge_requests/79 -
gitlab-exporter: https://gitlab.com/gitlab-org/gitlab-exporter/-/merge_requests/150 -
gitlab-experiment: https://gitlab.com/gitlab-org/gitlab-experiment/-/merge_requests/128 -
gollum: I don't think it's needed, since it has no .ruby-version
and asks for2.7
in CI
Release notes
The version of Ruby used by GitLab has been updated to 2.7.4
in order to mitigate security concerns.
Edited by Changzheng Liu