File: CHANGELOG

package info (click to toggle)
gitlab-shell 14.35.0%2Bds1-2
links: PTS, VCS
area: main
in suites: forky, sid, trixie
size: 23,652 kB
sloc: ruby: 1,129; makefile: 583; sql: 391; sh: 384
file content (1200 lines) | stat: -rw-r--r-- 35,057 bytes
v14.35.0

- sshd: limit server_host_key_algorithms in server config !986
- Update github.com/charmbracelet/git-lfs-transfer digest to f0b226f !990
- Update module google.golang.org/grpc to v1.63.2 !993
- Update dependency golang to v1.22.2 !992
- Update golangci-lint to 1.57.2 !988
- Remove Gitlab-Shared-Secret reference that is no longer used !985
- git-lfs-transfer: Enable in shell and introduce batch download !942
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.10.0 !983
- Update golangci-lint to 1.57.1 !984
- Update github.com/charmbracelet/git-lfs-transfer digest to 6dbff1b !981
- Update dependency gitlab-dangerfiles to '~> 4.7.0' !982
- chore: Fix lint issues in cmd/gitlab-sshd/acceptance_test.go !979
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.9.2 !980
- Update module google.golang.org/protobuf to v1.33.0 !977
- Update module google.golang.org/grpc to v1.62.1 !976
- Update github.com/charmbracelet/git-lfs-transfer digest to 00bfe2e !974
- Update module github.com/golang-jwt/jwt/v5 to v5.2.1 !973
- Update module golang.org/x/crypto to v0.21.0 !972
- chore: Fixed lint issues in internal/testhelper/testhelper.go !978
- Update dependency golang to v1.22.1 !975
- Update module github.com/stretchr/testify to v1.9.0 !970
- Update github.com/charmbracelet/git-lfs-transfer digest to 3853b28 !968
- Update github.com/charmbracelet/git-lfs-transfer digest to df8ee50 !971
- Update module golang.org/x/crypto to v0.20.0 !966
- Update module github.com/prometheus/client_golang to v1.19.0 !967
- Update module google.golang.org/grpc to v1.62.0 !964
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.9.1 !963

v14.34.0

- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.9.0 !960
- Update golangci-lint and gotestsum to latest stable !962
- Also test against go 1.22 !949
- Update dependency golang to v1.22.0 !952
- Update module google.golang.org/grpc to v1.61.1 !961
- Update github.com/charmbracelet/git-lfs-transfer digest to e8645ad !959
- Update github.com/charmbracelet/git-lfs-transfer digest to 8d8e152 !957
- Upgrade to using bookworm instead of bullseye !956
- Update GOLANGCI_LINT_VERSION to 1.56.1 !958
- Update golangci lint to v1.56.0 !954
- Set random correlation ID in uploadarchive test !955
- Update module golang.org/x/crypto to v0.19.0 !953
- Use GracefulStop() instead of Stop() !951
- Update dependency rspec to '~> 3.13.0' !947
- Fix scanner findings error !948
- Log error instead of warning when parsing keys !944
- Fix PureSSHProtocal name typo !945
- Update github.com/charmbracelet/git-lfs-transfer digest to 732ff5e !943
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.9.0-rc3 !941
- Run CI with FIPS_MODE enabled !940
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.8.1 !939
- Update module google.golang.org/grpc to v1.61.0 !937
- New lfs.pure_ssh_protocol setting !936
- Update local Ruby version !938

v14.33.0

- Load gssapi lib per server/connection !934
- Update module google.golang.org/grpc to v1.60.0 !912
- Expose error messages for failed Git operations !906
- Update module google.golang.org/protobuf to v1.32.0 !918
- Ensure build tags are used when testing !921
- Update module golang.org/x/sync to v0.6.0 !922
- Update module golang.org/x/crypto to v0.18.0 !923
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.8.0 !932

v14.32.0

- Geo: Add `done` pktline when git clone --depth option is given !905
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.6.1 !907
- Update module github.com/golang-jwt/jwt/v5 to v5.2.0 !908
- Update module golang.org/x/crypto to v0.16.0 !904
- Replace os.MkdirTemp() usages with t.TempDir() !909
- Update dependency golang to v1.21.5 !911

v14.31.0

- Update dependency gitlab-dangerfiles to '~> 4.6.0' !887
- Update module golang.org/x/crypto to v0.15.0 !884
- Revert workaround to start gitaly service in test !891
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.6.0 !890
- Remove the RPC call for Namespace removal !895
- Update module gitlab.com/gitlab-org/labkit to v1.21.0 !892
- Revert sending SSH certificate as a separate protocol !894
- Bump GO_VERSION to 1.21 !898
- Drop support for go 1.19 !899
- Move global tempDir into StartSocketHttpServer() !902
- New nilaway CI job !897
- Resolve "Remove NilAway detections for 'client' package" !896
- call git_autid_event during git pull/clone if in need !888

