|
|
|
|
|
|
by EdOverflow
3052 days ago
|
|
|
Unfortunately, I cannot disclose any further details until GitLab give me permission to do so. All that I can say is that GitLab has certain features for custom domains that GitHub does not have. I plan on publishing a technical write-up once everything has been resolved. |
|
|
Looking over how GitLab handles setting up custom domains[1], it's pretty clear they were affected by that. I thought it was pretty much decided that's more a problem with the Baseline Requirements than with individual service providers like GitLab though. Mozilla even went so far as to forbid CAs from using two of the Baseline Requirement validation methods as a result of that vulnerability[2]. Assuming the CAs comply this shouldn't be an issue anymore, right?
Or were you referring to something else?
[1]: https://docs.gitlab.com//ce/user/project/pages/introduction....
[2]: https://groups.google.com/d/msg/mozilla.dev.security.policy/...