BigW Consortium Gitlab

Commit 14bc511f by Dmitriy Zaporozhets

Merge branch 'security_update_master' of /home/git/repositories/gitlab/gitlabhq

parents e1607ec4 7265b406
# From 4.2 to 5.0
## Warning
GitLab 5.0 is affected by critical security vulnerability CVE-2013-4490. Please update to GitLab 5.4 immediately.
## Important changes
* We don't use `gitlab` user any more. Everything will be moved to `git` user
......
# From 5.0 to 5.1
## Warning
GitLab 5.1 is affected by critical security vulnerability CVE-2013-4490. Please [update to GitLab 5.4 immediately](5.1-to-5.4.md).
## Release notes:
* `unicorn` replaced with `puma`
......
# From 5.1 to 5.2
## Warning
GitLab 5.2 is affected by critical security vulnerabilities CVE-2013-4490 and CVE-2013-4489. Please [update to GitLab 5.4 directly](5.1-to-5.4.md).
### 0. Backup
It's useful to make a backup just in case things go south:
......
# From 5.1 to 5.4
Also works starting from 5.2.
## Notice
Security vulnerabilities CVE-2013-4490 and CVE-2013-4489 have been patched in the latest version of GitLab 5.4.
### 0. Backup
It's useful to make a backup just in case things go south:
(With MySQL, this may require granting "LOCK TABLES" privileges to the GitLab user on the database version)
```bash
cd /home/git/gitlab
sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
```
### 1. Stop server
sudo service gitlab stop
### 2. Get latest code
```bash
cd /home/git/gitlab
sudo -u git -H git fetch
sudo -u git -H git checkout 5-4-stable # Latest version of 5-4-stable addresses CVE-2013-4489
```
### 3. Update gitlab-shell
```bash
cd /home/git/gitlab-shell
sudo -u git -H git fetch
sudo -u git -H git checkout v1.7.4 # Addresses CVE-2013-4490
```
### 4. Install libs, migrations, etc.
```bash
cd /home/git/gitlab
# MySQL
sudo -u git -H bundle install --without development test postgres --deployment
#PostgreSQL
sudo -u git -H bundle install --without development test mysql --deployment
sudo -u git -H bundle exec rake db:migrate RAILS_ENV=production
sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production
```
### 5. Update config files
* Make `/home/git/gitlab/config/gitlab.yml` same as https://github.com/gitlabhq/gitlabhq/blob/5-4-stable/config/gitlab.yml.example but with your settings.
* Make `/home/git/gitlab/config/puma.rb` same as https://github.com/gitlabhq/gitlabhq/blob/5-4-stable/config/puma.rb.example but with your settings.
### 6. Update Init script
```bash
sudo rm /etc/init.d/gitlab
sudo cp lib/support/init.d/gitlab /etc/init.d/gitlab
sudo chmod +x /etc/init.d/gitlab
```
### 7. Create uploads directory
```bash
cd /home/git/gitlab
sudo -u git -H mkdir public/uploads
sudo chmod -R u+rwX public/uploads
```
### 8. Start application
sudo service gitlab start
sudo service nginx restart
### 9. Check application status
Check if GitLab and its environment are configured correctly:
sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
To make sure you didn't miss anything run a more thorough check with:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production
If all items are green, then congratulations upgrade complete!
## Things went south? Revert to previous version (5.3)
### 1. Revert the code to the previous version
Follow the [`upgrade guide from 5.2 to 5.3`](5.2-to-5.3.md), except for the database migration
(The backup is already migrated to the previous version)
### 2. Restore from the backup:
```bash
cd /home/git/gitlab
sudo -u git -H bundle exec rake gitlab:backup:restore RAILS_ENV=production
```
# From 5.1 to 6.0
## Warning
GitLab 6.0 is affected by critical security vulnerabilities CVE-2013-4490 and CVE-2013-4489. Please [update to GitLab 6.2 immediately](6.0-to-6.2.md).
### Deprecations
#### Global projects
......
# From 5.2 to 5.3
## Warning
GitLab 5.3 is affected by critical security vulnerabilities CVE-2013-4490 and CVE-2013-4489. Please [update to GitLab 5.4 directly](5.1-to-5.4.md).
### 0. Backup
It's useful to make a backup just in case things go south:
......
