VladPolskiy/gitlab-ce
1
0
Fork 0
mirror of https://github.com/gitlabhq/gitlabhq.git synced 2025-07-21 23:37:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

Browse Source
This commit is contained in:
GitLab Bot
2024-09-25 09:12:52 +00:00
parent 8b807ec0ca
commit e021b9e252
20 changed files with 412 additions and 221 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
GITLAB_KAS_VERSION
View File

@ -1 +1 @@
7056452cc3cb10811c9edaafd4b67558aa651179
735fce904e4bc07a98eff809027b3a496e4369f6

4
app/assets/javascripts/editor/monaco_yaml_worker.js Normal file
View File

@ -0,0 +1,4 @@
import 'monaco-yaml/yaml.worker';
// This is required for monaco-yaml to work with Vite
// See https://gitlab.com/gitlab-org/gitlab/-/issues/461252 for details

4
app/assets/javascripts/editor/source_editor_instance.js
View File

@ -19,7 +19,7 @@
import { isEqual } from 'lodash';
import { editor as monacoEditor } from 'monaco-editor';
import { getBlobLanguage } from '~/editor/utils';
import { enableMonacoYamlWorkerForVite, getBlobLanguage } from '~/editor/utils';
import { logError } from '~/lib/logger';
import { sprintf } from '~/locale';
import EditorExtension from './source_editor_extension';
@ -65,6 +65,8 @@ export default class EditorInstance {
* @returns {Object} - A Proxy returning props/methods from either registered extensions, or Source Editor instance, or underlying Monaco instance
*/
constructor(rootInstance = {}, extensionsStore = new Map()) {
enableMonacoYamlWorkerForVite();
/** The methods provided by extensions. */
this.methods = {};

22
app/assets/javascripts/editor/utils.js
View File

@ -1,5 +1,6 @@
import { editor as monacoEditor, languages as monacoLanguages } from 'monaco-editor';
import { DEFAULT_THEME, themes } from '~/ide/lib/themes';
import YamlWorker from './monaco_yaml_worker?worker';
export const clearDomElement = (el) => {
if (!el || !el.firstChild) return;
@ -35,3 +36,24 @@ export const setupCodeSnippet = (el) => {
monacoEditor.colorizeElement(el);
setupEditorTheme();
};
/**
* This is required for monaco-yaml to work with Vite.
* See https://gitlab.com/gitlab-org/gitlab/-/issues/461252 for details
*/
export const enableMonacoYamlWorkerForVite = () => {
if (window.IS_VITE) {
window.MonacoEnvironment = {
async getWorker(moduleId, label) {
switch (label) {
// Handle other cases
case 'yaml': {
return new YamlWorker();
}
default:
throw new Error(`Unknown label ${label}`);
}
},
};
}
};

