summaryrefslogtreecommitdiff
path: root/CHANGELOG
blob: 05bc8d7fc475a1383b30cda169712dc7d1e29fea (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
v13.6.0
- Add support obtaining personal access tokens via SSH !397

v13.5.0
- Generate and log correlation IDs !400

v13.4.0
- Support ssl_cert_dir config setting !393
- Log SSH key details !398
- Log remote IP for executed commands !399
- Drop Go v1.12 support !401

v13.3.0
- Upgrade Ruby version to v2.6.6 !390
- Use default puma socket in example config !388
- Set client name when making requests to Gitaly !387
- Fix race conditions with logrus testing !385

v13.2.0
- Add HTTP status code to internal API logs !376

v13.1.0
- Ensure we are pasing the parsed secret !381

v13.0.0
- Move gitlabnet client into a publicly facing client package !377

v12.2.0
- Geo: Add custom action support for clone/pull !369

v12.1.0
- Log internal HTTP requests !366
- Log git-{upload-pack,receive-pack,upload-archive} requests !367

v12.0.0
- openssh: Accept GIT_PROTOCOL environment variable !364

v11.0.0
- Bump Ruby version to 2.6.5 !357
- Remove support for Custom data.info_message !356

v10.3.0
- Use correct git-lfs download or upload operation names !353
- Add support for Gitaly feature flags !351
- Make console messages consistent !334

v10.2.0
- Remove dead Ruby code and unused binaries !346

v10.1.0
- Remove feature flags and the fallback command !336
- Remove an obsolete section from config.yml.example !339
- Extend group IP restriction to Git activity !335
- Remove deprecated create-hooks script !342
- Rewrite `bin/check` in Go !341

v10.0.0
- Remove gitlab-keys script !329

v9.4.2
  - Repurpose bin/authorized_keys script !330

v9.4.1
  - Fix bug preventing gitlab-development-kit from updating !327

v9.4.0
  - Enable all migration features by default !313
  - Set Go111MODULE to 'off' during compilation !315
  - Add Makefile for easier building and testing !310
  - Resolve "Update .PHONY to have accurate list of targets" !316
  - Update rubygems version on CI for go tests !320
  - Support falling back to ruby version of checkers !318
  - Implement AuthorizedKeys command !321
  - Implement AuthorizedPrincipals command !322
  - Replace symlinks with actual binaries !324
  - Use go mod !323

v9.3.0
  - Go implementation for git-receive-pack !300
  - Go implementation for git-upload-pack !305
  - Return Fallback cmd if feature is enabled, but unimplemented !306
  - Go implementation for git-upload-archive !307
  - Go implementation for LFS authenticate !308
  - Respect GITLAB_SHELL_DIR in the Go version !309

v9.2.0
  - Upgrade to Ruby 2.6.3 !298

v9.1.0
  - Correctly determine the root directory for gitlab-shell !294
  - Support calling internal api using HTTP !295
  - Print keys in list-keys command !198
  - Support calling internal API using HTTPS !297

v9.0.0
  - Add a Go implementation of the "discover" command !283
  - Add a Go implementation of the 2fa_recovery_codes" command !285
  - Display console messages, if available !287
  - Allow the post-receive hook to print warnings !288
  - Remove hooks, they belong to Gitaly now !291

v8.7.1
  - Fix unmarshalling JSON from the command line !280

v8.7.0
  - Add distributed tracing to GitLab-Shell !277

v8.6.0
  - Add support for using gl_project_path !275
  - Provide expires_in for LFS if available !273

v8.5.0
  - Bump gitaly-proto to v1.10.0

v8.4.4
  - Pass push options along to gitlab-rails's post-receive endpoint

v8.4.3
  - Remove circular dependency between HTTPHelper and GitlabNet !258

v8.4.2
  - Include LFS operation when requesting auth !254

v8.4.1
  - Surface error message sent along with API Service Unavailable error to user

v8.4.0
  - Use Gitaly v2 auth scheme

v8.3.3
  - Release v8.3.3 as v8.3.2 tag is incorrect

v8.3.2
  - Ensure text/plain & text/html content types are handled !239
  - Fix newlines not appearing between new log entries !242

