summaryrefslogtreecommitdiff
path: root/doc/security
Commit message (Collapse)AuthorAgeFilesLines
* Improve documentation of SSRF protectionFrancisco Javier López2018-04-242-3/+10
|
* Update rack attack docsCindy Pallares 🦉2018-01-231-13/+123
|
* Exclude comments from specific docsAchilleas Pipinellis2017-11-011-0/+4
|
* More review commentsNick Thomas2017-08-301-0/+0
|
* Address review commentsNick Thomas2017-08-302-4/+5
|
* Rework the permissions model for SSH key restrictionsNick Thomas2017-08-301-0/+0
| | | | | | | | | | | | | | | `allowed_key_types` is removed and the `minimum_<type>_bits` fields are renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies that the key type is disabled. This also feeds through to the UI - checkboxes per key type are out, inline selection of "forbidden" and "allowed" (i.e., no restrictions) are in. As with the previous model, unknown key types are disallowed, even if the underlying ssh daemon happens to support them. The defaults have also been changed from the lowest known bit size to "no restriction". So if someone does happen to have a 768-bit RSA key, it will continue to work on upgrade, at least until the administrator restricts them.
* Add settings for minimum key strength and allowed key typeNick Thomas2017-08-303-0/+19
| | | | | | | | This is an amalgamation of: * Cory Hinshaw: Initial implementation !5552 * Rémy Coutable: Updates !9350 * Nick Thomas: Resolve conflicts and add ED25519 support !13712
* Support 2FA requirement per-groupMarkus Koller2017-04-062-1/+16
|
* Move webhooks to new a location under IntegrationsAchilleas Pipinellis2017-02-031-2/+2
|
* Reduce size of images from 25MB to 13MB using pngquantAchilleas Pipinellis2016-11-221-0/+0
| | | | | | Took it from https://gitlab.com/gitlab-com/www-gitlab-com/merge_requests/3232 [ci skip]
* optimize png images losslessly using zopflipngPeter Dave Hello2016-06-291-0/+0
|
* Change landing page when skipping confirmation email and add documentationFelipe Artur2016-05-162-0/+8
|
* Use relative links in `doc`, fix broken generated HTML linksAnatoly Borodin2016-03-171-1/+1
| | | | | | | | | | | | | | | | | Links like (doc/web_hooks/web_hooks.md) work in the GitLab source code web interface, but the HTML generator produces broken links in the `doc` subdirectories: http://doc.gitlab.com/ce/hooks/doc/web_hooks/web_hooks.html instead of the right one http://doc.gitlab.com/ce/web_hooks/web_hooks.html in http://doc.gitlab.com/ce/hooks/custom_hooks.html. Fixes #14338 [ci skip] Signed-off-by: Anatoly Borodin <anatoly.borodin@gmail.com>
* web hooks to webhooksashleys2016-03-102-7/+7
|
* Make "Two-factor" casing consistent throughout the applicationrs-two-factor-casingRobert Speicher2016-01-311-1/+1
|
* Add image to 2fa security documentationAchilleas Pipinellis2016-01-222-4/+11
| | | | [ci skip]
* Clean up CRIME security doc [ci skip]Achilleas Pipinellis2015-12-251-37/+41
|
* Merge branch 'master' into adding_crime_securityAchilleas Pipinellis2015-12-252-0/+39
|\
| * Fixed codestyle and added 2FA documentationfeature/force-tfaGabriel Mazetto2015-12-242-0/+39
| |
* | Adding how we manage CRIME vulnerability to security docs [ci skip]adding_crime_securityJose Torres2015-12-192-0/+60
|/
* Document file upload random uuid securityDrew Blessing2015-12-102-1/+13
|
* make it more obvious what happens in the codeJob van der Voort2015-05-081-4/+4
|
* remove redundant colonJob van der Voort2015-05-081-1/+1
|
* Deleted > and commented "or" outKaren Carias2015-05-071-5/+9
|
* Added link to root password doc correctlyKaren Carias2015-05-071-0/+1
|
* New file to add to security documentation, "How to reset your root password"Karen Carias2015-04-281-0/+36
|
* Add doc on "Web Hooks and insecure internal web services".Douwe Maan2015-02-072-0/+14
|
* Fix a number of discovered typos, capitalization of developer andEwan Edwards2015-02-031-1/+1
| | | | product names, plus a couple of instances of bad Markdown markup.
* Add explanation about unintentional sharing.Sytse Sijbrandij2014-09-181-0/+1
|
* Add information on information exclusivity.Sytse Sijbrandij2014-09-182-0/+9
|
* Update docs to markdown style guide.Ciro Santilli2014-06-033-10/+17
|
* Add titles to doc pages.Marin Jankovski2014-05-271-1/+3
|
* New doc site needs indexes.dosire2014-03-271-0/+2
|
* Explain where the default password validation isJacob Vosmaer2014-01-131-1/+2
|
* Add instructions for custom password length limitsJacob Vosmaer2014-01-131-0/+9
|
* Add documentation to help section, rack_attack as exampleMarin Jankovski2013-09-301-0/+19
View Lorry Controller Status