1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
|
v13.6.0
- Add support obtaining personal access tokens via SSH !397
v13.5.0
- Generate and log correlation IDs !400
v13.4.0
- Support ssl_cert_dir config setting !393
- Log SSH key details !398
- Log remote IP for executed commands !399
- Drop Go v1.12 support !401
v13.3.0
- Upgrade Ruby version to v2.6.6 !390
- Use default puma socket in example config !388
- Set client name when making requests to Gitaly !387
- Fix race conditions with logrus testing !385
v13.2.0
- Add HTTP status code to internal API logs !376
v13.1.0
- Ensure we are pasing the parsed secret !381
v13.0.0
- Move gitlabnet client into a publicly facing client package !377
v12.2.0
- Geo: Add custom action support for clone/pull !369
v12.1.0
- Log internal HTTP requests !366
- Log git-{upload-pack,receive-pack,upload-archive} requests !367
v12.0.0
- openssh: Accept GIT_PROTOCOL environment variable !364
v11.0.0
- Bump Ruby version to 2.6.5 !357
- Remove support for Custom data.info_message !356
v10.3.0
- Use correct git-lfs download or upload operation names !353
- Add support for Gitaly feature flags !351
- Make console messages consistent !334
v10.2.0
- Remove dead Ruby code and unused binaries !346
v10.1.0
- Remove feature flags and the fallback command !336
- Remove an obsolete section from config.yml.example !339
- Extend group IP restriction to Git activity !335
- Remove deprecated create-hooks script !342
- Rewrite `bin/check` in Go !341
v10.0.0
- Remove gitlab-keys script !329
v9.4.2
- Repurpose bin/authorized_keys script !330
v9.4.1
- Fix bug preventing gitlab-development-kit from updating !327
v9.4.0
- Enable all migration features by default !313
- Set Go111MODULE to 'off' during compilation !315
- Add Makefile for easier building and testing !310
- Resolve "Update .PHONY to have accurate list of targets" !316
- Update rubygems version on CI for go tests !320
- Support falling back to ruby version of checkers !318
- Implement AuthorizedKeys command !321
- Implement AuthorizedPrincipals command !322
- Replace symlinks with actual binaries !324
- Use go mod !323
v9.3.0
- Go implementation for git-receive-pack !300
- Go implementation for git-upload-pack !305
- Return Fallback cmd if feature is enabled, but unimplemented !306
- Go implementation for git-upload-archive !307
- Go implementation for LFS authenticate !308
- Respect GITLAB_SHELL_DIR in the Go version !309
v9.2.0
- Upgrade to Ruby 2.6.3 !298
v9.1.0
- Correctly determine the root directory for gitlab-shell !294
- Support calling internal api using HTTP !295
- Print keys in list-keys command !198
- Support calling internal API using HTTPS !297
v9.0.0
- Add a Go implementation of the "discover" command !283
- Add a Go implementation of the 2fa_recovery_codes" command !285
- Display console messages, if available !287
- Allow the post-receive hook to print warnings !288
- Remove hooks, they belong to Gitaly now !291
v8.7.1
- Fix unmarshalling JSON from the command line !280
v8.7.0
- Add distributed tracing to GitLab-Shell !277
v8.6.0
- Add support for using gl_project_path !275
- Provide expires_in for LFS if available !273
v8.5.0
- Bump gitaly-proto to v1.10.0
v8.4.4
- Pass push options along to gitlab-rails's post-receive endpoint
v8.4.3
- Remove circular dependency between HTTPHelper and GitlabNet !258
v8.4.2
- Include LFS operation when requesting auth !254
v8.4.1
- Surface error message sent along with API Service Unavailable error to user
v8.4.0
- Use Gitaly v2 auth scheme
v8.3.3
- Release v8.3.3 as v8.3.2 tag is incorrect
v8.3.2
- Ensure text/plain & text/html content types are handled !239
