[Adminsysters] Debug gitlab

mara mara at multiplace.org
Fri Jan 21 12:22:02 CET 2022


hi

On 1/21/22 12:49, ignifugo wrote:
> 
> I mentioned this vulnerability:
> 
> https://en.wikipedia.org/wiki/Log4Shell  that affect Java just from the 
> 9 of dicember and patched on .  this the 
> https://www.lunasec.io/docs/blog/log4j-zero-day/#exploit-requirements
> 
> Because in that suspicious url that you linked, thare was the logo of 
> apache tomcat, that was one of the app hit by log4Shell.

we are in an afni session with ooooo now.
we found this vulnerability with the gitlab version we are using related 
to workhorse (the proxy that connects apache to gitlab service):
https://hits.medicine.umich.edu/news/alert-update-gitlab-address-workhorse-vulnerability

we decided to keep gitlab down until more of us meet again and upgrade it.
but also, by keeping it down we can check if our network will be 
relieved today.
basically we follow ignifugo's suggestion of checking one service at a time.

let's see what mur has to tell tomorrow.
as we need to focus on the privacy panel for next tuesday,
we could look into gitlab after tuesday the 25th.

m


More information about the Adminsysters mailing list