24
app/assets/javascripts/work_items/components/work_item_due_date.vue
View File

@ -202,10 +202,8 @@ export default {
this.isUpdating = false;
});
},
async expandWidget() {
expandWidget() {
this.isEditing = true;
await this.$nextTick();
this.$refs.startDatePicker.show();
},
collapseWidget(event = {}) {
// This prevents outside directive from treating
@ -254,13 +252,13 @@ export default {
</div>
<div
v-outside="collapseWidget"
class="gl-flex gl-flex-wrap gl-gap-2 gl-pt-2 md:gl-flex-nowrap"
class="gl-flex gl-flex-col gl-flex-wrap gl-gap-x-5 gl-gap-y-3 gl-pt-2 sm:gl-flex-row md:gl-flex-col"
>
<gl-form-group
class="gl-m-0"
class="gl-m-0 gl-flex gl-items-center gl-gap-3"
:label="$options.i18n.startDate"
:label-for="$options.startDateInputId"
label-class="!gl-font-normal !gl-pb-2"
label-class="!gl-font-normal !gl-pb-0 gl-min-w-7 sm:gl-min-w-fit md:gl-min-w-7 gl-break-words"
>
<gl-datepicker
ref="startDatePicker"
@ -270,17 +268,17 @@ export default {
:input-id="$options.startDateInputId"
:target="null"
show-clear-button
class="work-item-date-picker"
class="work-item-date-picker gl-max-w-20"
@clear="clearStartDatePicker"
@close="handleStartDateInput"
@keydown.esc.native="collapseWidget"
/>
</gl-form-group>
<gl-form-group
class="gl-m-0"
class="gl-m-0 gl-flex gl-items-center gl-gap-3"
:label="$options.i18n.dueDate"
:label-for="$options.dueDateInputId"
label-class="!gl-font-normal !gl-pb-2"
label-class="!gl-font-normal !gl-pb-0 gl-min-w-7 sm:gl-min-w-fit md:gl-min-w-7 gl-break-words"
>
<gl-datepicker
v-model="dirtyDueDate"
@ -290,7 +288,7 @@ export default {
:min-date="dirtyStartDate"
:target="null"
show-clear-button
class="work-item-date-picker"
class="work-item-date-picker gl-max-w-20"
data-testid="due-date-picker"
@clear="clearDueDatePicker"
@keydown.esc.native="collapseWidget"
@ -300,13 +298,13 @@ export default {
</fieldset>
<template v-else>
<p class="gl-m-0 gl-pb-1">
{{ $options.i18n.startDate }}:
<span class="gl-inline-block gl-min-w-8">{{ $options.i18n.startDate }}:</span>
<span data-testid="start-date-value" :class="{ 'gl-text-secondary': !startDate }">
{{ startDateValue }}
</span>
</p>
<p class="gl-m-0 gl-pb-3 gl-pt-1">
{{ $options.i18n.dueDate }}:
<p class="gl-m-0 gl-pt-1">
<span class="gl-inline-block gl-min-w-8">{{ $options.i18n.dueDate }}:</span>
<span data-testid="due-date-value" :class="{ 'gl-text-secondary': !dueDate }">
{{ dueDateValue }}
</span>

4
app/assets/stylesheets/page_bundles/work_items.scss
View File

@ -84,10 +84,6 @@ $work-item-overview-gap-width: 2rem;
overflow-x: hidden;
}
.work-item-date-picker {
max-width: 175px;
}
.work-item-overview-right-sidebar {
margin-top: 0;
grid-row-start: 1;

4
app/models/packages/build_info.rb
View File

@ -1,10 +1,6 @@
# frozen_string_literal: true
class Packages::BuildInfo < ApplicationRecord
include IgnorableColumns
ignore_columns :pipeline_id_convert_to_bigint, remove_with: '17.5', remove_after: '2024-09-14'
belongs_to :package, inverse_of: :build_infos
belongs_to :pipeline, class_name: 'Ci::Pipeline'

1
config/webpack.config.js
View File

@ -844,6 +844,7 @@ module.exports = {
// This is used by Sourcegraph because these assets are loaded dnamically
'process.env.SOURCEGRAPH_PUBLIC_PATH': JSON.stringify(SOURCEGRAPH_PUBLIC_PATH),
'process.env.GITLAB_WEB_IDE_PUBLIC_PATH': JSON.stringify(GITLAB_WEB_IDE_PUBLIC_PATH),
'window.IS_VITE': JSON.stringify(false),
...(IS_PRODUCTION ? {} : { LIVE_RELOAD: DEV_SERVER_LIVERELOAD }),
}),

18
db/post_migrate/20240923154747_drop_idx_sbom_source_packages_on_name_and_purl_type.rb Normal file
View File

@ -0,0 +1,18 @@
# frozen_string_literal: true
class DropIdxSbomSourcePackagesOnNameAndPurlType < Gitlab::Database::Migration[2.2]
disable_ddl_transaction!
milestone '17.5'
INDEX_NAME = 'idx_sbom_source_packages_on_name_and_purl_type'
def up
remove_concurrent_index_by_name :sbom_source_packages, INDEX_NAME
end
def down
# no-op, we don't want to re-introduce this index as it is redundant with
# index_sbom_source_packages_on_name_and_purl_type_and_org_id
end
end

