Nemcio/Gogs
1
0
Fork 0
mirror of https://github.com/gogs/gogs.git synced 2026-02-05 14:09:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
5,902 Commits 8 Branches 94 Tags
9ea429faafd9e7732edb0be3bc2a75a7b4d3808e
Commit Graph

5902 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joe Chen
9ea429faaf Fix CI setup and errors 2026-01-23 12:18:28 -05:00
Joe Chen
c7d2d8b525 release: update version to 0.13.4 2026-01-23 10:21:06 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
4dc0a99919 repo: validate Git server hook name for editing (#8103) 2026-01-23 09:40:55 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
9e70cdf437 api: verify write access to update repo content (#8102) 2026-01-23 09:19:26 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
961a79e8f9 api: verify owner access to delete repos (#8101) 2026-01-22 22:53:17 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
d568e04831 two_factor: verify recovery code ownership upon using (#8100) 2026-01-22 22:35:52 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
af825ff56f wiki: sanitize old wiki page name when editing (#8099) 2026-01-22 11:06:41 -05:00
Jakub Domeracki
71a72a72ad security: patch mermaid package version 
https://github.com/gogs/gogs/security/advisories/GHSA-26gq-grmh-6xm6

Co-authored-by: Jakub Domeracki <jdomeracki.itsec@gmail.com>
Co-authored-by: ᴊᴏᴇ ᴄʜᴇɴ <jc@unknwon.io>
 2026-01-22 09:48:30 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
4167a4d568 wiki: auto-detect default branch (#8094) 2026-01-20 23:39:05 -05:00
Mukaiu
5b5793bb4a api: fix nil pointer dereference when listing user repos (#8069) 
Co-authored-by: Joe Chen <jc@unknwon.io>
 2026-01-20 23:33:43 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
c3eca1fca3 repository: reject any updates that has symlink in path hierarchy (#8082) 
Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-01-20 23:31:41 -05:00
Neptunium93
33990972fa repo: fix potential null pointer dereference in mirror sync (#8065) 2026-01-20 23:25:23 -05:00
Joe Chen
5084b4a9b7 release: update version to 0.13.3 v0.13.3 v0.13.3-rc.1 2025-06-08 18:55:56 -04:00
Joe Chen
8aaabfcc99 ci: fix up MySQL test ubuntu version 2025-06-08 18:55:16 -04:00
Joe Chen
1cba9bc81b web_editor: prohibit CRUD to symbolic files (#7981) 
Fixes
[GHSA-wj44-9vcg-wjq7](https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7)

---------

Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
 2025-06-08 18:47:04 -04:00
宋子桓🌈
e453425d1b email: fix unable to override templates in custom directory (#7905) 
Co-authored-by: Joe Chen <jc@unknwon.io>
 2025-06-08 18:45:12 -04:00
Edoardo Ottavianelli
110117b2e5 security: patch for Stored XSS in PDF renderer (#7966) 2025-06-08 18:44:32 -04:00
MarcUs7i
36be6a2871 Set timeout to explicit 0 in gogs.js (#7890) 
## Describe the pull request

A simple fix in public/js/gogs.js making bug upload not result in a
timeout (added just one line)

Link to the issue: closes https://github.com/gogs/gogs/issues/6149

## Test plan

- Set the max_size of `attachment` to a high number

```toml
[release.attachment]
ENABLED          = true
ALLOWED_TYPES    = */*
MAX_SIZE         = 512
MAX_FILES        = 20
```

- Upload a file to releases


![image](https://github.com/user-attachments/assets/8cf29c73-c8ec-42a3-9660-681a583b577a)

It doesn't randomly timeout!
 2025-06-08 18:44:10 -04:00
Joe Chen
593c7b6db6 release: update version to 0.13.2 v0.13.2 v0.13.2-rc.1 2024-12-23 10:57:35 -05:00
Joe Chen
01157b2f79 Dockerfile: fix up outdated s6-svscan path (#7880) 
## Describe the pull request

Link to the issue: https://github.com/gogs/gogs/issues/7864
 2024-12-23 10:54:01 -05:00
Joe Chen
0c40e600a2 ci: fix up unsupported host system version v0.13.1 v0.13.1-rc.1 2024-12-22 17:54:57 -05:00
Joe Chen
080b9a9d03 release: update version to 0.13.1 2024-12-22 17:52:03 -05:00
Joe Chen
300519d1ca ci: fix up lint issues 2024-12-22 17:33:50 -05:00
Joe Chen
88a13fa378 ci: modernize setup 2024-12-22 17:21:26 -05:00
Joe Chen
2b0f129a91 dep: update github.com/gogs/git-module to v1.8.4 (#7872) 
Fixes
https://github.com/gogs/gogs/security/advisories/GHSA-m27m-h5gj-wwmg by
including https://github.com/gogs/git-module/pull/110
 2024-12-22 17:16:11 -05:00
Joe Chen
ce51a8e538 repo: ignore unintended Git options for diff preview (#7871) 
## Describe the pull request

