GitLab again asked users to verify their email address. The service fixed a vulnerability that allowed to bypass email verification. Therefore, email addresses have been reset as a precaution.
GitLab has sent an email to an unknown number of users. It states that users must re-verify their email address before they can continue to use GitLab.
GitLab refers in the mail to a leak that has been previously repaired. CVE-2020-13265 is a vulnerability that could bypass email verification. That vulnerability was addressed in GitLab version 13.0.1.
It is not clear why GitLab has now sent the mail again. The company already did that in June , and is now again referring to the same issue where users can also leave comments. GitLab says that only users with a verified second email address have received the email.