diff options
Diffstat (limited to 'doc/security')
-rw-r--r-- | doc/security/README.md | 9 | ||||
-rw-r--r-- | doc/security/asset_proxy.md | 4 | ||||
-rw-r--r-- | doc/security/crime_vulnerability.md | 4 | ||||
-rw-r--r-- | doc/security/index.md | 4 | ||||
-rw-r--r-- | doc/security/information_exclusivity.md | 6 | ||||
-rw-r--r-- | doc/security/project_import_decompressed_archive_size_limits.md | 4 | ||||
-rw-r--r-- | doc/security/rack_attack.md | 4 | ||||
-rw-r--r-- | doc/security/rate_limits.md | 8 | ||||
-rw-r--r-- | doc/security/reset_user_password.md | 6 | ||||
-rw-r--r-- | doc/security/ssh_keys_restrictions.md | 2 | ||||
-rw-r--r-- | doc/security/token_overview.md | 4 | ||||
-rw-r--r-- | doc/security/two_factor_authentication.md | 4 | ||||
-rw-r--r-- | doc/security/unlock_user.md | 4 | ||||
-rw-r--r-- | doc/security/user_email_confirmation.md | 2 | ||||
-rw-r--r-- | doc/security/user_file_uploads.md | 2 | ||||
-rw-r--r-- | doc/security/webhooks.md | 6 |
16 files changed, 33 insertions, 40 deletions
diff --git a/doc/security/README.md b/doc/security/README.md deleted file mode 100644 index 0e6c2f63f9e..00000000000 --- a/doc/security/README.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -redirect_to: 'index.md' -remove_date: '2021-09-28' ---- - -This document was moved to [another location](index.md). - -<!-- This redirect file can be deleted after 2021-09-28. --> -<!-- Before deletion, see: https://docs.gitlab.com/ee/development/documentation/#move-or-rename-a-page --> diff --git a/doc/security/asset_proxy.md b/doc/security/asset_proxy.md index d6b85eb5c9f..abeb5c401da 100644 --- a/doc/security/asset_proxy.md +++ b/doc/security/asset_proxy.md @@ -1,6 +1,6 @@ --- -stage: none -group: unassigned +stage: Manage +group: Access info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- diff --git a/doc/security/crime_vulnerability.md b/doc/security/crime_vulnerability.md index a8dee8f589a..801a294dd81 100644 --- a/doc/security/crime_vulnerability.md +++ b/doc/security/crime_vulnerability.md @@ -1,6 +1,6 @@ --- -stage: none -group: unassigned +stage: Manage +group: Access info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments type: reference --- diff --git a/doc/security/index.md b/doc/security/index.md index 35e93fc2c55..832af93b95e 100644 --- a/doc/security/index.md +++ b/doc/security/index.md @@ -1,6 +1,6 @@ --- -stage: none -group: unassigned +stage: Manage +group: Access info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments comments: false type: index diff --git a/doc/security/information_exclusivity.md b/doc/security/information_exclusivity.md index 69223b5edb9..162346c8874 100644 --- a/doc/security/information_exclusivity.md +++ b/doc/security/information_exclusivity.md @@ -1,6 +1,6 @@ --- -stage: none -group: unassigned +stage: Manage +group: Access info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments type: concepts --- @@ -24,7 +24,7 @@ limitation. You can take steps to prevent unintentional sharing and information destruction. This limitation is the reason why only certain people are allowed to [add users to a project](../user/project/members/index.md) -and why only a GitLab admin can [force push a protected +and why only a GitLab administrator can [force push a protected branch](../user/project/protected_branches.md). <!-- ## Troubleshooting diff --git a/doc/security/project_import_decompressed_archive_size_limits.md b/doc/security/project_import_decompressed_archive_size_limits.md index 6510cf459be..3c5099b1f75 100644 --- a/doc/security/project_import_decompressed_archive_size_limits.md +++ b/doc/security/project_import_decompressed_archive_size_limits.md @@ -1,6 +1,6 @@ --- -stage: none -group: unassigned +stage: Manage +group: Access info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments type: reference, howto --- diff --git a/doc/security/rack_attack.md b/doc/security/rack_attack.md index 4894af1fa19..b0bebc5a956 100644 --- a/doc/security/rack_attack.md +++ b/doc/security/rack_attack.md @@ -1,6 +1,6 @@ --- -stage: none -group: