peezy-tech/jojo
2
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2026-05-13 06:20:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
jojo/models
History
Exact
Mathieu Fenniak 9e51a55b63 [v11.0/forgejo] 2026-05-12 security patches (#12495) 
- fix: prevent git write to wiki repo from unauthorized user via git HTTP
- fix: prevent LFS authorization token from being used for read/write access after user's access is restricted from Forgejo
- fix: prevent scoped API access (OAuth tokens, Access tokens) from accessing resources beyond their permitted scope via non-API endpoints (e.g. /user/repo/raw/...)
- fix: implementing missing OAuth validation checks, improve protections against race conditions
- fix: prevent OAuth redirect URI spoofing via non-ascii case collision
- fix: strengthen Actions Artifact V4 signature algorithm against spoofing attacks
- fix: update Go toolchain to 1.25.10

Co-authored-by: Derzsi Dániel <daniel@tohka.us>
Co-authored-by: jvoisin <julien.voisin@dustri.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12495
2026-05-12 04:54:30 +02:00
..
actions [v11.0/forgejo] fix(test): TestActionsArtifactOverwrite needs ordered query for pgsql (#8848) 2025-08-10 15:14:06 +02:00
activities [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
admin [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
asymkey fix: use correct GPG key for export 2026-01-06 11:07:10 -07:00
auth [v11.0/forgejo] 2026-05-12 security patches (#12495) 2026-05-12 04:54:30 +02:00
avatars [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
db [v11.0/forgejo] fix: verify PR author has write access to head to support allow maintainers edit (#12295) 2026-04-29 05:29:46 +02:00
dbfs [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
fixtures test: backport from #9906 test data 2026-03-08 20:07:37 -06:00
forgefed [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
forgejo/semver [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
forgejo_migrations [v11.0/forgejo] fix: strict error handling on corrupted DB migration tracking tables (#9775) 2025-10-20 19:13:47 +02:00
git [v11.0/forgejo] fix: add forgejo doctor cleanup-commit-status command (#10686) (#10783) 2026-01-13 16:17:06 +01:00
issues [v11.0/forgejo] fix: verify PR author has write access to head to support allow maintainers edit (#12295) 2026-04-29 05:29:46 +02:00
migrations Update golang packages to v1.25 (v11.0/forgejo) (minor) (#9821) 2025-10-23 20:12:49 +02:00
organization [v11.0/forgejo] fix: show membership of limited orgs (#8095) 2025-06-07 01:59:55 +02:00
packages [v11.0/forgejo] chore: merge tests.AddFixtures and unittest.OverrideFixtures (#7649) 2025-04-25 09:59:30 +00:00
perm [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
project chore: add unit tests 2026-03-08 20:07:42 -06:00
pull [v11.0/forgejo] fix: do not ignore automerge while a PR is checking for conflicts (#8456) 2025-07-09 14:09:12 +02:00
quota [v11.0/forgejo] fix: ignore expired artifacts for quota calculation (#7985) 2025-05-28 19:00:00 +02:00
repo [v11.0/forgejo] fix: make /repos/search?uid=-2 return zero results, no repos with that owner (#12148) 2026-04-16 21:01:00 +02:00
secret [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
shared/types [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
system [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
unit [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
unittest [v11.0/forgejo] chore: replace github.com/go-testfixtures/testfixtures (#7729) 2025-04-30 13:21:04 +00:00
user [v11.0/forgejo] fix: allow unactivated users to send recovery mails (#9516) 2025-10-03 09:50:03 +02:00
webhook [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
error.go [v11.0/forgejo] fix: don't allow credentials in migrate/push mirror URL (#9065) 2025-08-30 18:53:14 +02:00
main_test.go [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
org.go [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
org_team.go [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
org_team_test.go [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
org_test.go [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
repo.go [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
repo_test.go [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
repo_transfer.go [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
repo_transfer_test.go [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00