v8.3.1
  - No changes (version tag correction)

v8.3.0
  - Add custom action (e.g. proxying SSH push) support

v8.2.1
  - Fix HTTP status code handling for /api/v4/allowed API endpoint

v8.2.0
  - Pass custom git_config_options to Gitaly !221
  - Add missing require statement in create-hooks !225

v8.1.1
  - Fix two regressions in SSH certificate support (!226)

v8.1.0
  - Support Git v2 protocol (!217)

v8.0.0
  - SSH certificate support (!207)

v7.2.0
  - Update gitaly-proto to 0.109.0 (!216)

v7.1.5
  - Fix a NoMethodError in the pre-receive hook (!206)

v7.1.4
  - Don't truncate long strings in broadcast message (!202)

v7.1.3
  - Use username instead of full name for identifying users (!204)

v7.1.2
  - Add missing GitlabLogger#error method (!200)

v7.1.1
  - Flush log file after every write (!199)

v7.1.0
  - Migrate `git-upload-archive` to gitaly

v7.0.0
  - Switch to structured logging (!193)

v6.0.4
  - Don't delete GL_REPOSITORY environment variable from post-receive hook (!191)

v6.0.3
  - Print new project information in post-receive

v6.0.2
  - Use grpc-go 1.9.1 (!184)
  - Update gitaly-proto and gitaly libs (!185)

v6.0.1
  - Fix git push by removing a bad require in the pre-receive hook (!183)

v6.0.0
  - Remove bin/gitlab_projects (!180)
  - Remove direct redis integration (!181)
  - Remove support unhiding of all references for Geo nodes (!179)

v5.11.0
  - Introduce a more-complete implementation of bin/authorized_keys (!178)

v5.10.3
  - Remove unused redis bin configuration

v5.10.2
  - Print redirection message when pushing into renamed project

v5.10.1
  - Use 'git clone --no-local' when creating a fork (!176)

v5.10.0
  - Add a 'fork-repository' command that works with hashed storage (!174)

v5.9.4
  - Add relative git object dir envvars to check access request

v5.9.3
  - Expose GitLab username to hooks in `GL_USERNAME` environment variable

v5.9.2
  - Fix pre-receive error when gitlab doesn't have /internal/pre_receive (!169)

v5.9.1
  - Adds --force option to push branches

v5.9.0
  - Support new /internal/pre-receive API endpoint for post-receive operations
  - Support new /internal/post-receive API endpoint for post-receive operations
  - Support `redis` field on /internal/check API endpoint

v5.8.1
  - Support old versions of ruby without monotonic clock

v5.8.0
  - Fix SSH support for Git for Windows v2.14

v5.7.0
  - Support unhiding of all refs via Gitaly

v5.6.2
  - Bump redis-rb library to 3.3.3

v5.6.1
  - Fix setting permissions of SSH key tempfiles
  - Fix a missing constant error when using SSH authentication

v5.6.0
  - SSH authentication support

v5.5.0
  - Support unhiding of all references for Geo nodes

v5.4.0
  - Update Gitaly vendoring to use new RPC calls instead of old deprecated ones

v5.3.1
  - Gracefully handle internal API errors when getting merge request URLs

v5.3.0
  - Add ability to have git-receive-pack and git-upload-pack to go over Gitaly

v5.2.1
  - Revert changes in v5.2.0

v5.2.0
  - Disable RubyGems to increase performance

v5.1.1
  - Revert "Remove old `project` parameter, use `gl_repository` instead"

v5.1.0
  - Add `gitlab-keys list-key-ids` subcommand for iterating over key IDs to find keys that should be deleted

v5.0.6
  - Remove old `project` parameter, use `gl_repository` instead
  - Use v4 of the GitLab REST API

v5.0.5
  - Use gl_repository if present when enqueing Sidekiq PostReceive jobs

v5.0.4
  - Handle GL_REPOSITORY env variable and use it in API calls and Sidekiq enqueuing

v5.0.3
  - Use recursive lookup for git repositories in the bin/create-hooks script

