CHANGELOG
v14.39.0
- Revise CODEOWNERS to use entire TW team !1125
- Rename bin/check to bin/gitlab-shell-check to to avoid name clash !801
- Update golangci to 1.60.1 !1122
- Move bin/install to support/make_necessary_dirs !799
- Update dependency golang to v1.23.0 !1121
- Use go build so we can use -o !1117
- Add 'make make_necessary_dirs' alias !1119
- Add GitLab Advanced SAST to CI/CD config !1120
- Update github.com/charmbracelet/git-lfs-transfer digest to 2cab0ea !1118
- Update module golang.org/x/crypto to v0.26.0 !1115
- Update dependency golang to v1.22.6 !1116
- Update github.com/charmbracelet/git-lfs-transfer digest to c3aa24b !1113
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.11.8 !1114
- Update module golang.org/x/sync to v0.8.0 !1112
v14.38.0
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.11.7 !1110
- Add basic LFS connections metric for SSH !1107
- Update module google.golang.org/grpc to v1.65.0 !1098
- Add basic LFS connections metric for HTTP !1108
- Remove migration section as no longer supported !1106
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.11.6 !1104
- Update dependency ruby to v3.3.4 !1102
- Update Ruby to 3.3.4 !1105
- Update module golang.org/x/crypto to v0.25.0 !1100
- Update github.com/charmbracelet/git-lfs-transfer digest to bacbfdb !1101
- Restructure CI jobs !1097
- Update dependency golang to v1.22.5 !1099
v14.37.0
- Update dependency danger-review to v1.4.1 !1095
- Allow pure_ssh_protocol to be set !1093
- Update dependency gitlab-dangerfiles to '~> 4.8.0' !1094
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.11.5 !1091
- Update dependency danger-review to v1.4.0 !1090
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.11.4 !1085
- Update golangci to 1.59.1 !1089
v14.36.0
- Use the danger-review component !1086
- Update module google.golang.org/protobuf to v1.34.2 !1083
- Geo: Replace Git over HTTP calls with Workhorse HTTP endpoint for SSH pull !1081
- Update github.com/charmbracelet/git-lfs-transfer digest to 0ffd62e !1080
- Update dependency golang to v1.22.4 !1079
- Update module golang.org/x/crypto to v0.24.0 !1078
- Update golang default to 1.22 !1077
- Geo: Replace Git over HTTP calls with Workhorse HTTP endpoint for SSH push !1076
- Update module github.com/hashicorp/go-retryablehttp to v0.7.7 !1074
- Update CI image to latest one !1073
- Update module golang.org/x/sync to v0.7.0 !1072
- git-lfs-transfer: Add support for lock and unlocking of files !1071
- Update golangci to 1.58.2 !1069
- Update github.com/charmbracelet/git-lfs-transfer digest to 4ef8f58 !1067
- Continue work on Git LFS over SSH !1066
- Update module google.golang.org/grpc to v1.64.0 !1065
- Update module github.com/prometheus/client_golang to v1.19.1 !1063
- Update module github.com/hashicorp/go-retryablehttp to v0.7.6 !1061
- Update dependency golang to v1.22.3 !1060
- Update golangci to 1.58.1 !1057
- Update module google.golang.org/protobuf to v1.34.1 !1056
- Update module golang.org/x/crypto to v0.23.0 !1055
- Update github.com/charmbracelet/git-lfs-transfer digest to cc13460 !1054
- Add configuration objects to PAT token !1053
- Update module google.golang.org/protobuf to v1.34.0 !1052
- Fix lint issues for sshd server_config !1043
- Resolve `make lint` (golangci-lint) issues for `internal/sshd/sshd.go` and `internal/sshd/sshd_test.go` !1040
- Update github.com/charmbracelet/git-lfs-transfer digest to 9e9a21d !1038
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.11.3 !1037
- Resolve `make lint` (golangci-lint) issues for `internal/command/uploadarchive/uploadarchive.go` and `internal/command/uploadarchive/uploadarchive_test.go` !1034
- Resolve `make lint` (golangci-lint) issues for `internal/command/uploadpack/uploadpack.go` and `internal/command/uploadpack/uploadpack_test.go` !1033
- Resolve `make lint` (golangci-lint) issues for `internal/sshd/session.go` and `internal/sshd/session_test.go` !1032
- Resolve `make lint` (golangci-lint) issues for `internal/gitlabnet/authorizedkeys/client.go` and `internal/gitlabnet/authorizedkeys/client_test.go` !1031
- Resolve `make lint` (golangci-lint) issues for `internal/command/receivepack/receivepack.go` and `internal/command/receivepack/receivepack_test.go` !1030
- Resolve `make lint` (golangci-lint) issues for `internal/command/lfsauthenticate/lfsauthenticate.go` and `internal/command/lfsauthenticate/lfsauthenticate_test.go !1029
- Update HttpClient method name !1028
- Resolves `make lint` (golangci-lint) issues for `cmd/gitlab-shell-authorized-keys-check/main.go` !1027
- Resolve `make lint` (golangci-lint) issues for `internal/gitlabnet/git/client.go` and `internal/gitlabnet/git/client_test.go` !1026
- Resolve `make lint` (golangci-lint) issues or `internal/command/uploadpack/gitalycall.go` and `internal/command/uploadpack/gitalycall_test.go` !1025
- Resolve `make lint` (golangci-lint) issues for `internal/gitlabnet/twofactorverify/client.go` and `internal/gitlabnet/twofactorverify/client_test.go` !1024
- Resolve `make lint` (golangci-lint) issues for `internal/command/twofactorverify/twofactorverify.go` and `internal/command/twofactorverify/twofactorverify_test.go` !1023
