summaryrefslogtreecommitdiff
path: root/config/application.rb
diff options
context:
space:
mode:
authorCindy Pallares <cindy@gitlab.com>2018-11-28 18:36:11 +0000
committerCindy Pallares <cindy@gitlab.com>2018-11-28 19:06:30 -0500
commit3881285c2b901cfeac58b5e6bdf54ec7bd46612f (patch)
treecfd90a1e55b2216efb42ac59f308611280a2e95b /config/application.rb
parent335434ca989ed018f1a1d1d25b3296563d6d19ad (diff)
downloadgitlab-ce-3881285c2b901cfeac58b5e6bdf54ec7bd46612f.tar.gz
Merge branch 'security-182-update-workhorse' into 'master'
[Master] Redact sensitive information on gitlab-workhorse log See merge request gitlab/gitlabhq!2584
Diffstat (limited to 'config/application.rb')
-rw-r--r--config/application.rb3
1 files changed, 3 insertions, 0 deletions
diff --git a/config/application.rb b/config/application.rb
index 5804d8fd27b..63a5b483fc2 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -103,6 +103,9 @@ module Gitlab
# - Webhook URLs (:hook)
# - Sentry DSN (:sentry_dsn)
# - File content from Web Editor (:content)
+ #
+ # NOTE: It is **IMPORTANT** to also update gitlab-workhorse's filter when adding parameters here to not
+ # introduce another security vulnerability: https://gitlab.com/gitlab-org/gitlab-workhorse/issues/182
config.filter_parameters += [/token$/, /password/, /secret/, /key$/]
config.filter_parameters += %i(
certificate