mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2026-05-12 22:10:25 +00:00
97a0ab9833
- fix: prevent git write to wiki repo from unauthorized user via git HTTP - fix: prevent LFS authorization token from being used for read/write access after user's access is restricted from Forgejo - fix: prevent scoped API access (OAuth tokens, Access tokens) from accessing resources beyond their permitted scope via non-API endpoints (e.g. /user/repo/raw/...) - fix: implementing missing OAuth validation checks, improve protections against race conditions - fix: prevent OAuth redirect URI spoofing via non-ascii case collision - fix: strengthen Actions Artifact V4 signature algorithm against spoofing attacks Co-authored-by: Derzsi Dániel <daniel@tohka.us> Co-authored-by: jvoisin <julien.voisin@dustri.org> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12494 |
||
|---|---|---|
| .. | ||
| upload | ||
| access_log.go | ||
| api.go | ||
| api_org.go | ||
| api_test.go | ||
| base.go | ||
| base_test.go | ||
| captcha.go | ||
| context.go | ||
| context_cookie.go | ||
| context_model.go | ||
| context_request.go | ||
| context_response.go | ||
| context_test.go | ||
| org.go | ||
| package.go | ||
| pagination.go | ||
| permission.go | ||
| private.go | ||
| quota.go | ||
| repo.go | ||
| repository.go | ||
| response.go | ||
| user.go | ||
| utils.go | ||