- Resolve `make lint` (golangci-lint) issues for `internal/command/shared/customaction/customaction.go` and `internal/command/shared/customaction/customaction_test.go` !1022
- Resolve `make lint` (golangci-lint) issues for `internal/gitlabnet/accessverifier/client.go` and `internal/gitlabnet/accessverifier/client_test.go` !1021
- Resolve `make lint` (golangci-lint) issues for `cmd/gitlab-shell/command/command.go` and `cmd/gitlab-shell/command/command_test.go` !1020
- Resolve `make lint` (golangci-lint) issues for `internal/gitlabnet/discover/client.go` and `internal/gitlabnet/discover/client_test.go` !1019
- Resolve `make lint` (golangci-lint) issues for `cmd/check/command/command.go` and `cmd/check/command/command_test.go` !1018
- Resolve `make lint` (golangci-lint) issues for `internal/keyline/key_line.go` and `internal/keyline/key_line_test.go` !1017
- Resolve `make lint` (golangci-lint) issues for `internal/gitlabnet/lfsauthenticate/client.go` and `internal/gitlabnet/lfsauthenticate/client_test.go` !1016
- Resolve `make lint` (golangci-lint) issues for `internal/sshenv/sshenv.go` and `internal/sshenv/sshenv_test.go` !1015
- Resolve `make lint` (golangci-lint) issues for `cmd/gitlab-shell-authorized-keys-check/command/command.go` and `cmd/gitlab-shell-authorized-keys-check/command/command_test.go` !1014
- Fix `make lint` (golangci-lint) issues for `client/httpclient.go` and `client/httpsclient_test.go` !1013
- Fix `make lint` (golangci-lint) issues for `internal/handler/exec.go` and `internal/handler/exec_test.go` !1012
- Fix `make lint` (golangci-lint) issues for `internal/gitlabnet/personalaccesstoken/client.go` and `internal/gitlabnet/personalaccesstoken/client_test.go` !1011
- Fix `make lint` (golangci-lint) issues for `client/gitlabnet.go` !1010
- Fixes `make lint` (golangci-lint) issues for `internal/gitlabnet/twofactorrecover/client.go` and `internal/gitlabnet/twofactorrecover/client_test.go` !1009
- Fix `make lint` (golangci-lint) issues for `internal/sshd/connection.go` and `internal/sshd/connection_test.go` !1008
- Fix `make lint` (golangci-lint) issues for `internal/console/console.go` and `internal/console/console_test.go` !1007
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.11.0 !1006
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.10.3 !1005
- Fix golanci shadow warning !1004
- Fix lint issues in requesthandlers.go !1003
- Resolve Use golang-1.21 for GO_VERSION in CI !1001
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.10.2 !997
- Update github.com/charmbracelet/git-lfs-transfer digest to 3263d2f !996
- Update module golang.org/x/crypto to v0.22.0 !995
- Extend shell logs with additional metadata !991
- git-lfs-transfer: Add support for batch upload and get object !989
v14.35.0
- sshd: limit server_host_key_algorithms in server config !986
- Update github.com/charmbracelet/git-lfs-transfer digest to f0b226f !990
- Update module google.golang.org/grpc to v1.63.2 !993
- Update dependency golang to v1.22.2 !992
- Update golangci-lint to 1.57.2 !988
- Remove Gitlab-Shared-Secret reference that is no longer used !985
- git-lfs-transfer: Enable in shell and introduce batch download !942
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.10.0 !983
- Update golangci-lint to 1.57.1 !984
- Update github.com/charmbracelet/git-lfs-transfer digest to 6dbff1b !981
- Update dependency gitlab-dangerfiles to '~> 4.7.0' !982
- chore: Fix lint issues in cmd/gitlab-sshd/acceptance_test.go !979
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.9.2 !980
- Update module google.golang.org/protobuf to v1.33.0 !977
- Update module google.golang.org/grpc to v1.62.1 !976
- Update github.com/charmbracelet/git-lfs-transfer digest to 00bfe2e !974
- Update module github.com/golang-jwt/jwt/v5 to v5.2.1 !973
- Update module golang.org/x/crypto to v0.21.0 !972
- chore: Fixed lint issues in internal/testhelper/testhelper.go !978
- Update dependency golang to v1.22.1 !975
- Update module github.com/stretchr/testify to v1.9.0 !970
- Update github.com/charmbracelet/git-lfs-transfer digest to 3853b28 !968
- Update github.com/charmbracelet/git-lfs-transfer digest to df8ee50 !971
- Update module golang.org/x/crypto to v0.20.0 !966
- Update module github.com/prometheus/client_golang to v1.19.0 !967
- Update module google.golang.org/grpc to v1.62.0 !964
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.9.1 !963
v14.34.0
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.9.0 !960
- Update golangci-lint and gotestsum to latest stable !962
- Also test against go 1.22 !949
- Update dependency golang to v1.22.0 !952
- Update module google.golang.org/grpc to v1.61.1 !961
- Update github.com/charmbracelet/git-lfs-transfer digest to e8645ad !959
- Update github.com/charmbracelet/git-lfs-transfer digest to 8d8e152 !957
- Upgrade to using bookworm instead of bullseye !956
- Update GOLANGCI_LINT_VERSION to 1.56.1 !958
- Update golangci lint to v1.56.0 !954
- Set random correlation ID in uploadarchive test !955
- Update module golang.org/x/crypto to v0.19.0 !953
- Use GracefulStop() instead of Stop() !951
- Update dependency rspec to '~> 3.13.0' !947
- Fix scanner findings error !948
- Log error instead of warning when parsing keys !944
- Fix PureSSHProtocal name typo !945
