-
- Downloads
Limit the size of issuable description and comments
Limiting the size of issuable description and comments to 1_000_000, which is close to ~1MB of ASCII characters, which represents 99.9% of all descriptions and comments we have in DB at the moment. This should help prevent DoS attacks when comments contain refference strings. Also this change updates regexp matching the namespaces paths by limiting the namespaces paths to Namespace::NUMBER_OF_ANCESTORS_ALLOWED, as we allow 20 levels deep groups. see https://gitlab.com/gitlab-org/gitlab-ce/issues/61974#note_191274234
Showing
- app/models/concerns/issuable.rb 1 addition, 0 deletionsapp/models/concerns/issuable.rb
- app/models/note.rb 1 addition, 0 deletionsapp/models/note.rb
- changelogs/unreleased/security-61974-limit-issue-comment-size-2.yml 5 additions, 0 deletions.../unreleased/security-61974-limit-issue-comment-size-2.yml
- changelogs/unreleased/security-61974-limit-issue-comment-size.yml 5 additions, 0 deletions...gs/unreleased/security-61974-limit-issue-comment-size.yml
- doc/api/epics.md 2 additions, 2 deletionsdoc/api/epics.md
- doc/api/issues.md 2 additions, 2 deletionsdoc/api/issues.md
- doc/api/merge_requests.md 2 additions, 2 deletionsdoc/api/merge_requests.md
- doc/api/notes.md 8 additions, 8 deletionsdoc/api/notes.md
- ee/spec/models/concerns/ee/issuable_spec.rb 24 additions, 0 deletionsee/spec/models/concerns/ee/issuable_spec.rb
- lib/gitlab/database.rb 4 additions, 0 deletionslib/gitlab/database.rb
- lib/gitlab/path_regex.rb 1 addition, 1 deletionlib/gitlab/path_regex.rb
- spec/lib/banzai/filter/project_reference_filter_spec.rb 12 additions, 4 deletionsspec/lib/banzai/filter/project_reference_filter_spec.rb
- spec/models/concerns/issuable_spec.rb 26 additions, 0 deletionsspec/models/concerns/issuable_spec.rb
- spec/models/note_spec.rb 1 addition, 0 deletionsspec/models/note_spec.rb
- spec/support/shared_examples/models/concern/issuable_shared_examples.rb 8 additions, 0 deletions...hared_examples/models/concern/issuable_shared_examples.rb
Loading