This is a heads up to the developers. We've recently begun performing vulnerability scans / pen tests of gitlab to ensure our instance of it is secure. FYI, it holds up fairly well. That said, we recently froze our GL instance because our MySQL box ran out of processes. It took a bit, but we realized ultimately that the pen tests, which were intentionally abusing GL, were leaving ~30 sleeping processes behind. I would love to get to the bottom of this, but we are not Ruby developers so i figured someone at GitLab would be much better suited to address this. i imagine you could use any online resource to run similar pen tests to see where the sleeping processes might be coming from. One good resource is OWASP. Another is https://pentest-tools.com/vulnerability-scanning/web-server-scanner-nikto.
Cord -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/gitlabhq/fd7a5d1f-1ebf-4137-8e3e-c6094ba9b00e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
