diff --git a/changelogs/unreleased/63942-remove-config-action_dispatch-use_authenticated_cookie_encryption-configuration.yml b/changelogs/unreleased/63942-remove-config-action_dispatch-use_authenticated_cookie_encryption-configuration.yml new file mode 100644 index 00000000000..741763403a5 --- /dev/null +++ b/changelogs/unreleased/63942-remove-config-action_dispatch-use_authenticated_cookie_encryption-configuration.yml @@ -0,0 +1,5 @@ +--- +title: Enable authenticated cookie encryption +merge_request: 31463 +author: +type: other diff --git a/config/application.rb b/config/application.rb index 47c5ab71285..733f8652286 100644 --- a/config/application.rb +++ b/config/application.rb @@ -293,10 +293,5 @@ module Gitlab Gitlab::Routing.add_helpers(project_url_helpers) Gitlab::Routing.add_helpers(MilestonesRoutingHelper) end - - # This makes generated cookies to be compatible with Rails 5.1 and older - # We can remove this when we're confident that there are no issues with the Rails 5.2 upgrade - # and we won't need to rollback to older versions - config.action_dispatch.use_authenticated_cookie_encryption = false end end diff --git a/doc/update/README.md b/doc/update/README.md index 974982da5d0..42c43110a19 100644 --- a/doc/update/README.md +++ b/doc/update/README.md @@ -135,6 +135,30 @@ If you need to downgrade your Enterprise Edition installation back to Community Edition, you can follow [this guide][ee-ce] to make the process as smooth as possible. +## Version specific upgrading instructions + +### 12.2.0 + +In 12.2.0, we enabled Rails' authenticated cookie encryption. Old sessions are +automatically upgraded. + +However, session cookie downgrades are not supported. So after upgrading to 12.2.0, +any downgrades would result to all sessions being invalidated and users are logged out. + +### 12.0.0 + +In 12.0.0 we made various database related changes. These changes require that +users first upgrade to the latest 11.11 patch release. Once upgraded to 11.11.x, +users can upgrade to 12.x. Failure to do so may result in database migrations +not being applied, which could lead to application errors. + +Example 1: you are currently using GitLab 11.11.3, which is the latest patch +release for 11.11.x. You can upgrade as usual to 12.0.0, 12.1.0, etc. + +Example 2: you are currently using a version of GitLab 10.x. To upgrade, first +upgrade to 11.11.3. Once upgraded to 11.11.3 you can safely upgrade to 12.0.0 +or future versions. + ## Miscellaneous - [MySQL to PostgreSQL](mysql_to_postgresql.md) guides you through migrating diff --git a/doc/update/upgrading_from_source.md b/doc/update/upgrading_from_source.md index d3b0a3c2829..0aef40262c9 100644 --- a/doc/update/upgrading_from_source.md +++ b/doc/update/upgrading_from_source.md @@ -378,20 +378,6 @@ Example: Additional instructions here. --> -### 12.0.0 - -In 12.0.0 we made various database related changes. These changes require that -users first upgrade to the latest 11.11 patch release. Once upgraded to 11.11.x, -users can upgrade to 12.x. Failure to do so may result in database migrations -not being applied, which could lead to application errors. - -Example 1: you are currently using GitLab 11.11.3, which is the latest patch -release for 11.11.x. You can upgrade as usual to 12.0.0, 12.1.0, etc. - -Example 2: you are currently using a version of GitLab 10.x. To upgrade, first -upgrade to 11.11.3. Once upgraded to 11.11.3 you can safely upgrade to 12.0.0 -or future versions. - ## Things went south? Revert to previous version ### 1. Revert the code to the previous version