oss/forgejo
oss/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-10-05 19:30:58 +00:00
Code Wiki Activity
forgejo/models
History
forgejo-backport-action 3210151955 [v12.0/forgejo] fix: ensure GetUserByEmail only considers validated emails (#9085) 
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/9075

Only validated emails can be used to:

-  assert if a signature can be trusted or,
-  to assign comments, issues to an existing user during a migration

The emails that were not yet validated could previously used as if they were validated, incorrectly showing commits as trusted or assigning comments, issues to the user associated with this email during migrations.

Existing migrations are not modified when they were incorrectly assigned to an email that is not validated. The trust status of all commit signatures will now show differently depending on the validation status of an email.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Security bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9075): <!--number 9075 --><!--line 0 --><!--description ZW5zdXJlIEdldFVzZXJCeUVtYWlsIG9ubHkgY29uc2lkZXJzIHZhbGlkYXRlZCBlbWFpbHM=-->ensure GetUserByEmail only considers validated emails<!--description-->
<!--end release-notes-assistant-->

Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9085
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2025-08-30 18:43:22 +02:00
..
actions [v12.0/forgejo] fix(test): TestActionsArtifactOverwrite needs ordered query for pgsql (#8849) 2025-08-10 14:46:58 +02:00
activities [v12.0/forgejo] fix: make the action feed resilient to database inconsistencies (#8618) 2025-07-23 00:18:50 +02:00
admin chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
asymkey Update module golang.org/x/crypto to v0.39.0 (forgejo) (#8091) 2025-06-06 15:19:05 +02:00
auth feat: consider WebAuthn & SSH for instance signing (#7693) 2025-04-29 10:34:07 +00:00
avatars chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
db [v12.0/forgejo] fix: use parent context for new transactions (#8474) 2025-07-10 14:44:56 +02:00
dbfs Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
fixtures [v12.0/forgejo] fix: only redirect to a new owner (organization or user) if the user has permissions to view the new owner (#9091) 2025-08-30 18:42:11 +02:00
forgefed Federated user activity following: Isolated model changes (#8078) 2025-06-21 12:02:58 +02:00
forgejo/semver Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
forgejo_migrations [v12.0/forgejo] fix: upgrade fails or hang at migration[32]: Migrate maven package name concatenation (#8613) 2025-07-22 19:24:22 +02:00
git feat: always publish the link to the commit status (#8177) 2025-06-13 12:41:34 +02:00
issues [v12.0/forgejo] fix: make sure to use unaltered fields when saving a shadow copy for updated profiles or comments (#8584) 2025-07-22 03:08:12 +02:00
migrations fix: maven use groupId:artifactId for package name concatenation (#6352) 2025-06-01 09:02:29 +02:00
moderation [v12.0/forgejo] fix: abuse reports string data types (#8319) 2025-06-27 16:30:23 +02:00
organization fix: show membership of limited orgs 2025-06-06 19:33:26 +02:00
packages [v12.0/forgejo] several fixes of ALT Package registry (#8480) 2025-07-10 21:57:46 +02:00
perm Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
project chore(cleanup): replaces unnecessary calls to formatting functions by non-formatting equivalents (#7994) 2025-05-29 17:34:29 +02:00
pull fix: do not ignore automerge while a PR is checking for conflicts (#8189) 2025-06-17 10:58:07 +02:00
quota fix: ignore expired artifacts for quota calculation (#7976) 2025-05-28 18:22:10 +02:00
repo [v12.0/forgejo] fix: only redirect to a new owner (organization or user) if the user has permissions to view the new owner (#9091) 2025-08-30 18:42:11 +02:00
secret chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
shared/types chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
system Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
unit feat: configurable default units for mirrors (#7902) 2025-06-03 08:12:29 +02:00
unittest chore: replace github.com/go-testfixtures/testfixtures (#7715) 2025-04-29 19:28:56 +00:00
user [v12.0/forgejo] fix: ensure GetUserByEmail only considers validated emails (#9085) 2025-08-30 18:43:22 +02:00
webhook Actions Failure, Succes, Recover Webhooks (#7508) 2025-06-03 14:29:19 +02:00
error.go [v12.0/forgejo] fix: don't allow credentials in migrate/push mirror URL (#9078) 2025-08-30 18:42:39 +02:00
main_test.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
org.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
org_team.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
org_team_test.go Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
org_test.go Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
repo.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
repo_test.go Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
repo_transfer.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
repo_transfer_test.go Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00