The latest version of GitLab contains an urgent security update:
RCE in Gitlab Wiki API
The wiki API contained an input validation issue which resulted in remote code execution. The issue is now mitigated in the latest release and is assigned CVE-2018-18649.
I have just updated https://git.coop/ and I’m posting this here in case the other co-ops which run their own GitLab servers haven’t seen this.