diff options
Diffstat (limited to 'config')
| -rw-r--r-- | config/application.rb | 15 | ||||
| -rw-r--r-- | config/gitlab.yml.example | 5 | ||||
| -rw-r--r-- | config/initializers/1_settings.rb | 17 | ||||
| -rw-r--r-- | config/initializers/sentry.rb | 5 | ||||
| -rw-r--r-- | config/initializers/session_store.rb | 3 |
5 files changed, 14 insertions, 31 deletions
diff --git a/config/application.rb b/config/application.rb index f69dab4de39..32a290f2002 100644 --- a/config/application.rb +++ b/config/application.rb @@ -51,31 +51,24 @@ module Gitlab # Configure sensitive parameters which will be filtered from the log file. # # Parameters filtered: - # - Password (:password, :password_confirmation) - # - Private tokens + # - Any parameter ending with `_token` + # - Any parameter containing `password` + # - Any parameter containing `secret` # - Two-factor tokens (:otp_attempt) # - Repo/Project Import URLs (:import_url) # - Build variables (:variables) # - GitLab Pages SSL cert/key info (:certificate, :encrypted_key) # - Webhook URLs (:hook) - # - GitLab-shell secret token (:secret_token) # - Sentry DSN (:sentry_dsn) # - Deploy keys (:key) + config.filter_parameters += [/_token$/, /password/, /secret/] config.filter_parameters += %i( - authentication_token certificate encrypted_key hook import_url - incoming_email_token - rss_token key otp_attempt - password - password_confirmation - private_token - runners_token - secret_token sentry_dsn variables ) diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index 25285525846..545c01e1156 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -273,9 +273,8 @@ production: &base encryption: 'plain' # Enables SSL certificate verification if encryption method is - # "start_tls" or "simple_tls". (Defaults to false for backward- - # compatibility) - verify_certificates: false + # "start_tls" or "simple_tls". Defaults to true. + verify_certificates: true # Specifies the path to a file containing a PEM-format CA certificate, # e.g. if you need to use an internal CA. diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index abaabad5d65..360b72cdea3 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -155,18 +155,11 @@ if Settings.ldap['enabled'] || Rails.env.test? server['encryption'] = 'simple_tls' if server['encryption'] == 'ssl' server['encryption'] = 'start_tls' if server['encryption'] == 'tls' - # Certificates are not verified for backwards compatibility. - # This default should be flipped to true in 9.5. - if server['verify_certificates'].nil? - server['verify_certificates'] = false - - message = <<-MSG.strip_heredoc - LDAP SSL certificate verification is disabled for backwards-compatibility. - Please add the "verify_certificates" option to gitlab.yml for each LDAP - server. Certificate verification will be enabled by default in GitLab 9.5. - MSG - Rails.logger.warn(message) - end + # Certificate verification was added in 9.4.2, and defaulted to false for + # backwards-compatibility. + # + # Since GitLab 10.0, verify_certificates defaults to true for security. + server['verify_certificates'] = true if server['verify_certificates'].nil? Settings.ldap['servers'][key] = server end diff --git a/config/initializers/sentry.rb b/config/initializers/sentry.rb index 6b0cff75653..62d0967009a 100644 --- a/config/initializers/sentry.rb +++ b/config/initializers/sentry.rb @@ -1,19 +1,18 @@ # Be sure to restart your server when you modify this file. require 'gitlab/current_settings' -include Gitlab::CurrentSettings if Rails.env.production? # allow it to fail: it may do so when create_from_defaults is executed before migrations are actually done begin - sentry_enabled = current_application_settings.sentry_enabled + sentry_enabled = Gitlab::CurrentSettings.current_application_settings.sentry_enabled rescue sentry_enabled = false end if sentry_enabled Raven.configure do |config| - config.dsn = current_application_settings.sentry_dsn + config.dsn = Gitlab::CurrentSettings.current_application_settings.sentry_dsn config.release = Gitlab::REVISION # Sanitize fields based on those sanitized from Rails. diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index e8213ac8ba4..f2fde1e0048 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -1,11 +1,10 @@ # Be sure to restart your server when you modify this file. require 'gitlab/current_settings' -include Gitlab::CurrentSettings # allow it to fail: it may do so when create_from_defaults is executed before migrations are actually done begin - Settings.gitlab['session_expire_delay'] = current_application_settings.session_expire_delay || 10080 + Settings.gitlab['session_expire_delay'] = Gitlab::CurrentSettings.current_application_settings.session_expire_delay || 10080 rescue Settings.gitlab['session_expire_delay'] ||= 10080 end |