Today we are releasing versions 16.11.1, 16.10.4, 16.9.6 for GitLab Community Edition (CE) and Enterprise Edition (EE).

These versions contain important security fixes and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately. You can see details in this patch release blog post.

On 2024-04-24, GitLab changed the way Bitbucket authentication works with GitLab. To continue using Bitbucket Authentication, please sign in to GitLab with your Bitbucket account credentials, before 2024-05-16.

If you do not sign into GitLab using your Bitbucket account until after 2024-05-16, you will need to re-link your Bitbucket account to your GitLab account manually. For some users, signing in to GitLab using their Bitbucket account may not work after this fix is applied. If this happens to you, your Bitbucket and GitLab accounts have different email addresses. To resolve this, you must log in to your GitLab account and re-link your Bitbucket account.

Please forward this alert to appropriate people at your organization and have them subscribe to Security Notices. You can also receive security blog updates by subscribing to our patch release RSS feed or our RSS feed for all GitLab releases.

GitLab releases fixes for vulnerabilities in dedicated patch releases. There are two types of patch releases: scheduled releases, and ad-hoc critical patches for high-severity vulnerabilities. Scheduled releases are released twice a month on the second and fourth Wednesdays. For more information, you can visit our security FAQ.

You can see all of GitLab release blog posts here.

Sincerely,
GitLab Security Team