- Fix newlines not appearing between new log entries !242
v8.3.1
- No changes (version tag correction)
v8.3.0
- Add custom action (e.g. proxying SSH push) support
v8.2.1
- Fix HTTP status code handling for /api/v4/allowed API endpoint
v8.2.0
- Pass custom git_config_options to Gitaly !221
- Add missing require statement in create-hooks !225
v8.1.1
- Fix two regressions in SSH certificate support (!226)
v8.1.0
- Support Git v2 protocol (!217)
v8.0.0
- SSH certificate support (!207)
v7.2.0
- Update gitaly-proto to 0.109.0 (!216)
v7.1.5
- Fix a NoMethodError in the pre-receive hook (!206)
v7.1.4
- Don't truncate long strings in broadcast message (!202)
v7.1.3
- Use username instead of full name for identifying users (!204)
v7.1.2
- Add missing GitlabLogger#error method (!200)
v7.1.1
- Flush log file after every write (!199)
v7.1.0
- Migrate `git-upload-archive` to gitaly
v7.0.0
- Switch to structured logging (!193)
v6.0.4
- Don't delete GL_REPOSITORY environment variable from post-receive hook (!191)
v6.0.3
- Print new project information in post-receive
v6.0.2
- Use grpc-go 1.9.1 (!184)
- Update gitaly-proto and gitaly libs (!185)
v6.0.1
- Fix git push by removing a bad require in the pre-receive hook (!183)
v6.0.0
- Remove bin/gitlab_projects (!180)
- Remove direct redis integration (!181)
- Remove support unhiding of all references for Geo nodes (!179)
v5.11.0
- Introduce a more-complete implementation of bin/authorized_keys (!178)
v5.10.3
- Remove unused redis bin configuration
v5.10.2
- Print redirection message when pushing into renamed project
v5.10.1
- Use 'git clone --no-local' when creating a fork (!176)
v5.10.0
- Add a 'fork-repository' command that works with hashed storage (!174)
v5.9.4
- Add relative git object dir envvars to check access request
v5.9.3
- Expose GitLab username to hooks in `GL_USERNAME` environment variable
v5.9.2
- Fix pre-receive error when gitlab doesn't have /internal/pre_receive (!169)
v5.9.1
- Adds --force option to push branches
v5.9.0
- Support new /internal/pre-receive API endpoint for post-receive operations
- Support new /internal/post-receive API endpoint for post-receive operations
- Support `redis` field on /internal/check API endpoint
v5.8.1
- Support old versions of ruby without monotonic clock
v5.8.0
- Fix SSH support for Git for Windows v2.14
v5.7.0
- Support unhiding of all refs via Gitaly
v5.6.2
- Bump redis-rb library to 3.3.3
v5.6.1
- Fix setting permissions of SSH key tempfiles
- Fix a missing constant error when using SSH authentication
v5.6.0
- SSH authentication support
v5.5.0
- Support unhiding of all references for Geo nodes
v5.4.0
- Update Gitaly vendoring to use new RPC calls instead of old deprecated ones
v5.3.1
- Gracefully handle internal API errors when getting merge request URLs
v5.3.0
- Add ability to have git-receive-pack and git-upload-pack to go over Gitaly
v5.2.1
- Revert changes in v5.2.0
v5.2.0
- Disable RubyGems to increase performance
v5.1.1
- Revert "Remove old `project` parameter, use `gl_repository` instead"
v5.1.0
- Add `gitlab-keys list-key-ids` subcommand for iterating over key IDs to find keys that should be deleted
v5.0.6
- Remove old `project` parameter, use `gl_repository` instead
- Use v4 of the GitLab REST API
v5.0.5
- Use gl_repository if present when enqueing Sidekiq PostReceive jobs
v5.0.4
- Handle GL_REPOSITORY env variable and use it in API calls and Sidekiq enqueuing
v5.0.3
- Use recursive lookup for git repositories in the bin/create-hooks script
v5.0.2
- Adds timeout option to push branches
v5.0.1
- Fetch repositories with `--quiet` option by default
