Skip to content
Snippets Groups Projects
  1. Jul 27, 2023
  2. Jul 25, 2023
    • Stan Hu's avatar
      Disable IAT verification by default · a294195e
      Stan Hu authored
      !117468 in GitLab
      15.11 updated the ruby-jwt gem to v2.5.0. In v2.2.0, ruby-jwt removed
      the `iat_leeway` parameter (https://github.com/jwt/ruby-jwt/pull/274).
      
      As a result, if a gitlab-shell host creates a JWT token with an
      issued-at (IAT) claim that is slightly behind the host handling API
      the request, users will receive a 401 error.
      
      Disable this IAT verification by default since it's not serving a
      useful purpose, since expiration times are already validated. We
      already made a similar change in Geo.
      
      Relates to #417543
      
      Changelog: fixed
      Verified
      a294195e
  3. Jul 14, 2023
  4. Jul 05, 2023
  5. Jul 04, 2023
  6. Jun 29, 2023
  7. Jun 28, 2023
Loading