18
db/post_migrate/20240923154851_drop_index_sbom_components_on_component_type_name_and_purl_type.rb Normal file
View File

@ -0,0 +1,18 @@
# frozen_string_literal: true
class DropIndexSbomComponentsOnComponentTypeNameAndPurlType < Gitlab::Database::Migration[2.2]
disable_ddl_transaction!
milestone '17.5'
INDEX_NAME = 'index_sbom_components_on_component_type_name_and_purl_type'
def up
remove_concurrent_index_by_name :sbom_components, INDEX_NAME
end
def down
# no-op, we don't want to re-introduce this index as it is redundant with
# idx_sbom_components_on_name_purl_type_component_type_and_org_id
end
end

1
db/schema_migrations/20240923154747 Normal file
View File

@ -0,0 +1 @@
ac46537f3d38e51cedf49c337c53f4cefacc5eb894cb4f7e925a264b72ad67b8

1
db/schema_migrations/20240923154851 Normal file
View File

@ -0,0 +1 @@
394ce1f1e331201db052632b58a9d95173bc4cabd7fd895fe003f5fdfcefc37c

4
db/structure.sql
View File

@ -27117,8 +27117,6 @@ CREATE INDEX idx_sbom_occurr_on_project_component_version_input_file_path ON sbo
CREATE INDEX idx_sbom_occurrences_on_project_id_and_source_id ON sbom_occurrences USING btree (project_id, source_id);
CREATE UNIQUE INDEX idx_sbom_source_packages_on_name_and_purl_type ON sbom_source_packages USING btree (name, purl_type);
CREATE INDEX idx_scan_result_policies_on_configuration_id_id_updated_at ON scan_result_policies USING btree (security_orchestration_policy_configuration_id, id, updated_at);
CREATE INDEX idx_scan_result_policy_violations_on_policy_id_and_id ON scan_result_policy_violations USING btree (scan_result_policy_id, id);
@ -30385,8 +30383,6 @@ CREATE UNIQUE INDEX index_sbom_component_versions_on_component_id_and_version ON
CREATE INDEX index_sbom_component_versions_on_organization_id ON sbom_component_versions USING btree (organization_id);
CREATE UNIQUE INDEX index_sbom_components_on_component_type_name_and_purl_type ON sbom_components USING btree (name, purl_type, component_type);
CREATE INDEX index_sbom_components_on_organization_id ON sbom_components USING btree (organization_id);
CREATE INDEX index_sbom_occurr_on_project_id_and_component_version_id_and_id ON sbom_occurrences USING btree (project_id, component_version_id, id);