v14.30.1

- Update dependency golang to v1.21.4 !881
- Update module github.com/golang-jwt/jwt/v5 to v5.1.0 !882
- Set CI_DEBUG_SERVICES: true to assist debugging !883
- Update module github.com/hashicorp/go-retryablehttp to v0.7.5 !885

v14.30.0

- Disable GSSAPI when CGO is enabled to support DNS resolution !866
- Add log for public key authentication type !870
- Update dependency golang to v1.21.3 !867
- Update dependency gitlab-dangerfiles to '~> 4.3.2' !871
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.5.0 !873
- Update module google.golang.org/grpc to v1.59.0 !872
- Update dependency gitlab-dangerfiles to '~> 4.4.0' !874
- Update dependency gitlab-dangerfiles to '~> 4.5.1' !876
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.5.1 !877
- Update module golang.org/x/sync to v0.5.0 !879
- Fix race conditions in GSSAPI calls !875

v14.29.0

- Update module google.golang.org/grpc to v1.58.2 !850
- Update dependency gitlab-dangerfiles to v4 !852
- Optimize Ruby and Go job caching !805
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.4.0 !853
- Update module github.com/prometheus/client_golang to v1.17.0 !854
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.4.1 !856
- Update dependency gitlab-dangerfiles to '~> 4.1.0' !857
- Always return stdin/stdout errors !847
- Update module golang.org/x/sync to v0.4.0 !860
- Update dependency golang to v1.21.2 !862
- Removes module github.com/grpc-ecosystem/go-grpc-middleware !859
- Update module github.com/otiai10/copy to v1.14.0 !858
- Update module golang.org/x/crypto to v0.14.0 !861
- Allow only git commands for auth via SSH certs !864
- Send ssh_certificates as protocol !863
- Update module google.golang.org/grpc to v1.58.3 !868

v14.28.0

- Add PullCommand to githttp package !836
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.3.3 !849
- Fix `make lint` on aarch64 platforms !848
- Update dependency golang to v1.21.1 !844
- Update module google.golang.org/grpc to v1.58.0 !845
- Add golangci-lint to CI job !839
- Update module golang.org/x/crypto to v0.13.0 !842

v14.27.0

- Workaround to allow gitaly service to start !838
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.3.1 !837
- Resolve "GitLab sshd should include data transfer bytes in logs" !831
- Update dependency golang to v1.21.0 !828
- Log metadata refactor !832
- Support authentication using SSH Certificates !812
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.3.0 !833
- Implement geo_proxy_direct_to_primary feature flag !834
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.2.4 !830
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.2.2 !818
- Add Go v1.21 to CI !829

v14.26.0

- Include error and log as Error when recovering !825
- Fix the established session metric !826
- Require Go 1.19 and drop use of golang-crypto fork !806
- Update dependency gitlab-dangerfiles to '~> 3.13.0' !824
- Create gotestsum in support/bin and ignore !825

v14.25.0

- Ensure context is not nil before processing !820
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.2.1 !814
- Update module google.golang.org/grpc to v1.57.0 !815
- Update module gitlab.com/gitlab-org/labkit to v1.20.0 !817
- Update dependency golang to v1.20.7 !819

v14.24.1

- Return metadata context without using channels !810
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.2.0 !813
- Update dependency gitlab-dangerfiles to '~> 3.12.0' !811

v14.24.0

- Bump golang to 1.20.6 !808
- Ensure all binaries respond to -version !800
- Update module google.golang.org/grpc to v1.56.2 !804
- Update module golang.org/x/crypto to v0.11.0 !803
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.1.2 !802
- Add support for gotestsum !796
- Log 'access: finish' line with additional metadata !783
- Ensure prometheus counter has time to increment !795
- Use both go and ruby cache for test jobs !793
- Split caching of go and ruby jobs !792
- Optimise Ruby and Go based CI jobs !787
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.1.1 !794
- Update module google.golang.org/protobuf to v1.31.0 !789
- Update dependency gitlab-dangerfiles to '~> 3.11.0' !788
- New modules:tidy and modules:download jobs !784
- Update module google.golang.org/grpc to v1.56.1 !786
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.1.0 !785
- Tidy up go.mod and go.sum !781
- Create a 'msg: "access"' log entry at the completion of work, including a `duration_s` field !782
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.0.5 !779
- Update module github.com/otiai10/copy to v1.12.0 !780
- Ensure test cache is not used for 'go test' !778
- Update module google.golang.org/grpc to v1.56.0 !777
- Update module github.com/prometheus/client_golang to v1.16.0 !776
- Update module gitlab.com/gitlab-org/labkit to v1.19.0 !771
- Update module golang.org/x/sync to v0.3.0 !775
- Update module golang.org/x/crypto to v0.10.0 !774
- Update Ruby dependencies !773
- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.0.4 !772
- Update dependency golang to v1.20.5 !768
- Use gitlab-shell maintainers group instead for CODEOWNERS !770
- Update module github.com/golang-jwt/jwt/v4 to v5 !759
- Update module github.com/hashicorp/go-retryablehttp to v0.7.4 !767

