Mirrors/gitea
0
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-06-18 13:37:23 +02:00
Code Issues Activity
gitea/modules
History
Nicolas a746372325
fix(sec): block redirects in repository migration clone (SSRF) 
Migration validates the initial clone address against the allow/block
list, but a git-service migration clones with `git clone`, which follows
an HTTP 302 from the remote to an internal address without re-validating.
This let a low-privilege user reach internal services through Gitea.

Refuse redirects on the migration clone via `http.followRedirects=false`,
the only reliable guard since git resolves redirects below Gitea's
validation layer. Applied to both the repository and wiki clones.

Assisted-by: Claude:claude-opus-4-8
2026-06-14 11:51:39 +02:00
..
actions
feat(actions)!: improve support for reusable workflows (#37478)
2026-05-30 08:31:14 +02:00
analyze
assetfs
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
auth
test: speed up two tests (#37905)
2026-05-31 03:33:13 +00:00
avatar
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
badge
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
base
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
cache
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
cachegroup
charset
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
commitstatus
Update Combine method to treat warnings as failures and adjust tests (#37048)
2026-03-31 17:22:18 +00:00
consts
feat(ssh): auto generate additional ssh keys (#33974)
2026-06-08 18:18:58 +00:00
container
csv
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
dump
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
emoji
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
eventsource
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
fileicon
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
generate
feat(ssh): auto generate additional ssh keys (#33974)
2026-06-08 18:18:58 +00:00
git
fix(sec): block redirects in repository migration clone (SSRF)
2026-06-14 11:51:39 +02:00
gitrepo
fix: git cmd (#38084)
2026-06-12 07:35:59 +02:00
glob
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
globallock
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
graceful
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
gtprof
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
hcaptcha
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
highlight
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
hostmatcher
fix(hostmatcher): block reserved IP ranges from external/private filters (#38039)
2026-06-10 10:03:36 +02:00
htmlutil
chore: introduce HTMLBuilder (#37688)
2026-05-13 17:06:53 +00:00
httpcache
fix: remove "no-transfrom" from the cache-control header (#37985)
2026-06-04 00:12:02 +08:00
httplib
fix: remove "no-transfrom" from the cache-control header (#37985)
2026-06-04 00:12:02 +08:00
indexer
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
issue/template
enhance: Migrate remaining gopkg.in/yaml.v3 usages to go.yaml.in/yaml/v4 (#37866)
2026-05-29 01:12:11 +00:00
json
Fix corrupted JSON caused by goccy library (#37214)
2026-04-14 14:00:20 +00:00
label
enhance: Migrate remaining gopkg.in/yaml.v3 usages to go.yaml.in/yaml/v4 (#37866)
2026-05-29 01:12:11 +00:00
lfs
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
lfstransfer
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
log
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
markup
fix: csp regressions (#38047)
2026-06-12 08:36:05 +08:00
mcaptcha
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
metrics
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
migration
enhance: Migrate remaining gopkg.in/yaml.v3 usages to go.yaml.in/yaml/v4 (#37866)
2026-05-29 01:12:11 +00:00
nosql
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
optional
enhance: Migrate remaining gopkg.in/yaml.v3 usages to go.yaml.in/yaml/v4 (#37866)
2026-05-29 01:12:11 +00:00
options
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
packages
fix: validate gem name in rubygems parseMetadataFile (#38061)
2026-06-10 18:03:06 +00:00
paginator
feat(ui): add "follow rename" to file commit history list (#34994)
2026-06-03 17:40:38 +00:00
pprof
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
private
fix: git push hook post receive (#38089)
2026-06-13 04:43:25 +00:00
process
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
proxy
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
proxyprotocol
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
public
fix(frontend): resolve Vite assets by manifest source path (#37836)
2026-05-28 06:14:52 +00:00
queue
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
recaptcha
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
references
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
regexplru
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
repository
fix: git push hook post receive (#38089)
2026-06-13 04:43:25 +00:00
reqctx
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
secret
session
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
setting
fix: csp regressions (#38047)
2026-06-12 08:36:05 +08:00
sitemap
ssh
feat(ssh): auto generate additional ssh keys (#33974)
2026-06-08 18:18:58 +00:00
storage
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
structs
feat(api): Add GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/runs (#37196)
2026-06-11 17:12:30 +00:00
svg
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
system
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
tailmsg
tempdir
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
templates
feat: Add avatar stacks (#37594)
2026-06-08 17:16:22 +00:00
test
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
testlogger
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
timeutil
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
translation
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
turnstile
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
typesniffer
Feature non-zipped actions artifacts (action v7) (#36786)
2026-03-26 00:37:48 +08:00
updatechecker
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
uri
user
util
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
validation
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
web
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
webhook
zstd
chore(deps): upgrade zstd seekable package (#37988)
2026-06-04 13:38:56 +00:00