206
doc/api/user_email_addresses.md Normal file
View File

@ -0,0 +1,206 @@
---
stage: Govern
group: Authentication
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# User email addresses API
DETAILS:
**Tier:** Free, Premium, Ultimate
**Offering:** GitLab.com, Self-managed, GitLab Dedicated
You can manage [user email addresses](../user/profile/index.md) by using the REST API.
## List your email addresses
Get a list of your email addresses.
Prerequisites:
- You must be authenticated.
This endpoint does not return the primary email address, but [issue 25077](https://gitlab.com/gitlab-org/gitlab/-/issues/25077)
proposes to change this behavior.
```plaintext
GET /user/emails
```
Example response:
```json
[
{
"id": 1,
"email": "email@example.com",
"confirmed_at" : "2021-03-26T19:07:56.248Z"
},
{
"id": 3,
"email": "email2@example.com",
"confirmed_at" : null
}
]
```
## List email addresses for a user
DETAILS:
**Tier:** Free, Premium, Ultimate
**Offering:** Self-managed, GitLab Dedicated
Get a list of a specified user's emails.
Prerequisites:
- You must be an administrator.
This endpoint does not return the primary email address, but [issue 25077](https://gitlab.com/gitlab-org/gitlab/-/issues/25077)
proposes to change this behavior.
```plaintext
GET /users/:id/emails
```
Supported attributes:
| Attribute | Type | Required | Description |
|:----------|:--------|:---------|:------------|
| `id` | integer | yes | ID of specified user |
## Get a single email address
Get a single email address.
```plaintext
GET /user/emails/:email_id
```
Supported attributes:
| Attribute | Type | Required | Description |
|:-----------|:--------|:---------|:------------|
| `email_id` | integer | yes | Email ID |
Example response:
```json
{
"id": 1,
"email": "email@example.com",
"confirmed_at" : "2021-03-26T19:07:56.248Z"
}
```
## Add an email address
Creates a new email owned by the authenticated user.
```plaintext
POST /user/emails
```
Supported attributes:
| Attribute | Type | Required | Description |
|:----------|:-------|:---------|:------------|
| `email` | string | yes | Email address |
```json
{
"id": 4,
"email": "email@example.com",
"confirmed_at" : "2021-03-26T19:07:56.248Z"
}
```
Returns a created email with status `201 Created` on success. If an
error occurs a `400 Bad Request` is returned with a message explaining the error:
```json
{
"message": {
"email": [
"has already been taken"
]
}
}
```
## Add an email address for a user
DETAILS:
**Tier:** Free, Premium, Ultimate
**Offering:** Self-managed, GitLab Dedicated
Create a new email address owned by the specified user.
Prerequisites:
- You must be an administrator.
```plaintext
POST /users/:id/emails
```
Supported attributes:
| Attribute | Type | Required | Description |
|:--------------------|:--------|:---------|:------------|
| `id` | string | yes | ID of specified user |
| `email` | string | yes | Email address |
| `skip_confirmation` | boolean | no | Skip confirmation and assume email is verified - true or false (default) |
## Delete one of your email addresses
Delete one of your email addresses, other than your primary email address.
Prerequisites:
- You must be authenticated.
If the deleted email address is used for any user emails, those user emails are sent to the primary email address instead.
Because of [known issue](https://gitlab.com/gitlab-org/gitlab/-/issues/438600), group notifications are still sent to
the deleted email address.
```plaintext
DELETE /user/emails/:email_id
```
Supported attributes:
| Attribute | Type | Required | Description |
|:-----------|:--------|:---------|:------------|
| `email_id` | integer | yes | Email ID |
Returns:
- `204 No Content` if the operation was successful.
- `404` if the resource was not found.
## Delete an email address for a user
DETAILS:
**Tier:** Free, Premium, Ultimate
**Offering:** Self-managed, GitLab Dedicated
Delete an email address for a user.
Prerequisites:
- You must be an administrator.
Deletes an email address of a specified user. You cannot delete a primary email address.
```plaintext
DELETE /users/:id/emails/:email_id
```
Supported attributes:
| Attribute | Type | Required | Description |
|:-----------|:--------|:---------|:------------|
| `id` | integer | yes | ID of specified user |
| `email_id` | integer | yes | Email ID |

