foster/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-21 12:44:49 -05:00
Code Issues Wiki Activity
forgejo/modules
History
Gusted 3e1b03838e
fix: ensure correct ssh public key is used for authentication 
- The root cause is described in b4f1988a35
- Move to a fork of `github.com/gliderlabs/ssh` that exposes the
permissions that was chosen by `x/crypto/ssh` after succesfully
authenticating, this is the recommended mitigation by the Golang
security team. The fork exposes this, since `gliderlabs/ssh` instead
relies on context values to do so, which is vulnerable to the same
attack, although partially mitigated by the fix in `x/crypto/ssh` it
would not be good practice and defense deep to rely on it.
- Existing tests covers that the functionality is preserved.
- No tests are added to ensure it fixes the described security, the
exploit relies on non-standard SSH behavior it would be too hard to
craft SSH packets to exploit this.
2024-12-12 05:54:07 +01:00
..
actions Fix wrong status of Set up Job when first step is skipped (#32120) 2024-09-29 10:38:49 +02:00
activitypub test: fix test linting 2024-11-11 12:44:36 +01:00
analyze Rename code_langauge.go to code_language.go (#26377) 2023-08-07 15:00:53 -04:00
assetfs Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
auth Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
avatar Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
base fix: extend forgejo_auth_token table 2024-11-15 10:59:36 +01:00
cache Increase cacheContextLifetime to reduce false reports (#32011) 2024-09-14 17:09:03 +02:00
card Add a "summary card" to issues & PRs for consumption by OpenGraph clients (#6053) 2024-11-29 15:02:03 +00:00
charset refactor: remove redundant err declarations (#32381) 2024-11-05 09:33:15 +01:00
container Add container.FilterSlice function (gitea#30339) 2024-04-16 11:49:44 +02:00
csv Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
emoji Update emoji set to Unicode 15 (#25595) 2023-06-29 16:29:48 +00:00
eventsource fix: use better code to group UID and stopwatches 2024-11-16 15:59:02 +01:00
forgefed style: reenable switch check 2024-08-18 15:19:01 +02:00
generate Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
git Merge pull request 'fix: return correct type in GetSubModule' (#6114) from gusted/forgejo-submodule-entry into forgejo 2024-12-03 03:24:01 +00:00
gitgraph fix: Proper paring of date for git commits 2024-11-10 22:23:28 +01:00
gitrepo [CHORE] Drop go-git support 2024-08-12 19:11:09 +02:00
graceful chore: remove some Windows-specific files 2024-09-19 20:39:55 +05:00
hcaptcha Consume hcaptcha and pwn deps (#22610) 2023-01-29 09:49:51 -06:00
highlight feat: highlight Gradle Kotlin as Kotlin 2024-12-04 22:06:33 +01:00
hostmatcher Support allowed hosts for migrations to work with proxy (#32025) 2024-09-14 17:52:54 +02:00
html Refactor backend SVG package and add tests (#26335) 2023-08-05 04:34:59 +00:00
httpcache Fix wrong last modify time (#32102) 2024-09-27 08:42:48 +02:00
httplib Fix wrong last modify time (#32102) 2024-09-27 08:42:48 +02:00
indexer Update modules/indexer/code/elasticsearch/elasticsearch.go 2024-11-28 10:29:18 +00:00
issue/template [CHORE] Use forked binding library 2024-11-05 22:47:34 +01:00
json Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
keying Update modules/keying/keying.go 2024-11-29 15:42:17 +00:00
label Make label templates have consistent behavior and priority (#23749) 2023-04-10 16:44:02 +08:00
lfs Use 8 as default value for git lfs concurrency (#32421) 2024-12-06 00:17:57 +01:00
log [CHORE] Fix darwin compatibility 2024-08-09 17:44:41 +02:00
markup fix: remove softbreak from github legacy callout 2024-12-04 22:08:38 +01:00
mcaptcha Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
metrics Rename project board -> column to make the UI less confusing (#30170) 2024-06-02 09:42:39 +02:00
migration Support migrating GitHub/GitLab PR draft status (#32242) 2024-10-20 09:24:25 +02:00
nosql [FEAT] Only implement used API of Redis client 2024-08-30 04:33:15 +02:00
optional Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
options Use a general approach to access custom/static/builtin assets (#24022) 2023-04-12 18:16:45 +08:00
packages Add support for indexing arch files 2024-12-09 11:34:50 +08:00
paginator Use more specific test methods (#24265) 2023-04-22 17:56:27 -04:00
pprof Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
private fix(hook): ignore unknown push options instead of failing 2024-07-02 21:39:01 +02:00
process chore: remove some Windows-specific files 2024-09-19 20:39:55 +05:00
proxy Use proxy for pull mirror (#22771) 2023-02-11 08:39:50 +08:00
proxyprotocol Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
public Refactor CORS handler (#28587) 2023-12-25 20:13:18 +08:00
queue chore: update mock redis client 2024-09-01 05:42:34 +02:00
recaptcha Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
references Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
regexplru Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
repository Make LFS http_client parallel within a batch. (#32369) 2024-12-06 00:17:57 +01:00
secret Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
session [FEAT] Only implement used API of Redis client 2024-08-30 04:33:15 +02:00
setting Use 8 as default value for git lfs concurrency (#32421) 2024-12-06 00:17:57 +01:00
sitemap Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
ssh fix: ensure correct ssh public key is used for authentication 2024-12-12 05:54:07 +01:00
storage Add artifacts test fixture (#30300) 2024-11-05 09:33:15 +01:00
structs fix: Preview picture not visible on Markdown file (#5781) 2024-11-23 15:00:18 +00:00
svg Refactor backend SVG package and add tests (#26335) 2023-08-05 04:34:59 +00:00
sync Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
system Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
templates [PORT] Refactor DateUtils and merge TimeSince (gitea#32409) 2024-11-10 22:23:27 +01:00
test test(util): MockProtect when mocking multiple times 2024-06-02 15:24:06 +02:00
testlogger test: add trailing newline to testlogger.go:recordError message 2024-11-14 14:38:47 +01:00
timeutil [PORT] Refactor DateUtils and merge TimeSince (gitea#32409) 2024-11-10 22:23:27 +01:00
translation i18n: Add dummy language for checking translation keys (#5785) 2024-11-05 09:59:04 +00:00
turnstile Add new captcha: cloudflare turnstile (#22369) 2023-02-05 15:29:03 +08:00
typesniffer Update modules/typesniffer/typesniffer.go 2024-11-28 10:27:33 +00:00
updatechecker Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
uri Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
user test: enforce tenv usage in tests 2024-07-17 23:07:41 +02:00
util Validate OAuth Redirect URIs (#32643) 2024-12-03 10:19:22 +01:00
validation Validate OAuth Redirect URIs (#32643) 2024-12-03 10:19:22 +01:00
web [CHORE] Use forked binding library 2024-11-05 22:47:34 +01:00
webhook Add support for workflow_dispatch (#3334) 2024-06-28 05:17:11 +00:00
zstd Cache generated binary across jobs 2024-08-26 23:43:09 +02:00