Skip to content

Avatar/Logo Upload Size Limit

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Summary

In GitLab Enterprise Edition 18.1.2-ee, the maximum file size for uploading a project or group logo/avatar is incorrectly limited by the diff_max_patch_bytes application setting. This setting is hard-capped at 500 KiB and its intended purpose is for controlling merge request diffs, not avatar uploads. Standard configuration methods for increasing the avatar size limit do not work, preventing administrators from setting a logo size limit greater than 500 KiB.

Steps to reproduce

  1. On a clean installation of GitLab EE 18.1.2-ee, attempt to upload a user, group, or project avatar larger than 200 KiB. The upload fails with the error: "The maximum file size is 200 KiB."
  2. Edit /etc/gitlab/gitlab.rb to add gitlab_rails['max_avatar_size'] = 1048576 and run sudo gitlab-ctl reconfigure. This has no effect.
  3. Start the Rails console with sudo gitlab-rails console.
  4. Attempt to check the setting directly. Both of the following commands fail with a NoMethodError, indicating the settings no longer exist:
    • ApplicationSetting.current.max_avatar_size
    • Appearance.current.avatar_max_file_size
  5. Observe that the default error limit (200 KiB) matches the default value for a different setting: ApplicationSetting.current.diff_max_patch_bytes, which returns 204800.
  6. Attempt to increase this value to test the link by running: ApplicationSetting.current.update!(diff_max_patch_bytes: 1048576)
  7. The command fails with a validation error, revealing the hardcoded upper limit for this setting: Validation failed: Diff max patch bytes must be less than or equal to 512000
  8. Run the command again with the maximum allowed value: ApplicationSetting.current.update!(diff_max_patch_bytes: 512000)
  9. This command succeeds. After this change, it is now possible to upload a logo up to 500 KiB, but no larger.

Example Project

This issue pertains to a self-hosted GitLab instance (v18.1.2-ee) and is related to instance-level application settings. It cannot be reproduced on a standard GitLab.com project.

What is the current bug behavior?

The avatar/logo upload size is incorrectly governed by the diff_max_patch_bytes setting, which is intended for controlling merge request diffs. This setting is hard-capped at 500 KiB, making it impossible to allow for larger, high-resolution logos.

What is the expected correct behavior?

The avatar/logo upload size should be controlled by its own dedicated application setting. This setting should not be linked to diff rendering limits and should allow administrators to configure multi-megabyte file size limits to support modern, high-resolution displays.

Relevant logs and/or screenshots

Rails console output showing max_avatar_size does not exist: irb(main):001> ApplicationSetting.current.max_avatar_sizeactivemodel (7.1.5.1) lib/active_model/attribute_methods.rb:511:in method_missing': undefined method max_avatar_size' for #<ApplicationSetting id: 1, ...> (NoMethodError)

Rails console output showing avatar_max_file_size does not exist: irb(main):002> Appearance.current.avatar_max_file_sizeactivemodel (7.1.5.1) lib/active_model/attribute_methods.rb:511:in method_missing': undefined method avatar_max_file_size' for #<Appearance id: 1, ...> (NoMethodError)

Rails console output showing the validation error for diff_max_patch_bytes: irb(main):005> ApplicationSetting.current.update!(diff_max_patch_bytes: 1048576)activerecord (7.1.5.1) lib/active_record/validations.rb:84:in `raise_validation_error': Validation failed: Diff max patch bytes must be less than or equal to 512000 (ActiveRecord::RecordInvalid)

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info 
System information
System:           Ubuntu 22.04
Proxy:            no
Current User:     git
Using RVM:        no
Ruby Version:     3.2.5
Gem Version:      3.6.9
Bundler Version:  2.6.9
Rake Version:     13.0.6
Redis Version:    7.2.9
Sidekiq Version:  7.3.9
Go Version:       unknown

GitLab information
Version:          18.1.2-ee
Revision:         cd9f1ac5ba9
Directory:        /opt/gitlab/embedded/service/gitlab-rails
DB Adapter:       PostgreSQL
DB Version:       16.8
URL:              https://gitlab.axiomrp.dev
HTTP Clone URL:   https://gitlab.axiomrp.dev/some-group/some-project.git
SSH Clone URL:    git@gitlab.axiomrp.dev:some-group/some-project.git
Elasticsearch:    no
Geo:              no
Using LDAP:       no
Using Omniauth:   yes
Omniauth Providers:

GitLab Shell
Version:          14.42.0
Repository storages:
- default:        unix:/var/opt/gitlab/gitaly/gitaly.socket
GitLab Shell path:        /opt/gitlab/embedded/service/gitlab-shell

Gitaly
- default Address:    unix:/var/opt/gitlab/gitaly/gitaly.socket
- default Version:    18.1.2
- default Git Version:  2.49.0.gl2

Results of GitLab application Check

Expand for output related to the GitLab application check 
(Checks were passing at the time of troubleshooting)

Possible fixes

The issue appears to stem from the avatar upload validation logic incorrectly referencing the ApplicationSetting.current.diff_max_patch_bytes value instead of a dedicated setting for avatar file sizes. The fix would likely involve re-introducing a dedicated avatar size setting and updating the validation code to use it.

Edited by 🤖 GitLab Bot 🤖