v14.23.0

- Update module github.com/golang-jwt/jwt/v4 to v5 !759
- Update module gopkg.in/yaml.v2 to v3 !763
- Update module gitlab.com/gitlab-org/gitaly/v15 to v16 !762
- Update logrus to v1.9.3 !760
- Update module golang.org/x/sync to v0.2.0 !757
- Update module github.com/pires/go-proxyproto to v0.7.0 !752
- Update module google.golang.org/grpc to v1.55.0 !758
- Update module github.com/prometheus/client_golang to v1.15.1 !756
- Update module github.com/otiai10/copy to v1.11.0 !751
- Make golang 1.20 the default for gitlab-shell development and CI !750
- Update module golang.org/x/crypto to v0.9.0 !742
- Update dependency golang to v1.20.4 !748
- Update module github.com/hashicorp/go-retryablehttp to v0.7.2 !745

v14.22.0

- Update dependency ruby to v3.2.2 !743

v14.21.0

- Use a separate HTTP Client for Geo requests !739

v14.20.0

- Configure a default ttl for personal access tokens !736

v14.19.0

- Bump go to 1.19.9 !730
- Update golang-crypto fork version !729
- Add build-package-and-qa job !728
- refactor: success api on acceptance tests !727
- Make the boringcrypto check POSIX shell compliant !725
- Fix CGO_CFLAGS to use output from `brew --prefix` !724
- Acceptance test for Geo Push !719
- Configure Gitaly storage acceptance tests !723
- Prepare for Go 1.19 FIPS support !721
- Make golang 1.19 the default !718

v14.18.0

- Perform HTTP request to primary on Geo push !716
- sshd: exclude gssapi when building without cgo !720
- Add DNS discovery support for Gitaly/Praefect !717
- Add bin/gitlab-sshd as an explicit Makefile target !714

v14.17.0

- Bump golang to 1.18.9 !712

v14.16.0

- feat: make retryable http default client !710
- Add support for the gssapi-with-mic auth method !682
- docs: Truncate pages, point users to GitLab repo !705

v14.15.0

- Incorporate older edits to README !696
- Upgrade to Ruby 3.x !706
- feat: retry on http error !703

v14.14.0

- Add developer documentation to sshd package !683
- Improve error message for Gitaly `LimitError`s !691
- Drop 1.16 compatibility in go.sum !692
- Bump x/text to 0.3.8 !692
- Update prometheus package to 1.13.1 !692
- Restrict IP access for PROXY protocol !693
- Fix broken Gitaly integration tests !694
- Clean up .gitlab-ci.yml file !695
- Use the images provided by Gitlab to run tests !698
- Use Ruby 2.7.7 as the default !699
- Use blocking reader to fix race in test !700

v14.13.0

- Update .tool-versions to Go 1.18.7 !688
- Remove secret from request headers !689

v14.12.0

- Trim secret before signing JWT tokens !686
- Bump .tool-versions to use Go 1.18.6 !685
- Update Gitaly to 15.4.0-rc2 !681
- Test against Golang v1.19 !680

v14.11.0

- Update Gitaly to v15 !676
- Fixed extra slashes in API request paths generated for geo !673

v14.10.0

- Implement Push Auth support for 2FA verification !454

v14.9.0

- Update LabKit library to v1.16.0 !668

v14.8.0

- go: Bump major version to v14 !666
- Pass original IP from PROXY requests to internal API calls !665
- Fix make install copying the wrong binaries !664
- gitlab-sshd: Add support for configuring host certificates !661

v14.7.4

- gitlab-sshd: Update crypto module to fix RSA keys with old gpg-agent !662

v14.7.3

- Ignore "not our ref" errors from gitlab-sshd error metrics !656

v14.7.2

- Exclude disallowed command from error rate !654

v14.7.1

- Log gitlab-sshd session level indicator errors !650
- Improve establish session duration metrics !651

v14.7.0

- Abort long-running unauthenticated SSH connections !647
- Close the connection when context is canceled !646