- Update github.com/charmbracelet/git-lfs-transfer digest to 732ff5e !943
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.9.0-rc3 !941
- Run CI with FIPS_MODE enabled !940
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.8.1 !939
- Update module google.golang.org/grpc to v1.61.0 !937
- New lfs.pure_ssh_protocol setting !936
- Update local Ruby version !938
v14.33.0
- Load gssapi lib per server/connection !934
- Update module google.golang.org/grpc to v1.60.0 !912
- Expose error messages for failed Git operations !906
- Update module google.golang.org/protobuf to v1.32.0 !918
- Ensure build tags are used when testing !921
- Update module golang.org/x/sync to v0.6.0 !922
- Update module golang.org/x/crypto to v0.18.0 !923
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.8.0 !932
v14.32.0
- Geo: Add `done` pktline when git clone --depth option is given !905
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.6.1 !907
- Update module github.com/golang-jwt/jwt/v5 to v5.2.0 !908
- Update module golang.org/x/crypto to v0.16.0 !904
- Replace os.MkdirTemp() usages with t.TempDir() !909
- Update dependency golang to v1.21.5 !911
v14.31.0
- Update dependency gitlab-dangerfiles to '~> 4.6.0' !887
- Update module golang.org/x/crypto to v0.15.0 !884
- Revert workaround to start gitaly service in test !891
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.6.0 !890
- Remove the RPC call for Namespace removal !895
- Update module gitlab.com/gitlab-org/labkit to v1.21.0 !892
- Revert sending SSH certificate as a separate protocol !894
- Bump GO_VERSION to 1.21 !898
- Drop support for go 1.19 !899
- Move global tempDir into StartSocketHttpServer() !902
- New nilaway CI job !897
- Resolve "Remove NilAway detections for 'client' package" !896
- call git_autid_event during git pull/clone if in need !888
v14.30.1
- Update dependency golang to v1.21.4 !881
- Update module github.com/golang-jwt/jwt/v5 to v5.1.0 !882
- Set CI_DEBUG_SERVICES: true to assist debugging !883
- Update module github.com/hashicorp/go-retryablehttp to v0.7.5 !885
v14.30.0
- Disable GSSAPI when CGO is enabled to support DNS resolution !866
- Add log for public key authentication type !870
- Update dependency golang to v1.21.3 !867
- Update dependency gitlab-dangerfiles to '~> 4.3.2' !871
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.5.0 !873
- Update module google.golang.org/grpc to v1.59.0 !872
- Update dependency gitlab-dangerfiles to '~> 4.4.0' !874
- Update dependency gitlab-dangerfiles to '~> 4.5.1' !876
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.5.1 !877
- Update module golang.org/x/sync to v0.5.0 !879
- Fix race conditions in GSSAPI calls !875
v14.29.0
- Update module google.golang.org/grpc to v1.58.2 !850
- Update dependency gitlab-dangerfiles to v4 !852
- Optimize Ruby and Go job caching !805
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.4.0 !853
- Update module github.com/prometheus/client_golang to v1.17.0 !854
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.4.1 !856
- Update dependency gitlab-dangerfiles to '~> 4.1.0' !857
- Always return stdin/stdout errors !847
- Update module golang.org/x/sync to v0.4.0 !860
- Update dependency golang to v1.21.2 !862
- Removes module github.com/grpc-ecosystem/go-grpc-middleware !859
- Update module github.com/otiai10/copy to v1.14.0 !858
- Update module golang.org/x/crypto to v0.14.0 !861
- Allow only git commands for auth via SSH certs !864
- Send ssh_certificates as protocol !863
- Update module google.golang.org/grpc to v1.58.3 !868
v14.28.0
- Add PullCommand to githttp package !836
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.3.3 !849
- Fix `make lint` on aarch64 platforms !848
- Update dependency golang to v1.21.1 !844
- Update module google.golang.org/grpc to v1.58.0 !845
- Add golangci-lint to CI job !839
- Update module golang.org/x/crypto to v0.13.0 !842
v14.27.0
- Workaround to allow gitaly service to start !838
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.3.1 !837
- Resolve "GitLab sshd should include data transfer bytes in logs" !831
- Update dependency golang to v1.21.0 !828
- Log metadata refactor !832
- Support authentication using SSH Certificates !812
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.3.0 !833
- Implement geo_proxy_direct_to_primary feature flag !834
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.2.4 !830
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.2.2 !818
- Add Go v1.21 to CI !829
v14.26.0
- Include error and log as Error when recovering !825
- Fix the established session metric !826
- Require Go 1.19 and drop use of golang-crypto fork !806
- Update dependency gitlab-dangerfiles to '~> 3.13.0' !824
- Create gotestsum in support/bin and ignore !825
v14.25.0
- Ensure context is not nil before processing !820
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.2.1 !814
- Update module google.golang.org/grpc to v1.57.0 !815
- Update module gitlab.com/gitlab-org/labkit to v1.20.0 !817
- Update dependency golang to v1.20.7 !819
v14.24.1
- Return metadata context without using channels !810
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.2.0 !813
- Update dependency gitlab-dangerfiles to '~> 3.12.0' !811
v14.24.0
- Bump golang to 1.20.6 !808