unassigned +stage: Manage +group: Access info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments type: reference, howto --- diff --git a/doc/security/rate_limits.md b/doc/security/rate_limits.md index 6045dece0c2..4585748ffc2 100644 --- a/doc/security/rate_limits.md +++ b/doc/security/rate_limits.md @@ -1,6 +1,6 @@ --- -stage: none -group: unassigned +stage: Manage +group: Access info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments type: reference, howto --- @@ -35,6 +35,8 @@ These are rate limits you can set in the Admin Area of your instance: - [User and IP rate limits](../user/admin_area/settings/user_and_ip_rate_limits.md) - [Package registry rate limits](../user/admin_area/settings/package_registry_rate_limits.md) - [Git LFS rate limits](../user/admin_area/settings/git_lfs_rate_limits.md) +- [Files API rate limits](../user/admin_area/settings/files_api_rate_limits.md) +- [Deprecated API rate limits](../user/admin_area/settings/deprecated_api_rate_limits.md) ## Non-configurable limits @@ -51,7 +53,7 @@ The **rate limit** is 5 requests per minute per user. > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/commit/35bc85c3ca093fee58d60dacdc9ed1fd9a15adec) in GitLab 13.4. -There is a rate limit for [testing webhooks](../user/project/integrations/webhooks.md#testing-webhooks), which prevents abuse of the webhook functionality. +There is a rate limit for [testing webhooks](../user/project/integrations/webhooks.md#test-a-webhook), which prevents abuse of the webhook functionality. The **rate limit** is 5 requests per minute per user. diff --git a/doc/security/reset_user_password.md b/doc/security/reset_user_password.md index 344cfcae46a..8b89200e1a7 100644 --- a/doc/security/reset_user_password.md +++ b/doc/security/reset_user_password.md @@ -5,7 +5,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w type: howto --- -# How to reset user password +# How to reset user password **(FREE SELF)** There are a few ways to reset the password of a user. @@ -32,7 +32,7 @@ sudo gitlab-rake "gitlab:password:reset[johndoe]" NOTE: To reset the default admin password, run this Rake task with the username -`root`, which is the default username of that admin account. +`root`, which is the default username of that administrator account. ## Rails console @@ -110,7 +110,7 @@ password. If the username was changed to something else and has been forgotten, one possible way is to reset the password using Rails console with user ID `1` (in -almost all the cases, the first user is the default admin account). +almost all the cases, the first user is the default administrator account). <!-- ## Troubleshooting diff --git a/doc/security/ssh_keys_restrictions.md b/doc/security/ssh_keys_restrictions.md index 239949b5568..1f1c7457441 100644 --- a/doc/security/ssh_keys_restrictions.md +++ b/doc/security/ssh_keys_restrictions.md @@ -27,7 +27,7 @@ the minimum key length for each technology: ![SSH keys restriction admin settings](img/ssh_keys_restrictions_settings.png) If a restriction is imposed on any key type, users cannot upload new SSH keys that don't meet the -requirement. Any existing keys that don't meet it are disabled but not removed and users cannot to +requirement. Any existing keys that don't meet it are disabled but not removed and users cannot pull or push code using them. An icon is visible to the user of a restricted key in the SSH keys section of their profile: diff --git a/doc/security/token_overview.md b/doc/security/token_overview.md index 4e72033fd77..2a971b21840 100644 --- a/doc/security/token_overview.md +++ b/doc/security/token_overview.md @@ -5,7 +5,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w type: reference --- -# GitLab Token overview +# GitLab Token overview **(FREE)** This document lists tokens used in GitLab, their purpose and, where applicable, security guidance. @@ -63,7 +63,7 @@ Project maintainers and owners can add or enable a deploy key for a project repo ## Runner registration tokens -Runner registration tokens are used to [register](https://docs.gitlab.com/runner/register/) a [runner](https://docs.gitlab.com/runner/) with GitLab. Group or project owners or instance admins can obtain them through the GitLab user interface. The registration token is limited to runner registration and has no further scope. +Runner registration tokens are used to [register](https://docs.gitlab.com/runner/register/) a [runner](https://docs.gitlab.com/runner/) with GitLab. Group or project owners or instance administrators can obtain them through the GitLab user interface. The registration token is limited to runner registration and has no further scope. You can use the runner registration token to add runners that execute jobs in a project or group. The runner has access to the project's code, so be careful when assigning project and group-level permissions. diff --git a/doc/security/two_factor_authentication.md b/doc/security/two_factor_authentication.md index a5b01a1b27d..61b26204599 100644 --- a/doc/security/two_factor_authentication.md +++ b/doc/security/two_factor_authentication.md @@ -44,13 +44,13 @@ Gitlab::CurrentSettings.update!('require_two_factor_authentication': false) ## Enforce 2FA for all users in a group **(FREE)** -> [Introduced in](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/24965) GitLab 12.0, 2FA settings for a group are also applied to subgroups. +> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/24965) in GitLab 12.0, 2FA settings for a group are also applied to subgroups. To enforce 2FA only for certain groups: 1. Go to the group's **Settings > General** page. 1. Expand the **Permissions, LFS, 2FA** section. -1. Select the **Require all users in this group to setup two-factor authentication** option. +1. Select the **Require all users in this group to set up two-factor authentication** option. You can also specify a grace period in the **Time before enforced** option. diff --git a/doc/security/unlock_user.md b/doc/security/unlock_user.md index da451d96ef9..ceb375a9ad1 100644 --- a/doc/security/unlock_user.md +++ b/doc/security/unlock_user.md @@ -1,6 +1,6 @@ --- -stage: none -group: unassigned +stage: Manage +group: Access info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments type: howto --- diff --git a/doc/security/user_email_confirmation.md b/doc/security/user_email_confirmation.md index 09e1e09b676..48538e413b4 100644 --- a/doc/security/user_email_confirmation.md +++ b/doc/security/user_email_confirmation.md @@ -5,7 +5,7 @@ group: Access info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# User email confirmation at sign-up +# User email confirmation at sign-up **(FREE SELF)** GitLab can be configured to require confirmation of a user's email address when the user signs up. When this setting is enabled, the user is unable to sign in until diff --git a/doc/security/user_file_uploads.md b/doc/security/user_file_uploads.md index bce2aeb88b4..7a8a78cc5f8 100644 --- a/doc/security/user_file_uploads.md +++ b/doc/security/user_file_uploads.md @@ -5,7 +5,7 @@ group: Access info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# User File Uploads +# User File Uploads **(FREE)** Images that are attached to issues, merge requests, or comments do not require authentication to be viewed if they are accessed directly by URL. diff --git a/doc/security/webhooks.md b/doc/security/webhooks.md index c0e5d0695cc..89dd4f8e5fc 100644 --- a/doc/security/webhooks.md +++ b/doc/security/webhooks.md @@ -1,6 +1,6 @@ --- -stage: none -group: unassigned +stage: Manage +group: Access info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments type: concepts, reference, howto --- @@ -74,7 +74,7 @@ allowlist: The allowed entries can be separated by semicolons, commas or whitespaces (including newlines) and be in different formats like hostnames, IP addresses and/or IP ranges. IPv6 is supported. Hostnames that contain Unicode characters should -use IDNA encoding. +use Internationalising Domain Names in Applications (IDNA) encoding. The allowlist can hold a maximum of 1000 entries. Each entry can be a maximum of 255 characters. |