187
doc/api/users.md
View File

@ -636,7 +636,7 @@ Prerequisites:
- You must be an administrator.
The `email` field is the user's primary email address. You can only change this field to an already-added secondary
email address for that user. To add more email addresses to the same user, use the [add email endpoint](#add-an-email-address).
email address for that user. To add more email addresses to the same user, use the [add email endpoint](user_email_addresses.md#add-an-email-address).
```plaintext
PUT /users/:id
@ -1192,191 +1192,6 @@ Example response:
}
```
## List email addresses
Get a list of the authenticated user's email addresses.
This endpoint does not return the primary email address, but [issue 25077](https://gitlab.com/gitlab-org/gitlab/-/issues/25077)
proposes to change this behavior.
```plaintext
GET /user/emails
```
Example response:
```json
[
{
"id": 1,
"email": "email@example.com",
"confirmed_at" : "2021-03-26T19:07:56.248Z"
},
{
"id": 3,
"email": "email2@example.com",
"confirmed_at" : null
}
]
```
## List email addresses for a user
DETAILS:
**Tier:** Free, Premium, Ultimate
**Offering:** Self-managed, GitLab Dedicated
Get a list of a specified user's emails.
Prerequisites:
- You must be an administrator.
This endpoint does not return the primary email address, but [issue 25077](https://gitlab.com/gitlab-org/gitlab/-/issues/25077)
proposes to change this behavior.
```plaintext
GET /users/:id/emails
```
Supported attributes:
| Attribute | Type | Required | Description |
|:----------|:--------|:---------|:------------|
| `id` | integer | yes | ID of specified user |
## Get a single email address
Get a single email address.
```plaintext
GET /user/emails/:email_id
```
Supported attributes:
| Attribute | Type | Required | Description |
|:-----------|:--------|:---------|:------------|
| `email_id` | integer | yes | Email ID |
Example response:
```json
{
"id": 1,
"email": "email@example.com",
"confirmed_at" : "2021-03-26T19:07:56.248Z"
}
```
## Add an email address
Creates a new email owned by the authenticated user.
```plaintext
POST /user/emails
```
Supported attributes:
| Attribute | Type | Required | Description |
|:----------|:-------|:---------|:------------|
| `email` | string | yes | Email address |
```json
{
"id": 4,
"email": "email@example.com",
"confirmed_at" : "2021-03-26T19:07:56.248Z"
}
```
Returns a created email with status `201 Created` on success. If an
error occurs a `400 Bad Request` is returned with a message explaining the error:
```json
{
"message": {
"email": [
"has already been taken"
]
}
}
```
## Add an email address for a user
DETAILS:
**Tier:** Free, Premium, Ultimate
**Offering:** Self-managed, GitLab Dedicated
Create a new email address owned by the specified user.
Prerequisites:
- You must be an administrator.
```plaintext
POST /users/:id/emails
```
Supported attributes:
| Attribute | Type | Required | Description |
|:--------------------|:--------|:---------|:------------|
| `id` | string | yes | ID of specified user |
| `email` | string | yes | Email address |
| `skip_confirmation` | boolean | no | Skip confirmation and assume email is verified - true or false (default) |
## Delete an email address for the current user
Delete the specified email address owned by the authenticated user. Cannot be used to delete a primary email address.
If the deleted email address is used for any user emails, those user emails are sent to the primary email address instead.
Because of [known issue](https://gitlab.com/gitlab-org/gitlab/-/issues/438600), group notifications are still sent to
the deleted email address.
```plaintext
DELETE /user/emails/:email_id
```
Supported attributes:
| Attribute | Type | Required | Description |
|:-----------|:--------|:---------|:------------|
| `email_id` | integer | yes | Email ID |
Returns:
- `204 No Content` if the operation was successful.
- `404` if the resource was not found.
## Delete an email address for a given user
DETAILS:
**Tier:** Free, Premium, Ultimate
**Offering:** Self-managed, GitLab Dedicated
Delete an email address for a given user.
Prerequisites:
- You must be an administrator.
Deletes an email address owned by a specified user. This cannot delete a primary email address.
```plaintext
DELETE /users/:id/emails/:email_id
```
Supported attributes:
| Attribute | Type | Required | Description |
|:-----------|:--------|:---------|:------------|
| `id` | integer | yes | ID of specified user |
| `email_id` | integer | yes | Email ID |
## Get user activities
DETAILS:

