Gitea-John71/Gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-06-18 09:56:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
6fb96fcfdf1cdc1f89d5f410c2a0dd9d3ddc04dc
Gitea/modules
History
bircni 5facdcc7fd fix: Various sec fixes (#38108) (#38147) 
Backport #38108

- Enforce repository token scope on RSS/Atom feed endpoints so a PAT
without repo scope can no longer read private repo commit data.
- Block HTTP redirects during repository migration clones to prevent
SSRF reaching internal addresses via an attacker-controlled redirect.
- Redact the notification subject after repo access is revoked so
private issue/PR metadata is no longer leaked through the notification
API.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2026-06-17 21:43:22 +02:00
..
actions
fix(actions): exclude workflow_call from workflow trigger detection (#37894) (#37899)
2026-05-29 06:40:50 +00:00
analyze
Fix incorrect vendored detections (#36508)
2026-02-01 10:35:51 +00:00
assetfs
Fix theme discovery and Vite dev server in dev mode (#37033)
2026-03-30 14:59:10 +00:00
auth
Update Go dependencies (#36781)
2026-04-01 11:26:52 +08:00
avatar
Refactor avatar package, support default avatar fallback (#36788)
2026-03-01 13:32:35 +00:00
badge
Add flat-square action badge style (#34062)
2025-04-01 09:42:10 +00:00
base
Fix incorrect setting loading order (#36735)
2026-02-24 23:46:08 +08:00
cache
enforce explanation for necessary nolints and fix bugs (#34883)
2025-06-27 21:48:03 +08:00
cachegroup
Cache GPG keys, emails and users when list commits (#34086)
2025-04-09 16:34:38 +00:00
charset
Improve control char rendering and escape button styling (#37094)
2026-04-06 11:07:33 +00:00
commitstatus
Update Combine method to treat warnings as failures and adjust tests (#37048)
2026-03-31 17:22:18 +00:00
container
Refactor sidebar assignee&milestone&project selectors (#32465)
2024-11-11 04:07:54 +08:00
csv
Disable Field count validation of CSV viewer (#35228)
2025-09-04 09:54:58 -07:00
dump
fix: dump with default zip type produces uncompressed zip (#37401) (#37402)
2026-04-24 17:45:10 +08:00
emoji
Update emoji data for Unicode 16 (#36596)
2026-02-12 21:39:36 +00:00
eventsource
Add more check for stopwatch read or list (#36340)
2026-01-13 13:13:39 +00:00
fileicon
Add FOLDER_ICON_THEME configuration option (#36496)
2026-01-30 20:48:56 +00:00
generate
Fix various bugs (#37096)
2026-04-03 20:03:59 +00:00
git
fix: Various sec fixes (#38108) (#38147)
2026-06-17 21:43:22 +02:00
gitrepo
fix: git cmd (#38084) (#38087)
2026-06-12 21:28:13 +08:00
glob
Replace gobwas/glob package (#35478)
2025-09-13 18:01:00 +00:00
globallock
Upgrade golang to 1.25.1 and add descriptions for the swagger structs' fields (#35418)
2025-09-06 16:52:41 +00:00
graceful
Migrate from webpack to vite (#37002)
2026-03-29 10:24:30 +00:00
gtprof
Add start time on perf trace because it seems some steps haven't been recorded. (#35282)
2025-08-18 15:17:19 +00:00
hcaptcha
Clean up Makefile, tests and legacy code (#36638)
2026-02-19 01:23:32 +00:00
highlight
fix: http content file render (#37850) (#37856)
2026-05-26 06:41:47 +00:00
hostmatcher
fix(hostmatcher): block reserved IP ranges from external/private filters (#38039) (#38059)
2026-06-10 12:05:23 +02:00
htmlutil
Fix markup heading parsing, fix emphasis parsing (#36284)
2026-01-23 20:24:58 +00:00
httpcache
Refactor avatar package, support default avatar fallback (#36788)
2026-03-01 13:32:35 +00:00
httplib
Make ServeSetHeaders default to download attachment if filename exists (#37552) (#37555)
2026-05-05 18:21:07 +00:00
indexer
Improve control char rendering and escape button styling (#37094)
2026-04-06 11:07:33 +00:00
issue/template
Limit reading bytes instead of ReadAll (#35928)
2025-11-12 19:44:49 +08:00
json
Fix corrupted JSON caused by goccy library (#37214) (#37220)
2026-04-14 17:24:39 +00:00
label
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
lfs
Feature non-zipped actions artifacts (action v7) (#36786)
2026-03-26 00:37:48 +08:00
lfstransfer
Correct spelling (#36783)
2026-02-28 11:23:20 -08:00
log
fix(auth): set User-Agent on avatar fetch and sync avatar on link-account register (#37564) (#37588) (#37726)
2026-05-16 14:15:53 +00:00
markup
fix(actions): keep action run title clickable when commit subject is a URL (#37867) (#37898)
