Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update rack and related gems to 2.0.9
NOTE: The upgrade is backwards compatible with existing sessions, but the upgrade of redis-rack v2.1.2 changed Redis keys from `session:gitlab:<random hex value>` to `session:gitlab:2::<hash of hex value>`. If a session does not have a key in the new schema, it will be created transparently. The old session key will eventually be expired automatically. To upgrade to rack 2.0.9, we need to do the following: 1. Fix ActiveSession to use new Rack::Session::SessionId 2. Add a monkey patch for ActionController::TestSessionPatch Controller tests were failing without the changes in rails/rails#38063, which is available on the Rails `6-0-stable` branch but not in Rails 6.0.2.2. 3. Remove CGI escaping of ActiveSession keys. This was not needed because CGI escaping was already being done by Rails. 4. Fix deletion of Rack session keys with ActiveSession redis-rack v2.1.2 changed the session key from one based on the public ID to the private ID. We need to adapt ActiveSession to delete both versions of the key to clear out old data and to make it work with the redis-rack key name changes.
- Loading branch information
Showing
6 changed files
with
163 additions
and
60 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
--- | ||
title: Update rack and related gems to 2.0.9 to fix security issue | ||
merge_request: | ||
author: | ||
type: security |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.