v14.6.1

- Return support for diffie-hellman-group14-sha1 !644

v14.6.0

- Exclude Gitaly unavailable error from error rate !641
- Downgrade auth EOF messages from warning to debug !641
- Display constistently in gitlab-sshd and gitlab-shell !641
- Downgrade host key mismatch messages from warning to debug !639
- Introduce a GitLab-SSHD server version during handshake !640
- Narrow supported kex algorithms !638

v14.5.0

- Make ProxyHeaderTimeout configurable !635

v14.4.0

- Allow configuring SSH server algorithms !633
- Update gitlab-org/golang-crypto module version !632

v14.3.1

- Exclude API errors from error rate !630

v14.3.0

- Remove deprecated bundler-audit !626
- Wait until all Gitaly sessions are executed !624

v14.2.0

- Implement ClientKeepAlive option !622
- build: bump go-proxyproto to 0.6.2 !610

v14.1.1

- Log the error that happens on sconn.Wait() !613

v14.1.0

- Make PROXY policy configurable !619
- Exclude authentication errors from apdex !611
- Fix check_ip argument when gitlab-sshd used with PROXY protocol !616
- Use labkit for FIPS check !607

v14.0.0

- Always use Gitaly sidechannel connections !567

v13.26.0

- Add JWT token to GitLab Rails request !596
- Drop go 1.16 support !601
- Remove `self_signed_cert` option !602

v13.25.2

- Revert "Abort long-running unauthenticated SSH connections" !605
- Bump Go to 1.17.9 for asdf users !600

v13.25.1

- Upgrade golang to 1.17.8 !591
- Add additional metrics to gitlab-sshd !593
- Add support for FIPS encryption !597

v13.25.0

- Fix connections duration metrics !588
- ci: start integrating go 1.18 into the CI pipelines !587
- Abort long-running unauthenticated SSH connections !582

v13.24.2

- Bump gitaly client !584

v13.24.1

- Default to info level for an empty log-level !579
- Update Gitaly dependency to v14.9.0-rc1 !578
- Reuse Gitaly connections and sidechannel !575

v13.24.0

- Upgrade golang to 1.17.7 !576
- Add more metrics for gitlab-sshd !574
- Move code guidelines to doc/beginners_guide.md !572
- Add docs for full feature list !571
- Add aqualls as codeowner for docs files !573

v13.23.2

- Bump labkit version to 1.12.0 !569
- Add title and correct copyright notice to license !568
- Bump go-proxyproto package !563
- Update Go to version 1.17.6 !562

v13.23.1

- Replace golang.org/x/crypto with gitlab-org/golang-crypto !560

v13.23.0

- Add support for SSHUploadPackWithSidechannel RPC !557
- Rate limiting documentation !556

v13.22.2

- Update to Ruby 2.7.5 !553
- Deprecate self_signed_cert config setting !552
- Send full git request/response in SSHD tests !550
- Suppress internal errors in client output !549
- Bump .tool_versions to use Go v1.16.12 !548

v13.22.1

- Remove SSL_CERT_DIR logging !546

v13.22.0

- Relax key and username matching for sshd !540
- Add logging to handler/exec.go and config/config.go !539
- Improve logging for non-git commands !538
- Update to Go v1.16.9 !537
- Reject non-proxied connections when proxy protocol is enabled !536
- Log command invocation !535
- Fix logging channel type !534
- Resolve an error-swallowing issue !533
- Add more logging to gitlab-sshd !531
- Respect log-level configuration again !530
- Improve err message given when Gitaly unavailable !526
- makefile: properly escape '$' in VERSION_STRING !525
- Add context fields to logging !524
- Extract server config related code out of sshd.go !523
- Add TestInvalidClientConfig and TestNewServerWithoutHosts for sshd.go !518
- Update Ruby version to 2.7.4 and add Go version 1.16.8 for tooling !517

v13.21.1

- Only validate SSL cert file exists if a value is supplied !527

v13.21.0

- Switch to labkit for logging system setup !504
- Remove some unreliable tests !503
- Make gofmt check fail if there are any matching files !500
- Update go-proxyproto to v0.6.0 !499
- Switch to labkit/log for logging functionality !498
- Unit tests for internal/sshd/connection.go !497
- Prometheus metrics for HTTP requests !496
- Refactor testhelper.PrepareTestRootDir using t.Cleanup !493
- Change default logging format to JSON !476
- Shutdown sshd gracefully !484
- Provide liveness and readiness probes !494
- Add tracing instrumentation to http client !495
- Log same correlation_id on auth keys check of ssh connections !501
- fix: validate client cert paths exist on disk before proceeding !508
- Modify regex to prevent partial matches