90
doc/security/tls_support.md Normal file
View File

@ -0,0 +1,90 @@
---
stage: Govern
group: Authentication
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# TLS support
DETAILS:
**Tier:** Free, Premium, Ultimate
**Offering:** GitLab.com, Self-managed, GitLab Dedicated
GitLab prioritizes the security of data transmission between users and our
platforms by employing Transport Layer Security (TLS) to safeguard information
as it travels across the internet.
As cybersecurity threats continue to evolve, GitLab remains committed to maintaining the
highest standards of security. We regularly update our TLS support to ensure
that all communications with GitLab services are protected using the most secure
and up-to-date encryption methods available.
This document outlines the current TLS support in GitLab, including the versions
and cipher suites we use to keep your data safe and secure.
## Supported protocols
GitLab supports TLS 1.2 and higher versions for secure communications. This
means that TLS 1.2 and TLS 1.3 are fully supported and recommended for use with
GitLab.
Older protocols such as TLS 1.1, TLS 1.0, and all versions of SSL are not
supported due to known security vulnerabilities. By enforcing the use of TLS 1.2
and higher, GitLab ensures a high level of security for all data transmissions
and interactions with the platform.
## Supported cipher suites
GitLab supports the following cipher suites and protocol versions:
| Protocol Version | Cipher Suite | [Grade](https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide) |
|------------------|--------------|-------|
| TLSv1.3 | TLS_AKE_WITH_AES_128_GCM_SHA256 | A |
| TLSv1.3 | TLS_AKE_WITH_AES_256_GCM_SHA384 | A |
| TLSv1.3 | TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 | A |
| TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | A |
| TLSv1.2 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | A |
| TLSv1.2 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256-draft | A |
| TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | A |
| TLSv1.2 | TLS_RSA_WITH_AES_128_GCM_SHA256 | A |
| TLSv1.2 | TLS_RSA_WITH_AES_128_CBC_SHA | A |
| TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | A |
| TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | A |
| TLSv1.2 | TLS_RSA_WITH_AES_256_GCM_SHA384 | A |
| TLSv1.2 | TLS_RSA_WITH_AES_256_CBC_SHA | A |
| TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | A |
| TLSv1.2 | TLS_RSA_WITH_AES_128_CBC_SHA256 | A |
| TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | A |
| TLSv1.2 | TLS_RSA_WITH_AES_256_CBC_SHA256 | A |
## Certificate requirements
OpenSSL 3 increased the [default security level from level 1 to 2](https://docs.openssl.org/3.0/man3/SSL_CTX_set_security_level/#default-callback-behaviour),
raising the number of bits of security from 80 to 112. As a result, RSA, DSA, and
DH keys shorter than 2048 bits and ECC keys shorter than 224 bits are
prohibited. GitLab will fail to connect to a service that uses a certificate
signed with insufficient bits with a `certificate key too weak` error message.
We strongly recommend using at least 128 bits of security. This means using RSA,
DSA, and DH keys with at least 3072 bits, and ECC keys longer than 256 bits.
| Key type | Key length (bits) | Status |
|----------|-------------------|-------------|
| RSA | 1024 | Prohibited |
| RSA | 2048 | Supported |
| RSA | 3072 | Recommended |
| RSA | 4096 | Recommended |
| DSA | 1024 | Prohibited |
| DSA | 2048 | Supported |
| DSA | 3072 | Recommended |
| ECC | 192 | Prohibited |
| ECC | 224 | Supported |
| ECC | 256 | Recommended |
| ECC | 384 | Recommended |
## OpenSSL version and TLS requirements
GitLab 17.7 and later use OpenSSL version 3. All components that are shipped
with the Linux package are compatible with OpenSSL 3. However, before upgrading
to GitLab 17.7, use the [OpenSSL 3 guide](https://docs.gitlab.com/omnibus/settings/ssl/openssl_3.html)
to identify and assess the compatibility of your external integrations.