- Ensure all binaries respond to -version !800
- Update module google.golang.org/grpc to v1.56.2 !804
- Update module golang.org/x/crypto to v0.11.0 !803
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.1.2 !802
- Add support for gotestsum !796
- Log 'access: finish' line with additional metadata !783
- Ensure prometheus counter has time to increment !795
- Use both go and ruby cache for test jobs !793
- Split caching of go and ruby jobs !792
- Optimise Ruby and Go based CI jobs !787
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.1.1 !794
- Update module google.golang.org/protobuf to v1.31.0 !789
- Update dependency gitlab-dangerfiles to '~> 3.11.0' !788
- New modules:tidy and modules:download jobs !784
- Update module google.golang.org/grpc to v1.56.1 !786
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.1.0 !785
- Tidy up go.mod and go.sum !781
- Create a 'msg: "access"' log entry at the completion of work, including a `duration_s` field !782
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.0.5 !779
- Update module github.com/otiai10/copy to v1.12.0 !780
- Ensure test cache is not used for 'go test' !778
- Update module google.golang.org/grpc to v1.56.0 !777
- Update module github.com/prometheus/client_golang to v1.16.0 !776
- Update module gitlab.com/gitlab-org/labkit to v1.19.0 !771
- Update module golang.org/x/sync to v0.3.0 !775
- Update module golang.org/x/crypto to v0.10.0 !774
- Update Ruby dependencies !773
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.0.4 !772
- Update dependency golang to v1.20.5 !768
- Use gitlab-shell maintainers group instead for CODEOWNERS !770
- Update module github.com/golang-jwt/jwt/v4 to v5 !759
- Update module github.com/hashicorp/go-retryablehttp to v0.7.4 !767
v14.23.0
- Update module github.com/golang-jwt/jwt/v4 to v5 !759
- Update module gopkg.in/yaml.v2 to v3 !763
- Update module gitlab.com/gitlab-org/gitaly/v15 to v16 !762
- Update logrus to v1.9.3 !760
- Update module golang.org/x/sync to v0.2.0 !757
- Update module github.com/pires/go-proxyproto to v0.7.0 !752
- Update module google.golang.org/grpc to v1.55.0 !758
- Update module github.com/prometheus/client_golang to v1.15.1 !756
- Update module github.com/otiai10/copy to v1.11.0 !751
- Make golang 1.20 the default for gitlab-shell development and CI !750
- Update module golang.org/x/crypto to v0.9.0 !742
- Update dependency golang to v1.20.4 !748
- Update module github.com/hashicorp/go-retryablehttp to v0.7.2 !745
v14.22.0
- Update dependency ruby to v3.2.2 !743
v14.21.0
- Use a separate HTTP Client for Geo requests !739
v14.20.0
- Configure a default ttl for personal access tokens !736
v14.19.0
- Bump go to 1.19.9 !730
- Update golang-crypto fork version !729
- Add build-package-and-qa job !728
- refactor: success api on acceptance tests !727
- Make the boringcrypto check POSIX shell compliant !725
- Fix CGO_CFLAGS to use output from `brew --prefix` !724
- Acceptance test for Geo Push !719
- Configure Gitaly storage acceptance tests !723
- Prepare for Go 1.19 FIPS support !721
- Make golang 1.19 the default !718
v14.18.0
- Perform HTTP request to primary on Geo push !716
- sshd: exclude gssapi when building without cgo !720
- Add DNS discovery support for Gitaly/Praefect !717
- Add bin/gitlab-sshd as an explicit Makefile target !714
v14.17.0
- Bump golang to 1.18.9 !712
v14.16.0
- feat: make retryable http default client !710
- Add support for the gssapi-with-mic auth method !682
- docs: Truncate pages, point users to GitLab repo !705
v14.15.0
- Incorporate older edits to README !696
- Upgrade to Ruby 3.x !706
- feat: retry on http error !703
v14.14.0
- Add developer documentation to sshd package !683
- Improve error message for Gitaly `LimitError`s !691
- Drop 1.16 compatibility in go.sum !692
- Bump x/text to 0.3.8 !692
- Update prometheus package to 1.13.1 !692
- Restrict IP access for PROXY protocol !693
- Fix broken Gitaly integration tests !694
- Clean up .gitlab-ci.yml file !695
- Use the images provided by Gitlab to run tests !698
- Use Ruby 2.7.7 as the default !699
- Use blocking reader to fix race in test !700
v14.13.0
- Update .tool-versions to Go 1.18.7 !688
- Remove secret from request headers !689
v14.12.0
- Trim secret before signing JWT tokens !686
- Bump .tool-versions to use Go 1.18.6 !685
- Update Gitaly to 15.4.0-rc2 !681
- Test against Golang v1.19 !680
v14.11.0
- Update Gitaly to v15 !676
- Fixed extra slashes in API request paths generated for geo !673
v14.10.0
- Implement Push Auth support for 2FA verification !454
v14.9.0
- Update LabKit library to v1.16.0 !668
v14.8.0
- go: Bump major version to v14 !666
- Pass original IP from PROXY requests to internal API calls !665
- Fix make install copying the wrong binaries !664
- gitlab-sshd: Add support for configuring host certificates !661
v14.7.4
- gitlab-sshd: Update crypto module to fix RSA keys with old gpg-agent !662
v14.7.3
- Ignore "not our ref" errors from gitlab-sshd error metrics !656
v14.7.2
- Exclude disallowed command from error rate !654
v14.7.1
- Log gitlab-sshd session level indicator errors !650
- Improve establish session duration metrics !651
v14.7.0
- Abort long-running unauthenticated SSH connections !647
