---
title: "GitLab not affected by Rails vulnerability CVE-2014-7818"
date: 2014-10-31
categories: company
author: Jacob Vosmaer
---

Yesterday the developers of Ruby on Rails released a [security advisory for file existence disclosure vulnerability CVE-2014-7818](https://groups.google.com/d/msg/rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ).
GitLab is not affected by this vulnerability.

<!-- more -->

## Background

CVE-2014-7818 affects Rails applications which have the `config.serve_static_assets = true` setting.
GitLab is shipped with `config.serve_static_assets` set to `false` in `config/environments/production.rb` because it lets NGINX (or Apache) serve static files.

Please contact us at support@gitlab.com if you have any questions about this issue.