v13.20.0

- Remove bin/authorized_keys !491
- Add a make install command !490
- Create PROCESS.md page with Security release process !488
- Fix the Geo SSH push proxy hanging !487
- Standardize logging timestamp format !485

v13.19.1

- Modify regex to prevent partial matches

v13.19.0

- Don't finish the opentracing span early !466
- gitlab-sshd: Respect the ssl_cert_dir config !467
- Stop changing directory to the filesystem root !470
- Fix opentracing setup for gitlab-sshd !473

v13.18.1

- Modify regex to prevent partial matches

v13.18.0

- Fix thread-safety issues in gitlab-shell !463
- gitlab-sshd: Support the PROXY protocol !461
- sshd: Recover from per-session and per-connection panics !464

v13.17.0

- Fix gitlab-shell panic when log file not writable !453
- Add monitoring endpoint to built-in SSH server !449

v13.16.1

- Read limited input when asking to generate new two-factor recovery codes

v13.16.0

- RFC: Simple built-in SSH server !394
- Remove the session duration information from the output of 2fa_verify command !445

v13.15.1

- Read limited input when asking to generate new two-factor recovery codes

v13.15.0

- Update httpclient.go with TLS 1.2 as minimum version !435

v13.14.1

- Read limited input when asking to generate new two-factor recovery codes

v13.14.0

- Add 2fa_verify command !440
- Propagate client identity to gitaly !436

v13.13.1

- Read limited input when asking to generate new two-factor recovery codes

v13.13.0

- GitLab API Client support for client certificates !432

v13.12.0

- Upgrade Bundler from 1.17.2 to 2.1.4 !428
- Log Content-Length bytes in API response !427
- Bump default Ruby version to v2.7.2 !426

v13.11.0

- Set SSL_CERT_DIR env var when building command !423
- Fix incorrect actor used to check permissions for SSH receive-pack !424

v13.10.0

- Add support for -version argument !421

v13.9.0

- Drop "generated random correlation ID" log message !417
- client: Allow User-Agent header to be overridden !418

v13.8.0

- Update Gitaly module dependency !414
- Make it possible to propagate correlation ID across processes !413
- Remove deprecated hooks dir !411

v13.7.0
- Fix gitlab-shell not handling relative URLs over UNIX sockets !406

v13.6.0
- Add support obtaining personal access tokens via SSH !397

v13.5.0
- Generate and log correlation IDs !400

v13.4.0
- Support ssl_cert_dir config setting !393
- Log SSH key details !398
- Log remote IP for executed commands !399
- Drop Go v1.12 support !401

v13.3.0
- Upgrade Ruby version to v2.6.6 !390
- Use default puma socket in example config !388
- Set client name when making requests to Gitaly !387
- Fix race conditions with logrus testing !385

v13.2.0
- Add HTTP status code to internal API logs !376

v13.1.0
- Ensure we are pasing the parsed secret !381

v13.0.0
- Move gitlabnet client into a publicly facing client package !377

v12.2.0
- Geo: Add custom action support for clone/pull !369

v12.1.0
- Log internal HTTP requests !366
- Log git-{upload-pack,receive-pack,upload-archive} requests !367

v12.0.0
- openssh: Accept GIT_PROTOCOL environment variable !364

v11.0.0
- Bump Ruby version to 2.6.5 !357
- Remove support for Custom data.info_message !356

v10.3.0
- Use correct git-lfs download or upload operation names !353
- Add support for Gitaly feature flags !351
- Make console messages consistent !334

v10.2.0
- Remove dead Ruby code and unused binaries !346

v10.1.0
- Remove feature flags and the fallback command !336
- Remove an obsolete section from config.yml.example !339
- Extend group IP restriction to Git activity !335
- Remove deprecated create-hooks script !342
- Rewrite `bin/check` in Go !341

v10.0.0
- Remove gitlab-keys script !329

v9.4.2
  - Repurpose bin/authorized_keys script !330

v9.4.1
  - Fix bug preventing gitlab-development-kit from updating !327

v9.4.0
  - Enable all migration features by default !313
  - Set Go111MODULE to 'off' during compilation !315
  - Add Makefile for easier building and testing !310
  - Resolve "Update .PHONY to have accurate list of targets" !316
  - Update rubygems version on CI for go tests !320
  - Support falling back to ruby version of checkers !318
  - Implement AuthorizedKeys command !321
  - Implement AuthorizedPrincipals command !322
  - Replace symlinks with actual binaries !324
  - Use go mod !323

v9.3.0
  - Go implementation for git-receive-pack !300
  - Go implementation for git-upload-pack !305
  - Return Fallback cmd if feature is enabled, but unimplemented !306
  - Go implementation for git-upload-archive !307
  - Go implementation for LFS authenticate !308
  - Respect GITLAB_SHELL_DIR in the Go version !309

