Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fixes #349] Don't leak cache keys #350

Merged
merged 4 commits into from
Jun 19, 2018
Merged

[Fixes #349] Don't leak cache keys #350

merged 4 commits into from
Jun 19, 2018

Conversation

grzuy
Copy link
Collaborator

@grzuy grzuy commented Jun 19, 2018
edited
Loading

Fixes #349

@grzuy grzuy changed the title [WIP] [Fixes #349] Don't leak cache keys [Fixes #349] Don't leak cache keys Jun 19, 2018
@grzuy grzuy mentioned this pull request Jun 19, 2018
Closed
@grzuy grzuy merged commit 2cdba6f into rack:master Jun 19, 2018
@grzuy grzuy deleted the cache_key_leak branch June 19, 2018 18:24
tigefa4u pushed a commit to tigefa4u/gitlabhq that referenced this pull request Aug 22, 2019
@stanhu
Fix "ERR value is not an integer or out of range" errors
6bda359 
`ActiveSupport::Cache::RedisCacheStore` is not compatible with the
version of Rack Attack we are using (v4.4.1) per
rack/rack-attack#281. Users that had
rate limits enabled might see `Redis::CommandError: ERR value is not an
integer or out of range` because the `raw` parameter wasn't passed along
properly. As a result, the Rack Attack entry would be stored as an
`ActiveSupport::Cache::Entry` instead of a raw string holding an integer
value.

Let's partially revert the change in
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30966 to use the
original cache store until we can update to Rack Attack v5.2.3 that has
support for `ActiveSupport::Cache::RedisCacheStore` via
rack/rack-attack#350.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66449
tigefa4u pushed a commit to tigefa4u/gitlabhq that referenced this pull request Aug 26, 2019
@stanhu
Fix "ERR value is not an integer or out of range" errors
71f4b8a 
`ActiveSupport::Cache::RedisCacheStore` is not compatible with the
version of Rack Attack we are using (v4.4.1) per
rack/rack-attack#281. Users that had
rate limits enabled might see `Redis::CommandError: ERR value is not an
integer or out of range` because the `raw` parameter wasn't passed along
properly. As a result, the Rack Attack entry would be stored as an
`ActiveSupport::Cache::Entry` instead of a raw string holding an integer
value.

Let's partially revert the change in
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30966 to use the
original cache store until we can update to Rack Attack v5.2.3 that has
support for `ActiveSupport::Cache::RedisCacheStore` via
rack/rack-attack#350.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66449
@annaswims annaswims mentioned this pull request Dec 12, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area: cache store topic: cache key expiration
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@grzuy @brian-kephart