forgejo/modules
Gusted 3e1b03838e
fix: ensure correct ssh public key is used for authentication
- The root cause is described in b4f1988a35
- Move to a fork of `github.com/gliderlabs/ssh` that exposes the
permissions that was chosen by `x/crypto/ssh` after succesfully
authenticating, this is the recommended mitigation by the Golang
security team. The fork exposes this, since `gliderlabs/ssh` instead
relies on context values to do so, which is vulnerable to the same
attack, although partially mitigated by the fix in `x/crypto/ssh` it
would not be good practice and defense deep to rely on it.
- Existing tests covers that the functionality is preserved.
- No tests are added to ensure it fixes the described security, the
exploit relies on non-standard SSH behavior it would be too hard to
craft SSH packets to exploit this.
2024-12-12 05:54:07 +01:00
..
actions Fix wrong status of Set up Job when first step is skipped (#32120) 2024-09-29 10:38:49 +02:00
activitypub test: fix test linting 2024-11-11 12:44:36 +01:00
analyze
assetfs
auth
avatar
base fix: extend forgejo_auth_token table 2024-11-15 10:59:36 +01:00
cache
card Add a "summary card" to issues & PRs for consumption by OpenGraph clients (#6053) 2024-11-29 15:02:03 +00:00
charset refactor: remove redundant err declarations (#32381) 2024-11-05 09:33:15 +01:00
container
csv
emoji
eventsource fix: use better code to group UID and stopwatches 2024-11-16 15:59:02 +01:00
forgefed
generate
git Merge pull request 'fix: return correct type in GetSubModule' (#6114) from gusted/forgejo-submodule-entry into forgejo 2024-12-03 03:24:01 +00:00
gitgraph fix: Proper paring of date for git commits 2024-11-10 22:23:28 +01:00
gitrepo
graceful
hcaptcha
highlight feat: highlight Gradle Kotlin as Kotlin 2024-12-04 22:06:33 +01:00
hostmatcher
html
httpcache Fix wrong last modify time (#32102) 2024-09-27 08:42:48 +02:00
httplib Fix wrong last modify time (#32102) 2024-09-27 08:42:48 +02:00
indexer Update modules/indexer/code/elasticsearch/elasticsearch.go 2024-11-28 10:29:18 +00:00
issue/template [CHORE] Use forked binding library 2024-11-05 22:47:34 +01:00
json
keying Update modules/keying/keying.go 2024-11-29 15:42:17 +00:00
label
lfs Use 8 as default value for git lfs concurrency (#32421) 2024-12-06 00:17:57 +01:00
log
markup fix: remove softbreak from github legacy callout 2024-12-04 22:08:38 +01:00
mcaptcha
metrics
migration Support migrating GitHub/GitLab PR draft status (#32242) 2024-10-20 09:24:25 +02:00
nosql
optional
options
packages Add support for indexing arch files 2024-12-09 11:34:50 +08:00
paginator
pprof
private
process
proxy
proxyprotocol
public
queue
recaptcha
references
regexplru
repository Make LFS http_client parallel within a batch. (#32369) 2024-12-06 00:17:57 +01:00
secret
session
setting Use 8 as default value for git lfs concurrency (#32421) 2024-12-06 00:17:57 +01:00
sitemap
ssh fix: ensure correct ssh public key is used for authentication 2024-12-12 05:54:07 +01:00
storage Add artifacts test fixture (#30300) 2024-11-05 09:33:15 +01:00
structs fix: Preview picture not visible on Markdown file (#5781) 2024-11-23 15:00:18 +00:00
svg
sync
system
templates [PORT] Refactor DateUtils and merge TimeSince (gitea#32409) 2024-11-10 22:23:27 +01:00
test
testlogger test: add trailing newline to testlogger.go:recordError message 2024-11-14 14:38:47 +01:00
timeutil [PORT] Refactor DateUtils and merge TimeSince (gitea#32409) 2024-11-10 22:23:27 +01:00
translation i18n: Add dummy language for checking translation keys (#5785) 2024-11-05 09:59:04 +00:00
turnstile
typesniffer Update modules/typesniffer/typesniffer.go 2024-11-28 10:27:33 +00:00
updatechecker
uri
user
util Validate OAuth Redirect URIs (#32643) 2024-12-03 10:19:22 +01:00
validation Validate OAuth Redirect URIs (#32643) 2024-12-03 10:19:22 +01:00
web [CHORE] Use forked binding library 2024-11-05 22:47:34 +01:00
webhook
zstd