Skip to content
Snippets Groups Projects
  1. Dec 20, 2022
  2. Dec 16, 2022
  3. Dec 13, 2022
  4. Dec 07, 2022
  5. Dec 06, 2022
  6. Dec 03, 2022
  7. Dec 02, 2022
  8. Dec 01, 2022
  9. Nov 24, 2022
  10. Nov 14, 2022
  11. Nov 09, 2022
  12. Nov 02, 2022
  13. Oct 24, 2022
  14. Oct 18, 2022
  15. Sep 29, 2022
  16. Sep 27, 2022
  17. Sep 16, 2022
    • Nick Malcolm's avatar
      Block weak passwords on sign up or password change · afc657e5
      Nick Malcolm authored and Thong Kuah's avatar Thong Kuah committed
      Account takeovers are a common cybersecurity threat made much easier
      when a user decides to use a weak password to protect their account.
      
      This MR introduces a static list of known weak passwords against which
      the user's chosen password can be compared. The password is also
      validated against components of the user's attributes, such as their
      name, email, and username.
      
      Weak passwords are prevented only when the `block_weak_passwords`
      feature flag is enabled, and only at registration or when a password
      is changed. (It is not checked or enforced when the password is not
      changed, such as during sign-in).
      
      Notably, and in comparison to password complexity rules, blocking weak
      passwords is a requirement of NIST SP 800-63B:
      
      > When processing requests to establish and change memorized secrets,
      > verifiers SHALL compare the prospective secrets against a list that
      > contains values known to be commonly-used, expected, or compromised.
      >
      > - https://pages.nist.gov/800-63-3/sp800-63b.html
      
      See also:
      
      - !86310
      - #23610
      afc657e5
  18. Sep 15, 2022
  19. Sep 13, 2022
  20. Sep 09, 2022
  21. Sep 06, 2022
  22. Aug 25, 2022
  23. Aug 11, 2022
  24. Jul 31, 2022
  25. Jul 27, 2022
  26. Jul 12, 2022
  27. Jul 01, 2022
  28. Jun 29, 2022
  29. Jun 07, 2022
    • Corinna Gogolok's avatar
      Add logic to reset submit license usage data banner data · 53769346
      Corinna Gogolok authored
      This change introduces a new callout feature name called
      `submit_license_usage_data_banner`. It will be used in an upcoming
      banner to ask an instance admin to submit seat utilization data via
      email. The banner can be dismissed after exporting the license usage
      data. But it will be reset each month relative to the license's start
      date. The new worker `ResetSubmitLicenseUsageDataBannerWorker` will run
      every day at midnight for a possible reset.
      
      Changelog: added
      EE: true
      53769346
  30. Jun 01, 2022
    • Huzaifa Iftikhar's avatar
      Fix SQL statement timeout while fetching inactive projects · 748cf065
      Huzaifa Iftikhar authored and Huzaifa Iftikhar's avatar Huzaifa Iftikhar committed
      - Use each_batch instead of find_each to traverse the table using
      primary index and prevent statement timeouts.
      - Monitor the elapsed time of inactive_projects_deletion_cron_worker
      and exit before 5 minutes to avoid breaching the maximum allowed
      execution latency for low urgency workers.
      - Update inactive_projects_deletion_cron_worker to run at every 10th
      minute instead of running daily.
      
      Changelog: performance
      748cf065
  31. May 19, 2022
Loading