Skip to content

GitLab Next

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
GitLab
GitLab
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 34,895
    • Issues 34,895
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
    • Iterations
  • Merge Requests 1,229
    • Merge Requests 1,229
  • Requirements
    • Requirements
    • List
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Security & Compliance
    • Security & Compliance
    • Dependency List
    • License Compliance
  • Operations
    • Operations
    • Metrics
    • Incidents
    • Environments
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • CI / CD
    • Code Review
    • Insights
    • Issue
    • Repository
    • Value Stream
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • GitLab.org
  • GitLabGitLab
  • Issues
  • #27828

Closed
Open
Opened Apr 03, 2019 by James Ramsay@jramsay☀Maintainer

Re-enable Git protocol v2

Problem to solve

The Git wire protocol version 1 is not bandwidth efficient when large numbers of refs exist on the server, and are therfore advertised. This can significantly increase the data transferred from the server to the client for small operations.

Early versions of Git supporting protocol v2 had an issue where hidden refs were not respected https://gitlab.com/gitlab-org/gitlab-ce/issues/55769, creating performance and security problems. GitLab disabled support for protocol v2.

Further details

The security issue has since been resolved in Git 2.21.0

  • The v2 upload-pack protocol implementation failed to honor hidden-ref configuration, which has been corrected. (merge e20b4192a3 jk/proto-v2-hidden-refs-fix later to maint).

https://github.com/git/git/blob/master/Documentation/RelNotes/2.21.0.txt#L293-L295

Proposal

Add a feature flag to control support for protocol v2 for Git versions 2.21.0 and above.

A feature flag is necessary in case further security issues are identified in the new protocol.

Links / references

Edited Aug 05, 2019 by James Ramsay
Assignee
Assign to
12.8
Milestone
12.8 (Past due)
Assign milestone
Time tracking
None
Due date
None
Reference: gitlab-org/gitlab#27828