mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2026-05-12 22:10:25 +00:00
9e51a55b63
- fix: prevent git write to wiki repo from unauthorized user via git HTTP - fix: prevent LFS authorization token from being used for read/write access after user's access is restricted from Forgejo - fix: prevent scoped API access (OAuth tokens, Access tokens) from accessing resources beyond their permitted scope via non-API endpoints (e.g. /user/repo/raw/...) - fix: implementing missing OAuth validation checks, improve protections against race conditions - fix: prevent OAuth redirect URI spoofing via non-ascii case collision - fix: strengthen Actions Artifact V4 signature algorithm against spoofing attacks - fix: update Go toolchain to 1.25.10 Co-authored-by: Derzsi Dániel <daniel@tohka.us> Co-authored-by: jvoisin <julien.voisin@dustri.org> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12495 |
||
|---|---|---|
| .. | ||
| TestOrphanedOAuth2Applications | ||
| access_token.go | ||
| access_token_scope.go | ||
| access_token_scope_test.go | ||
| access_token_test.go | ||
| auth_token.go | ||
| main_test.go | ||
| oauth2.go | ||
| oauth2_list.go | ||
| oauth2_test.go | ||
| session.go | ||
| session_test.go | ||
| source.go | ||
| source_test.go | ||
| two_factor.go | ||
| two_factor_test.go | ||
| twofactor.go | ||
| webauthn.go | ||
| webauthn_test.go | ||