- Close the connection when context is canceled !646
v14.6.1
- Return support for diffie-hellman-group14-sha1 !644
v14.6.0
- Exclude Gitaly unavailable error from error rate !641
- Downgrade auth EOF messages from warning to debug !641
- Display constistently in gitlab-sshd and gitlab-shell !641
- Downgrade host key mismatch messages from warning to debug !639
- Introduce a GitLab-SSHD server version during handshake !640
- Narrow supported kex algorithms !638
v14.5.0
- Make ProxyHeaderTimeout configurable !635
v14.4.0
- Allow configuring SSH server algorithms !633
- Update gitlab-org/golang-crypto module version !632
v14.3.1
- Exclude API errors from error rate !630
v14.3.0
- Remove deprecated bundler-audit !626
- Wait until all Gitaly sessions are executed !624
v14.2.0
- Implement ClientKeepAlive option !622
- build: bump go-proxyproto to 0.6.2 !610
v14.1.1
- Log the error that happens on sconn.Wait() !613
v14.1.0
- Make PROXY policy configurable !619
- Exclude authentication errors from apdex !611
- Fix check_ip argument when gitlab-sshd used with PROXY protocol !616
- Use labkit for FIPS check !607
v14.0.0
- Always use Gitaly sidechannel connections !567
v13.26.0
- Add JWT token to GitLab Rails request !596
- Drop go 1.16 support !601
- Remove `self_signed_cert` option !602
v13.25.2
- Revert "Abort long-running unauthenticated SSH connections" !605
- Bump Go to 1.17.9 for asdf users !600
v13.25.1
- Upgrade golang to 1.17.8 !591
- Add additional metrics to gitlab-sshd !593
- Add support for FIPS encryption !597
v13.25.0
- Fix connections duration metrics !588
- ci: start integrating go 1.18 into the CI pipelines !587
- Abort long-running unauthenticated SSH connections !582
v13.24.2
- Bump gitaly client !584
v13.24.1
- Default to info level for an empty log-level !579
- Update Gitaly dependency to v14.9.0-rc1 !578
- Reuse Gitaly connections and sidechannel !575
v13.24.0
- Upgrade golang to 1.17.7 !576
- Add more metrics for gitlab-sshd !574
- Move code guidelines to doc/beginners_guide.md !572
- Add docs for full feature list !571
- Add aqualls as codeowner for docs files !573
v13.23.2
- Bump labkit version to 1.12.0 !569
- Add title and correct copyright notice to license !568
- Bump go-proxyproto package !563
- Update Go to version 1.17.6 !562
v13.23.1
- Replace golang.org/x/crypto with gitlab-org/golang-crypto !560
v13.23.0
- Add support for SSHUploadPackWithSidechannel RPC !557
- Rate limiting documentation !556
v13.22.2
- Update to Ruby 2.7.5 !553
- Deprecate self_signed_cert config setting !552
- Send full git request/response in SSHD tests !550
- Suppress internal errors in client output !549
- Bump .tool_versions to use Go v1.16.12 !548
v13.22.1
- Remove SSL_CERT_DIR logging !546
v13.22.0
- Relax key and username matching for sshd !540
- Add logging to handler/exec.go and config/config.go !539
- Improve logging for non-git commands !538
- Update to Go v1.16.9 !537
- Reject non-proxied connections when proxy protocol is enabled !536
- Log command invocation !535
- Fix logging channel type !534
- Resolve an error-swallowing issue !533
- Add more logging to gitlab-sshd !531
- Respect log-level configuration again !530
- Improve err message given when Gitaly unavailable !526
- makefile: properly escape '$' in VERSION_STRING !525
- Add context fields to logging !524
- Extract server config related code out of sshd.go !523
- Add TestInvalidClientConfig and TestNewServerWithoutHosts for sshd.go !518
- Update Ruby version to 2.7.4 and add Go version 1.16.8 for tooling !517
v13.21.1
- Only validate SSL cert file exists if a value is supplied !527
v13.21.0
- Switch to labkit for logging system setup !504
- Remove some unreliable tests !503
- Make gofmt check fail if there are any matching files !500
- Update go-proxyproto to v0.6.0 !499
- Switch to labkit/log for logging functionality !498
- Unit tests for internal/sshd/connection.go !497
- Prometheus metrics for HTTP requests !496
- Refactor testhelper.PrepareTestRootDir using t.Cleanup !493
- Change default logging format to JSON !476
- Shutdown sshd gracefully !484
- Provide liveness and readiness probes !494
- Add tracing instrumentation to http client !495
- Log same correlation_id on auth keys check of ssh connections !501
- fix: validate client cert paths exist on disk before proceeding !508
- Modify regex to prevent partial matches
v13.20.0
- Remove bin/authorized_keys !491
- Add a make install command !490
- Create PROCESS.md page with Security release process !488
- Fix the Geo SSH push proxy hanging !487
- Standardize logging timestamp format !485
v13.19.1
- Modify regex to prevent partial matches
v13.19.0
- Don't finish the opentracing span early !466
- gitlab-sshd: Respect the ssl_cert_dir config !467
- Stop changing directory to the filesystem root !470
- Fix opentracing setup for gitlab-sshd !473
v13.18.1
- Modify regex to prevent partial matches
v13.18.0
- Fix thread-safety issues in gitlab-shell !463
- gitlab-sshd: Support the PROXY protocol !461
- sshd: Recover from per-session and per-connection panics !464
v13.17.0
- Fix gitlab-shell panic when log file not writable !453
- Add monitoring endpoint to built-in SSH server !449
v13.16.1
