Forgejo Security Release 1.21.11-0
The Forgejo v1.21.11-0 release contains two security fixes: a privilege escalation that allows any registered user to change the visibility of any public repository; and a cross-site scripting (XSS) vulnerability that enabled attackers to run unsandboxed client-side scripts on pages served from the forge's domain.
Read more →