Mirrors/gitea
0
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-10-10 08:40:59 +02:00
Code Issues Activity
gitea/modules
History
Giteabot 6de2151607
Fixing issue #35530: Password Leak in Log Messages (#35584) (#35609) 
Backport #35584 by @shashank-netapp

# Summary
The Gitea codebase was logging `Elasticsearch` and `Meilisearch`
connection strings directly to log files without sanitizing them. Since
connection strings often contain credentials in the format
`protocol://username:password@host:port`, this resulted in passwords
being exposed in plain text in log output.

Fix:
- wrapped all instances of setting.Indexer.RepoConnStr and
setting.Indexer.IssueConnStr with the `util.SanitizeCredentialURLs()`
function before logging them.

Fixes: #35530

Co-authored-by: shashank-netapp <108022276+shashank-netapp@users.noreply.github.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2025-10-09 11:00:40 +02:00
..
actions
[Fix] Trigger 'unlabeled' event when label is Deleted from PR (#34316)
2025-09-24 09:45:38 -07:00
activitypub
Remove incorrect "db.DefaultContext" usages (#35366)
2025-08-28 03:52:43 +00:00
analyze
assetfs
Refactor embedded assets and drop unnecessary dependencies (#34692)
2025-06-12 03:59:33 +00:00
auth
Fix http auth header parsing (#34936)
2025-07-03 03:02:38 +00:00
avatar
Fix various typos in codebase (#35480)
2025-09-13 10:34:43 -04:00
badge
Add flat-square action badge style (#34062)
2025-04-01 09:42:10 +00:00
base
Fix http auth header parsing (#34936)
2025-07-03 03:02:38 +00:00
cache
enforce explanation for necessary nolints and fix bugs (#34883)
2025-06-27 21:48:03 +08:00
cachegroup
Cache GPG keys, emails and users when list commits (#34086)
2025-04-09 16:34:38 +00:00
charset
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
commitstatus
enforce nolint scope (#34851)
2025-06-27 07:59:55 +02:00
container
csv
Disable Field count validation of CSV viewer (#35228)
2025-09-04 09:54:58 -07:00
dump
Use github.com/mholt/archives replace github.com/mholt/archiver (#35390)
2025-09-01 19:40:12 +00:00
emoji
eventsource
fileicon
Follow file symlinks in the UI to their target (#28835)
2025-07-01 06:55:36 +08:00
generate
git
Move updateref and removeref to gitrepo and remove unnecessary open repository (#35511)
2025-09-19 08:04:18 -07:00
gitrepo
Move updateref and removeref to gitrepo and remove unnecessary open repository (#35511)
2025-09-19 08:04:18 -07:00
glob
Replace gobwas/glob package (#35478)
2025-09-13 18:01:00 +00:00
globallock
Upgrade golang to 1.25.1 and add descriptions for the swagger structs' fields (#35418)
2025-09-06 16:52:41 +00:00
graceful
Fix context usages (#35348)
2025-08-27 11:00:01 +00:00
gtprof
Add start time on perf trace because it seems some steps haven't been recorded. (#35282)
2025-08-18 15:17:19 +00:00
hcaptcha
highlight
Enable testifylint rules (#34075)
2025-03-31 01:53:48 -04:00
hostmatcher
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
htmlutil
Improve labels-list rendering (#34846)
2025-06-27 23:12:25 +08:00
httpcache
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
httplib
Fix context usages (#35348)
2025-08-27 11:00:01 +00:00
indexer
Fixing issue #35530: Password Leak in Log Messages (#35584) (#35609)
2025-10-09 11:00:40 +02:00
issue/template
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
json
enforce explanation for necessary nolints and fix bugs (#34883)
2025-06-27 21:48:03 +08:00
label
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
lfs