- Read limited input when asking to generate new two-factor recovery codes
v13.16.0
- RFC: Simple built-in SSH server !394
- Remove the session duration information from the output of 2fa_verify command !445
v13.15.1
- Read limited input when asking to generate new two-factor recovery codes
v13.15.0
- Update httpclient.go with TLS 1.2 as minimum version !435
v13.14.1
- Read limited input when asking to generate new two-factor recovery codes
v13.14.0
- Add 2fa_verify command !440
- Propagate client identity to gitaly !436
v13.13.1
- Read limited input when asking to generate new two-factor recovery codes
v13.13.0
- GitLab API Client support for client certificates !432
v13.12.0
- Upgrade Bundler from 1.17.2 to 2.1.4 !428
- Log Content-Length bytes in API response !427
- Bump default Ruby version to v2.7.2 !426
v13.11.0
- Set SSL_CERT_DIR env var when building command !423
- Fix incorrect actor used to check permissions for SSH receive-pack !424
v13.10.0
- Add support for -version argument !421
v13.9.0
- Drop "generated random correlation ID" log message !417
- client: Allow User-Agent header to be overridden !418
v13.8.0
- Update Gitaly module dependency !414
- Make it possible to propagate correlation ID across processes !413
- Remove deprecated hooks dir !411
v13.7.0
- Fix gitlab-shell not handling relative URLs over UNIX sockets !406
v13.6.0
- Add support obtaining personal access tokens via SSH !397
v13.5.0
- Generate and log correlation IDs !400
v13.4.0
- Support ssl_cert_dir config setting !393
- Log SSH key details !398
- Log remote IP for executed commands !399
- Drop Go v1.12 support !401
v13.3.0
- Upgrade Ruby version to v2.6.6 !390
- Use default puma socket in example config !388
- Set client name when making requests to Gitaly !387
- Fix race conditions with logrus testing !385
v13.2.0
- Add HTTP status code to internal API logs !376
v13.1.0
- Ensure we are pasing the parsed secret !381
v13.0.0
- Move gitlabnet client into a publicly facing client package !377
v12.2.0
- Geo: Add custom action support for clone/pull !369
v12.1.0
- Log internal HTTP requests !366
- Log git-{upload-pack,receive-pack,upload-archive} requests !367
v12.0.0
- openssh: Accept GIT_PROTOCOL environment variable !364
v11.0.0
- Bump Ruby version to 2.6.5 !357
- Remove support for Custom data.info_message !356
v10.3.0
- Use correct git-lfs download or upload operation names !353
- Add support for Gitaly feature flags !351
- Make console messages consistent !334
v10.2.0
- Remove dead Ruby code and unused binaries !346
v10.1.0
- Remove feature flags and the fallback command !336
- Remove an obsolete section from config.yml.example !339
- Extend group IP restriction to Git activity !335
- Remove deprecated create-hooks script !342
- Rewrite `bin/check` in Go !341
v10.0.0
- Remove gitlab-keys script !329
v9.4.2
- Repurpose bin/authorized_keys script !330
v9.4.1
- Fix bug preventing gitlab-development-kit from updating !327
v9.4.0
- Enable all migration features by default !313
- Set Go111MODULE to 'off' during compilation !315
- Add Makefile for easier building and testing !310
- Resolve "Update .PHONY to have accurate list of targets" !316
- Update rubygems version on CI for go tests !320
- Support falling back to ruby version of checkers !318
- Implement AuthorizedKeys command !321
- Implement AuthorizedPrincipals command !322
- Replace symlinks with actual binaries !324
- Use go mod !323
v9.3.0
- Go implementation for git-receive-pack !300
- Go implementation for git-upload-pack !305
- Return Fallback cmd if feature is enabled, but unimplemented !306
- Go implementation for git-upload-archive !307
- Go implementation for LFS authenticate !308
- Respect GITLAB_SHELL_DIR in the Go version !309
v9.2.0
- Upgrade to Ruby 2.6.3 !298
v9.1.0
- Correctly determine the root directory for gitlab-shell !294
- Support calling internal api using HTTP !295
- Print keys in list-keys command !198
- Support calling internal API using HTTPS !297
v9.0.0
- Add a Go implementation of the "discover" command !283
- Add a Go implementation of the 2fa_recovery_codes" command !285
- Display console messages, if available !287
- Allow the post-receive hook to print warnings !288
- Remove hooks, they belong to Gitaly now !291
v8.7.1
- Fix unmarshalling JSON from the command line !280
v8.7.0
- Add distributed tracing to GitLab-Shell !277
v8.6.0
- Add support for using gl_project_path !275
- Provide expires_in for LFS if available !273
v8.5.0
- Bump gitaly-proto to v1.10.0
v8.4.4
- Pass push options along to gitlab-rails's post-receive endpoint
v8.4.3
- Remove circular dependency between HTTPHelper and GitlabNet !258
v8.4.2
- Include LFS operation when requesting auth !254
v8.4.1
- Surface error message sent along with API Service Unavailable error to user
v8.4.0
- Use Gitaly v2 auth scheme
v8.3.3
- Release v8.3.3 as v8.3.2 tag is incorrect
v8.3.2
- Ensure text/plain & text/html content types are handled !239
- Fix newlines not appearing between new log entries !242
v8.3.1
- No changes (version tag correction)
v8.3.0
- Add custom action (e.g. proxying SSH push) support
v8.2.1
- Fix HTTP status code handling for /api/v4/allowed API endpoint
v8.2.0
- Pass custom git_config_options to Gitaly !221