# From 5.3 to 5.4
## Notice
Security vulnerabilities CVE-2013-4490 and CVE-2013-4489 have been patched in the latest version of GitLab 5.4.
### 0. Backup
It's useful to make a backup just in case things go south:
......@@ -19,7 +22,7 @@ sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
```bash
cd /home/git/gitlab
sudo -u git -H git fetch
sudo -u git -H git checkout 5-4-stable
sudo -u git -H git checkout 5-4-stable # Latest version of 5-4-stable addresses CVE-2013-4489
```
### 3. Update gitlab-shell
......@@ -27,7 +30,7 @@ sudo -u git -H git checkout 5-4-stable
```bash
cd /home/git/gitlab-shell
sudo -u git -H git fetch
sudo -u git -H git checkout v1.5.0
sudo -u git -H git checkout v1.7.4 # Addresses CVE-2013-4490
```
### 4. Install libs, migrations, etc.
......
# From 5.4 to 6.0
## Warning
GitLab 6.0 is affected by critical security vulnerabilities CVE-2013-4490 and CVE-2013-4489. Please [update to GitLab 6.2 immediately](6.0-to-6.2.md).
### Deprecations
#### Global projects
......
# From 6.0 to 6.1
## Warning
GitLab 6.1 is affected by critical security vulnerabilities CVE-2013-4490 and CVE-2013-4489. Please [update to GitLab 6.2 directly](6.0-to-6.2.md).
# In 6.1 we remove a lot of deprecated code.
# You should update to 6.0 before installing 6.1 so all the necessary conversions are run.
......
# From 6.0 to 6.2
## Notice
Security vulnerabilities CVE-2013-4490 and CVE-2013-4489 have been patched in the latest version of GitLab 6.2.
# In 6.1 we remove a lot of deprecated code.
# You should update to 6.0 before installing 6.1 or higher so all the necessary conversions are run.
......@@ -28,7 +31,7 @@ sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
```bash
cd /home/git/gitlab
sudo -u git -H git fetch
sudo -u git -H git checkout 6-2-stable
sudo -u git -H git checkout 6-2-stable # Latest version of 6-2-stable addresses CVE-2013-4489
```
......@@ -44,7 +47,7 @@ sudo apt-get install logrotate
```bash
cd /home/git/gitlab-shell
sudo -u git -H git fetch
sudo -u git -H git checkout v1.7.4
sudo -u git -H git checkout v1.7.4 # Addresses CVE-2013-4490
```
### 5. Install libs, migrations, etc.
......
# From 6.1 to 6.2
## Notice
Security vulnerabilities CVE-2013-4490 and CVE-2013-4489 have been patched in the latest version of GitLab 6.2.
# You should update to 6.1 before installing 6.2 so all the necessary conversions are run.
### 0. Backup
......@@ -21,17 +24,25 @@ sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
```bash
cd /home/git/gitlab
sudo -u git -H git fetch
sudo -u git -H git checkout 6-2-stable
sudo -u git -H git checkout 6-2-stable # Latest version of 6-2-stable addresses CVE-2013-4489
```
### 3. Update gitlab-shell
```bash
cd /home/git/gitlab-shell
sudo -u git -H git fetch
sudo -u git -H git checkout v1.7.4 # Addresses CVE-2013-4490
```
### 3. Install additional packages
### 4. Install additional packages
```bash
# Add support for lograte for better log file handling
sudo apt-get install logrotate
```
### 4. Install libs, migrations, etc.
### 5. Install libs, migrations, etc.
```bash
cd /home/git/gitlab
......@@ -49,7 +60,7 @@ sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production
sudo -u git -H bundle exec rake cache:clear RAILS_ENV=production
```
### 5. Update config files
### 6. Update config files
TIP: to see what changed in gitlab.yml.example in this release use next command:
......@@ -71,7 +82,7 @@ sudo -u git -H cp config/initializers/rack_attack.rb.example config/initializers
sudo cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab
```
### 6. Update Init script
### 7. Update Init script
```bash
sudo rm /etc/init.d/gitlab
......@@ -79,12 +90,12 @@ sudo curl --output /etc/init.d/gitlab https://raw.github.com/gitlabhq/gitlabhq/6
sudo chmod +x /etc/init.d/gitlab
```
### 7. Start application
### 8. Start application
sudo service gitlab start
sudo service nginx restart
### 8. Check application status
### 9. Check application status
Check if GitLab and its environment are configured correctly:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment