delta/gitlab/gitlab-ce.git/config/application.rb, branch diff-note gitlab.com: gitlab-org/gitlab-ce.git Add request throttles 2017-11-17T08:58:18+00:00 Michael Kozono mkozono@gmail.com 2017-09-15T17:31:32+00:00 dc9266fbeacd24446b52e4dad328c8286be40b31 






Merge branch 'master' into bvl-group-trees
2017-10-10T15:53:42+00:00

Bob Van Landuyt
bob@vanlanduyt.co

2017-10-10T15:53:42+00:00

741fb49378abbf66fbd8d6ad27b94f1040bf3123












Create idea of read-only database
2017-10-06T20:37:40+00:00

Toon Claes
toon@iotcl.com

2017-09-19T07:44:58+00:00

d13669716ab0c31ce9039ae9f7f073e33a4dc40f

In GitLab EE, a GitLab instance can be read-only (e.g. when it's a Geo
secondary node). But in GitLab CE it also might be useful to have the
"read-only" idea around. So port it back to GitLab CE.

Also having the principle of read-only in GitLab CE would hopefully
lead to less errors introduced, doing write operations when there
aren't allowed for read-only calls.

Closes gitlab-org/gitlab-ce#37534.





In GitLab EE, a GitLab instance can be read-only (e.g. when it's a Geo
secondary node). But in GitLab CE it also might be useful to have the
"read-only" idea around. So port it back to GitLab CE.

Also having the principle of read-only in GitLab CE would hopefully
lead to less errors introduced, doing write operations when there
aren't allowed for read-only calls.

Closes gitlab-org/gitlab-ce#37534.







Add a `WithPagination` concern to reuse across serializers
2017-10-04T20:46:49+00:00

Bob Van Landuyt
bob@vanlanduyt.co

2017-09-04T16:04:33+00:00

ca538899b66a6a82582d2d590297cfef1d310dcf












Load only the currently needed JS locale file
2017-10-04T11:23:52+00:00

Tim Zallmann
tzallmann@gitlab.com

2017-10-04T11:23:52+00:00

412571a4dfbf90d85df1393fa0075aacae27137d












Move new nav into main CSS folder
2017-09-25T17:11:42+00:00

Annabel Dunstone Gray
annabel.dunstone@gmail.com

2017-09-19T21:42:35+00:00

804714449233d95ff6e4b07ecb07b941fba1a6ab












Expand filtered parameters to include `token`
2017-09-10T14:05:55+00:00

Stan Hu
stanhu@gmail.com

2017-09-10T14:05:55+00:00

66882ff3656607abae4157ac4210597f75aff2dc

Now that we are logging API requests in `api_json.log`, we see that
the runner token was not filtered properly.





Now that we are logging API requests in `api_json.log`, we see that
the runner token was not filtered properly.







Filter additional secrets from Rails logs
2017-08-31T04:18:09+00:00

Stan Hu
stanhu@gmail.com

2017-08-31T04:14:29+00:00

d74fecac031df1c3b4e817f49f7bafe2b175be11

Upon inspection of logs, there were a number of fields not filtered. For example:

* authenticity_token: CSRF token
* rss_token: Used for RSS feeds
* secret: Used with Projects::UploadController

Rails provides a way to match regexps, so we now filter:

* Any parameter ending with `_token`
* Any parameter containing `password`
* Any parameter containing `secret`





Upon inspection of logs, there were a number of fields not filtered. For example:

* authenticity_token: CSRF token
* rss_token: Used for RSS feeds
* secret: Used with Projects::UploadController

Rails provides a way to match regexps, so we now filter:

* Any parameter ending with `_token`
* Any parameter containing `password`
* Any parameter containing `secret`







Re-enable SqlInjection and CommandInjection
2017-08-08T14:50:54+00:00

Brian Neel
brian@gitlab.com

2017-08-04T02:20:34+00:00

9770c57fab0315865a33c8b6df269eded0d57b5c












Support references to group milestones
2017-08-07T10:55:00+00:00

Sean McGivern
sean@gitlab.com

2017-08-03T11:50:06+00:00

149528f472f3d2f3865ae01c764b81c6a97f9380

Group milestones can only be referred to by name, not IID. They also do not
support cross-project references.





Group milestones can only be referred to by name, not IID. They also do not
support cross-project references.