@paresh_parmar discovered an error page that was disclosing the value of the `secret_key_base` key of customers.gitlab.com to unauthenticated users, which would have allowed an attacker to arbitrarily decrypt signed cookies.