Mirrors/gitea
0
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-11-04 12:53:43 +01:00
Code Issues Activity
gitea/modules
History
shashank-netapp 03fce8f3d0
Fixing issue #35530: Password Leak in Log Messages (#35584) 
The Gitea codebase was logging `Elasticsearch` and `Meilisearch`
connection strings directly to log files without sanitizing them. Since
connection strings often contain credentials in the format
`protocol://username:password@host:port`, this resulted in passwords
being exposed in plain text in log output.

Fix:
- wrapped all instances of setting.Indexer.RepoConnStr and
setting.Indexer.IssueConnStr with the `util.SanitizeCredentialURLs()`
function before logging them.

Fixes: #35530

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2025-10-07 09:26:47 -07:00
..
actions
[Fix] Trigger 'unlabeled' event when label is Deleted from PR (#34316)
2025-09-24 09:45:38 -07:00
activitypub
Remove incorrect "db.DefaultContext" usages (#35366)
2025-08-28 03:52:43 +00:00
analyze
assetfs
use experimental go json v2 library (#35392)
2025-09-28 08:03:36 +00:00
auth
Address some CodeQL security concerns (#35572)
2025-10-04 01:21:26 +08:00
avatar
Fix various typos in codebase (#35480)
2025-09-13 10:34:43 -04:00
badge
base
Fix http auth header parsing (#34936)
2025-07-03 03:02:38 +00:00
cache
enforce explanation for necessary nolints and fix bugs (#34883)
2025-06-27 21:48:03 +08:00
cachegroup
charset
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
commitstatus
enforce nolint scope (#34851)
2025-06-27 07:59:55 +02:00
container
csv
Disable Field count validation of CSV viewer (#35228)
2025-09-04 09:54:58 -07:00
dump
Use github.com/mholt/archives replace github.com/mholt/archiver (#35390)
2025-09-01 19:40:12 +00:00
emoji
eventsource
fileicon
Follow file symlinks in the UI to their target (#28835)
2025-07-01 06:55:36 +08:00
generate
git
Move some functions to gitrepo package (#35543)
2025-10-07 17:06:51 +08:00
gitrepo
Move some functions to gitrepo package (#35543)
2025-10-07 17:06:51 +08:00
glob
Replace gobwas/glob package (#35478)
2025-09-13 18:01:00 +00:00
globallock
Upgrade golang to 1.25.1 and add descriptions for the swagger structs' fields (#35418)
2025-09-06 16:52:41 +00:00
graceful
Fix context usages (#35348)
2025-08-27 11:00:01 +00:00
gtprof
Add start time on perf trace because it seems some steps haven't been recorded. (#35282)
2025-08-18 15:17:19 +00:00
hcaptcha
highlight
hostmatcher
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
htmlutil
Improve labels-list rendering (#34846)
2025-06-27 23:12:25 +08:00
httpcache
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
httplib
Fix context usages (#35348)
2025-08-27 11:00:01 +00:00
indexer
Fixing issue #35530: Password Leak in Log Messages (#35584)
2025-10-07 09:26:47 -07:00
issue/template
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
json
Drop json-iterator dependency (#35544)
2025-09-28 22:30:28 +08:00
label
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
lfs
Drop json-iterator dependency (#35544)
2025-09-28 22:30:28 +08:00
lfstransfer
Fix SSH LFS timeout (#34838)
2025-06-24 15:49:31 +00:00
log
Address some CodeQL security concerns (#35572)
2025-10-04 01:21:26 +08:00
markup
Fix various typos in codebase (#35480)
2025-09-13 10:34:43 -04:00
mcaptcha
metrics
Remove incorrect "db.DefaultContext" usages (#35366)
2025-08-28 03:52:43 +00:00
migration
Fix some missed GitHeadRefName when renaming (#35102)
2025-07-17 14:01:11 +00:00
nosql
optional
use experimental go json v2 library (#35392)
2025-09-28 08:03:36 +00:00
options
packages
use experimental go json v2 library (#35392)
2025-09-28 08:03:36 +00:00
paginator
pprof
private
process
proxy
Replace gobwas/glob package (#35478)
2025-09-13 18:01:00 +00:00
proxyprotocol
public
Upgrade gopls to v0.19.0, add make fix (#34772)
2025-06-18 19:30:40 +00:00
queue
Fix various typos in codebase (#35480)
2025-09-13 10:34:43 -04:00
recaptcha
references
regexplru
repository
Move some functions to gitrepo package (#35543)
2025-10-07 17:06:51 +08:00
reqctx
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
secret
session
Add proper error message if session provider can not be created (#35520)
2025-09-28 12:24:19 +00:00
setting
Address some CodeQL security concerns (#35572)
2025-10-04 01:21:26 +08:00
sitemap
ssh
storage
Fix error logs and improve some comments/messages (#35105)
2025-07-17 19:09:54 +08:00
structs
feat: adds option to force update new branch in contents routes (#35592)
2025-10-06 21:23:14 -07:00
svg
system
Remove incorrect "db.DefaultContext" usages (#35366)
2025-08-28 03:52:43 +00:00
tailmsg
tempdir
Address some CodeQL security concerns (#35572)
2025-10-04 01:21:26 +08:00
templates
Move git config/remote to gitrepo package and add global lock to resolve possible conflict when updating repository git config file (#35151)
2025-09-01 18:47:04 +00:00
test
testlogger
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
timeutil
translation
Address some CodeQL security concerns (#35572)
2025-10-04 01:21:26 +08:00
turnstile
typesniffer
Fix various typos in codebase (#35480)
2025-09-13 10:34:43 -04:00
updatechecker
uri
user
util
Move some functions to gitrepo package (#35543)
2025-10-07 17:06:51 +08:00
validation
Replace gobwas/glob package (#35478)
2025-09-13 18:01:00 +00:00
web
Refactor to use reflect.TypeFor (#35370)
2025-08-27 20:13:31 -07:00
webhook
Add workflow_run api + webhook (#33964)
2025-06-20 20:14:00 +08:00
zstd