summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--changelogs/unreleased/63942-remove-config-action_dispatch-use_authenticated_cookie_encryption-configuration.yml5
-rw-r--r--config/application.rb5
-rw-r--r--doc/update/README.md24
-rw-r--r--doc/update/upgrading_from_source.md14
4 files changed, 29 insertions, 19 deletions
diff --git a/changelogs/unreleased/63942-remove-config-action_dispatch-use_authenticated_cookie_encryption-configuration.yml b/changelogs/unreleased/63942-remove-config-action_dispatch-use_authenticated_cookie_encryption-configuration.yml
new file mode 100644
index 00000000000..741763403a5
--- /dev/null
+++ b/changelogs/unreleased/63942-remove-config-action_dispatch-use_authenticated_cookie_encryption-configuration.yml
@@ -0,0 +1,5 @@
+---
+title: Enable authenticated cookie encryption
+merge_request: 31463
+author:
+type: other
diff --git a/config/application.rb b/config/application.rb
index 47c5ab71285..733f8652286 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -293,10 +293,5 @@ module Gitlab
Gitlab::Routing.add_helpers(project_url_helpers)
Gitlab::Routing.add_helpers(MilestonesRoutingHelper)
end
-
- # This makes generated cookies to be compatible with Rails 5.1 and older
- # We can remove this when we're confident that there are no issues with the Rails 5.2 upgrade
- # and we won't need to rollback to older versions
- config.action_dispatch.use_authenticated_cookie_encryption = false
end
end
diff --git a/doc/update/README.md b/doc/update/README.md
index 974982da5d0..42c43110a19 100644
--- a/doc/update/README.md
+++ b/doc/update/README.md
@@ -135,6 +135,30 @@ If you need to downgrade your Enterprise Edition installation back to Community
Edition, you can follow [this guide][ee-ce] to make the process as smooth as
possible.
+## Version specific upgrading instructions
+
+### 12.2.0
+
+In 12.2.0, we enabled Rails' authenticated cookie encryption. Old sessions are
+automatically upgraded.
+
+However, session cookie downgrades are not supported. So after upgrading to 12.2.0,
+any downgrades would result to all sessions being invalidated and users are logged out.
+
+### 12.0.0
+
+In 12.0.0 we made various database related changes. These changes require that
+users first upgrade to the latest 11.11 patch release. Once upgraded to 11.11.x,
+users can upgrade to 12.x. Failure to do so may result in database migrations
+not being applied, which could lead to application errors.
+
+Example 1: you are currently using GitLab 11.11.3, which is the latest patch
+release for 11.11.x. You can upgrade as usual to 12.0.0, 12.1.0, etc.
+
+Example 2: you are currently using a version of GitLab 10.x. To upgrade, first
+upgrade to 11.11.3. Once upgraded to 11.11.3 you can safely upgrade to 12.0.0
+or future versions.
+
## Miscellaneous
- [MySQL to PostgreSQL](mysql_to_postgresql.md) guides you through migrating
diff --git a/doc/update/upgrading_from_source.md b/doc/update/upgrading_from_source.md
index d3b0a3c2829..0aef40262c9 100644
--- a/doc/update/upgrading_from_source.md
+++ b/doc/update/upgrading_from_source.md
@@ -378,20 +378,6 @@ Example:
Additional instructions here.
-->
-### 12.0.0
-
-In 12.0.0 we made various database related changes. These changes require that
-users first upgrade to the latest 11.11 patch release. Once upgraded to 11.11.x,
-users can upgrade to 12.x. Failure to do so may result in database migrations
-not being applied, which could lead to application errors.
-
-Example 1: you are currently using GitLab 11.11.3, which is the latest patch
-release for 11.11.x. You can upgrade as usual to 12.0.0, 12.1.0, etc.
-
-Example 2: you are currently using a version of GitLab 10.x. To upgrade, first
-upgrade to 11.11.3. Once upgraded to 11.11.3 you can safely upgrade to 12.0.0
-or future versions.
-
## Things went south? Revert to previous version
### 1. Revert the code to the previous version