Security patch - remove `/log` endpoint in control server (!30) · Merge requests · labs / netmetr · GitLab

GitLab now enforces expiry dates on tokens that originally had no set expiration date. Those tokens were given an expiration date of one year later. Please review your personal access tokens, project access tokens, and group access tokens to ensure you are aware of upcoming expirations. Administrators of GitLab can find more information on how to identify and mitigate interruption in our documentation.

Self sign-up has been disabled due to increased spam activity. If you want to get access, please send an email to a project owner (preferred) or at gitlab(at)nic(dot)cz. We apologize for the inconvenience.

Vaclav Sraier requested to merge api_cleanup into master Nov 30, 2018

/log endpoint in the control server allowed anybody to write any content they liked to any file accessible to the server (or to create it).

Fixed by removing the endpoint. It was unused.

Edited Nov 30, 2018 by Vaclav Sraier