GitLab 5.1 is affected by critical security vulnerability CVE-2013-4490.
unicorn
replaced withpuma
- merge request cached diff will be truncated
sudo service gitlab stop
cd /home/git/gitlab
sudo -u git -H git fetch
sudo -u git -H git checkout 5-1-stable
cd /home/git/gitlab-shell
sudo -u git -H git fetch
sudo -u git -H git checkout v1.3.0
# replace your old config with the new one
sudo -u git -H mv config.yml config.yml.old
sudo -u git -H cp config.yml.example config.yml
# edit options to match old config
sudo -u git -H vi config.yml
cd /home/git/gitlab
sudo rm tmp/sockets/gitlab.socket
sudo -u git -H cp config/puma.rb.example config/puma.rb
sudo -u git -H bundle install --without development test postgres --deployment
sudo -u git -H bundle exec rake db:migrate RAILS_ENV=production
sudo -u git -H bundle exec rake migrate_merge_requests RAILS_ENV=production
sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production
# init.d
sudo rm /etc/init.d/gitlab
sudo curl --output /etc/init.d/gitlab https://raw.github.com/gitlabhq/gitlab-recipes/5-1-stable/init.d/gitlab
sudo chmod +x /etc/init.d/gitlab
Only if you are using mysql:
mysql -u root -p
mysql> GRANT LOCK TABLES ON `gitlabhq_production`.* TO 'gitlab'@'localhost';
mysql> \q
sudo service gitlab start