gitforge/modules
elle 540551acf2 federation: protect against SSRF attacks (#11795)
Adds an extra check to ensure the `keyId` and `actorId` included in signed requests and actor records point back to the originating host.

This check prevents server-side request forgery (SSRF) attacks where a carefully crafted request could be used to trick a federation server into making requests to arbitrary hosts and ports.

Further refactors can make these checks more robust, but would better fit after other existing refactor PRs are merged.

Related: https://codeberg.org/forgejo/forgejo/issues/11779

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11795
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
2026-07-08 02:03:17 +02:00
..
actions fix: do not try to remove task logs that don't exist (#13040) 2026-06-11 02:03:05 +02:00
activitypub federation: protect against SSRF attacks (#11795) 2026-07-08 02:03:17 +02:00
analyze
assetfs feat: optimization: use fs.ReadFile (#10987) 2026-01-22 16:26:18 +01:00
auth feat: add dynamic group mappings for OIDC (#11656) 2026-05-22 12:38:20 +02:00
avatar chore: remove EXIF stripping capability due to usage of AGPL licensed exif-terminator library (#13105) 2026-06-17 16:16:35 +02:00
avatarstore feat: serve downsized versions of avatars (#11242) 2026-05-16 12:04:05 +02:00
base refactor(tests): drop the need to compile gitea binary manually (#12855) 2026-06-02 00:04:50 +02:00
cache fix(ui): in the admin config panel do not report a cache taking more than 100 microseconds as slow (#13256) 2026-06-30 12:06:06 +02:00
card
charset chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
container
csv
emoji
eventsource ci: detect and prevent empty case statements in Go code (#11593) 2026-03-10 02:50:28 +01:00
forgefed chore(federation): re-enable nilnil lint (#11253) 2026-04-13 22:05:29 +02:00
generate chore: unify signing key configuration across modules (#11194) 2026-04-21 19:39:33 +02:00
git fix: terminate git (& other) subcommands gracefully on context timeout/cancellation (#13263) 2026-07-01 20:26:02 +02:00
gitrepo
graceful ci: detect and prevent empty case statements in Go code (#11593) 2026-03-10 02:50:28 +01:00
hcaptcha
highlight fix(ui): show "Shell" instead of "Bash" in headers of shell script files (#12562) 2026-05-14 22:33:51 +02:00
hostmatcher chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
html
httpcache feat: remove no-transform in Cache-Control header. (#12905) 2026-06-03 05:38:47 +02:00
httplib chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
indexer enh(issue-search): treat terms in query strings with no explicit operator as MUST (#13025) 2026-07-04 16:05:50 +02:00
issue/template chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
json feat: ability to edit authorized integration in web UI (#12601) 2026-05-17 18:33:39 +02:00
jwtx chore: make use of go1.26 features (#12369) 2026-05-01 22:51:48 +02:00
keying fix: store pull mirror creds encrypted with keying (#11909) 2026-04-04 13:53:22 +02:00
label chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
lfs feat: enable auth to git LFS via authorized integrations (#12725) 2026-05-28 23:20:58 +02:00
log fix: terminate git (& other) subcommands gracefully on context timeout/cancellation (#13263) 2026-07-01 20:26:02 +02:00
markup feat(ui): improve markup attention colors (#13224) 2026-07-07 06:33:16 +02:00
mcaptcha
metrics
migration feat: show progress of issues and PRs migrations (#12738) 2026-05-28 00:49:07 +02:00
nosql feat: cache OIDC metadata & JWKS when read by authorized integration (#12275) 2026-04-28 02:13:06 +02:00
optional chore: upgrade to https://code.forgejo.org/xorm/xorm v1.4.0 (#12639) 2026-05-20 20:20:08 +02:00
options
packages fix: Update swift package registry to use the metadata schema from the official Swift docs (#12200) 2026-06-26 04:25:56 +02:00
paginator
pprof
private chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
process fix: intermittent test failure in process cancellation (#13293) 2026-07-04 04:49:36 +02:00
proxy
proxyprotocol ci: detect and prevent empty case statements in Go code (#11593) 2026-03-10 02:50:28 +01:00
public chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
queue feat: cache OIDC metadata & JWKS when read by authorized integration (#12275) 2026-04-28 02:13:06 +02:00
recaptcha
references
regexplru
repository cleanup(tests): remove unused git hooks directories in testdata (#12824) 2026-05-31 20:24:25 +02:00
secret
session fix: only destroy session if exists 2026-03-19 02:18:52 +01:00
setting federation: protect against SSRF attacks (#11795) 2026-07-08 02:03:17 +02:00
sitemap
ssh fix: terminate git (& other) subcommands gracefully on context timeout/cancellation (#13263) 2026-07-01 20:26:02 +02:00
storage tests: minioClient web proxy (#13340) 2026-07-07 21:46:35 +02:00
structs fix(api): swagger docs improvement (#13082) 2026-06-13 21:20:26 +02:00
svg
sync
system
templates fix(ui): bring back non-empty check to ThemeName (#13175) 2026-06-23 11:53:17 +02:00
test fix: ensure migrations allow/deny host lists are applied to onedev, pagure, and codebase migrators (#13184) 2026-06-25 14:11:36 +02:00
testimport chore: move all test blank imports in a single package (#10662) 2026-01-02 05:32:32 +01:00
testlogger chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
timeutil
translation chore(i18n): May 2026 maintenence (#12718) 2026-05-25 10:59:49 +02:00
turnstile
typesniffer
updatechecker chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
uri
user
util chore: make use of go1.26 features (#12369) 2026-05-01 22:51:48 +02:00
validation feat: add dynamic group mappings for OIDC (#11656) 2026-05-22 12:38:20 +02:00
web Update module github.com/go-chi/chi/v5 to v5.3.0 (forgejo) (#12697) 2026-06-29 23:35:12 +02:00
webhook
zstd