Update: Seems to be real https://news.ycombinator.com/item?id=11587416
I received this message on Wednesday, April 27, 2016 7:35 PM. Couldn't find anything about it on Gitlab's Blog or Twitter so I asked for clarification here: https://twitter.com/tehwey/status/725612585886842880
Anyone else got one of these, maybe to an address that's exclusively used on Gitlab? There also seems to be a huge spam issue going on in their issue tracker right now:
https://gitlab.com/gitlab-org/gitlab-ce/issues?page=5&scope=all&sort=id_desc&state=opened
We have discovered a critical security issue in all GitLab CE and EE versions from 8.2 to 8.7.
On Monday May 2, 2016 at 4:59pm PDT (23:59 GMT), we will publish new GitLab patch releases for all affected versions. We strongly recommend that all installations running a version mentioned above be upgraded as soon as possible after the release. Please forward this alert to the appropriate person at your organization and have them subscribe to Security Notices
The following versions are affected:
8.7.0
8.6.0 through 8.6.7
8.5.0 through 8.5.11
8.4.0 through 8.4.9
8.3.0 through 8.3.8
8.2.0 through 8.2.4
You ([email protected]) were sent this security alert because our records indicate you may use GitLab CE or EE. If we are mistaken, we apologize and kindly ask you to opt out of security alerts.
Return-Path: <[email protected]>
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
by sloti29t02 (Cyrus 3.0.0-beta2-git-fastmail-13357) with LMTPA;
Wed, 27 Apr 2016 13:35:52 -0400
X-Sieve: CMU Sieve 2.4
X-Spam-score: 0.0
X-Spam-hits: BAYES_00 -1.9, HTML_IMAGE_ONLY_20 1.546, HTML_MESSAGE 0.001,
RCVD_IN_DNSWL_NONE -0.0001, RP_MATCHES_RCVD -0.001, SPF_HELO_PASS -0.001,
SPF_PASS -0.001, LANGUAGES en, BAYES_USED user, SA_VERSION 3.3.2
X-Spam-source: IP='199.15.213.51', Host='potomac1051.mktomail.com', Country='US',
FromHeader='com', MailFrom='com'
X-Spam-charsets: plain='UTF-8', html='UTF-8'
X-Resolved-to: [email protected]
X-Delivered-to: [email protected]
X-Mail-from: [email protected]
Received: from mx4 ([10.202.2.203])
by compute5.internal (LMTPProxy); Wed, 27 Apr 2016 13:35:52 -0400
Received: from mx4.messagingengine.com (localhost [127.0.0.1])
by mx4.nyi.internal (Postfix) with ESMTP id 405E65C0FC4
for <[email protected]>; Wed, 27 Apr 2016 13:35:52 -0400 (EDT)
Received: from mx4.nyi.internal (localhost [127.0.0.1])
by mx4.messagingengine.com (Authentication Milter) with ESMTP
id ABD1458C1AA.0C2925C0F62;
Wed, 27 Apr 2016 13:35:52 -0400
Authentication-Results: mx4.messagingengine.com;
dkim=pass (1024-bit rsa key) header.d=gitlab.com [email protected] header.b=Beiwd8Dv;
dmarc=pass header.from=gitlab.com;
spf=pass smtp.mailfrom=194-VVC-221.0.2265.0.0.1792.7.3306229@potomac1050.mktomail.com smtp.helo=potomac1051.mktomail.com
Received-SPF: pass (potomac1050.mktomail.com: Sender is authorized to use '[email protected]' in 'mfrom' identity (mechanism 'include:mktomail.com' matched)) receiver=mx4.messagingengine.com; identity=mailfrom; envelope-from="[email protected]"; helo=potomac1051.mktomail.com; client-ip=199.15.213.51
Received: from potomac1051.mktomail.com (potomac1051.mktomail.com [199.15.213.51])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mx4.messagingengine.com (Postfix) with ESMTPS id 0C2925C0F62
for <[email protected]>; Wed, 27 Apr 2016 13:35:52 -0400 (EDT)
X-MSFBL: bWFpbEBub3RteWhvc3RuYS5tZUBkdnAtMTk5LTE1LTIxMy01MUBiZy1hYi0wMUAx
OTQtVlZDLTIyMTo2OTk6MjI2NTo1Mjk3OjA6MTc5Mjo3OjMzMDYyMjk=
Received: from [10.1.8.1] ([10.1.8.1:57051] helo=abmas02.marketo.org)
by abmta02.marketo.org (envelope-from <[email protected]>)
(ecelerity 3.6.8.47404 r(Core:3.6.8.0)) with ESMTP
id F7/C3-08010-678F0275; Wed, 27 Apr 2016 12:35:50 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1461778550;
s=m1; d=gitlab.com; [email protected];
h=Date:From:To:Subject:MIME-Version:Content-Type;
bh=Np8xqxQbPLnTKLkuAYU5No3SmoX4mz0hynuSVKTc4r8=;
b=Beiwd8DvHOCrsq1PsbwtkOrxWGSd8wdOm4VPE8jaklQeAq2iisj7EyDEz0frCod4