v9.2.0
  - Upgrade to Ruby 2.6.3 !298

v9.1.0
  - Correctly determine the root directory for gitlab-shell !294
  - Support calling internal api using HTTP !295
  - Print keys in list-keys command !198
  - Support calling internal API using HTTPS !297

v9.0.0
  - Add a Go implementation of the "discover" command !283
  - Add a Go implementation of the 2fa_recovery_codes" command !285
  - Display console messages, if available !287
  - Allow the post-receive hook to print warnings !288
  - Remove hooks, they belong to Gitaly now !291

v8.7.1
  - Fix unmarshalling JSON from the command line !280

v8.7.0
  - Add distributed tracing to GitLab-Shell !277

v8.6.0
  - Add support for using gl_project_path !275
  - Provide expires_in for LFS if available !273

v8.5.0
  - Bump gitaly-proto to v1.10.0

v8.4.4
  - Pass push options along to gitlab-rails's post-receive endpoint

v8.4.3
  - Remove circular dependency between HTTPHelper and GitlabNet !258

v8.4.2
  - Include LFS operation when requesting auth !254

v8.4.1
  - Surface error message sent along with API Service Unavailable error to user

v8.4.0
  - Use Gitaly v2 auth scheme

v8.3.3
  - Release v8.3.3 as v8.3.2 tag is incorrect

v8.3.2
  - Ensure text/plain & text/html content types are handled !239
  - Fix newlines not appearing between new log entries !242

v8.3.1
  - No changes (version tag correction)

v8.3.0
  - Add custom action (e.g. proxying SSH push) support

v8.2.1
  - Fix HTTP status code handling for /api/v4/allowed API endpoint

v8.2.0
  - Pass custom git_config_options to Gitaly !221
  - Add missing require statement in create-hooks !225

v8.1.1
  - Fix two regressions in SSH certificate support (!226)

v8.1.0
  - Support Git v2 protocol (!217)

v8.0.0
  - SSH certificate support (!207)

v7.2.0
  - Update gitaly-proto to 0.109.0 (!216)

v7.1.5
  - Fix a NoMethodError in the pre-receive hook (!206)

v7.1.4
  - Don't truncate long strings in broadcast message (!202)

v7.1.3
  - Use username instead of full name for identifying users (!204)

v7.1.2
  - Add missing GitlabLogger#error method (!200)

v7.1.1
  - Flush log file after every write (!199)

v7.1.0
  - Migrate `git-upload-archive` to gitaly

v7.0.0
  - Switch to structured logging (!193)

v6.0.4
  - Don't delete GL_REPOSITORY environment variable from post-receive hook (!191)

v6.0.3
  - Print new project information in post-receive

v6.0.2
  - Use grpc-go 1.9.1 (!184)
  - Update gitaly-proto and gitaly libs (!185)

v6.0.1
  - Fix git push by removing a bad require in the pre-receive hook (!183)

v6.0.0
  - Remove bin/gitlab_projects (!180)
  - Remove direct redis integration (!181)
  - Remove support unhiding of all references for Geo nodes (!179)

v5.11.0
  - Introduce a more-complete implementation of bin/authorized_keys (!178)

v5.10.3
  - Remove unused redis bin configuration

v5.10.2
  - Print redirection message when pushing into renamed project

v5.10.1
  - Use 'git clone --no-local' when creating a fork (!176)

v5.10.0
  - Add a 'fork-repository' command that works with hashed storage (!174)

v5.9.4
  - Add relative git object dir envvars to check access request

v5.9.3
  - Expose GitLab username to hooks in `GL_USERNAME` environment variable

v5.9.2
  - Fix pre-receive error when gitlab doesn't have /internal/pre_receive (!169)

v5.9.1
  - Adds --force option to push branches

v5.9.0
  - Support new /internal/pre-receive API endpoint for post-receive operations
  - Support new /internal/post-receive API endpoint for post-receive operations
  - Support `redis` field on /internal/check API endpoint

v5.8.1
  - Support old versions of ruby without monotonic clock

v5.8.0
  - Fix SSH support for Git for Windows v2.14

v5.7.0
  - Support unhiding of all refs via Gitaly

v5.6.2
  - Bump redis-rb library to 3.3.3

v5.6.1
  - Fix setting permissions of SSH key tempfiles
  - Fix a missing constant error when using SSH authentication

v5.6.0
  - SSH authentication support

v5.5.0
  - Support unhiding of all references for Geo nodes

v5.4.0
  - Update Gitaly vendoring to use new RPC calls instead of old deprecated ones

