This is a heads up to the developers.  

We've recently begun performing vulnerability scans / pen tests of gitlab 
to ensure our instance of it is secure.   FYI, it holds up fairly well. 
 That said, we recently froze our GL instance because our MySQL box ran out 
of processes.  It took a bit, but we realized ultimately that the pen 
tests, which were intentionally abusing GL, were leaving ~30 sleeping 
processes behind.   I would love to get to the bottom of this, but we are 
not Ruby developers so i figured someone at GitLab would be much better 
suited to address this.  i imagine you could use any online resource to run 
similar pen tests to see where the sleeping processes might be coming from. 
 One good resource is OWASP.  Another 
is https://pentest-tools.com/vulnerability-scanning/web-server-scanner-nikto.

Cord

-- 
You received this message because you are subscribed to the Google Groups 
"GitLab" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/gitlabhq/fd7a5d1f-1ebf-4137-8e3e-c6094ba9b00e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to