205hlab-mirrors/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-06-17 19:10:22 +03:00
Code Issues Packages Projects Releases Wiki Activity
21,007 Commits 21 Branches 251 Tags
9e84deb969aff5c1115c2984e41250f28c78451f
Commit Graph

4 Commits

Author SHA1 Message Date
bircni 9e84deb969 fix: Various sec fixes 2 (#38108) 
- Enforce repository token scope on RSS/Atom feed endpoints so a PAT
without repo scope can no longer read private repo commit data.
- Block HTTP redirects during repository migration clones to prevent
SSRF reaching internal addresses via an attacker-controlled redirect.
- Redact the notification subject after repo access is revoked so
private issue/PR metadata is no longer leaked through the notification
API.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
 2026-06-17 06:50:25 +02:00
Lunny Xiao 61b1a39efe chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873) 2026-05-26 15:49:31 -07:00
TheFox0x7 0fde8ecd55 Enable testifylint rules (#34075) 
enable testifylint rules disabled in:
https://github.com/go-gitea/gitea/pull/34054
 2025-03-31 01:53:48 -04:00
Lunny Xiao dcd3014567 Add pubdate for repository rss and add some tests (#33411) 
Fix #33291
 2025-01-27 23:58:46 +08:00