v5.0.0
- Remove support for git-annex
v4.1.1
- Send (a selection of) git environment variables while making the API call to `/allowed`, !112
v4.1.0
- Add support for global custom hooks and chained hook directories (Elan Ruusamäe, Dirk Hörner), !113, !111, !93, !89, #32
- Clear up text with merge request after new branch push (Lisanne Fellinger)
v4.0.3
- Fetch repositories with `--prune` option by default
v4.0.2
- Fix gitlab_custom_hook dependencies
v4.0.1
- Add instrumentation to push hooks
v4.0.0
- Use full repository path for API calls
v3.6.6
- Re-use the default logger when logging metrics data
v3.6.5
- Test against ruby 2.3
- Instrument GitLab Shell and log metrics data to a file
v3.6.4
- Fix rsync with ionice command building
- Fix short circuit logic between rsync with and without ionice for storage migrations
v3.6.3
- Re-exposing GL_ID to custom hooks
v3.6.2
- Enable GIT_TRACE/GIT_TRACE_PACKET/GIT_TRACE_PERFORMANCE by providing the git_trace_log_file config key
v3.6.1
- Set a low IO priority for storage moves to lower performance impact
v3.6.0
- Added full support for `git-lfs-authenticate` to properly handle LFS requests and pass them on to Workhorse
v3.5.0
- Add option to recover 2FA via SSH
v3.4.0
- Redis Sentinel support
v3.3.3
- Print URL for new or existing merge request after push
v3.3.2
- Improve authorized_keys check
v3.3.1
- Manage authorized_keys permissions continuously
v3.3.0
- Track ongoing push commands
- Add command to move repositories between repository storages
v3.2.1
- Allow gitlab-project's fork-project command to fork projects between different repository storages
v3.2.0
- Allow GitLab Shell to check for allowed access based on the used Git protocol
- Add an error message when using shell commands with incompatible GitLab versions
v3.1.0
- Refactor repository paths handling to allow multiple git mount points
v3.0.1
- Update PostReceive worker to provide enqueued_at time.
v3.0.0
- Remove rm-tag command (Robert Schilling)
- Remove create-branch and rm-branch commands (Robert Schilling)
- Update PostReceive worker so it logs a unique JID in Sidekiq
- Remove update-head command
- Use Redis Ruby client instead of shelling out to redis-cli
v2.7.2
- Do not prune objects during 'git gc'
v2.7.1
- Add new command to list tags from a remote repo
- Add the ability to fetch remote repo with or without tags
v2.7.0
- Add support for ssh AuthorizedKeysCommand query by key
v2.6.13
- Add push-branches command
- Add delete-remote-branches command
v2.6.12
- Fix git-annex issue not working using custom SSH port repositories
v2.6.11
- Increase HTTP timeout and log request durations
- Workaround for a Webrick issue on Ruby 2.2
- New optional `--force` parameter for `gitlab-projects fetch-remote`
v2.6.10
- Add git gc for housekeeping
v2.6.9
- Remove trailing slashes from gitlab_url
v2.6.8
- Revert git-lfs-authenticate command from white list
v2.6.7
- Exit with non-zero status when import-repository fails
- Add fetch-remote command
v2.6.6
- Do not clean LANG environment variable for the git hooks when working through the SSH-protocol
- Add git-lfs-authenticate command to white list (this command is used by git-lfs for SSO authentication through SSH-protocol)
- Handle git-annex and gcryptsetup
v2.6.5
- Handle broken symlinks in create-hooks
v2.6.4
- Remove keys from authorized_keys in-place
- Increase batch_add_keys lock timeout to 300 seconds
- If git-annex is enabled set GIT_ANNEX_SHELL_LIMITED variable
v2.6.3
- Prevent keys with a very specific comment from accidentally being deleted.
v2.6.2
- Include ecdsa keys in `gitlab_keys list-keys`.
