---
title: "GitLab 7.2.1 Security Release"
date: 2014-08-28
categories: releases
author: Jacob Vosmaer
---

Today we released GitLab Community Edition 7.2.1 and GitLab Enterprise Edition
7.2.1. This is a security release which remedies an XSS vulnerability in
GitLab. In addition to this 7.2.1 makes the [tag-to-label migration for users
upgrading from GitLab 7.1 and earlier more
robust](https://github.com/gitlabhq/gitlabhq/issues/7571).

## Affected versions

This XSS vulnerability affects GitLab 7.2.0 and earlier.

## Impact

The vulnerability patched by this release allows an attacker to carry out a
cross-site scripting (XSS) attack against users with a session on an affected
GitLab server. In order to exploit this vulnerability, the attacker needs to
have commit access to a repository on the affected GitLab server.

## Upgrading

Omnibus-gitlab packages for GitLab 7.2.1 are [now
available](/install/). To upgrade an installation
from source please use the
[upgrader](http://doc.gitlab.com/ce/update/upgrader.html) or the [patch update
guide](http://doc.gitlab.com/ce/update/patch_versions.html).

## Acknowledgments

We would like to thank [Jakub Zoczek](http://zoczus.blogspot.com/) for his
responsible disclosure of this issue to us.

_Update 2014-08-28 18:02 CEST:_ Add affected version and acknowledgments.

_Update 2014-08-28 18:07 CEST:_ Add link to GitHub issue for the label migration.