Skip to content

GitLab Next

Why GitLab
Pricing
Contact Sales
Explore

Sign in
Get free trial

Ignore openssl vulnerability that doesn't apply to omnibus-gitlab

Review changes
Download
Patches
Plain diff

Balasankar 'Balu' C requested to merge 5793-ignore-openssl-cve into master Nov 06, 2020

Overview 9
Commits 2
Pipelines 2
Changes 1

What does this MR do?

This vulnerability affects only situations where Apache is used with openSSL 1.1.1 or later. This is not the case in omnibus-gitlab. In cases where users bring their own Apache webserver, this one might apply. However, the fix is in Apache, not openssl. So nothing much for us to do here.

Related issues

https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5793

Checklist

See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion

Required

Merge Request Title, and Description are up to date, accurate, and descriptive
MR targeting the appropriate branch
MR has a green pipeline on GitLab.com
Pipeline is green on dev.gitlab.org if the change is touching anything besides documentation or internal cookbooks
trigger-package has a green pipeline running against latest commit

Expected (please provide an explanation if not completing)

Test plan indicating conditions for success has been posted and passes
Documentation created/updated
Tests added
Integration tests added to GitLab QA
Equivalent MR/issue for the GitLab Chart opened

Closes #5793

Merge request reports

Assignee

Reviewers

Request review from

Time tracking