Age | Commit message (Collapse) | Author |
|
Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>
|
|
|
|
Use image proxy to mitigate stealing ip addresses
Closes #2812
See merge request gitlab/gitlabhq!2926
|
|
Add direct upload support for personal snippets
See merge request gitlab/gitlabhq!3226
|
|
Require a captcha after unique failed logins from the same IP
See merge request gitlab/gitlabhq!3270
|
|
DNS Rebind SSRF in Kubernetes Integration
See merge request gitlab/gitlabhq!3345
|
|
Add custom endpoint for new registrations
See merge request gitlab-org/gitlab-ce!32233
|
|
This is the same as gitlab-shell's default. This is to ensure
that it's always set.
It needs to be the same as gitlab-shell's default because we
don't set a default value in omnibus-gitlab. If users don't
set the value of that config in their install and they upgraded,
we must ensure that it's still going to point to the same
authorized keys file.
|
|
Add warnings to performance bar response
See merge request gitlab-org/gitlab-ce!31054
|
|
This key is useful to reduce the amount of logic needed on the frontend:
if `has_warnings` is true, then the frontend knows that the request in
question has warnings for some metric.
|
|
|
|
(cherry picked from commit 897a9d308db46b620b738b98f2b0e5630ac7d2dd)
|
|
allow_bypass_two_factor configration dose not work with saml provider
|
|
|
|
|
|
User images and videos will get proxied through
the Camo server in order to keep malicious
sites from collecting the IP address of users.
|
|
Remove the visual review toolbar code
in favor of using the NPM package.
|
|
This change adds Distributed Tracing support for two new types of events
1. Redis Calls
1. ActiveSupport (Rails) Caching Operations
The intention is to help application developers and infrastructure
SREs to understand the pressure that caching operations can have on
the application when running at scale.
The Redis and Caching spans can be viewed in the Jaeger UI by clicking
the "Trace" link in the performance bar when running on GDK.
|
|
|
|
Fix "ERR value is not an integer or out of range" errors
Closes #66449
See merge request gitlab-org/gitlab-ce!32126
|
|
`ActiveSupport::Cache::RedisCacheStore` is not compatible with the
version of Rack Attack we are using (v4.4.1) per
https://github.com/kickstarter/rack-attack/issues/281. Users that had
rate limits enabled might see `Redis::CommandError: ERR value is not an
integer or out of range` because the `raw` parameter wasn't passed along
properly. As a result, the Rack Attack entry would be stored as an
`ActiveSupport::Cache::Entry` instead of a raw string holding an integer
value.
Let's partially revert the change in
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30966 to use the
original cache store until we can update to Rack Attack v5.2.3 that has
support for `ActiveSupport::Cache::RedisCacheStore` via
https://github.com/kickstarter/rack-attack/pull/350.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66449
|
|
This enables CSP in dev and CI
|
|
Fix typo in Content Security Policy example
See merge request gitlab-org/gitlab-ce!32103
|
|
|
|
|
|
feat: smime signed notification emails
See merge request gitlab-org/gitlab-ce!30644
|
|
Port of EE "Elasticsearch versioned schema for other ActiveRecord models"
See merge request gitlab-org/gitlab-ce!31660
|
|
Allow to interrupt running sidekiq jobs
See merge request gitlab-org/gitlab-ce!31818
|
|
Adds a time series component for line and area charts.
Displays new charts in the dashboard.
- Use dynamic components for line/area swapping
- Add new line charts to dashboard in 2 panels
|
|
Transform `CancelledError` into `JobRetry::Skip`
|
|
This makes:
- very shallow `Middleware::Monitor` to only request tracking
of sidekiq jobs,
- `SidekiqStatus::Monitor` to be responsible to maintain persistent
connection to receive messages,
- `SidekiqStatus::Monitor` to always use structured logging
and instance variables
|
|
This adds a middleware to track all threads
for running jobs.
This makes sidekiq to watch for redis-delivered notifications.
This makes be able to send notification to interrupt
running sidekiq jobs.
This does not take into account any native code,
as `Thread.raise` generates exception once the control gets
back to Ruby.
The separate measure should be taken to interrupt gRPC, shellouts,
or anything else that escapes Ruby.
|
|
Doc for multi-indices archtecture
|
|
|
|
Kubeclient uses rest-client. We hack into to access the net/http object
so that we can patch to connect to the resolved IP + set
hostname_override.
Add specs for discord. The discord integration also uses rest-client, so
since we patched rest-client, spec that the DNS rebinding protection
works
|
|
Previously we asked a user to enter a new slug before taking them to
the Create Page page.
As a UX improvement, we now take them to a randomly generated URI so
they can begin creating their new page.
https://gitlab.com/gitlab-org/gitlab-ce/issues/46299
|
|
Current `auth.log` uses `fullpath` and `ip`, while `api_json.log` uses
`remote_ip` and `path` for the same fields. Let's standardize these
namings to make it easier for people working with the data.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66167
|
|
- Add mail interceptor the signs outgoing email with SMIME
- Add lib and helpers to work with SMIME data
- New configuration params for setting up SMIME key and cert files
|
|
|
|
|
|
Update qa/Dockerfile to be built from the project root context
See merge request gitlab-org/gitlab-ce!31533
|
|
After moving the multiproc dir cleanup into `config.ru`:`warmup`, we
stopped cleaning Sidekiq metrics dir which is not correct.
This MR intended to fix that. More details:
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/31668
|
|
For the QA tests to use the new injection methods, we must require the
initializer and ensure that the "constantize" method is available.
|
|
'47003-user-onboarding-replace-current-email-confirmation-flow-with-a-soft-email-confirmation-flow' into 'master'
Soft email confirmation flow
Closes #47003
See merge request gitlab-org/gitlab-ce!31245
|
|
Resolve "Multi selection for delete on registry page"
Closes #24705
See merge request gitlab-org/gitlab-ce!30837
|
|
Remove duplicate -/users/terms routes
See merge request gitlab-org/gitlab-ce!31812
|
|
CE-specific changes for:
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/15129
Co-Authored-By: Alex Kalderimis <akalderimis@gitlab.com>
Co-Authored-By: Luke Duncalfe <lduncalfe@eml.cc>
|
|
'46548-open-source-alternative-to-recaptcha-for-gitlab-com-registration' into 'master'
Open source alternative to reCAPTCHA for GitLab.com registration
See merge request gitlab-org/gitlab-ce!31625
|
|
Elasticsearch versioned schema for Snippet
See merge request gitlab-org/gitlab-ce!31465
|
|
|