-
由 Marin Hannache 创作于The internal kerberos_spnego provider was added as a replacement for the omniauth-kerberos gem, the later is password-based and thus vulnerable to the Zanarotti attack while the former is ticket-based. To ease the transition before the removal of the password-based kerberos provider, an override was added to make the kerberos_spnego provider compatible with the kerberos provider existing identities, this compatibility layer unfortunately introduced two bugs: https://gitlab.com/gitlab-org/gitlab/-/issues/241318 https://gitlab.com/gitlab-org/gitlab/-/issues/344071 Since the removal of the old password-based kerberos provider in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86036, we can now rename the new provider, as suggested in https://gitlab.com/gitlab-org/gitlab/-/issues/241318#note_409272802 Changelog: changed EE: true Signed-off-by:
Marin Hannache <git@mareo.fr>由 Marin Hannache 创作于The internal kerberos_spnego provider was added as a replacement for the omniauth-kerberos gem, the later is password-based and thus vulnerable to the Zanarotti attack while the former is ticket-based. To ease the transition before the removal of the password-based kerberos provider, an override was added to make the kerberos_spnego provider compatible with the kerberos provider existing identities, this compatibility layer unfortunately introduced two bugs: https://gitlab.com/gitlab-org/gitlab/-/issues/241318 https://gitlab.com/gitlab-org/gitlab/-/issues/344071 Since the removal of the old password-based kerberos provider in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86036, we can now rename the new provider, as suggested in https://gitlab.com/gitlab-org/gitlab/-/issues/241318#note_409272802 Changelog: changed EE: true Signed-off-by:
Marin Hannache <git@mareo.fr>
代码所有者
将用户和群组指定为特定文件更改的核准人。 了解更多。