v5.3.1
  - Gracefully handle internal API errors when getting merge request URLs

v5.3.0
  - Add ability to have git-receive-pack and git-upload-pack to go over Gitaly

v5.2.1
  - Revert changes in v5.2.0

v5.2.0
  - Disable RubyGems to increase performance

v5.1.1
  - Revert "Remove old `project` parameter, use `gl_repository` instead"

v5.1.0
  - Add `gitlab-keys list-key-ids` subcommand for iterating over key IDs to find keys that should be deleted

v5.0.6
  - Remove old `project` parameter, use `gl_repository` instead
  - Use v4 of the GitLab REST API

v5.0.5
  - Use gl_repository if present when enqueing Sidekiq PostReceive jobs

v5.0.4
  - Handle GL_REPOSITORY env variable and use it in API calls and Sidekiq enqueuing

v5.0.3
  - Use recursive lookup for git repositories in the bin/create-hooks script

v5.0.2
  - Adds timeout option to push branches

v5.0.1
  - Fetch repositories with `--quiet` option by default

v5.0.0
  - Remove support for git-annex

v4.1.1
  - Send (a selection of) git environment variables while making the API call to `/allowed`, !112

v4.1.0
  - Add support for global custom hooks and chained hook directories (Elan Ruusamäe, Dirk Hörner), !113, !111, !93, !89, #32
  - Clear up text with merge request after new branch push (Lisanne Fellinger)

v4.0.3
  - Fetch repositories with `--prune` option by default

v4.0.2
  - Fix gitlab_custom_hook dependencies

v4.0.1
  - Add instrumentation to push hooks

v4.0.0
  - Use full repository path for API calls

v3.6.6
  - Re-use the default logger when logging metrics data

v3.6.5
  - Test against ruby 2.3
  - Instrument GitLab Shell and log metrics data to a file

v3.6.4
  - Fix rsync with ionice command building
  - Fix short circuit logic between rsync with and without ionice for storage migrations

v3.6.3
  - Re-exposing GL_ID to custom hooks

v3.6.2
  - Enable GIT_TRACE/GIT_TRACE_PACKET/GIT_TRACE_PERFORMANCE by providing the git_trace_log_file config key

v3.6.1
  - Set a low IO priority for storage moves to lower performance impact

v3.6.0
  - Added full support for `git-lfs-authenticate` to properly handle LFS requests and pass them on to Workhorse

v3.5.0
  - Add option to recover 2FA via SSH

v3.4.0
  - Redis Sentinel support

v3.3.3
  - Print URL for new or existing merge request after push

v3.3.2
  - Improve authorized_keys check

v3.3.1
  - Manage authorized_keys permissions continuously

v3.3.0
  - Track ongoing push commands
  - Add command to move repositories between repository storages

v3.2.1
  - Allow gitlab-project's fork-project command to fork projects between different repository storages

v3.2.0
  - Allow GitLab Shell to check for allowed access based on the used Git protocol
  - Add an error message when using shell commands with incompatible GitLab versions

v3.1.0
  - Refactor repository paths handling to allow multiple git mount points

v3.0.1
  - Update PostReceive worker to provide enqueued_at time.

v3.0.0
  - Remove rm-tag command (Robert Schilling)
  - Remove create-branch and rm-branch commands (Robert Schilling)
  - Update PostReceive worker so it logs a unique JID in Sidekiq
  - Remove update-head command
  - Use Redis Ruby client instead of shelling out to redis-cli

v2.7.2
  - Do not prune objects during 'git gc'

v2.7.1
  - Add new command to list tags from a remote repo
  - Add the ability to fetch remote repo with or without tags

v2.7.0
  - Add support for ssh AuthorizedKeysCommand query by key

v2.6.13
  - Add push-branches command
  - Add delete-remote-branches command

v2.6.12
  - Fix git-annex issue not working using custom SSH port repositories

v2.6.11
  - Increase HTTP timeout and log request durations
  - Workaround for a Webrick issue on Ruby 2.2
  - New optional `--force` parameter for `gitlab-projects fetch-remote`

v2.6.10
  - Add git gc for housekeeping

v2.6.9
  - Remove trailing slashes from gitlab_url

v2.6.8
  - Revert git-lfs-authenticate command from white list

v2.6.7
  - Exit with non-zero status when import-repository fails
  - Add fetch-remote command

v2.6.6
  - Do not clean LANG environment variable for the git hooks when working through the SSH-protocol
  - Add git-lfs-authenticate command to white list (this command is used by git-lfs for SSO authentication through SSH-protocol)
  - Handle git-annex and gcryptsetup

v2.6.5
  - Handle broken symlinks in create-hooks

v2.6.4
  - Remove keys from authorized_keys in-place
  - Increase batch_add_keys lock timeout to 300 seconds
  - If git-annex is enabled set GIT_ANNEX_SHELL_LIMITED variable

v2.6.3
  - Prevent keys with a very specific comment from accidentally being deleted.