v5.0.2
  - Adds timeout option to push branches

v5.0.1
  - Fetch repositories with `--quiet` option by default

v5.0.0
  - Remove support for git-annex

v4.1.1
  - Send (a selection of) git environment variables while making the API call to `/allowed`, !112

v4.1.0
  - Add support for global custom hooks and chained hook directories (Elan Ruusamäe, Dirk Hörner), !113, !111, !93, !89, #32
  - Clear up text with merge request after new branch push (Lisanne Fellinger)

v4.0.3
  - Fetch repositories with `--prune` option by default

v4.0.2
  - Fix gitlab_custom_hook dependencies

v4.0.1
  - Add instrumentation to push hooks

v4.0.0
  - Use full repository path for API calls

v3.6.6
  - Re-use the default logger when logging metrics data

v3.6.5
  - Test against ruby 2.3
  - Instrument GitLab Shell and log metrics data to a file

v3.6.4
  - Fix rsync with ionice command building
  - Fix short circuit logic between rsync with and without ionice for storage migrations

v3.6.3
  - Re-exposing GL_ID to custom hooks

v3.6.2
  - Enable GIT_TRACE/GIT_TRACE_PACKET/GIT_TRACE_PERFORMANCE by providing the git_trace_log_file config key

v3.6.1
  - Set a low IO priority for storage moves to lower performance impact

v3.6.0
  - Added full support for `git-lfs-authenticate` to properly handle LFS requests and pass them on to Workhorse

v3.5.0
  - Add option to recover 2FA via SSH

v3.4.0
  - Redis Sentinel support

v3.3.3
  - Print URL for new or existing merge request after push

v3.3.2
  - Improve authorized_keys check

v3.3.1
  - Manage authorized_keys permissions continuously

v3.3.0
  - Track ongoing push commands
  - Add command to move repositories between repository storages

v3.2.1
  - Allow gitlab-project's fork-project command to fork projects between different repository storages

v3.2.0
  - Allow GitLab Shell to check for allowed access based on the used Git protocol
  - Add an error message when using shell commands with incompatible GitLab versions

v3.1.0
  - Refactor repository paths handling to allow multiple git mount points

v3.0.1
  - Update PostReceive worker to provide enqueued_at time.

v3.0.0
  - Remove rm-tag command (Robert Schilling)
  - Remove create-branch and rm-branch commands (Robert Schilling)
  - Update PostReceive worker so it logs a unique JID in Sidekiq
  - Remove update-head command
  - Use Redis Ruby client instead of shelling out to redis-cli

v2.7.2
  - Do not prune objects during 'git gc'

v2.7.1
  - Add new command to list tags from a remote repo
  - Add the ability to fetch remote repo with or without tags

v2.7.0
  - Add support for ssh AuthorizedKeysCommand query by key

v2.6.13
  - Add push-branches command
  - Add delete-remote-branches command

v2.6.12
  - Fix git-annex issue not working using custom SSH port repositories

v2.6.11
  - Increase HTTP timeout and log request durations
  - Workaround for a Webrick issue on Ruby 2.2
  - New optional `--force` parameter for `gitlab-projects fetch-remote`

v2.6.10
  - Add git gc for housekeeping

v2.6.9
  - Remove trailing slashes from gitlab_url

v2.6.8
  - Revert git-lfs-authenticate command from white list

v2.6.7
  - Exit with non-zero status when import-repository fails
  - Add fetch-remote command

v2.6.6
  - Do not clean LANG environment variable for the git hooks when working through the SSH-protocol
  - Add git-lfs-authenticate command to white list (this command is used by git-lfs for SSO authentication through SSH-protocol)
  - Handle git-annex and gcryptsetup

v2.6.5
  - Handle broken symlinks in create-hooks

v2.6.4
  - Remove keys from authorized_keys in-place
  - Increase batch_add_keys lock timeout to 300 seconds
  - If git-annex is enabled set GIT_ANNEX_SHELL_LIMITED variable

v2.6.3
  - Prevent keys with a very specific comment from accidentally being deleted.

v2.6.2
  - Include ecdsa keys in `gitlab_keys list-keys`.
  - Refactor logic around GL_ID

v2.6.1
  - Write errors to stderr to get git to abort and show them as such.

