path: root/CHANGELOG

v2.6.2
  - Prevent keys with a very specific comment from accidentally being deleted.

v2.6.1
  - Write errors to stderr to get git to abort and show them as such.

v2.6.0
  - Prevent character encoding issues by sending received changes as raw data.

v2.5.4
  - Remove recursive commands from bin/install

v2.5.3
  - Improve git-annex integration

v2.5.2
  - Safer line sub for git-annex command

v2.5.1
  - Expect broadcast message to return empty JSON if no message now

v2.5.0
  - Support git-annex tool (disabled by default)
  - Add rubocop (Ruby static code analyzer) for development

v2.4.3
  - Print broadcast message if one is available

v2.4.2
  - Pass git changes list as string instead of array

v2.4.1
  - Access token masking in url before loging

v2.4.0
  - Show error message when git push is rejected

v2.2.0
  - Support for custom hooks (Drew Blessing and Jose Kahan)

v2.1.0
  - Use secret token with GitLab internal API. Requires GitLab 7.5 or higher

v2.0.1
  - Send post-receive changes to redis as a string instead of array 

v2.0.0
  - Works with GitLab v7.3+
  - Replace raise with abort when checking path to prevent path exposure
  - Handle invalid number of arguments on remote commands
  - Replace update hook with pre-receive and post-receive hooks. 
  - Symlink the whole hooks directory
  - Ignore missing repositories in create-hooks
  - Connect to Redis via sockets by default

v1.9.7
  - Increased test coverage
  - By default use direct unicorn connection (localhost:8080)
  - Fix wrong repo path send to GitLab by GitlabUpdate hook

v1.9.6
  - Explicitly require 'timeout' from the standard library

v1.9.5
  - Put authorized_keys.lock in the same directory as authorized_keys
  - Use lock file when add new entries to authorized_keys

v1.9.4
  - Use lock file when modify authorized_keys

v1.9.3
  - Ignore force push detection for new branch or branch remove push

v1.9.2
  - Add support for force push detection 

v1.9.1
  - Update hook sends branch and tag name 

v1.9.0
  - Call api in update hook for both ssdh and http push. Requires GitLab 6.7+
  - Pass oldrev and newrev to api.allowed?

v1.8.5
  - Add `gitlab-keys batch-add-keys` subcommand for authorized_keys rebuilds

v1.8.4
  - Dont do import if repository exists

v1.8.3
  - Add timeout option for repository import

v1.8.2
  - Fix broken 1.8.1

v1.8.1
  - Restrict Environment Variables
  - Add bin/create-hooks command
  - More safe shell execution

v1.8.0
  - Fix return values in GitlabKeys

v1.7.9
  - Fix escape of repository path for custom ssh port

v1.7.8
  - Escape repository path to prevent relative links (CVE-2013-4583)

v1.7.7
  - Separate options from arguments with -- (CVE-2013-4582)
  - Bypass shell and use stdlib JSON for GitlabUpdate (CVE-2013-4581)

v1.7.6
  - Fix gitlab-projects update-head for improted repo when branch exists but not listed in refs/head

v1.7.5
  - Remove keys from authorized_keys using ruby instead of shell

v1.7.4
  - More protection against shell injection (CVE-2013-4546)

v1.7.3
  - Use Kernel#open to append lines to authorized_keys (CVE-2013-4490)

v1.7.2
  - More safe command execution

v1.7.1
  - Fixed issue when developers are able to push to protected branches that contain a '/' in the branch name.

v1.7.0
  - Clean authorized_keys file with `gitlab-keys clear`

v1.6.0
  - Create branch/tag functionality
  - Remove branch/tag functionality

v1.5.0
  - Logger
  - Ability to specify ca_file/ca_path
  - Update-head command for project
  - Better regexp for key_id inside shell

v1.4.0
  - Regex used in rm-key command was too lax

v1.3.0
  - Fork-project command
  - Custom redis configuration
  - Interpret login with deploy key as anonymous one

v1.2.0
  - Return non-zero result if gitlab-projects and gitlab-keys execution was not successful
  - http_settings configuration option added

v1.1.0
  - added mv-project feature
  - increased test coverage

v1.0.4
  - requires gitlab c9ca15e
  - don't use post-receive file any more. Make all updates in update
  - fixed issue with invalid GL_USER
  - use GL_ID instead of GL_USER