2026-05-29 07:59:47 +02:00
mcaptcha
Implement FSFE REUSE for golang files (#21840)
2022-11-27 18:20:29 +00:00
metrics
Remove incorrect "db.DefaultContext" usages (#35366)
2025-08-28 03:52:43 +00:00
migration
feat(api): encrypt AWS creds (#37679) (#37713)
2026-05-15 15:58:19 +02:00
nosql
Refactor git command context & pipeline (#36406)
2026-01-21 01:35:14 +00:00
optional
Fix API not persisting pull request unit config when has_pull_requests is not set (#36718)
2026-03-02 22:08:53 +00:00
options
Refactor embedded assets and drop unnecessary dependencies (#34692)
2025-06-12 03:59:33 +00:00
packages
fix: bound debian ParseControlFile to a single control stanza (#38044) (#38055)
2026-06-14 14:29:27 +00:00
paginator
Only use prev and next buttons for pagination on user dashboard (#33981)
2025-03-23 19:52:43 +00:00
pprof
Implement FSFE REUSE for golang files (#21840)
2022-11-27 18:20:29 +00:00
private
feat: Add configurable permissions for Actions automatic tokens (#36173)
2026-03-21 15:39:47 -07:00
process
Refactor git command context & pipeline (#36406)
2026-01-21 01:35:14 +00:00
proxy
Replace gobwas/glob package (#35478)
2025-09-13 18:01:00 +00:00
proxyprotocol
Enable addtional linters (#34085)
2025-04-01 10:14:01 +00:00
public
Frontend iframe renderer framework: 3D models, OpenAPI (#37233) (#37273)
2026-04-18 16:02:18 +08:00
queue
Refactor git command context & pipeline (#36406)
2026-01-21 01:35:14 +00:00
recaptcha
Fix URLJoin, markup render link reoslving, sign-in/up/linkaccount page common data (#36861)
2026-03-08 15:57:37 +00:00
references
Support closing keywords with URL references (#36221)
2025-12-27 09:05:24 -08:00
regexplru
Enable testifylint rules (#34075)
2025-03-31 01:53:48 -04:00
repository
feat: Add configurable permissions for Actions automatic tokens (#36173)
2026-03-21 15:39:47 -07:00
reqctx
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
secret
Upgrade golangci-lint to v1.64.5 (#33654)
2025-02-21 00:05:40 +08:00
session
Clean up Makefile, tests and legacy code (#36638)
2026-02-19 01:23:32 +00:00
setting
fix!: add DEFAULT_TITLE_SOURCE setting for pull request title default behavior (#37465) (#37766)
2026-05-18 11:01:09 -07:00
sitemap
Fix sitemap (#22272)
2022-12-30 23:31:00 +08:00
ssh
Update x/crypto package and make builtin SSH use default parameters (#34667)
2025-06-09 19:51:02 +00:00
storage
Feature non-zipped actions artifacts (action v7) (#36786)
2026-03-26 00:37:48 +08:00
structs
Add webhook name field to improve webhook identification (#37025) (#37040)
2026-04-01 09:56:20 +08:00
svg
Add render cache for SVG icons (#36863)
2026-03-10 05:26:16 +00:00
system
Remove incorrect "db.DefaultContext" usages (#35366)
2025-08-28 03:52:43 +00:00
tailmsg
Support performance trace (#32973)
2025-01-21 18:57:07 +00:00
tempdir
Address some CodeQL security concerns (#35572)
2025-10-04 01:21:26 +08:00
templates
fix(actions): keep action run title clickable when commit subject is a URL (#37867) (#37898)
2026-05-29 07:59:47 +02:00
test
Swift registry metadata: preserve more JSON fields and accept empty metadata (#37254) (#37261)
2026-04-17 23:36:48 +02:00
testlogger
Clean up Makefile, tests and legacy code (#36638)
2026-02-19 01:23:32 +00:00
timeutil
Clean up Makefile, tests and legacy code (#36638)
2026-02-19 01:23:32 +00:00
translation
Fix various trivial problems (#36953)
2026-03-23 18:23:42 +00:00
turnstile
Add new captcha: cloudflare turnstile (#22369)
2023-02-05 15:29:03 +08:00
typesniffer
Feature non-zipped actions artifacts (action v7) (#36786)
2026-03-26 00:37:48 +08:00
updatechecker
Enable addtional linters (#34085)
2025-04-01 10:14:01 +00:00
uri
Implement FSFE REUSE for golang files (#21840)
2022-11-27 18:20:29 +00:00
user
Refactor older tests to use testify (#33140)
2025-01-09 09:21:47 +08:00
util
FIX: URL sanitization to handle schemeless credentials (#37440) (#37471)
2026-04-28 21:35:18 +00:00
validation
Fix corrupted JSON caused by goccy library (#37214) (#37220)
2026-04-14 17:24:39 +00:00
web
Fix RPM Registry 404 when package name contains 'package' (#37087)
2026-04-03 06:12:04 +00:00
webhook
actions: report commit status for pull_request_review events (#36589)
2026-02-20 16:12:22 +00:00
zstd
Refactor embedded assets and drop unnecessary dependencies (#34692)
2025-06-12 03:59:33 +00:00