8tB2hkhY1zLN5G7UszdhAMJhxoKXdDR0M/JXeql46D6TrxxcIv7KssXq9N8WG8caUhd
BfmgFUhEfMpRxzURZxY+BkgqBzDyny+gpEtMqkcM=
Date: Wed, 27 Apr 2016 12:35:50 -0500 (CDT)
From: GitLab Security <[email protected]>
Reply-To: [email protected]
To: [email protected]
Message-ID: <1755089477.1819760797.1461778550878.JavaMail.root@abmas02.marketo.org>
Subject: Major Security Update Coming Monday
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_1819760796_447439993.1461778550878"
X-Binding: bg-ab-01
X-MarketoID: 194-VVC-221:699:2265:5297:0:1792:7:3306229
X-MktArchive: false
X-Mailfrom: [email protected]
X-MSYS-API: {"options":{"open_tracking":false,"click_tracking":false}}
X-MktMailDKIM: true
------=_Part_1819760796_447439993.1461778550878
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
We have discovered a critical security issue in all GitLab CE and EE versions from 8.2 to 8.7.
On Monday May 2, 2016 at 4:59pm PDT (23:59 GMT), we will publish new GitLab patch releases for all affected versions. We strongly recommend that all installations running a version mentioned above be upgraded as soon as possible after the release. Please forward this alert to the appropriate person at your organization and have them subscribe to Security Notices <http://email.gitlab.com/ZVwdh00cO0000S06N00BCVA>
The following versions are affected:
- 8.7.0
- 8.6.0 through 8.6.7
- 8.5.0 through 8.5.11
- 8.4.0 through 8.4.9
- 8.3.0 through 8.3.8
- 8.2.0 through 8.2.4
You ([email protected]) were sent this security alert because our records indicate you may use GitLab CE or EE. If we are mistaken, we apologize and kindly ask you to opt out of security alerts <http://email.gitlab.com/a0000B00SV0600dCOVwAdhO>.
------=_Part_1819760796_447439993.1461778550878
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<title></title>
</head>
<body ><div ><div class="mktEditable" id="edit_text_1" ><p style="font-family: helvetica, sans-serif; font-size: 14px;">We have discovered a critical security issue in all GitLab CE and EE versions from 8.2 to 8.7.<br /><br />On Monday May 2, 2016 at 4:59pm PDT (23:59 GMT), we will publish new GitLab patch releases for all affected versions. We strongly recommend that all installations running a version mentioned above be upgraded as soon as possible after the release. <strong>Please forward this alert to the appropriate person at your organization and have them subscribe to <a href=
"http://email.gitlab.com/ZVwdh00cO0000S06N00BCVA" target="_blank"
>Security Notices</a></strong><br /><br />The following versions are affected:</p>
<ul style="font-family: helvetica, sans-serif; font-size: 14px;">
<li>8.7.0<br /></li>
<li>8.6.0 through 8.6.7 <br /></li>
<li>8.5.0 through 8.5.11 <br /></li>
<li>8.4.0 through 8.4.9 <br /></li>
<li>8.3.0 through 8.3.8 <br /></li>
<li>8.2.0 through 8.2.4 </li>
</ul>
<p style="font-family: helvetica, sans-serif; font-size: 14px;">You ([email protected]) were sent this security alert because our records indicate you may use GitLab CE or EE. If we are mistaken, we apologize and kindly ask you to <a href=
"http://email.gitlab.com/a0000B00SV0600dCOVwAdhO" target="_blank"
>opt out of security alerts</a>.</p></div>
</div>
<img src="http://email.gitlab.com/trk?t=1&mid=MTk0LVZWQy0yMjE6Njk5OjIyNjU6NTI5NzowOjE3OTI6NzozMzA2MjI5Om1haWxAbm90bXlob3N0bmEubWU%3D" width="1" height="1" style="display:none !important;" alt="" />
</body>
</html>
------=_Part_1819760796_447439993.1461778550878--
I recently also received a similar email not from Gitlab but seemingly from Lenovo. I was initially fooled thinking that it was directly from Lenovo.. but if you check the header carefully, you will notice that its actually probably coming from
abas2.marketo.orgwhich is posing asgitlab. If you search onlinemarketois a legit company. My guess is that Gitlab has hired marketo for marketing purposes.. so thats why they can use the Gitlab email address in thefromfield?