[Adminsysters] Debug gitlab
mara
mara at multiplace.org
Fri Jan 21 12:22:02 CET 2022
hi
On 1/21/22 12:49, ignifugo wrote:
>
> I mentioned this vulnerability:
>
> https://en.wikipedia.org/wiki/Log4Shell that affect Java just from the
> 9 of dicember and patched on . this the
> https://www.lunasec.io/docs/blog/log4j-zero-day/#exploit-requirements
>
> Because in that suspicious url that you linked, thare was the logo of
> apache tomcat, that was one of the app hit by log4Shell.
we are in an afni session with ooooo now.
we found this vulnerability with the gitlab version we are using related
to workhorse (the proxy that connects apache to gitlab service):
https://hits.medicine.umich.edu/news/alert-update-gitlab-address-workhorse-vulnerability
we decided to keep gitlab down until more of us meet again and upgrade it.
but also, by keeping it down we can check if our network will be
relieved today.
basically we follow ignifugo's suggestion of checking one service at a time.
let's see what mur has to tell tomorrow.
as we need to focus on the privacy panel for next tuesday,
we could look into gitlab after tuesday the 25th.
m
More information about the Adminsysters
mailing list