Skip to content

Commit fe80bc2

Browse files
Clemens BeckGitLab Release Tools Bot
authored andcommitted
Consul RCE vulnerability enable-script-checks
Merge branch 'security-consul-rce' into 'master' See merge request gitlab-org/security/omnibus-gitlab!368 Changelog: security
1 parent 0131393 commit fe80bc2

File tree

3 files changed

+6
-3
lines changed

3 files changed

+6
-3
lines changed

files/gitlab-config-template/gitlab.rb.template

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3137,7 +3137,8 @@ external_url 'GENERATED_EXTERNAL_URL'
31373137
# consul['configuration'] = {
31383138
# 'client_addr' => nil,
31393139
# 'datacenter' => 'gitlab_consul',
3140-
# 'enable_script_checks' => true,
3140+
# 'enable_script_checks' => false,
3141+
# 'enable_local_script_checks' => true,
31413142
# 'server' => false
31423143
# }
31433144
# consul['services'] = []

files/gitlab-cookbooks/consul/libraries/consul_helper.rb

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,8 @@ def initialize(node)
1515
'client_addr' => nil,
1616
'datacenter' => 'gitlab_consul',
1717
'disable_update_check' => true,
18-
'enable_script_checks' => true,
18+
'enable_script_checks' => false,
19+
'enable_local_script_checks' => true,
1920
'node_name' => node['consul']['node_name'] || node['fqdn'],
2021
'rejoin_after_leave' => true,
2122
'server' => false,

spec/chef/cookbooks/consul/recipes/consul_spec.rb

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -103,7 +103,8 @@
103103
expect(chef_run).to render_file(consul_conf).with_content { |content|
104104
expect(content).to match(%r{"datacenter":"gitlab_consul"})
105105
expect(content).to match(%r{"disable_update_check":true})
106-
expect(content).to match(%r{"enable_script_checks":true})
106+
expect(content).to match(%r{"enable_script_checks":false})
107+
expect(content).to match(%r{"enable_local_script_checks":true})
107108
expect(content).to match(%r{"node_name":"fauxhai.local"})
108109
expect(content).to match(%r{"rejoin_after_leave":true})
109110
expect(content).to match(%r{"server":false})

0 commit comments

Comments
 (0)