Nemcio/Gogs
1
0
Fork 0
mirror of https://github.com/gogs/gogs.git synced 2026-02-28 01:00:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
6,185 Commits 8 Branches 96 Tags
release/0.14
Commit Graph

384 Commits

Author SHA1 Message Date
JSS
b4bdb270d1 Fix git reset --end-of-options error on file upload and edit (#8184) 2026-02-18 19:13:57 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
094b632182 context: reject access tokens passed via URL query parameters (#8177) 2026-02-18 19:12:23 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
41b186cbfd database: use safe git-module API for tag deletion (#8175) 
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-02-18 19:11:43 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
51cf4cbe7e markup: restrict data URI scheme to safe image MIME types (#8174) 
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-18 19:10:56 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
5e6014c421 lfs: verify content hash and prevent object overwrite (#8166) 
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
 2026-02-18 19:10:41 -05:00
Joe Chen
f5c8030c1f Fix up tests 2026-01-31 22:28:11 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
3f03530042 fix(ssh): git clone via built-in SSH server hangs (#8135) 
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-31 22:22:03 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
628216d588 security: require authentication for attachment uploads (#8128) 
https://github.com/gogs/gogs/security/advisories/GHSA-fc3h-92p8-h36f

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-31 14:40:39 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
7b7e38c880 security: prevent deletion of protected and default branches via web UI (#8124) 
https://github.com/gogs/gogs/security/advisories/GHSA-2c6v-8r3v-gh6p

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-31 12:51:07 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
bb68c0a042 security: fix cross-repository label modification vulnerability (#8123) 
https://github.com/gogs/gogs/security/advisories/GHSA-cv22-72px-f4gh

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-31 12:28:30 -05:00
Yaroslav Halchenko
3cc8e7aa6d Fix typos throughout the codebase (#7514) 2026-01-30 23:03:05 -05:00
Rajat Jain
9f1499f3ab Support comparing tags in addition to branches (#6493) 
Co-authored-by: Joe Chen <jc@unknwon.io>
Co-authored-by: Claude <noreply@anthropic.com>
 2026-01-30 22:45:03 -05:00
Jeff Li
77dba1b5ea repo: fix 500 error on watchers and stargazers pages using MSSQL (#6386) 
Co-authored-by: Joe Chen <jc@unknwon.io>
Co-authored-by: Claude <noreply@anthropic.com>
 2026-01-30 22:24:43 -05:00
Georg Wicke-Arndt
f70f29fdb0 Show file name in browser tab title when viewing files (#5896) 2026-01-30 22:11:10 -05:00
Sino
87c8faaf08 Standardize HTTP status codes (#7851) 
Co-authored-by: Joe Chen <jc@unknwon.io>
 2026-01-30 09:27:59 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
1b226ca48d repo: improve authz for resources (#8119) 
https://github.com/gogs/gogs/security/advisories/GHSA-jj5m-h57j-5gv7
 2026-01-29 20:56:09 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
e3bb4165dc database: impersonate pure-Go SQLite driver as the old "sqlite3" (#8118) 2026-01-29 14:49:36 -05:00
pikomonde
df3d945a2c config: validate and print warnings for invalid options (#7705) 
Co-authored-by: Joe Chen <jc@unknwon.io>
 2026-01-28 11:36:03 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
ae41bab5f2 repo: always list tree entries with verbatim (#8116) 
Co-authored-by: Ali <alicse3@gmail.com>
 2026-01-28 10:11:30 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
2316b09eaf database: fully switch over to pure-Go SQLite driver (#8115) 2026-01-27 22:45:50 -05:00
Copilot
3477bbac0e Add ED25519 test coverage and refactor SSH key parsing tests (#8107) 
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: unknwon <2946214+unknwon@users.noreply.github.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-27 14:04:12 -05:00
Copilot
1cdeef2ce8 Replace tool.IsMaliciousPath with pathutil.Clean and move IsSameSite to urlutil (#8106) 2026-01-23 21:13:27 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
26ef07f60d repo: validate Git server hook name for editing (#8103) 2026-01-23 09:40:36 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
ca59e76a53 api: verify write access to update repo content (#8102) 2026-01-23 09:19:11 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
27f1250d00 api: verify owner access to delete repos (#8101) 2026-01-22 22:52:57 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
560f92ec5f two_factor: verify recovery code ownership upon using (#8100) 2026-01-22 22:30:27 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
1bbc36149a wiki: sanitize old wiki page name when editing (#8099) 2026-01-22 11:00:27 -05:00
Copilot
4ee706b2bf chore: replace pkg/errors with cockroachdb/errors (#8098) 
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: unknwon <2946214+unknwon@users.noreply.github.com>
 2026-01-22 08:20:53 -05:00
Copilot
ae59787ff5 chore: remove internal/database/errors package (#8096) 2026-01-22 07:17:34 -05:00
Copilot
389ec54b2c chore: rename osutil.IsExist to osutil.Exist (#8097) 2026-01-21 22:22:07 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
5544212adb wiki: auto-detect default branch (#8094) 2026-01-20 23:38:10 -05:00
deepsource-autofix[bot]
8e08450182 style: format code with Go fmt and Gofumpt (#8092) 2026-01-19 14:54:13 -05:00
Shivam Kumar
beeeb64969 repo: check directory existence before creation (#8091) 
Co-authored-by: ᴊᴏᴇ ᴄʜᴇɴ <jc@unknwon.io>
 2026-01-19 14:36:38 -05:00
Mukaiu
3ef71a43d9 api: fix nil pointer dereference when listing user repos (#8069) 
Co-authored-by: Joe Chen <jc@unknwon.io>
 2026-01-18 21:01:03 -05:00
Shivam Kumar
b7010084b7 auth: support redirecting to custom URL upon sign out (#8089) 
Co-authored-by: ᴊᴏᴇ ᴄʜᴇɴ <jc@unknwon.io>
 2026-01-16 15:44:26 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
59e9fa191b chore: remove all MIT license file headers (#8083) 
Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
 2026-01-08 19:32:15 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
553707f3fd repository: reject any updates that has symlink in path hierarchy (#8082) 
Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-01-08 14:22:04 -05:00
Copilot
04cc48339f chore: update Go version from 1.24 to 1.25 in CI and related files (#8066) 
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: unknwon <2946214+unknwon@users.noreply.github.com>
Co-authored-by: Joe Chen <jc@unknwon.io>
 2025-12-03 20:11:14 -05:00
Neptunium93
3666718ec5 repo: fix potential null pointer dereference in mirror sync (#8065) 2025-12-03 18:04:42 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
79cc921892 conf: enable value mapping from env vars (#8057) 2025-11-23 20:59:52 -05:00
Joe Chen
591810e405 web_editor: prohibit CRUD to symbolic files (#7981) 
Fixes
[GHSA-wj44-9vcg-wjq7](https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7)

