Path to this page:
Subject: CVS commit: pkgsrc/www/gitea
From: Pierre Pronchery
Date: 2021-03-12 12:54:25
Message id: 20210312115425.95032FA95@cvs.NetBSD.org
Log Message:
gitea: updated to 1.13.4
This includes the following security fixes; in 1.13.0:
* Add Allow-/Block-List for Migrate & Mirrors
* Prevent git operations for inactive users
* Disallow urlencoded new lines in git protocol paths if there is a port
* Mitigate Security vulnerability in the git hook feature
* Disable DSA ssh keys by default
* Set TLS minimum version to 1.2
* Use argon as default password hash algorithm
In 1.13.1:
* Hide private participation in Orgs
* Fix escaping issue in diff
In 1.13.2:
* Prevent panic on fuzzer provided string
* Add secure/httpOnly attributes to the lang cookie
In 1.13.3:
* Turn default hash password algorithm back to pbkdf2 from argon2 until we find \
a better one
In 1.13.4:
* Fix issue popups
Files: