testing/forgejo: security upgrade to 1.21.11-1 (!64463) · Merge requests · alpine / aports

fossdd requested to merge fossdd/aports:forgejo-1.21.11.0-r0 into master Apr 18, 2024

https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#1-21-11-0

Security fixes:

Fixed a privilege escalation through git push options that allows any user to change the visibility of any repository they can see, regardless of their level of access.

Fixed a bug that allows user-supplied, non-sandboxed JavaScript to be run from the same domain as the forge, via /{owner}/{repo}/render/branch/{branch}/{filename} URLs.

Edited Apr 18, 2024 by fossdd

testing/forgejo: security upgrade to 1.21.11-1

Merge request reports