delta/gitlab/gitlab-ce.git/app/models/application_setting_implementation.rb, branch docs-sethgitlab-dast gitlab.com: gitlab-org/gitlab-ce.git Merge branch 'security-enable-image-proxy' into 'master' 2019-08-29T21:34:29+00:00 GitLab Release Tools Bot robert+release-tools@gitlab.com 2019-08-29T21:34:29+00:00 090956259c47d839b136f9391c3f74255764da81 Use image proxy to mitigate stealing ip addresses Closes #2812 See merge request gitlab/gitlabhq!2926 
Use image proxy to mitigate stealing ip addresses

Closes #2812

See merge request gitlab/gitlabhq!2926
 Merge branch 'security-59549-add-capcha-for-failed-logins' into 'master' 2019-08-29T21:34:12+00:00 GitLab Release Tools Bot robert+release-tools@gitlab.com 2019-08-29T21:34:12+00:00 a5b2a3786056ddf99de06c8315e9a42c3bf86cd5 Require a captcha after unique failed logins from the same IP See merge request gitlab/gitlabhq!3270 
Require a captcha after unique failed logins from the same IP

See merge request gitlab/gitlabhq!3270
 Add support for using a Camo proxy server 2019-08-24T04:44:53+00:00 Brett Walker bwalker@gitlab.com 2019-02-20T23:51:55+00:00 ad05e488636ebe05b4985dbf3c7d912fd8d56f49 User images and videos will get proxied through the Camo server in order to keep malicious sites from collecting the IP address of users. 
User images and videos will get proxied through
the Camo server in order to keep malicious
sites from collecting the IP address of users.
Migrates Snowplow backend from EE to CE 2019-08-14T19:21:58+00:00 Jeremy Jackson jjackson@gitlab.com 2019-08-14T19:21:58+00:00 5d9d5e603119c3ae334b0855a63d10d12b2390bd This introduces several changes, but these are all just ported from the EE project. 
This introduces several changes, but these are all just ported from the
EE project.
Add outbound requests setting for system hooks 2019-08-02T14:39:18+00:00 George Koltsov gkoltsov@gitlab.com 2019-07-26T10:21:52+00:00 e5e1c907c01b53194f77e8d8de53554ba1824e7c This MR adds new application setting to network section `allow_local_requests_from_system_hooks`. Prior to this change system hooks were allowed to do local network requests by default and we are adding an ability for admins to control it. 
This MR adds new application setting to network section
`allow_local_requests_from_system_hooks`. Prior to this change
system hooks were allowed to do local network requests by default
and we are adding an ability for admins to control it.
Add prometheus listen address to whitelist 2019-07-31T17:38:15+00:00 Reuben Pereira rpereira@gitlab.com 2019-07-31T17:38:15+00:00 f5213a38cc6f9a80e98e1cbdf59f84352f0731cb - Add to whitelist so that even if local requests from hooks and services are not allowed, the prometheus manual configuration will still succeed. 
- Add to whitelist so that even if local requests from hooks and
services are not allowed, the prometheus manual configuration will
still succeed.
Add captcha if there are multiple failed login attempts 2019-07-31T09:47:55+00:00 MaƂgorzata Ksionek mksionek@gitlab.com 2019-07-18T08:27:02+00:00 dfcf4cf5f1e87a29f0d9fcc5ff2bba47258893bb Add method to store session ids by ip Add new specs for storing session ids Add cleaning up records after login Add retrieving anonymous sessions Add login recaptcha setting Add new setting to sessions controller Add conditions for showing captcha Add sessions controller specs Add admin settings specs for login protection Add new settings to api Add stub to devise spec Add new translation key Add cr remarks Rename class call Add cr remarks Change if-clause for consistency Add cr remarks Add code review remarks Refactor AnonymousSession class Add changelog entry Move AnonymousSession class to lib Move store unauthenticated sessions to sessions controller Move link to recaptcha info Regenerate text file Improve copy on the spam page Change action filter for storing anonymous sessions Fix rubocop offences Add code review remarks 
Add method to store session ids by ip

Add new specs for storing session ids

Add cleaning up records after login

Add retrieving anonymous sessions

Add login recaptcha setting

Add new setting to sessions controller

Add conditions for showing captcha

Add sessions controller specs

Add admin settings specs for login protection

Add new settings to api

Add stub to devise spec

Add new translation key

Add cr remarks

Rename class call

Add cr remarks

Change if-clause for consistency

Add cr remarks

Add code review remarks

Refactor AnonymousSession class

Add changelog entry

Move AnonymousSession class to lib

Move store unauthenticated sessions to sessions controller

Move link to recaptcha info

Regenerate text file

Improve copy on the spam page

Change action filter for storing anonymous sessions

Fix rubocop offences

Add code review remarks
Allow blank but not nil in validations 2019-07-31T06:54:03+00:00 Reuben Pereira rpereira@gitlab.com 2019-07-31T06:54:03+00:00 5c7f2853dc5a8eca874108a0217a115090f29e9b - The most common use case for qualified_domain_validator currently is to allow blank ([]) but not allow nil. Modify the qualified_domain_validator to support this use case. 
- The most common use case for qualified_domain_validator currently is
to allow blank ([]) but not allow nil. Modify the
qualified_domain_validator to support this use case.
Add RateLimiter to RawController 2019-07-24T19:49:31+00:00 Mayra Cabrera mcabrera@gitlab.com 2019-07-24T19:49:31+00:00 3cefc5d7df09dbc21cd9c892bc6c62b5b583ca6a * Limits raw requests to 300 per minute and per raw path. * Add a new attribute to ApplicationSettings so user can change this value on their instance. * Uses Gitlab::ActionRateLimiter to limit the raw requests. * Add a new method into ActionRateLimiter to log the event into auth.log Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/48717 
* Limits raw requests to 300 per minute and per raw path.
* Add a new attribute to ApplicationSettings so user can change this
value on their instance.
* Uses Gitlab::ActionRateLimiter to limit the raw requests.
* Add a new method into ActionRateLimiter to log the event into auth.log

Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/48717
[ADD] outbound requests whitelist 2019-07-24T17:59:38+00:00 Reuben Pereira rpereira@gitlab.com 2019-07-24T17:59:38+00:00 e5bdcfbc9b1007332fdaa1d37ce1fac47325850d Signed-off-by: Istvan szalai <istvan.szalai@savoirfairelinux.com> 
Signed-off-by: Istvan szalai <istvan.szalai@savoirfairelinux.com>