Over 5,300 GitLab servers exposed to zero-click account takeover attacks

Nemeski@lemm.ee to Technology@lemmy.world – 353 points –
bleepingcomputer.com
47

You are viewing a single comment

bruh, feels like gitlab has security update every other day, it's some bullshit even for a project this size. And who knows how many 0-days are around.

I’ve been hanging a version back for a while now. Although my instance isn’t public, it’s ridiculous how many CVEs I have dodged by not updating. SolarWinds all over again.

And their license cost increases at almost the same rate.

No it doesn't. Gitlab's pricing has been pretty stable, with one increase in the premium tier in the past six years ($19 --> $29 per user per month).

There were more increases, they just changed the tier names and billing terms, so it's somewhat hard to find historical information of previous prices. Our company ditched it after the 52% increase in 2023, especially because we were still adjusting to the price increase from 2021, which for us was $6 per user per month. I think in 2018 or 2019 it was $3 per user per month, so there must have been another increase that happened between 2018 and 2021. This was all for self hosted, so we had the additional cost of hardware and to maintain the services.

I really wanted to support GitLab, but the price simply became too much to justify.