- Add missing require statement in create-hooks !225
v8.1.1
- Fix two regressions in SSH certificate support (!226)
v8.1.0
- Support Git v2 protocol (!217)
v8.0.0
- SSH certificate support (!207)
v7.2.0
- Update gitaly-proto to 0.109.0 (!216)
v7.1.5
- Fix a NoMethodError in the pre-receive hook (!206)
v7.1.4
- Don't truncate long strings in broadcast message (!202)
v7.1.3
- Use username instead of full name for identifying users (!204)
v7.1.2
- Add missing GitlabLogger#error method (!200)
v7.1.1
- Flush log file after every write (!199)
v7.1.0
- Migrate `git-upload-archive` to gitaly
v7.0.0
- Switch to structured logging (!193)
v6.0.4
- Don't delete GL_REPOSITORY environment variable from post-receive hook (!191)
v6.0.3
- Print new project information in post-receive
v6.0.2
- Use grpc-go 1.9.1 (!184)
- Update gitaly-proto and gitaly libs (!185)
v6.0.1
- Fix git push by removing a bad require in the pre-receive hook (!183)
v6.0.0
- Remove bin/gitlab_projects (!180)
- Remove direct redis integration (!181)
- Remove support unhiding of all references for Geo nodes (!179)
v5.11.0
- Introduce a more-complete implementation of bin/authorized_keys (!178)
v5.10.3
- Remove unused redis bin configuration
v5.10.2
- Print redirection message when pushing into renamed project
v5.10.1
- Use 'git clone --no-local' when creating a fork (!176)
v5.10.0
- Add a 'fork-repository' command that works with hashed storage (!174)
v5.9.4
- Add relative git object dir envvars to check access request
v5.9.3
- Expose GitLab username to hooks in `GL_USERNAME` environment variable
v5.9.2
- Fix pre-receive error when gitlab doesn't have /internal/pre_receive (!169)
v5.9.1
- Adds --force option to push branches
v5.9.0
- Support new /internal/pre-receive API endpoint for post-receive operations
- Support new /internal/post-receive API endpoint for post-receive operations
- Support `redis` field on /internal/check API endpoint
v5.8.1
- Support old versions of ruby without monotonic clock
v5.8.0
- Fix SSH support for Git for Windows v2.14
v5.7.0
- Support unhiding of all refs via Gitaly
v5.6.2
- Bump redis-rb library to 3.3.3
v5.6.1
- Fix setting permissions of SSH key tempfiles
- Fix a missing constant error when using SSH authentication
v5.6.0
- SSH authentication support
v5.5.0
- Support unhiding of all references for Geo nodes
v5.4.0
- Update Gitaly vendoring to use new RPC calls instead of old deprecated ones
v5.3.1
- Gracefully handle internal API errors when getting merge request URLs
v5.3.0
- Add ability to have git-receive-pack and git-upload-pack to go over Gitaly
v5.2.1
- Revert changes in v5.2.0
v5.2.0
- Disable RubyGems to increase performance
v5.1.1
- Revert "Remove old `project` parameter, use `gl_repository` instead"
v5.1.0
- Add `gitlab-keys list-key-ids` subcommand for iterating over key IDs to find keys that should be deleted
v5.0.6
- Remove old `project` parameter, use `gl_repository` instead
- Use v4 of the GitLab REST API
v5.0.5
- Use gl_repository if present when enqueing Sidekiq PostReceive jobs
v5.0.4
- Handle GL_REPOSITORY env variable and use it in API calls and Sidekiq enqueuing
v5.0.3
- Use recursive lookup for git repositories in the bin/create-hooks script
v5.0.2
- Adds timeout option to push branches
v5.0.1
- Fetch repositories with `--quiet` option by default
v5.0.0
- Remove support for git-annex
v4.1.1
- Send (a selection of) git environment variables while making the API call to `/allowed`, !112
v4.1.0
- Add support for global custom hooks and chained hook directories (Elan Ruusamäe, Dirk Hörner), !113, !111, !93, !89, #32
- Clear up text with merge request after new branch push (Lisanne Fellinger)
v4.0.3
- Fetch repositories with `--prune` option by default
v4.0.2
- Fix gitlab_custom_hook dependencies
v4.0.1
- Add instrumentation to push hooks
v4.0.0
- Use full repository path for API calls
v3.6.6
- Re-use the default logger when logging metrics data
v3.6.5
- Test against ruby 2.3
- Instrument GitLab Shell and log metrics data to a file
v3.6.4
- Fix rsync with ionice command building
- Fix short circuit logic between rsync with and without ionice for storage migrations
v3.6.3
- Re-exposing GL_ID to custom hooks
v3.6.2
- Enable GIT_TRACE/GIT_TRACE_PACKET/GIT_TRACE_PERFORMANCE by providing the git_trace_log_file config key
v3.6.1
- Set a low IO priority for storage moves to lower performance impact
v3.6.0
- Added full support for `git-lfs-authenticate` to properly handle LFS requests and pass them on to Workhorse
v3.5.0
- Add option to recover 2FA via SSH
v3.4.0
- Redis Sentinel support
v3.3.3
- Print URL for new or existing merge request after push
v3.3.2
- Improve authorized_keys check
v3.3.1
- Manage authorized_keys permissions continuously
v3.3.0
- Track ongoing push commands
- Add command to move repositories between repository storages
v3.2.1
- Allow gitlab-project's fork-project command to fork projects between different repository storages
v3.2.0
- Allow GitLab Shell to check for allowed access based on the used Git protocol
- Add an error message when using shell commands with incompatible GitLab versions
v3.1.0
- Refactor repository paths handling to allow multiple git mount points
v3.0.1
- Update PostReceive worker to provide enqueued_at time.