- Refactor logic around GL_ID
v2.6.1
- Write errors to stderr to get git to abort and show them as such.
v2.6.0
- Prevent character encoding issues by sending received changes as raw data.
v2.5.4
- Remove recursive commands from bin/install
v2.5.3
- Improve git-annex integration
v2.5.2
- Safer line sub for git-annex command
v2.5.1
- Expect broadcast message to return empty JSON if no message now
v2.5.0
- Support git-annex tool (disabled by default)
- Add rubocop (Ruby static code analyzer) for development
v2.4.3
- Print broadcast message if one is available
v2.4.2
- Pass git changes list as string instead of array
v2.4.1
- Access token masking in url before loging
v2.4.0
- Show error message when git push is rejected
v2.2.0
- Support for custom hooks (Drew Blessing and Jose Kahan)
v2.1.0
- Use secret token with GitLab internal API. Requires GitLab 7.5 or higher
v2.0.1
- Send post-receive changes to redis as a string instead of array
v2.0.0
- Works with GitLab v7.3+
- Replace raise with abort when checking path to prevent path exposure
- Handle invalid number of arguments on remote commands
- Replace update hook with pre-receive and post-receive hooks.
- Symlink the whole hooks directory
- Ignore missing repositories in create-hooks
- Connect to Redis via sockets by default
v1.9.7
- Increased test coverage
- By default use direct unicorn connection (localhost:8080)
- Fix wrong repo path send to GitLab by GitlabUpdate hook
v1.9.6
- Explicitly require 'timeout' from the standard library
v1.9.5
- Put authorized_keys.lock in the same directory as authorized_keys
- Use lock file when add new entries to authorized_keys
v1.9.4
- Use lock file when modify authorized_keys
v1.9.3
- Ignore force push detection for new branch or branch remove push
v1.9.2
- Add support for force push detection
v1.9.1
- Update hook sends branch and tag name
v1.9.0
- Call api in update hook for both ssdh and http push. Requires GitLab 6.7+
- Pass oldrev and newrev to api.allowed?
v1.8.5
- Add `gitlab-keys batch-add-keys` subcommand for authorized_keys rebuilds
v1.8.4
- Dont do import if repository exists
v1.8.3
- Add timeout option for repository import
v1.8.2
- Fix broken 1.8.1
v1.8.1
- Restrict Environment Variables
- Add bin/create-hooks command
- More safe shell execution
v1.8.0
- Fix return values in GitlabKeys
v1.7.9
- Fix escape of repository path for custom ssh port
v1.7.8
- Escape repository path to prevent relative links (CVE-2013-4583)
v1.7.7
- Separate options from arguments with -- (CVE-2013-4582)
- Bypass shell and use stdlib JSON for GitlabUpdate (CVE-2013-4581)
v1.7.6
- Fix gitlab-projects update-head for improted repo when branch exists but not listed in refs/head
v1.7.5
- Remove keys from authorized_keys using ruby instead of shell
v1.7.4
- More protection against shell injection (CVE-2013-4546)
v1.7.3
- Use Kernel#open to append lines to authorized_keys (CVE-2013-4490)
v1.7.2
- More safe command execution
v1.7.1
- Fixed issue when developers are able to push to protected branches that contain a '/' in the branch name.
v1.7.0
- Clean authorized_keys file with `gitlab-keys clear`
v1.6.0
- Create branch/tag functionality
- Remove branch/tag functionality
v1.5.0
- Logger
- Ability to specify ca_file/ca_path
- Update-head command for project
- Better regexp for key_id inside shell
v1.4.0
- Regex used in rm-key command was too lax
v1.3.0
- Fork-project command
- Custom redis configuration
- Interpret login with deploy key as anonymous one
v1.2.0
- Return non-zero result if gitlab-projects and gitlab-keys execution was not successful
- http_settings configuration option added
v1.1.0
- added mv-project feature
- increased test coverage
v1.0.4
- requires gitlab c9ca15e
- don't use post-receive file any more. Make all updates in update
- fixed issue with invalid GL_USER
- use GL_ID instead of GL_USER
|