• @solrize
    link
    388 months ago

    Somehow they let attackers send themselves password reset links to arbitrary Gitlab accounts, apparently. Not good.