v3.0.0
- Remove rm-tag command (Robert Schilling)
- Remove create-branch and rm-branch commands (Robert Schilling)
- Update PostReceive worker so it logs a unique JID in Sidekiq
- Remove update-head command
- Use Redis Ruby client instead of shelling out to redis-cli
v2.7.2
- Do not prune objects during 'git gc'
v2.7.1
- Add new command to list tags from a remote repo
- Add the ability to fetch remote repo with or without tags
v2.7.0
- Add support for ssh AuthorizedKeysCommand query by key
v2.6.13
- Add push-branches command
- Add delete-remote-branches command
v2.6.12
- Fix git-annex issue not working using custom SSH port repositories
v2.6.11
- Increase HTTP timeout and log request durations
- Workaround for a Webrick issue on Ruby 2.2
- New optional `--force` parameter for `gitlab-projects fetch-remote`
v2.6.10
- Add git gc for housekeeping
v2.6.9
- Remove trailing slashes from gitlab_url
v2.6.8
- Revert git-lfs-authenticate command from white list
v2.6.7
- Exit with non-zero status when import-repository fails
- Add fetch-remote command
v2.6.6
- Do not clean LANG environment variable for the git hooks when working through the SSH-protocol
- Add git-lfs-authenticate command to white list (this command is used by git-lfs for SSO authentication through SSH-protocol)
- Handle git-annex and gcryptsetup
v2.6.5
- Handle broken symlinks in create-hooks
v2.6.4
- Remove keys from authorized_keys in-place
- Increase batch_add_keys lock timeout to 300 seconds
- If git-annex is enabled set GIT_ANNEX_SHELL_LIMITED variable
v2.6.3
- Prevent keys with a very specific comment from accidentally being deleted.
v2.6.2
- Include ecdsa keys in `gitlab_keys list-keys`.
- Refactor logic around GL_ID
v2.6.1
- Write errors to stderr to get git to abort and show them as such.
v2.6.0
- Prevent character encoding issues by sending received changes as raw data.
v2.5.4
- Remove recursive commands from bin/install
v2.5.3
- Improve git-annex integration
v2.5.2
- Safer line sub for git-annex command
v2.5.1
- Expect broadcast message to return empty JSON if no message now
v2.5.0
- Support git-annex tool (disabled by default)
- Add rubocop (Ruby static code analyzer) for development
v2.4.3
- Print broadcast message if one is available
v2.4.2
- Pass git changes list as string instead of array
v2.4.1
- Access token masking in url before loging
v2.4.0
- Show error message when git push is rejected
v2.2.0
- Support for custom hooks (Drew Blessing and Jose Kahan)
v2.1.0
- Use secret token with GitLab internal API. Requires GitLab 7.5 or higher
v2.0.1
- Send post-receive changes to redis as a string instead of array
v2.0.0
- Works with GitLab v7.3+
- Replace raise with abort when checking path to prevent path exposure
- Handle invalid number of arguments on remote commands
- Replace update hook with pre-receive and post-receive hooks.
- Symlink the whole hooks directory
- Ignore missing repositories in create-hooks
- Connect to Redis via sockets by default
v1.9.7
- Increased test coverage
- By default use direct unicorn connection (localhost:8080)
- Fix wrong repo path send to GitLab by GitlabUpdate hook
v1.9.6
- Explicitly require 'timeout' from the standard library
v1.9.5
- Put authorized_keys.lock in the same directory as authorized_keys
- Use lock file when add new entries to authorized_keys
v1.9.4
- Use lock file when modify authorized_keys
v1.9.3
- Ignore force push detection for new branch or branch remove push
v1.9.2
- Add support for force push detection
v1.9.1
- Update hook sends branch and tag name
v1.9.0
- Call api in update hook for both ssdh and http push. Requires GitLab 6.7+
- Pass oldrev and newrev to api.allowed?
v1.8.5
- Add `gitlab-keys batch-add-keys` subcommand for authorized_keys rebuilds
v1.8.4
- Dont do import if repository exists
v1.8.3
- Add timeout option for repository import
v1.8.2
- Fix broken 1.8.1
v1.8.1
- Restrict Environment Variables
- Add bin/create-hooks command
- More safe shell execution
v1.8.0
- Fix return values in GitlabKeys
v1.7.9
- Fix escape of repository path for custom ssh port
v1.7.8
- Escape repository path to prevent relative links (CVE-2013-4583)
v1.7.7
- Separate options from arguments with -- (CVE-2013-4582)
- Bypass shell and use stdlib JSON for GitlabUpdate (CVE-2013-4581)
v1.7.6
- Fix gitlab-projects update-head for improted repo when branch exists but not listed in refs/head
v1.7.5
- Remove keys from authorized_keys using ruby instead of shell
v1.7.4
- More protection against shell injection (CVE-2013-4546)
v1.7.3
- Use Kernel#open to append lines to authorized_keys (CVE-2013-4490)
v1.7.2
- More safe command execution
v1.7.1
- Fixed issue when developers are able to push to protected branches that contain a '/' in the branch name.
v1.7.0
- Clean authorized_keys file with `gitlab-keys clear`
v1.6.0
- Create branch/tag functionality
- Remove branch/tag functionality
v1.5.0
- Logger
- Ability to specify ca_file/ca_path
- Update-head command for project
- Better regexp for key_id inside shell
v1.4.0
- Regex used in rm-key command was too lax
v1.3.0
- Fork-project command
- Custom redis configuration
- Interpret login with deploy key as anonymous one
v1.2.0
- Return non-zero result if gitlab-projects and gitlab-keys execution was not successful
- http_settings configuration option added
v1.1.0
- added mv-project feature
- increased test coverage
v1.0.4
- requires gitlab c9ca15e
- don't use post-receive file any more. Make all updates in update
- fixed issue with invalid GL_USER
- use GL_ID instead of GL_USER