mirror of
https://github.com/go-gitea/gitea.git
synced 2026-07-02 11:31:52 +00:00
- Enforce repository token scope on RSS/Atom feed endpoints so a PAT without repo scope can no longer read private repo commit data. - Block HTTP redirects during repository migration clones to prevent SSRF reaching internal addresses via an attacker-controlled redirect. - Redact the notification subject after repo access is revoked so private issue/PR metadata is no longer leaked through the notification API. --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Git Module
This module is merged from https://github.com/go-gitea/git which is a Go module to access Git through shell commands. Now it's a part of gitea's main repository for easier pull request.