For users running GitLab versions older than 16.2, it is crucial to ensure that both “Direct transfers” and “Security policies” are not simultaneously enabled, as this configuration leaves the endpoint vulnerable. The advisory explicitly recommends having only one of these features activated at any given time.
To apply the necessary security update, users can access GitLab Runner packages from the official website, ensuring their GitLab instance is promptly protected from this high-severity vulnerability.
