Since GitLab 11.9, EXIF data is automatically stripped from JPG or TIFF image uploads.
EXIF data may contain sensitive information (for example, GPS location), so you can remove EXIF data from existing images that were uploaded to an earlier version of GitLab.
To run this Rake task, you need
exiftool installed on your system. If you installed GitLab:
- Using the Omnibus package, you’re all set.
From source, make sure
# Debian/Ubuntu sudo apt-get install libimage-exiftool-perl # RHEL/CentOS sudo yum install perl-Image-ExifTool
To remove EXIF data from existing uploads, run the following command:
sudo RAILS_ENV=production -u git -H bundle exec rake gitlab:uploads:sanitize:remove_exif
By default, this command runs in “dry run” mode and doesn’t remove EXIF data. It can be used for checking if (and how many) images should be sanitized.
The Rake task accepts following parameters.
|integer||Only uploads with equal or greater ID will be processed|
|integer||Only uploads with equal or smaller ID will be processed|
|boolean||Do not remove EXIF data, only check if EXIF data are present or not. Defaults to |
|float||Pause for number of seconds after processing each image. Defaults to 0.3 seconds|
|string||Run sanitization only for uploads of the given uploader: |
|date||Run sanitization only for uploads newer than given date. For example, |
If you have too many uploads, you can speed up sanitization by:
sleep_timeto a lower value.
- Running multiple Rake tasks in parallel, each with a separate range of upload IDs (by setting
To remove EXIF data from all uploads, use:
sudo RAILS_ENV=production -u git -H bundle exec rake gitlab:uploads:sanitize:remove_exif[,,false,] 2>&1 | tee exif.log
To remove EXIF data on uploads with an ID between 100 and 5000 and pause for 0.1 second after each file, use:
sudo RAILS_ENV=production -u git -H bundle exec rake gitlab:uploads:sanitize:remove_exif[100,5000,false,0.1] 2>&1 | tee exif.log
The output is written into an
exif.log file because it will probably be long.
If sanitization fails for an upload, an error message should be in the output of the Rake task. Typical reasons include that the file is missing in the storage or it’s not a valid image.
Report any issues and use the prefix ‘EXIF’ in the issue title with the error output and (if possible) the image.