Merge branch 'security-182-update-workhorse-11-3' into 'security-11-3'

[11.3] Redact sensitive information on workhorse log

See merge request gitlab/gitlabhq!2586

3 files changed, 9 insertions, 2 deletions

diff --git a/GITLAB_WORKHORSE_VERSION b/GITLAB_WORKHORSE_VERSION
index dfda3e0b4f0..5e3254243a3 100644
--- a/GITLAB_WORKHORSE_VERSION
+++ b/GITLAB_WORKHORSE_VERSION
@@ -1 +1 @@
-6.1.0
+6.1.2
diff --git a/changelogs/unreleased/security-182-update-workhorse.yml b/changelogs/unreleased/security-182-update-workhorse.yml
new file mode 100644
index 00000000000..76850901b68
--- /dev/null
+++ b/changelogs/unreleased/security-182-update-workhorse.yml
@@ -0,0 +1,5 @@
+---
+title: Redact sensitive information on gitlab-workhorse log
+merge_request:
+author:
+type: security
diff --git a/config/application.rb b/config/application.rb
index 76a2c47a750..21d3cc5c23a 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -93,7 +93,9 @@ module Gitlab
     # - Sentry DSN (:sentry_dsn)
     # - Deploy keys (:key)
     # - File content from Web Editor (:content)
-    config.filter_parameters += [/token$/, /password/, /secret/]
+    #
+    # NOTE: It is **IMPORTANT** to also update gitlab-workhorse's filter when adding parameters here!
+    config.filter_parameters += [/token$/, /password/, /secret/, /key$/]
     config.filter_parameters += %i(
       certificate
       encrypted_key