| Age | Commit message (Collapse) | Author |
|---|
|
Use image proxy to mitigate stealing ip addresses
Closes #2812
See merge request gitlab/gitlabhq!2926
|
|
DNS Rebind SSRF in Kubernetes Integration
See merge request gitlab/gitlabhq!3345
|
|
User images and videos will get proxied through
the Camo server in order to keep malicious
sites from collecting the IP address of users.
|
|
|
|
Kubeclient uses rest-client. We hack into to access the net/http object
so that we can patch to connect to the resolved IP + set
hostname_override.
Add specs for discord. The discord integration also uses rest-client, so
since we patched rest-client, spec that the DNS rebinding protection
works
|
|
- Add mail interceptor the signs outgoing email with SMIME
- Add lib and helpers to work with SMIME data
- New configuration params for setting up SMIME key and cert files
|
|
The circuit breaker itself got removed a while ago, when that happened
some parts got left behind. Using grep old stale settings and
validations were found and are now removed.
|
|
Storing this key in secrets.yml was a bad idea,
it would require users using HA setups to manually
replicate secrets across nodes during update,
it also needed support from omnibus package
* Revert "Generate Let's Encrypt private key"
This reverts commit 444959bfa0b79e827a2a1a7a314acac19390f976.
* Add Let's Encrypt private key to settings
as encrypted attribute
* Generate Let's Encrypt private key
in database migration
|
|
|
|
|
|
|
|
Because this could potentially load a model and we shouldn't
load models before all the patches we have in places.
|
|
Updates specs to use new rails5 format.
The old format:
`get :show, { some: params }, { some: headers }`
The new format:
`get :show, params: { some: params }, headers: { some: headers }`
|
|
This reverts commit 3560b11922fd180eea5cafd0e763e0e601c5c4ee.
|
|
This changes `correlation_id` to be `correlation-id` when passed via jobs
|
|
The Correlation ID is taken or generated from received X-Request-ID.
Then it is being passed to all executed services (sidekiq workers
or gitaly calls).
The Correlation ID is logged in all structured logs as `correlation_id`.
|
|
If the EncryptColumns background migration runs in a sidekiq with a
stale view of the database schema, or when the purported destination
columns don't actually exist, data loss can result. Attempt to work
around these issues by reloading schema information before running
the migration, and raising errors if the model reports that any of its
source or destination columns are missing.
|
|
Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>
|
|
|
|
|
|
|
|
|
|
Upgrade to Ruby 2.4.4
See merge request gitlab-org/gitlab-ce!19055
|
|
This gem (https://gitlab.com/gitlab-org/grape-path-helpers) makes a number of changes:
1. Brings in @mdelaossa's changes in https://github.com/reprah/grape-route-helpers/pull/21
2. Fixes some broken specs and code for Grape 1.0+
3. Optimizes the generation of paths by bringing in @dblessing's
HashWithIndifferentAccess changes in https://gitlab.com/gitlab-org/gitlab-ce/issues/45718#note_70123793
Closes #45718
|
|
Fixes that make this work:
* A change in Ruby (https://github.com/ruby/ruby/commit/ce635262f53b760284d56bb1027baebaaec175d1)
requires passing in the exact required length for OpenSSL keys and IVs.
* Ensure the secrets.yml is generated before any prepended modules are
loaded. This is done by renaming the `secret_token.rb` initializer to
`01_secret_token.rb`, which is a bit ugly but involves the least impact on
other files.
|
|
Given the settings initializer creates Gitaly Storage Settings objects
already, the calls to path can be moved to that initializer.
|
|
|
|
|
|
Bring Object Storage to CE
Closes #4171, #4163, #3370, #2841, and #29203
See merge request gitlab-org/gitlab-ce!17358
|
|
|
|
Resolve ""Support private HTTPS urls for object storage""
Closes #4879
See merge request gitlab-org/gitlab-ee!4475
|
|
Bringing in https://github.com/reprah/grape-route-helpers/pull/21 as a
monkey patch since the grape-route-helpers project seems to be abandoned
|
|
If using gravatar.com, both plain_url and ssl_url in settings are now
served via HTTPS. Make this the default.
|
|
|
|
|
|
Instead of from the configuration file
|
|
|
|
Closes #37789
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
|
services: true, no_db: true, api: true
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
|
|
|
This instrumentation isn't needed strictly for performance measurements, but
just to see which controller actions call this method at all. See
<https://gitlab.com/gitlab-org/gitlab-ce/issues/30224#note_32306159> for more
details.
|
|
|
|
Besides improving the error message to specify what exactly you
need to do to solve the error, we now don't skip all storage
validations on the test environment, so that you also get a nice error
message if you're running tests. Now if conditions are met to skip
valitaions (test env or env variable) we still make sure the settings
_look_ sane, we just skip verifying the paths exists and meet the given
conditions.
|
|
Update storage settings to allow extra values per shard
See merge request !9597
|
|
|
