gitforge/routers/web/user
Mathieu Fenniak 4b83448b7d 2026-06-10 security patches (#13001)
- fix: prevent stored XSS in user display name on Actions page
- fix: LFS locks must belong to the intended repo, port from Gitea
- fix: prevent unauthorized access to draft releases via API
- fix: prevent writes to OpenID visibility which may affect other users
- fix: prevent viewing private PRs that are linked to public issues on public projects

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13001
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
2026-06-10 06:05:01 +02:00
..
setting 2026-06-10 security patches (#13001) 2026-06-10 06:05:01 +02:00
avatar.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
code.go chore: minor code cleanup in search (#10549) 2025-12-23 00:38:51 +01:00
home.go fix(issue-search): drop all labels ids if no label (0) is present (#12665) 2026-05-21 22:21:05 +02:00
home_test.go fix: Allow SHA-256 in PR commit URLs (#10309) 2025-12-16 00:45:00 +01:00
main_test.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
notification.go fix(issue-search): drop all labels ids if no label (0) is present (#12665) 2026-05-21 22:21:05 +02:00
package.go chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
profile.go Federated user activity following (#4767) 2026-05-08 08:08:10 +02:00
search.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
stop_watch.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
task.go feat: show progress of issues and PRs migrations (#12738) 2026-05-28 00:49:07 +02:00