---------

Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
 2025-06-08 18:28:28 -04:00
dependabot[bot]
139ea3ce7d mod: bump modernc.org/sqlite from 1.36.0 to 1.37.0 (#7947) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Joe Chen <jc@unknwon.io>
 2025-04-14 18:00:07 -04:00
宋子桓🌈
46a84fdad5 email: fix unable to override templates in custom directory (#7905) 
Co-authored-by: Joe Chen <jc@unknwon.io>
 2025-02-12 21:52:18 -05:00
dependabot[bot]
e6896eb393 mod: bump gorm.io/driver/postgres from 1.5.7 to 1.5.11 (#7895) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Joe Chen <jc@unknwon.io>
 2025-01-01 11:11:51 -05:00
Joe Chen
f1e64008fb cmd: always build with "cert" subcommand (#7883) 2024-12-23 12:10:43 -05:00
Joe Chen
76831d0d06 dep: update github.com/gogs/git-module to v1.8.4 (#7872) 
## Describe the pull request

Fixes
https://github.com/gogs/gogs/security/advisories/GHSA-m27m-h5gj-wwmg by
including https://github.com/gogs/git-module/pull/110
 2024-12-22 16:37:51 -05:00
Joe Chen
68b3c8f339 repo: ignore unintended Git options for diff preview (#7871) 
## Describe the pull request

Fixes
https://github.com/gogs/gogs/security/advisories/GHSA-9pp6-wq8c-3w2c
 2024-12-22 15:59:03 -05:00
Joe Chen
77a4a945ae repo: prevent preview and delete files in .git directories (#7870) 
## Describe the pull request

Fixes
https://github.com/gogs/gogs/security/advisories/GHSA-ccqv-43vm-4f3w
 2024-12-22 15:24:18 -05:00
Joe Chen
b09f317aa0 database: lock mock properly to avoid data race in tests (#7869) 
Fixes tests data race found in
https://github.com/gogs/gogs/actions/runs/12457230279/job/34771555537
 2024-12-22 15:09:42 -05:00
Joe Chen
009a1855aa ssh: make env command a passthrough (#7868) 
## Describe the pull request

Fixes
https://github.com/gogs/gogs/security/advisories/GHSA-vm62-9jw3-c8w3
 2024-12-22 14:56:31 -05:00