mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2026-05-12 22:10:25 +00:00
Mirror of Forgejo for evaluating jojo.build customizations.
63ec90b0ef
**Backport:** #7025 Resolves #6266 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7025 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Dmitrii Sharshakov <d3dx12.xx@gmail.com> Co-committed-by: Dmitrii Sharshakov <d3dx12.xx@gmail.com> Backported due to `make security-check` failing in `v11.0/forgejo` branch due to a new registered vulnerability in the github.com/nwaples/rardecode. ``` /home/forgejo/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.25.3.linux-amd64/bin/go run golang.org/x/vuln/cmd/govulncheck@v1 ./... === Symbol Results === Vulnerability #1: GO-2025-4020 DoS risk due to unrestricted RAR dictionary sizes in github.com/nwaples/rardecode More info: https://pkg.go.dev/vuln/GO-2025-4020 Module: github.com/nwaples/rardecode Found in: github.com/nwaples/rardecode@v1.1.3 Fixed in: N/A Example traces found: #1: modules/git/repo_commit.go:263:24: git.Repository.CommitsByFileAndRange calls io.ReadFull, which eventually calls rardecode.cipherBlockReader.Read #2: modules/packages/arch/metadata.go:22:2: arch.init calls archiver.init, which calls rardecode.init #3: modules/git/repo_language_stats.go:198:32: git.Repository.GetLanguageStats calls bytes.Buffer.ReadFrom, which calls rardecode.limitedReader.Read Your code is affected by 1 vulnerability from 1 module. This scan also found 1 vulnerability in packages you import and 0 vulnerabilities in modules you require, but your code doesn't appear to call these vulnerabilities. Use '-show verbose' for more details. exit status 3 make: *** [Makefile:526: security-check] Error 1 ``` Co-authored-by: Dmitrii Sharshakov <d3dx12.xx@gmail.com> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10043 Reviewed-by: Gusted <gusted@noreply.codeberg.org> |
||
|---|---|---|
| .devcontainer | ||
| .forgejo | ||
| assets | ||
| build | ||
| cmd | ||
| contrib | ||
| custom/conf | ||
| docker | ||
| models | ||
| modules | ||
| options | ||
| public | ||
| release-notes | ||
| release-notes-published | ||
| releases/images | ||
| routers | ||
| services | ||
| templates | ||
| tests | ||
| tools | ||
| web_src | ||
| .air.toml | ||
| .deadcode-out | ||
| .dockerignore | ||
| .editorconfig | ||
| .envrc.example | ||
| .gitattributes | ||
| .gitignore | ||
| .gitmodules | ||
| .gitpod.yml | ||
| .golangci.yml | ||
| .ignore | ||
| .mailmap | ||
| .markdownlint.yaml | ||
| .npmrc | ||
| .release-notes-assistant.yaml | ||
| .spectral.yaml | ||
| .yamllint.yaml | ||
| BSDmakefile | ||
| build.go | ||
| CODEOWNERS | ||
| CONTRIBUTING.md | ||
| DCO | ||
| Dockerfile | ||
| Dockerfile.rootless | ||
| eslint.config.mjs | ||
| flake.lock | ||
| flake.nix | ||
| go.mod | ||
| go.sum | ||
| LICENSE | ||
| main.go | ||
| Makefile | ||
| package-lock.json | ||
| package.json | ||
| playwright.config.ts | ||
| poetry.lock | ||
| poetry.toml | ||
| pyproject.toml | ||
| README.md | ||
| release-notes-assistant.sh | ||
| RELEASE-NOTES.md | ||
| renovate.json | ||
| stylelint.config.js | ||
| tailwind.config.js | ||
| tsconfig.json | ||
| vitest.config.ts | ||
| webpack.config.js | ||
Welcome to Forgejo
Hi there! Tired of big platforms playing monopoly? Providing Git hosting for your project, friends, company or community? Forgejo (/for'd͡ʒe.jo/ inspired by forĝejo – the Esperanto word for forge) has you covered with its intuitive interface, light and easy hosting and a lot of builtin functionality.
Forgejo was created in 2022 because we think that the project should be owned by an independent community. If you second that, then Forgejo is for you! Our promise: Independent Free/Libre Software forever!
What does Forgejo offer?
If you like any of the following, Forgejo is literally meant for you:
- Lightweight: Forgejo can easily be hosted on nearly every machine. Running on a Raspberry? Small cloud instance? No problem!
- Project management: Besides Git hosting, Forgejo offers issues, pull requests, wikis, kanban boards and much more to coordinate with your team.
- Publishing: Have something to share? Use releases to host your software for download, or use the package registry to publish it for docker, npm and many other package managers.
- Customizable: Want to change your look? Change some settings? There are many config switches to make Forgejo work exactly like you want.
- Powerful: Organizations & team permissions, CI integration, Code Search, LDAP, OAuth and much more. If you have advanced needs, Forgejo has you covered.
- Privacy: From update checker to default settings: Forgejo is built to be privacy first for you and your crew.
- Federation: (WIP) We are actively working to connect software forges with each other through ActivityPub, and create a collaborative network of personal instances.
Learn more
Dive into the documentation, subscribe to releases and blog post on our website, find us on the Fediverse or hop into our Matrix room if you have any questions or want to get involved.
License
Forgejo is distributed under the terms of the GPL version 3.0 or any later version.
The agreement for this license was documented in June 2023 and implemented during the development of Forgejo v9.0. All Forgejo versions before v9.0 are distributed under the MIT license.
Get involved
If you are interested in making Forgejo better, either by reporting a bug or by changing the governance, please take a look at the contribution guide.