oss/forgejo
oss/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-09-30 19:22:08 +00:00
Code Wiki Activity
forgejo/models
History
forgejo-backport-action 43664f79b9 [v12.0/forgejo] fix: don't allow credentials in migrate/push mirror URL (#9078) 
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/9064

It is no longer possible to specify the user and password when providing a URL for migrating a repository, the fields dedicated to that purpose on the form must be used instead. This is to prevent that those credentials are displayed in the repository settings that are visible by the repository admins, in the case where the migration is a mirror.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Security bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9064): <!--number 9064 --><!--line 0 --><!--description ZG9uJ3QgYWxsb3cgY3JlZGVudGlhbHMgaW4gbWlncmF0ZS9wdXNoIG1pcnJvciBVUkw=-->don't allow credentials in migrate/push mirror URL<!--description-->
<!--end release-notes-assistant-->

Co-authored-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9078
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2025-08-30 18:42:39 +02:00
..
actions [v12.0/forgejo] fix(test): TestActionsArtifactOverwrite needs ordered query for pgsql (#8849) 2025-08-10 14:46:58 +02:00
activities [v12.0/forgejo] fix: make the action feed resilient to database inconsistencies (#8618) 2025-07-23 00:18:50 +02:00
admin chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
asymkey Update module golang.org/x/crypto to v0.39.0 (forgejo) (#8091) 2025-06-06 15:19:05 +02:00
auth feat: consider WebAuthn & SSH for instance signing (#7693) 2025-04-29 10:34:07 +00:00
avatars chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
db [v12.0/forgejo] fix: use parent context for new transactions (#8474) 2025-07-10 14:44:56 +02:00
dbfs Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
fixtures [v12.0/forgejo] fix: only redirect to a new owner (organization or user) if the user has permissions to view the new owner (#9091) 2025-08-30 18:42:11 +02:00
forgefed Federated user activity following: Isolated model changes (#8078) 2025-06-21 12:02:58 +02:00
forgejo/semver Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
forgejo_migrations [v12.0/forgejo] fix: upgrade fails or hang at migration[32]: Migrate maven package name concatenation (#8613) 2025-07-22 19:24:22 +02:00
git feat: always publish the link to the commit status (#8177) 2025-06-13 12:41:34 +02:00
issues [v12.0/forgejo] fix: make sure to use unaltered fields when saving a shadow copy for updated profiles or comments (#8584) 2025-07-22 03:08:12 +02:00
migrations fix: maven use groupId:artifactId for package name concatenation (#6352) 2025-06-01 09:02:29 +02:00
moderation [v12.0/forgejo] fix: abuse reports string data types (#8319) 2025-06-27 16:30:23 +02:00
organization fix: show membership of limited orgs 2025-06-06 19:33:26 +02:00
packages [v12.0/forgejo] several fixes of ALT Package registry (#8480) 2025-07-10 21:57:46 +02:00
perm Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
project chore(cleanup): replaces unnecessary calls to formatting functions by non-formatting equivalents (#7994) 2025-05-29 17:34:29 +02:00
pull fix: do not ignore automerge while a PR is checking for conflicts (#8189) 2025-06-17 10:58:07 +02:00
quota fix: ignore expired artifacts for quota calculation (#7976) 2025-05-28 18:22:10 +02:00
repo [v12.0/forgejo] fix: only redirect to a new owner (organization or user) if the user has permissions to view the new owner (#9091) 2025-08-30 18:42:11 +02:00
secret chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
shared/types chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
system Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
unit feat: configurable default units for mirrors (#7902) 2025-06-03 08:12:29 +02:00
unittest chore: replace github.com/go-testfixtures/testfixtures (#7715) 2025-04-29 19:28:56 +00:00
user [v12.0/forgejo] fix: only redirect to a new owner (organization or user) if the user has permissions to view the new owner (#9091) 2025-08-30 18:42:11 +02:00
webhook Actions Failure, Succes, Recover Webhooks (#7508) 2025-06-03 14:29:19 +02:00
error.go [v12.0/forgejo] fix: don't allow credentials in migrate/push mirror URL (#9078) 2025-08-30 18:42:39 +02:00
main_test.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
org.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
org_team.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
org_team_test.go Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
org_test.go Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
repo.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
repo_test.go Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
repo_transfer.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
repo_transfer_test.go Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00