-
由 Stan Hu 创作于https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117468 in GitLab 15.11 updated the ruby-jwt gem to v2.5.0. In v2.2.0, ruby-jwt removed the `iat_leeway` parameter (https://github.com/jwt/ruby-jwt/pull/274). As a result, if a gitlab-shell host creates a JWT token with an issued-at (IAT) claim that is slightly behind the host handling API the request, users will receive a 401 error. Disable this IAT verification by default since it's not serving a useful purpose, since expiration times are already validated. We already made a similar change in Geo. Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/417543 Changelog: fixed
由 Stan Hu 创作于https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117468 in GitLab 15.11 updated the ruby-jwt gem to v2.5.0. In v2.2.0, ruby-jwt removed the `iat_leeway` parameter (https://github.com/jwt/ruby-jwt/pull/274). As a result, if a gitlab-shell host creates a JWT token with an issued-at (IAT) claim that is slightly behind the host handling API the request, users will receive a 401 error. Disable this IAT verification by default since it's not serving a useful purpose, since expiration times are already validated. We already made a similar change in Geo. Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/417543 Changelog: fixed
代码所有者
将用户和群组指定为特定文件更改的核准人。 了解更多。
base_spec.rb 55.37 KiB