mirrors/forgejo

Fork 1

mirror of https://codeberg.org/forgejo/forgejo.git synced 2026-06-22 10:02:15 +00:00

Commit graph

Author	SHA1	Message	Date
Mathieu Fenniak	4b83448b7d	2026-06-10 security patches (#13001 ) - fix: prevent stored XSS in user display name on Actions page - fix: LFS locks must belong to the intended repo, port from Gitea - fix: prevent unauthorized access to draft releases via API - fix: prevent writes to OpenID visibility which may affect other users - fix: prevent viewing private PRs that are linked to public issues on public projects Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13001 Reviewed-by: 0ko <0ko@noreply.codeberg.org> Reviewed-by: Beowulf <beowulf@beocode.eu>	2026-06-10 06:05:01 +02:00

Author

SHA1

Message

Date

Mathieu Fenniak

4b83448b7d

2026-06-10 security patches (#13001 )

- fix: prevent stored XSS in user display name on Actions page
- fix: LFS locks must belong to the intended repo, port from Gitea
- fix: prevent unauthorized access to draft releases via API
- fix: prevent writes to OpenID visibility which may affect other users
- fix: prevent viewing private PRs that are linked to public issues on public projects

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13001
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>

2026-06-10 06:05:01 +02:00

1 commit