Developers with GitLab fixed a critical vulnerability in the open source repository manager that could have allowed the theft of application files, tokens, or secrets.