v2.6.0
  - Prevent character encoding issues by sending received changes as raw data.

v2.5.4
  - Remove recursive commands from bin/install

v2.5.3
  - Improve git-annex integration

v2.5.2
  - Safer line sub for git-annex command

v2.5.1
  - Expect broadcast message to return empty JSON if no message now

v2.5.0
  - Support git-annex tool (disabled by default)
  - Add rubocop (Ruby static code analyzer) for development

v2.4.3
  - Print broadcast message if one is available

v2.4.2
  - Pass git changes list as string instead of array

v2.4.1
  - Access token masking in url before loging

v2.4.0
  - Show error message when git push is rejected

v2.2.0
  - Support for custom hooks (Drew Blessing and Jose Kahan)

v2.1.0
  - Use secret token with GitLab internal API. Requires GitLab 7.5 or higher

v2.0.1
  - Send post-receive changes to redis as a string instead of array

v2.0.0
  - Works with GitLab v7.3+
  - Replace raise with abort when checking path to prevent path exposure
  - Handle invalid number of arguments on remote commands
  - Replace update hook with pre-receive and post-receive hooks.
  - Symlink the whole hooks directory
  - Ignore missing repositories in create-hooks
  - Connect to Redis via sockets by default

v1.9.7
  - Increased test coverage
  - By default use direct unicorn connection (localhost:8080)
  - Fix wrong repo path send to GitLab by GitlabUpdate hook

v1.9.6
  - Explicitly require 'timeout' from the standard library

v1.9.5
  - Put authorized_keys.lock in the same directory as authorized_keys
  - Use lock file when add new entries to authorized_keys

v1.9.4
  - Use lock file when modify authorized_keys

v1.9.3
  - Ignore force push detection for new branch or branch remove push

v1.9.2
  - Add support for force push detection

v1.9.1
  - Update hook sends branch and tag name

v1.9.0
  - Call api in update hook for both ssdh and http push. Requires GitLab 6.7+
  - Pass oldrev and newrev to api.allowed?

v1.8.5
  - Add `gitlab-keys batch-add-keys` subcommand for authorized_keys rebuilds

v1.8.4
  - Dont do import if repository exists

v1.8.3
  - Add timeout option for repository import

v1.8.2
  - Fix broken 1.8.1

v1.8.1
  - Restrict Environment Variables
  - Add bin/create-hooks command
  - More safe shell execution

v1.8.0
  - Fix return values in GitlabKeys

v1.7.9
  - Fix escape of repository path for custom ssh port

v1.7.8
  - Escape repository path to prevent relative links (CVE-2013-4583)

v1.7.7
  - Separate options from arguments with -- (CVE-2013-4582)
  - Bypass shell and use stdlib JSON for GitlabUpdate (CVE-2013-4581)

v1.7.6
  - Fix gitlab-projects update-head for improted repo when branch exists but not listed in refs/head

v1.7.5
  - Remove keys from authorized_keys using ruby instead of shell

v1.7.4
  - More protection against shell injection (CVE-2013-4546)

v1.7.3
  - Use Kernel#open to append lines to authorized_keys (CVE-2013-4490)

v1.7.2
  - More safe command execution

v1.7.1
  - Fixed issue when developers are able to push to protected branches that contain a '/' in the branch name.

v1.7.0
  - Clean authorized_keys file with `gitlab-keys clear`

v1.6.0
  - Create branch/tag functionality
  - Remove branch/tag functionality

v1.5.0
  - Logger
  - Ability to specify ca_file/ca_path
  - Update-head command for project
  - Better regexp for key_id inside shell

v1.4.0
  - Regex used in rm-key command was too lax

v1.3.0
  - Fork-project command
  - Custom redis configuration
  - Interpret login with deploy key as anonymous one

v1.2.0
  - Return non-zero result if gitlab-projects and gitlab-keys execution was not successful
  - http_settings configuration option added

v1.1.0
  - added mv-project feature
  - increased test coverage

v1.0.4
  - requires gitlab c9ca15e
  - don't use post-receive file any more. Make all updates in update
  - fixed issue with invalid GL_USER
  - use GL_ID instead of GL_USER