outdated gitlab version #1
Comments
|
From @ocdtrekkie on July 30, 2018 0:24 @PalinuroSec David isn't currently maintaining the Sandstorm packages under his username, but if anyone is interested in packaging an updated version, we can usually get ahold of the publishing keys, and help get through the process of publishing an updated package. (And usually, updating a package is mostly straightforward, you take the newer version of the app, and make the same Sandstorm-specific modifications.) As a note though, Sandstorm apps tend to have drastically reduced attack surface, the majority of vulnerabilities apps have are not functionally useful on Sandstorm. Since Sandstorm will not permit a user access to a grain they don't have permission for, for example, Sandstorm grains not shared with anyone are nearly completely secure. For grains you have shared, the greatest potential vulnerability is generally that someone who has access at some level (say, read-only access) to elevate their privilege within that particularly grain. |
|
From @JamborJan on July 31, 2018 12:42 Hey guys, as I'm using the sandstorm gitlab port a lot, I'm very interested in an updated version too and I will take a look at it. I've done that with other apps too, so I hope I'm capable to update gitlab. I hope to be able to work on this very quickly. Stay tuned! |
|
Hey @ocdtrekkie, can you help us to get the keys to build the app? It’s not yet irgend as I need to start first to work on that. But for testing purposes it would be good to be able to build the app. We can exchange the key via Keybase. |
|
Yeah, I can try to either reach out to David directly or get Kenton to since he has more contact methods. For now, I'd go ahead and do your re-keying thing though. |
|
FYI: I was able to start working on that. I'll hope to make some progress next week. Will let you know asap when there is something ready to test. |
|
Hey guys, again a short update: the app is really complex and has a lot of dependencies. I now know why there has been no update: it's super time consuming. I currently try to figure out a better way to build the app and to make updates more easy and thus more frequent. Thanks for your patience and please let me know if there are any questions or if you can contribute with any expertise, know-how, ideas etc. |
|
Hello, Just wanna see any update on this? |
|
Unfortunately this definitely stalled out. Kinda hoping someone will take it on again at some point. Both our Gogs and GitWeb packages are newer releases. |
From @PalinuroSec on July 29, 2018 22:35
gitlab-ce 11 is out, while the version in the sandstorm store is the old (and vulnerable) 8.7 which was released more than two years ago.
is it possible to have an updated version released?
Copied from original issue: dwrensha/gitlab-sandstorm#29
The text was updated successfully, but these errors were encountered: