diff --git a/release-notes-published/10.0.1.md b/release-notes-published/10.0.1.md index d0cd45ec46..4226053bd4 100644 --- a/release-notes-published/10.0.1.md +++ b/release-notes-published/10.0.1.md @@ -5,8 +5,8 @@ See also the [dedicated blog post](https://forgejo.org/2025-02-release-v10-0-1/) ## Release notes - Security bug fixes - - [PR](https://codeberg.org/forgejo/forgejo/pulls/6839): Verify the ID of Forgejo Actions web endpoints belongs to the repository to prevent the deletion of runners or variables or the modification of variables. [Read more in the dedicated blog post](https://forgejo.org/2025-02-release-v1001/). - - [PR](https://codeberg.org/forgejo/forgejo/pulls/6838): Enforce permissions on publicly available user or organizations projects to not leak information from issues and pull requests that belong to private repositories. [Read more in the dedicated blog post](https://forgejo.org/2025-02-release-v1001/). + - [PR](https://codeberg.org/forgejo/forgejo/pulls/6839): Verify the ID of Forgejo Actions web endpoints belongs to the repository to prevent the deletion of runners or variables or the modification of variables. [Read more in the dedicated blog post](https://forgejo.org/2025-02-release-v10-0-1/). + - [PR](https://codeberg.org/forgejo/forgejo/pulls/6838): Enforce permissions on publicly available user or organizations projects to not leak information from issues and pull requests that belong to private repositories. [Read more in the dedicated blog post](https://forgejo.org/2025-02-release-v10-0-1/). - User Interface bug fixes - [PR](https://codeberg.org/forgejo/forgejo/pulls/6803) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6833)): fix(ui): display verified icon for default gpg key - Localization diff --git a/release-notes-published/7.0.13.md b/release-notes-published/7.0.13.md index bbfc4dbaf4..484bbc4afa 100644 --- a/release-notes-published/7.0.13.md +++ b/release-notes-published/7.0.13.md @@ -5,8 +5,8 @@ See also the [dedicated blog post](https://forgejo.org/2025-02-release-v10-0-1/) ## Release notes - Security bug fixes - - [PR](https://codeberg.org/forgejo/forgejo/pulls/6845): Verify the ID of Forgejo Actions web endpoints belongs to the repository to prevent the deletion of runners or variables or the modification of variables. [Read more in the dedicated blog post](https://forgejo.org/2025-02-release-v1001/). - - [PR](https://codeberg.org/forgejo/forgejo/pulls/6846): Enforce permissions on publicly available user or organizations projects to not leak information from issues and pull requests that belong to private repositories. [Read more in the dedicated blog post](https://forgejo.org/2025-02-release-v1001/). + - [PR](https://codeberg.org/forgejo/forgejo/pulls/6845): Verify the ID of Forgejo Actions web endpoints belongs to the repository to prevent the deletion of runners or variables or the modification of variables. [Read more in the dedicated blog post](https://forgejo.org/2025-02-release-v10-0-1/). + - [PR](https://codeberg.org/forgejo/forgejo/pulls/6846): Enforce permissions on publicly available user or organizations projects to not leak information from issues and pull requests that belong to private repositories. [Read more in the dedicated blog post](https://forgejo.org/2025-02-release-v10-0-1/). - Bug fixes - [PR](https://codeberg.org/forgejo/forgejo/pulls/6674) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6679)): fix: load settings for valid user and email check - Included for completeness but not worth a release note