peezy-tech/jojo
2
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2026-05-12 22:10:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
jojo/routers
History
Exact
Mathieu Fenniak 9e51a55b63 [v11.0/forgejo] 2026-05-12 security patches (#12495) 
- fix: prevent git write to wiki repo from unauthorized user via git HTTP
- fix: prevent LFS authorization token from being used for read/write access after user's access is restricted from Forgejo
- fix: prevent scoped API access (OAuth tokens, Access tokens) from accessing resources beyond their permitted scope via non-API endpoints (e.g. /user/repo/raw/...)
- fix: implementing missing OAuth validation checks, improve protections against race conditions
- fix: prevent OAuth redirect URI spoofing via non-ascii case collision
- fix: strengthen Actions Artifact V4 signature algorithm against spoofing attacks
- fix: update Go toolchain to 1.25.10

Co-authored-by: Derzsi Dániel <daniel@tohka.us>
Co-authored-by: jvoisin <julien.voisin@dustri.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12495
2026-05-12 04:54:30 +02:00
..
api [v11.0/forgejo] 2026-05-12 security patches (#12495) 2026-05-12 04:54:30 +02:00
common [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
install [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
private fix(sec): only degrade permission check for git push 2025-05-02 07:05:38 +02:00
utils [PORT] drop utils.IsExternalURL (and expand IsRiskyRedirectURL tests) (#3167) 2024-04-15 13:03:08 +00:00
web [v11.0/forgejo] 2026-05-12 security patches (#12495) 2026-05-12 04:54:30 +02:00
init.go [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00