Fixes
https://github.com/gogs/gogs/security/advisories/GHSA-9pp6-wq8c-3w2c
 2024-12-22 17:15:08 -05:00
Joe Chen
3b527a36c8 repo: prevent preview and delete files in .git directories (#7870) 
## Describe the pull request

Fixes
https://github.com/gogs/gogs/security/advisories/GHSA-ccqv-43vm-4f3w
 2024-12-22 17:14:44 -05:00
Joe Chen
f5262441a0 ssh: make env command a passthrough (#7868) 
Fixes
https://github.com/gogs/gogs/security/advisories/GHSA-vm62-9jw3-c8w3

ssh: make `env` command a passthrough (#7868)

Fixes
https://github.com/gogs/gogs/security/advisories/GHSA-vm62-9jw3-c8w3
 2024-12-22 17:04:03 -05:00
Alexandre Jacquin
f6862c1f8b Fix s6-svscan path in Dockerfile (#7867) 
Related to #7864

## Describe the pull request

Fix the path of the s6-svscan binary path in the Dockerfile. As
mentionned in the issue, it is probably to the alpine base image change
(from `3.17` to `3.21`).

Link to the issue:
https://github.com/gogs/gogs/issues/7864#issuecomment-2558323928

Credit to @cryptovaltt

## Test plan

Build the image and check if the application can be ran. E.g.:

```bash
docker build -t gogs:working-7864 -f Dockerfile .
docker run --name=gogs -p 10022:22 -p 10880:3000 -v gogs:working-7864 --rm
```
 2024-12-22 17:01:09 -05:00
Joe Chen
bd84b41843 Dockerfile: update base image to alpine3.21 and enable trivy scan (#7863) 
Link to the issue: fixes https://github.com/gogs/gogs/issues/6674
 2024-12-22 17:00:43 -05:00
Joe Chen
c947affcfa api: clean file path for updating repo contents (#7859) 
## Describe the pull request

Link to the issue: closes https://github.com/gogs/gogs/issues/7582
 2024-12-22 16:55:01 -05:00
Joe Chen
40cb106198 repo/editor: disallow editing symlink while changing file name (#7857) 
## Describe the pull request

Link to the issue: https://github.com/gogs/gogs/issues/7582
 2024-12-22 16:54:18 -05:00
Mobile Mind
b89da2f6eb install: fix SMTP password config name to save (#7807) 2024-12-22 16:54:02 -05:00
Jiaxin Zhu
75969c92ef fix(templates): the green color is supposed to be purple (#7722) 
Co-authored-by: jxzhu <zhujiaxin@gmail.com>
 2024-12-22 16:53:45 -05:00
bitebyte
e993f1dbff Fix issue: synchronize the section name[mailer/email] of app.ini (#7704) 2024-12-22 16:52:23 -05:00
Joe Chen
8c21874c00 release: remove dev version notion v0.13.0 v0.13.0-rc.1 2023-02-25 20:33:19 +08:00
Joe Chen
540134d443 CHANGELOG: cut entries for 0.13.0 (#7373) 
[skip ci]
 2023-02-25 20:31:04 +08:00
Joe Chen
6244daa3ea chore: update release issue templates (#7371) 
[skip ci]
 2023-02-25 20:28:30 +08:00
Joe Chen
689e71ff2c ci: run Go tests with -shuffle=on (#7370) 2023-02-25 16:56:39 +08:00
Joe Chen
361a681225 docs: minor updates (#7367) 
[skip ci]
 2023-02-25 16:08:34 +08:00
Joe Chen
73ae88badf CHANGELOG: cut entries for 0.12.11 (#7368) 
[skip ci]
 2023-02-25 13:39:06 +08:00
dependabot[bot]
72d51347ec mod: bump gorm.io/driver/mysql from 1.4.3 to 1.4.7 (#7363) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-20 19:28:14 +08:00
dependabot[bot]
dc37bf5794 mod: bump modernc.org/sqlite from 1.20.3 to 1.20.4 (#7364) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-20 19:15:19 +08:00
dependabot[bot]
9e5fa984f8 mod: bump gorm.io/driver/postgres from 1.4.7 to 1.4.8 (#7362) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-20 19:14:56 +08:00
Joe Chen
3e3d6eda12 chore: update Go versions in CI (#7346) 2023-02-19 18:10:34 +08:00
dependabot[bot]
9110059797 mod: bump golang.org/x/net from 0.6.0 to 0.7.0 (#7358) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-18 22:19:40 +08:00
Joe Chen
15d0d6a94b fix(db): correctly check Git path on case-insensitive file system (#7359) 2023-02-18 22:15:13 +08:00
Joe Chen
0f8c71d3b3 fix(migration): skip v20 if column sha256 already exists (#7354) 2023-02-14 22:44:23 +08:00
Joe Chen
8f9895acaf fix(db): sanitize user full name after find (#7353) 2023-02-14 21:46:09 +08:00
Joe Chen
2a375007ee fix(repo): be tolerant to implicit submodules (#7352) 2023-02-14 14:46:29 +08:00