Refactor repo contents API and add "contents-ext" API (#34822)
2025-06-25 02:34:21 +00:00
lfstransfer
Fix SSH LFS timeout (#34838)
2025-06-24 15:49:31 +00:00
log
Upgrade golang to 1.25.1 and add descriptions for the swagger structs' fields (#35418)
2025-09-06 16:52:41 +00:00
markup
Fix various typos in codebase (#35480)
2025-09-13 10:34:43 -04:00
mcaptcha
metrics
Remove incorrect "db.DefaultContext" usages (#35366)
2025-08-28 03:52:43 +00:00
migration
Fix some missed GitHeadRefName when renaming (#35102)
2025-07-17 14:01:11 +00:00
nosql
optional
Fix updating user visibility (#35036)
2025-07-10 16:17:28 -07:00
options
Refactor embedded assets and drop unnecessary dependencies (#34692)
2025-06-12 03:59:33 +00:00
packages
fix: add author.name field to Swift Package Registry API response (#35410)
2025-09-07 18:24:25 +00:00
paginator
Only use prev and next buttons for pagination on user dashboard (#33981)
2025-03-23 19:52:43 +00:00
pprof
private
Fix a bug when uploading file via lfs ssh command (#34408)
2025-05-09 16:17:08 +00:00
process
proxy
Replace gobwas/glob package (#35478)
2025-09-13 18:01:00 +00:00
proxyprotocol
Enable addtional linters (#34085)
2025-04-01 10:14:01 +00:00
public
Upgrade gopls to v0.19.0, add make fix (#34772)
2025-06-18 19:30:40 +00:00
queue
Fix various typos in codebase (#35480)
2025-09-13 10:34:43 -04:00
recaptcha
references
Enable testifylint rules (#34075)
2025-03-31 01:53:48 -04:00
regexplru
Enable testifylint rules (#34075)
2025-03-31 01:53:48 -04:00
repository
Remove incorrect "db.DefaultContext" usages (#35366)
2025-08-28 03:52:43 +00:00
reqctx
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
secret
Upgrade golangci-lint to v1.64.5 (#33654)
2025-02-21 00:05:40 +08:00
session
Remove incorrect "db.DefaultContext" usages (#35366)
2025-08-28 03:52:43 +00:00
setting
Stream repo zip/tar.gz/bundle achives by default (#35487)
2025-09-19 11:51:21 +08:00
sitemap
ssh
Update x/crypto package and make builtin SSH use default parameters (#34667)
2025-06-09 19:51:02 +00:00
storage
Fix error logs and improve some comments/messages (#35105)
2025-07-17 19:09:54 +08:00
structs
[Fix] Trigger 'unlabeled' event when label is Deleted from PR (#34316)
2025-09-24 09:45:38 -07:00
svg
sync
system
Remove incorrect "db.DefaultContext" usages (#35366)
2025-08-28 03:52:43 +00:00
tailmsg
tempdir
Uniform all temporary directories and allow customizing temp path (#32352)
2025-04-08 16:15:28 +00:00
templates
Move git config/remote to gitrepo package and add global lock to resolve possible conflict when updating repository git config file (#35151)
2025-09-01 18:47:04 +00:00
test
Validate hex colors when creating/editing labels (#34623)
2025-06-07 11:25:08 +03:00
testlogger
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
timeutil
Refactor embedded assets and drop unnecessary dependencies (#34692)
2025-06-12 03:59:33 +00:00
translation
Enable testifylint rules (#34075)
2025-03-31 01:53:48 -04:00
turnstile
typesniffer
Fix various typos in codebase (#35480)
2025-09-13 10:34:43 -04:00
updatechecker
Enable addtional linters (#34085)
2025-04-01 10:14:01 +00:00
uri
user
util
Fix various bugs (#35177)
2025-07-30 07:08:59 +00:00
validation
Replace gobwas/glob package (#35478)
2025-09-13 18:01:00 +00:00
web
Refactor to use reflect.TypeFor (#35370)
2025-08-27 20:13:31 -07:00
webhook
Add workflow_run api + webhook (#33964)
2025-06-20 20:14:00 +08:00
zstd
Refactor embedded assets and drop unnecessary dependencies (#34692)
2025-06-12 03:59:33 +00:00