diff options
author | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-25 12:11:33 +0000 |
---|---|---|
committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-25 12:11:33 +0000 |
commit | e8ec4b96967cc78597e309f162801b3bb2eabac0 (patch) | |
tree | 4b4335892857fd3e18aa92c732ade957885c30b3 | |
parent | 8808f1d917dc9eea59471386881b96038881c236 (diff) | |
parent | 446a1da00e9cee53c91b06763f5b3992c21a7c9f (diff) | |
download | gitlab-ce-e8ec4b96967cc78597e309f162801b3bb2eabac0.tar.gz |
Merge branch 'security-2780-disable-git-v2-protocol' into 'master'
[master] Disable git v2 protocol temporarily
Closes #2780
See merge request gitlab/gitlabhq!2827
-rw-r--r-- | GITALY_SERVER_VERSION | 2 | ||||
-rw-r--r-- | changelogs/unreleased/security-2780-disable-git-v2-protocol.yml | 5 | ||||
-rw-r--r-- | doc/administration/git_protocol.md | 7 |
3 files changed, 13 insertions, 1 deletions
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index cd99d386a8d..63e799cf451 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -1.14.0
\ No newline at end of file +1.14.1 diff --git a/changelogs/unreleased/security-2780-disable-git-v2-protocol.yml b/changelogs/unreleased/security-2780-disable-git-v2-protocol.yml new file mode 100644 index 00000000000..30a08a98e83 --- /dev/null +++ b/changelogs/unreleased/security-2780-disable-git-v2-protocol.yml @@ -0,0 +1,5 @@ +--- +title: Disable git v2 protocol temporarily +merge_request: +author: +type: security diff --git a/doc/administration/git_protocol.md b/doc/administration/git_protocol.md index 341a00009e5..11b2adeeeb8 100644 --- a/doc/administration/git_protocol.md +++ b/doc/administration/git_protocol.md @@ -5,6 +5,13 @@ description: "Set and configure Git protocol v2" # Configuring Git Protocol v2 > [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/46555) in GitLab 11.4. +> [Temporarily disabled](https://gitlab.com/gitlab-org/gitlab-ce/issues/55769) in GitLab 11.5.8, 11.6.6, 11.7.1, and 11.8+ + +NOTE: **Note:** +Git protocol v2 support has been [temporarily disabled](https://gitlab.com/gitlab-org/gitlab-ce/issues/55769), +as a feature used to hide certain internal references does not function when it +is enabled, and this has a security impact. Once this problem has been resolved, +protocol v2 support will be re-enabled. Git protocol v2 improves the v1 wire protocol in several ways and is enabled by default in GitLab for HTTP requests. In order to enable SSH, |