mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-10-15 19:42:04 +00:00
43664f79b9
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/9064 It is no longer possible to specify the user and password when providing a URL for migrating a repository, the fields dedicated to that purpose on the form must be used instead. This is to prevent that those credentials are displayed in the repository settings that are visible by the repository admins, in the case where the migration is a mirror. <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - Security bug fixes - [PR](https://codeberg.org/forgejo/forgejo/pulls/9064): <!--number 9064 --><!--line 0 --><!--description ZG9uJ3QgYWxsb3cgY3JlZGVudGlhbHMgaW4gbWlncmF0ZS9wdXNoIG1pcnJvciBVUkw=-->don't allow credentials in migrate/push mirror URL<!--description--> <!--end release-notes-assistant--> Co-authored-by: Gergely Nagy <forgejo@gergo.csillger.hu> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-authored-by: Earl Warren <contact@earl-warren.org> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9078 Reviewed-by: 0ko <0ko@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> |
||
|---|---|---|
| .. | ||
| TestActionVariablesModification | ||
| TestAdminDeleteUser | ||
| TestBlockActions | ||
| TestBlockedNotifications | ||
| TestCommitRefComment | ||
| TestFeed | ||
| TestGetContentHistory | ||
| TestPullCombinedReviewRequest | ||
| TestPullMirrorRedactCredentials | ||
| TestPullRequestReplyMail | ||
| TestRunnerModification | ||
| TestSystemCommentRoles | ||
| TestXSSReviewDismissed | ||