Merge branch 'CVE-2014-3483' into 'master'

CVE-2014-3483

Merge branch 'CVE-2014-3483' into 'master'
773c3a24 · Sytse Sijbrandij · 179cb09e · 5867faf2 · 773c3a24
Commit 773c3a24 authored 10 years ago by Sytse Sijbrandij
--- a/source/_posts/2014-07-03-gitlab-not-affected-by-cve-2014-3483.markdown
+++ b/source/_posts/2014-07-03-gitlab-not-affected-by-cve-2014-3483.markdown
+---
+layout: post
+title: "GitLab not affected by Rails vulnerability CVE-2014-3483"
+date: 2014-07-03 13:55
+comments: true
+categories:
+author: Jacob Vosmaer
+---
+
+Yesterday the developers of Ruby on Rails released a [security advisory for SQL injection vulnerability CVE-2014-3483](https://groups.google.com/forum/#!topic/rubyonrails-security/wDxePLJGZdI).
+GitLab is not affected by this vulnerability.
+
+## Background
+
+CVE-2014-3483 affects applications which use PostgreSQL [bitstring](http://www.postgresql.org/docs/9.2/static/datatype-bit.html) or [range](http://www.postgresql.org/docs/9.2/static/rangetypes.html) types in their database schema.
+GitLab uses neither of these types in its database schema.
+
+Please contact us at support@gitlab.com if you have any questions about this issue.