# From 5.3 to 5.4 ## Notice Security vulnerabilities CVE-2013-4490 and CVE-2013-4489 have been patched in the latest version of GitLab 5.4. ### 0. Backup It's useful to make a backup just in case things go south: (With MySQL, this may require granting "LOCK TABLES" privileges to the GitLab user on the database version) ```bash cd /home/git/gitlab sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production ``` ### 1. Stop server sudo service gitlab stop ### 2. Get latest code ```bash cd /home/git/gitlab sudo -u git -H git fetch sudo -u git -H git checkout 5-4-stable # Latest version of 5-4-stable addresses CVE-2013-4489 ``` ### 3. Update gitlab-shell ```bash cd /home/git/gitlab-shell sudo -u git -H git fetch sudo -u git -H git checkout v1.7.4 # Addresses CVE-2013-4490 ``` ### 4. Install libs, migrations, etc. ```bash cd /home/git/gitlab # MySQL sudo -u git -H bundle install --without development test postgres --deployment #PostgreSQL sudo -u git -H bundle install --without development test mysql --deployment sudo -u git -H bundle exec rake db:migrate RAILS_ENV=production sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production ``` ### 5. Update config files * Make `/home/git/gitlab/config/gitlab.yml` same as https://github.com/gitlabhq/gitlabhq/blob/5-4-stable/config/gitlab.yml.example but with your settings. * Make `/home/git/gitlab/config/puma.rb` same as https://github.com/gitlabhq/gitlabhq/blob/5-4-stable/config/puma.rb.example but with your settings. ### 6. Update Init script ```bash sudo rm /etc/init.d/gitlab sudo curl --output /etc/init.d/gitlab https://raw.github.com/gitlabhq/gitlabhq/5-4-stable/lib/support/init.d/gitlab sudo chmod +x /etc/init.d/gitlab ``` ### 7. Start application sudo service gitlab start sudo service nginx restart ### 8. Check application status Check if GitLab and its environment are configured correctly: sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production To make sure you didn't miss anything run a more thorough check with: sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production If all items are green, then congratulations upgrade complete! ## Things went south? Revert to previous version (5.3) ### 1. Revert the code to the previous version Follow the [`upgrade guide from 5.2 to 5.3`](5.2-to-5.3.md), except for the database migration (The backup is already migrated to the previous version) ### 2. Restore from the backup: ```bash cd /home/git/gitlab sudo -u git -H bundle exec rake gitlab:backup:restore RAILS_ENV=production ```