GitLab has issued security updates for its Community and Enterprise Editions to address critical vulnerabilities, including a zero-click account hijacking flaw (CVE-2023-7028) that allows attackers to take over accounts without user interaction. The flaw affects versions 16.1 to 16.7 and could lead to the compromise of proprietary code and sensitive data. Other vulnerabilities include the abuse of Slack/Mattermost integrations and bypassing CODEOWNERS approval. Users are strongly advised to update their installations as soon as possible.
GitLab has released security updates to address two critical vulnerabilities, including one that could lead to account takeover without user interaction. The flaw, tracked as CVE-2023-7028, affects self-managed instances of GitLab Community Edition and Enterprise Edition. Another critical flaw (CVE-2023-5356) was also patched, allowing a user to abuse Slack/Mattermost integrations. Users are advised to upgrade to the patched version as soon as possible and enable 2FA, especially for those with elevated privileges.
As AI becomes increasingly integral to software development, organizations and DevSecOps leaders must proactively address four global trends in AI, including increased use in code testing, threats to IP ownership and privacy, AI bias, and growing reliance on AI technologies. Embracing AI will become standard across all industries, requiring a strategic shift in software development governance and continuous learning in AI technologies. As AI becomes more sophisticated, companies must navigate ethical implications and societal impacts of their AI-driven solutions.
GitLab Inc reported a 32% year-over-year increase in quarterly revenue, reaching $149.7 million. The company achieved a non-GAAP net income per share of $0.09 and saw strong customer growth, with a 26% increase in customers contributing more than $5,000 in ARR and a 37% increase in customers with more than $100,000 in ARR. GitLab Inc expects revenue for the fourth quarter and fiscal year 2024 to be between $157.0 million to $158.0 million and $573.0 million to $574.0 million, respectively. The company continues to focus on expanding its customer base and enhancing its DevSecOps platform.
