delta/gitlab/gitlab-ce.git/doc/security, branch docs-processes gitlab.com: gitlab-org/gitlab-ce.git Merge branch 'update-rack-attack-deprecation-note-in-docs' into 'master' 2018-07-25T09:41:48+00:00 Douwe Maan douwe@gitlab.com 2018-07-25T09:41:48+00:00 9aa07a7ec2d55ee2a7427eb77469e8e4b03eca06 Adds rack attack disabled by default notice to documentation See merge request gitlab-org/gitlab-ce!20833 
Adds rack attack disabled by default notice to documentation

See merge request gitlab-org/gitlab-ce!20833
 Adds rack attack disabled by default notice to documentation 2018-07-25T08:48:02+00:00 Tiago Botelho tiagonbotelho@hotmail.com 2018-07-25T08:48:02+00:00 f0f285efc2d6abef8817ec811eaddeef5838c195 






Fix Rack Attack documentation to reflect the feature being disabled by default
2018-07-25T08:43:44+00:00

Tiago Botelho
tiagonbotelho@hotmail.com

2018-01-25T12:34:57+00:00

54b38529be226f9cdcaf76a1b0d790f5a8a2c3bc












doc
2018-06-06T12:01:44+00:00

Mark Chao
mchao@gitlab.com

2018-05-25T06:18:42+00:00

15469fe0a1625449d4bb27208b444e3c72afaaa0












Improve documentation of SSRF protection
2018-04-24T10:21:50+00:00

Francisco Javier López
fjlopez@gitlab.com

2018-04-24T10:21:50+00:00

6d3121bed329164bcb62ce6d85148900d786ee43












Update rack attack docs
2018-01-23T13:07:59+00:00

Cindy Pallares 🦉
cindy@gitlab.com

2018-01-23T13:07:59+00:00

79cefbf1d955606fc2b5494ac758284a3d1a2d90












Exclude comments from specific docs
2017-11-01T15:56:40+00:00

Achilleas Pipinellis
axil@gitlab.com

2017-11-01T15:56:40+00:00

69b4c5c01171bcd0ee2129cdcc00a8a59beb5322












More review comments
2017-08-30T20:20:00+00:00

Nick Thomas
nick@gitlab.com

2017-08-30T20:20:00+00:00

29b40db58944a32db6cf1ae9906653a2e5f4be9d












Address review comments
2017-08-30T19:50:44+00:00

Nick Thomas
nick@gitlab.com

2017-08-28T20:33:35+00:00

b84ca08e351fc9238bef4e6b4bf74158d25d4f1d












Rework the permissions model for SSH key restrictions
2017-08-30T19:50:44+00:00

Nick Thomas
nick@gitlab.com

2017-08-25T13:08:48+00:00

6847060266792471c9c14518a5106e0f622cd6c5

`allowed_key_types` is removed and the `minimum_<type>_bits` fields are
renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies
that the key type is disabled.

This also feeds through to the UI - checkboxes per key type are out, inline
selection of "forbidden" and "allowed" (i.e., no restrictions) are in.

As with the previous model, unknown key types are disallowed, even if the
underlying ssh daemon happens to support them. The defaults have also been
changed from the lowest known bit size to "no restriction". So if someone
does happen to have a 768-bit RSA key, it will continue to work on upgrade, at
least until the administrator restricts them.





`allowed_key_types` is removed and the `minimum_<type>_bits` fields are
renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies
that the key type is disabled.

This also feeds through to the UI - checkboxes per key type are out, inline
selection of "forbidden" and "allowed" (i.e., no restrictions) are in.

As with the previous model, unknown key types are disallowed, even if the
underlying ssh daemon happens to support them. The defaults have also been
changed from the lowest known bit size to "no restriction". So if someone
does happen to have a 768-bit RSA key, it will continue to work on upgrade, at
least until the administrator restricts them.