TurnKey GitLab was vulnerable to CVE-2016-4340. Privilege escalation via "impersonate" feature. We fixed the app but existing deployments require manual update:

https://www.turnkeylinux.org/blog/gitlab-privilege-escalation

TurnKey Magento IS NOT vulnerable to CVE-2016-4010 remote PHP code execution

https://www.turnkeylinux.org/blog/magento-remote-code-execution

v14.1 Maintenance release:

https://www.turnkeylinux.org/blog/14.1-bugfixes-maintenance-and-more

New MediaServer app by Jonathan Struebel:

https://www.turnkeylinux.org/mediaserver

In non-TurnKey related news: Binary options scam - hundreds of thousands are being defrauded by sophisticated online organized crime rings and there's something we can do about it:

https://www.turnkeylinux.org/blog/binary-options-scam

Cheers,
Liraz Siri
TurnKey GNU/Linux
GnuPG KeyID: 0xB06780D9
Fingerprint: 1B4D 4827 A06E 440F 74B8 8334 6DEC 96D3 B067 80D9
Cell: +972 54-201-3512