Tag: security

Forgejo Security Releases v10.0.1 and v7.0.13
8 February 2025
- releases
- security
The Forgejo v10.0.1 and v7.0.13 releases contain critical security fixes related to permissions enforcement of web endpoints.
Read more →
Forgejo Security Release v8.0.1 & v7.0.7
9 August 2024
- releases
- security
The Forgejo v8.0.1 & v7.0.7 releases contain a security fix for a cross-site scripting (XSS) vulnerability that allowed repository owners to create links that executed javascript when clicking on them.
Read more →
Forgejo Security Release 1.21.11-0
18 April 2024
- releases
- security
The Forgejo v1.21.11-0 release contains two security fixes: a privilege escalation that allows any registered user to change the visibility of any public repository; and a cross-site scripting (XSS) vulnerability that enabled attackers to run unsandboxed client-side scripts on pages served from the forge's domain.
Read more →
Impact of CVE-2024-3094 on Forgejo
31 March 2024
- news
- security
No direct impact of the xz backdoor (CVE-2024-3094) on Forgejo. The infrastructure that powers Forgejo is not impacted by this vulnerability. Forgejo itself is also not affected, however if you run an OpenSSH server for Git over SSH you could be affected by this CVE.
Read more →
Forgejo Security Release 1.21.6-0
22 February 2024
- releases
- security
The Forgejo v1.21.6-0 release contains a security fix for Cross-site scripting (XSS) vulnerabilities. It enabled attackers to inject client-side scripts into web pages displayed to Forgejo visitors.
Read more →

Newer posts

Older posts