No direct impact of the xz backdoor (CVE-2024-3094) on Forgejo. The infrastructure that powers Forgejo is not impacted by this vulnerability. Forgejo itself is also not affected, however if you run an OpenSSH server for Git over SSH you could be affected by this CVE.
Read more →Forgejo started as a soft fork of Gitea, in reaction to governance changes within the project. Over time, it developed its own identity, adopted both development and governance practices - to ensure the stability, quality, and openness of the project - that made it more challenging to remain a soft fork. The decision was made to become a hard fork, and for Forgejo to forge its own path going forward.
Read more →The Forgejo v1.21.6-0 release contains a security fix for Cross-site scripting (XSS) vulnerabilities. It enabled attackers to inject client-side scripts into web pages displayed to Forgejo visitors.
Read more →Forgejo started as a soft fork of Gitea, in reaction to governance changes within the project. Over time, it developed its own identity, adopted both development and governance practices - to ensure the stability, quality, and openness of the project - that made it more challenging to remain a soft fork. In early 2024, a decision was made to become a hard fork, and for Forgejo to forge its own path going forward. This post explains the consequences this decision will have.
Read more →Forgejo may become a hard fork of Gitea; user research is on the way to figure out the scope of moderation in Forgejo instances; a new requirement for tests was added to the development workflow; the "You pushed on branch" user experience was improved; the migration of translations to Weblate began.
Read more →