summaryrefslogtreecommitdiff
path: root/CHANGELOG
blob: abfa7e0887c783dc68d06af3b63104cbc83ad8a2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
v2.6.7
  - Exit with non-zero status when import-repository fails
  - Add fetch-remote command

v2.6.6
  - Do not clean LANG environment variable for the git hooks when working through the SSH-protocol
  - Add git-lfs-authenticate command to white list (this command is used by git-lfs for SSO authentication through SSH-protocol)
  - Handle git-annex and gcryptsetup

v2.6.5
  - Handle broken symlinks in create-hooks

v2.6.4
  - Remove keys from authorized_keys in-place
  - Increase batch_add_keys lock timeout to 300 seconds
  - If git-annex is enabled set GIT_ANNEX_SHELL_LIMITED variable

v2.6.3
  - Prevent keys with a very specific comment from accidentally being deleted.

v2.6.2
  - Include ecdsa keys in `gitlab_keys list-keys`.
  - Refactor logic around GL_ID

v2.6.1
  - Write errors to stderr to get git to abort and show them as such.

v2.6.0
  - Prevent character encoding issues by sending received changes as raw data.

v2.5.4
  - Remove recursive commands from bin/install

v2.5.3
  - Improve git-annex integration

v2.5.2
  - Safer line sub for git-annex command

v2.5.1
  - Expect broadcast message to return empty JSON if no message now

v2.5.0
  - Support git-annex tool (disabled by default)
  - Add rubocop (Ruby static code analyzer) for development

v2.4.3
  - Print broadcast message if one is available

v2.4.2
  - Pass git changes list as string instead of array

v2.4.1
  - Access token masking in url before loging

v2.4.0
  - Show error message when git push is rejected

v2.2.0
  - Support for custom hooks (Drew Blessing and Jose Kahan)

v2.1.0
  - Use secret token with GitLab internal API. Requires GitLab 7.5 or higher

v2.0.1
  - Send post-receive changes to redis as a string instead of array

v2.0.0
  - Works with GitLab v7.3+
  - Replace raise with abort when checking path to prevent path exposure
  - Handle invalid number of arguments on remote commands
  - Replace update hook with pre-receive and post-receive hooks.
  - Symlink the whole hooks directory
  - Ignore missing repositories in create-hooks
  - Connect to Redis via sockets by default

v1.9.7
  - Increased test coverage
  - By default use direct unicorn connection (localhost:8080)
  - Fix wrong repo path send to GitLab by GitlabUpdate hook

v1.9.6
  - Explicitly require 'timeout' from the standard library

v1.9.5
  - Put authorized_keys.lock in the same directory as authorized_keys
  - Use lock file when add new entries to authorized_keys

v1.9.4
  - Use lock file when modify authorized_keys

v1.9.3
  - Ignore force push detection for new branch or branch remove push

v1.9.2
  - Add support for force push detection

v1.9.1
  - Update hook sends branch and tag name

v1.9.0
  - Call api in update hook for both ssdh and http push. Requires GitLab 6.7+
  - Pass oldrev and newrev to api.allowed?

v1.8.5
  - Add `gitlab-keys batch-add-keys` subcommand for authorized_keys rebuilds

v1.8.4
  - Dont do import if repository exists

v1.8.3
  - Add timeout option for repository import

v1.8.2
  - Fix broken 1.8.1

v1.8.1
  - Restrict Environment Variables
  - Add bin/create-hooks command
  - More safe shell execution

v1.8.0
  - Fix return values in GitlabKeys

v1.7.9
  - Fix escape of repository path for custom ssh port

v1.7.8
  - Escape repository path to prevent relative links (CVE-2013-4583)

v1.7.7
  - Separate options from arguments with -- (CVE-2013-4582)
  - Bypass shell and use stdlib JSON for GitlabUpdate (CVE-2013-4581)

v1.7.6
  - Fix gitlab-projects update-head for improted repo when branch exists but not listed in refs/head

v1.7.5
  - Remove keys from authorized_keys using ruby instead of shell

v1.7.4
  - More protection against shell injection (CVE-2013-4546)

v1.7.3
  - Use Kernel#open to append lines to authorized_keys (CVE-2013-4490)

v1.7.2
  - More safe command execution

v1.7.1
  - Fixed issue when developers are able to push to protected branches that contain a '/' in the branch name.

v1.7.0
  - Clean authorized_keys file with `gitlab-keys clear`

v1.6.0
  - Create branch/tag functionality
  - Remove branch/tag functionality

v1.5.0
  - Logger
  - Ability to specify ca_file/ca_path
  - Update-head command for project
  - Better regexp for key_id inside shell

v1.4.0
  - Regex used in rm-key command was too lax

v1.3.0
  - Fork-project command
  - Custom redis configuration
  - Interpret login with deploy key as anonymous one

v1.2.0
  - Return non-zero result if gitlab-projects and gitlab-keys execution was not successful
  - http_settings configuration option added

v1.1.0
  - added mv-project feature
  - increased test coverage

v1.0.4
  - requires gitlab c9ca15e
  - don't use post-receive file any more. Make all updates in update
  - fixed issue with invalid GL_USER
  - use GL_ID instead of GL_USER