27
doc/update/versions/gitlab_17_changes.md
View File

@ -181,14 +181,19 @@ For more information, see [issue 480328](https://gitlab.com/gitlab-org/gitlab/-/
## 17.7.0
- The [Linux Package](https://docs.gitlab.com/omnibus/) upgrades OpenSSL from v1.1.1w to v3.0.0.
### OpenSSL 3 upgrade
NOTE:
Before upgrading to GitLab 17.7, use the [OpenSSL 3 guide](https://docs.gitlab.com/omnibus/settings/ssl/openssl_3.html)
to identify and assess the compatibility of your external integrations.
- The Linux package upgrades OpenSSL from v1.1.1w to v3.0.0.
- Cloud Native GitLab (CNG) already upgraded to OpenSSL 3 in GitLab 16.7.0. If you are using Cloud Native GitLab, no
action is needed. However, note that [Cloud Native Hybrid](../../administration/reference_architectures/index.md#recommended-cloud-providers-and-services) installations
use the Linux packages for stateful components, such as Gitaly. For those components, you will need to verify
the TLS versions, ciphers, and certificates that are used work with the security level changes discussed below.
With the upgrade to OpenSSL version 3:
With the upgrade to OpenSSL 3:
- GitLab requires TLS 1.2 or higher for all outgoing and incoming TLS connections.
- TLS/SSL certificates must have at least 112 bits of security. RSA, DSA, and DH keys shorter than 2048 bits, and ECC keys shorter than 224 bits are prohibited.
@ -199,17 +204,25 @@ considered secure. GitLab will fail to connect to services using TLS
1.0 or 1.1 with a `no protocols available` error message.
In addition, OpenSSL 3 increased the [default security level from level 1 to 2](https://docs.openssl.org/3.0/man3/SSL_CTX_set_security_level/#default-callback-behaviour),
raising the number of bits of security from 80 to 112. For example,
a certificate signed with an RSA key can use RSA-2048 but not RSA-1024. GitLab
will fail to connect to a service that uses a certificate signed with insufficient
bits with a `certificate key too weak` error message.
raising the minimum number of bits of security from 80 to 112. As a result,
certificates signed with RSA and DSA keys shorter than 2048 bits and ECC keys
shorter than 224 bits are prohibited.
GitLab will fail to connect to a service that uses a certificate signed with
insufficient bits with a `certificate key too weak` error message. For more
information, see the [certificate requirements](../../security/tls_support.md#certificate-requirements).
All components that are shipped with the Linux package are compatible with
OpenSSL 3. Therefore, you only need to verify the services and integrations that
are not part of the GitLab package and are ["external"](https://docs.gitlab.com/omnibus/settings/ssl/openssl_3.html#identifying-external-integrations).
SSH keys are not affected by this upgrade. OpenSSL sets
security requirements for TLS, not SSH. [OpenSSH](https://www.openssh.com/) and
[`gitlab-sshd`](../../administration/operations/gitlab_sshd.md) have their
own configuration settings for the allowed cryptographic algorithms.
Check the [GitLab documentation for the upgrade to OpenSSL 3](https://docs.gitlab.com/omnibus/settings/ssl/openssl_3.html) to ensure compatibility with your instance.
Check the [GitLab documentation on securing your installation](../../security/index.md)
for more details.
## 17.5.0

2
doc/user/profile/index.md
View File

@ -101,7 +101,7 @@ To delete an email address from your account:
1. On the left sidebar, select **Emails**.
1. Select **Delete** (**{remove}**) and confirm you want to **Remove**.
You can also [use the API to delete a secondary email address](../../api/users.md#delete-an-email-address-for-the-current-user).
You can also [use the API to delete a secondary email address](../../api/user_email_addresses.md#delete-one-of-your-email-addresses).
## Make your user profile page private

13
spec/frontend/editor/utils_spec.js
View File

@ -97,4 +97,17 @@ describe('Source Editor utils', () => {
expect(monacoEditor.setTheme).toHaveBeenCalled();
});
});
describe('enableMonacoYamlWorkerForVite', () => {
it('does not set up the worker for non-Vite environments', () => {
utils.enableMonacoYamlWorkerForVite();
expect(window.MonacoEnvironment).toBeUndefined();
});
it('does set up the worker for Vite environments', () => {
window.IS_VITE = true;
utils.enableMonacoYamlWorkerForVite();
expect(window.MonacoEnvironment).toBeDefined();
});
});
});

1
vite.config.js
View File

@ -118,6 +118,7 @@ export default defineConfig({
'process.env.NODE_ENV': JSON.stringify(process.env.NODE_ENV),
'process.env.SOURCEGRAPH_PUBLIC_PATH': JSON.stringify(SOURCEGRAPH_PUBLIC_PATH),
'process.env.GITLAB_WEB_IDE_PUBLIC_PATH': JSON.stringify(GITLAB_WEB_IDE_PUBLIC_PATH),
'window.IS_VITE': JSON.stringify(true),
'window.VUE_DEVTOOLS_CONFIG.openInEditorHost': JSON.stringify(
viteGDKConfig.hmr
? `${process.env.VITE_HMR_HTTP_URL}/vite-dev/`