| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| | |
Port CreateGithubPullRequestEvents migration from EE
See merge request gitlab-org/gitlab-ce!31802
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Detect if pipeline runs for a GitHub pull request
When using a mirror for CI/CD only we register a pull_request
webhook. When a pull_request webhook is received, if the
source branch SHA matches the actual head of the branch in the
repository we create immediately a new pipeline for the
external pull request. Otherwise we store the
pull request info for when the push webhook is received.
When using "only/except: external_pull_requests" we can detect
if the pipeline has a open pull request on GitHub and create or
not the job based on that.
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | | |
'59729-estimate-quick-action-does-not-produce-correct-time-for-1mo' into 'master'
Resolve "estimate quick action does not produce correct time for 1mo"
See merge request gitlab-org/gitlab-ce!32165
|
| | |/
| |
| |
| |
| | |
Patches ChronicDuration to use our custom conversions
when parsing months
|
| |/ |
|
| |\
| |
| |
| |
| | |
Backport EE "Track repository pushes as audit events"
See merge request gitlab-org/gitlab-ce!32304
|
| | | |
|
| |/ |
|
| |\
| |
| |
| |
| | |
Fix outdated comment
See merge request gitlab-org/gitlab-ce!32598
|
| | | |
|
| |/ |
|
| |
|
|
| |
Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>
|
| |\ |
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | | |
Use image proxy to mitigate stealing ip addresses
Closes #2812
See merge request gitlab/gitlabhq!2926
|
| | | |
| | |
| | |
| | |
| | |
| | | |
User images and videos will get proxied through
the Camo server in order to keep malicious
sites from collecting the IP address of users.
|
| | |\ \
| | | |
| | | |
| | | |
| | | | |
Add direct upload support for personal snippets
See merge request gitlab/gitlabhq!3226
|
| | | | | |
|
| | |\ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Require a captcha after unique failed logins from the same IP
See merge request gitlab/gitlabhq!3270
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add method to store session ids by ip
Add new specs for storing session ids
Add cleaning up records after login
Add retrieving anonymous sessions
Add login recaptcha setting
Add new setting to sessions controller
Add conditions for showing captcha
Add sessions controller specs
Add admin settings specs for login protection
Add new settings to api
Add stub to devise spec
Add new translation key
Add cr remarks
Rename class call
Add cr remarks
Change if-clause for consistency
Add cr remarks
Add code review remarks
Refactor AnonymousSession class
Add changelog entry
Move AnonymousSession class to lib
Move store unauthenticated sessions to sessions controller
Move link to recaptcha info
Regenerate text file
Improve copy on the spam page
Change action filter for storing anonymous sessions
Fix rubocop offences
Add code review remarks
|
| | |\ \ \ \
| | |_|_|/
| |/| | |
| | | | |
| | | | | |
DNS Rebind SSRF in Kubernetes Integration
See merge request gitlab/gitlabhq!3345
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Kubeclient uses rest-client. We hack into to access the net/http object
so that we can patch to connect to the resolved IP + set
hostname_override.
Add specs for discord. The discord integration also uses rest-client, so
since we patched rest-client, spec that the DNS rebinding protection
works
|
| |\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Add custom endpoint for new registrations
See merge request gitlab-org/gitlab-ce!32233
|
| | | | | | | |
|
| | |/ / / / |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This is the same as gitlab-shell's default. This is to ensure
that it's always set.
It needs to be the same as gitlab-shell's default because we
don't set a default value in omnibus-gitlab. If users don't
set the value of that config in their install and they upgraded,
we must ensure that it's still going to point to the same
authorized keys file.
|
| |\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Add warnings to performance bar response
See merge request gitlab-org/gitlab-ce!31054
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This key is useful to reduce the amount of logic needed on the frontend:
if `has_warnings` is true, then the frontend knows that the request in
question has warnings for some metric.
|
| | | | | | | |
|
| |/ / / / /
| | | | |
| | | | |
| | | | | |
(cherry picked from commit 897a9d308db46b620b738b98f2b0e5630ac7d2dd)
|
| |/ / / /
| | | |
| | | |
| | | | |
allow_bypass_two_factor configration dose not work with saml provider
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Remove the visual review toolbar code
in favor of using the NPM package.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This change adds Distributed Tracing support for two new types of events
1. Redis Calls
1. ActiveSupport (Rails) Caching Operations
The intention is to help application developers and infrastructure
SREs to understand the pressure that caching operations can have on
the application when running at scale.
The Redis and Caching spans can be viewed in the Jaeger UI by clicking
the "Trace" link in the performance bar when running on GDK.
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fix "ERR value is not an integer or out of range" errors
Closes #66449
See merge request gitlab-org/gitlab-ce!32126
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
`ActiveSupport::Cache::RedisCacheStore` is not compatible with the
version of Rack Attack we are using (v4.4.1) per
https://github.com/kickstarter/rack-attack/issues/281. Users that had
rate limits enabled might see `Redis::CommandError: ERR value is not an
integer or out of range` because the `raw` parameter wasn't passed along
properly. As a result, the Rack Attack entry would be stored as an
`ActiveSupport::Cache::Entry` instead of a raw string holding an integer
value.
Let's partially revert the change in
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30966 to use the
original cache store until we can update to Rack Attack v5.2.3 that has
support for `ActiveSupport::Cache::RedisCacheStore` via
https://github.com/kickstarter/rack-attack/pull/350.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66449
|
| |/ / / /
| | | |
| | | |
| | | | |
This enables CSP in dev and CI
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Fix typo in Content Security Policy example
See merge request gitlab-org/gitlab-ce!32103
|
| | | | | | |
|
| |/ / / / |
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
feat: smime signed notification emails
See merge request gitlab-org/gitlab-ce!30644
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- Add mail interceptor the signs outgoing email with SMIME
- Add lib and helpers to work with SMIME data
- New configuration params for setting up SMIME key and cert files
|
| |\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Port of EE "Elasticsearch versioned schema for other ActiveRecord models"
See merge request gitlab-org/gitlab-ce!31660
|
| | | |/ / /
| |/| | |
| | | | |
| | | | | |
Doc for multi-indices archtecture
|
| |\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Allow to interrupt running sidekiq jobs
See merge request gitlab-org/gitlab-ce!31818
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Transform `CancelledError` into `JobRetry::Skip`
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This makes:
- very shallow `Middleware::Monitor` to only request tracking
of sidekiq jobs,
- `SidekiqStatus::Monitor` to be responsible to maintain persistent
connection to receive messages,
- `SidekiqStatus::Monitor` to always use structured logging
and instance variables
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This adds a middleware to track all threads
for running jobs.
This makes sidekiq to watch for redis-delivered notifications.
This makes be able to send notification to interrupt
running sidekiq jobs.
This does not take into account any native code,
as `Thread.raise` generates exception once the control gets
back to Ruby.
The separate measure should be taken to interrupt gRPC, shellouts,
or anything else that escapes Ruby.
|
| |/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Adds a time series component for line and area charts.
Displays new charts in the dashboard.
- Use dynamic components for line/area swapping
- Add new line charts to dashboard in 2 panels
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously we asked a user to enter a new slug before taking them to
the Create Page page.
As a UX improvement, we now take them to a randomly generated URI so
they can begin creating their new page.
https://gitlab.com/gitlab-org/gitlab-ce/issues/46299
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Current `auth.log` uses `fullpath` and `ip`, while `api_json.log` uses
`remote_ip` and `path` for the same fields. Let's standardize these
namings to make it easier for people working with the data.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66167
|
