mirrors/forgejo
2
0
Fork 1
mirror of https://codeberg.org/forgejo/forgejo.git synced 2026-06-22 10:02:15 +00:00
Code Issues Projects Releases Packages Wiki Activity
forgejo/routers/api
History
Mathieu Fenniak 4b83448b7d 2026-06-10 security patches (#13001) 
- fix: prevent stored XSS in user display name on Actions page
- fix: LFS locks must belong to the intended repo, port from Gitea
- fix: prevent unauthorized access to draft releases via API
- fix: prevent writes to OpenID visibility which may affect other users
- fix: prevent viewing private PRs that are linked to public issues on public projects

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13001
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
2026-06-10 06:05:01 +02:00
..
actions feat: ability to edit authorized integration in web UI (#12601) 2026-05-17 18:33:39 +02:00
forgejo/v1 fix: /api/forgejo/v1/version Content-Type error (#9897) 2025-11-05 17:35:50 +01:00
packages feat: enable auth to raw resources, release downloads, & attachments via authorized integrations (#12776) 2026-05-29 02:11:43 +02:00
shared feat: enable auth to raw resources, release downloads, & attachments via authorized integrations (#12776) 2026-05-29 02:11:43 +02:00
v1 2026-06-10 security patches (#13001) 2026-06-10 06:05:01 +02:00