v2.6.2
  - Include ecdsa keys in `gitlab_keys list-keys`.
  - Refactor logic around GL_ID

v2.6.1
  - Write errors to stderr to get git to abort and show them as such.

v2.6.0
  - Prevent character encoding issues by sending received changes as raw data.

v2.5.4
  - Remove recursive commands from bin/install

v2.5.3
  - Improve git-annex integration

v2.5.2
  - Safer line sub for git-annex command

v2.5.1
  - Expect broadcast message to return empty JSON if no message now

v2.5.0
  - Support git-annex tool (disabled by default)
  - Add rubocop (Ruby static code analyzer) for development

v2.4.3
  - Print broadcast message if one is available

v2.4.2
  - Pass git changes list as string instead of array

v2.4.1
  - Access token masking in url before loging

v2.4.0
  - Show error message when git push is rejected

v2.2.0
  - Support for custom hooks (Drew Blessing and Jose Kahan)

v2.1.0
  - Use secret token with GitLab internal API. Requires GitLab 7.5 or higher

v2.0.1
  - Send post-receive changes to redis as a string instead of array

v2.0.0
  - Works with GitLab v7.3+
  - Replace raise with abort when checking path to prevent path exposure
  - Handle invalid number of arguments on remote commands
  - Replace update hook with pre-receive and post-receive hooks.
  - Symlink the whole hooks directory
  - Ignore missing repositories in create-hooks
  - Connect to Redis via sockets by default

v1.9.7
  - Increased test coverage
  - By default use direct unicorn connection (localhost:8080)
  - Fix wrong repo path send to GitLab by GitlabUpdate hook

v1.9.6
  - Explicitly require 'timeout' from the standard library

v1.9.5
  - Put authorized_keys.lock in the same directory as authorized_keys
  - Use lock file when add new entries to authorized_keys

v1.9.4
  - Use lock file when modify authorized_keys

v1.9.3
  - Ignore force push detection for new branch or branch remove push

v1.9.2
  - Add support for force push detection

v1.9.1
  - Update hook sends branch and tag name

v1.9.0
  - Call api in update hook for both ssdh and http push. Requires GitLab 6.7+
  - Pass oldrev and newrev to api.allowed?

v1.8.5
  - Add `gitlab-keys batch-add-keys` subcommand for authorized_keys rebuilds

v1.8.4
  - Dont do import if repository exists

v1.8.3
  - Add timeout option for repository import

v1.8.2
  - Fix broken 1.8.1

v1.8.1
  - Restrict Environment Variables
  - Add bin/create-hooks command
  - More safe shell execution

v1.8.0
  - Fix return values in GitlabKeys

v1.7.9
  - Fix escape of repository path for custom ssh port

v1.7.8
  - Escape repository path to prevent relative links (CVE-2013-4583)

v1.7.7
  - Separate options from arguments with -- (CVE-2013-4582)
  - Bypass shell and use stdlib JSON for GitlabUpdate (CVE-2013-4581)

v1.7.6
  - Fix gitlab-projects update-head for improted repo when branch exists but not listed in refs/head

v1.7.5
  - Remove keys from authorized_keys using ruby instead of shell

v1.7.4
  - More protection against shell injection (CVE-2013-4546)

v1.7.3
  - Use Kernel#open to append lines to authorized_keys (CVE-2013-4490)

v1.7.2
  - More safe command execution

v1.7.1
  - Fixed issue when developers are able to push to protected branches that contain a '/' in the branch name.

v1.7.0
  - Clean authorized_keys file with `gitlab-keys clear`

v1.6.0
  - Create branch/tag functionality
  - Remove branch/tag functionality

v1.5.0
  - Logger
  - Ability to specify ca_file/ca_path
  - Update-head command for project
  - Better regexp for key_id inside shell

v1.4.0
  - Regex used in rm-key command was too lax

v1.3.0
  - Fork-project command
  - Custom redis configuration
  - Interpret login with deploy key as anonymous one

v1.2.0
  - Return non-zero result if gitlab-projects and gitlab-keys execution was not successful
  - http_settings configuration option added

v1.1.0
  - added mv-project feature
  - increased test coverage

v1.0.4
  - requires gitlab c9ca15e
  - don't use post-receive file any more. Make all updates in update
  - fixed issue with invalid GL_USER
  - use GL_ID instead of GL_USER