diff --git a/Changelog.md b/Changelog.md
index 79c66677..fac9a200 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,6 +1,7 @@
 # Changelog
 
 **latest**
+- plug bash vulnerability by switching to dash shell
 - automatically run the `gitlab:setup` rake task for new installs
 
 **7.3.1**
diff --git a/assets/setup/install b/assets/setup/install
index f40bd10e..1b1d700f 100755
--- a/assets/setup/install
+++ b/assets/setup/install
@@ -27,6 +27,7 @@ rm -rf /etc/ssh/ssh_host_*_key /etc/ssh/ssh_host_*_key.pub
 # add git user
 adduser --disabled-login --gecos 'GitLab' git
 passwd -d git
+chsh -s /bin/dash git
 
 rm -rf /home/git/.ssh
 sudo -u git -H mkdir -p ${GITLAB_DATA_DIR}/.ssh