forgejo

mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-02-23 11:55:48 -05:00

History

Gusted 4c8c215b75 fix(sec): web route update and delete runner variables The web route to update and delete variables of runners did not check if the ID that was given belonged to the context it was requested in, this made it possible to update and delete every existing runner variable of a instance for any authenticated user. The code has been reworked to always take into account the context of the request (owner and repository ID). (cherry picked from commit 5cb8fdfc8b9213cc368cd074aac93a1327ea20b0)		2025-02-08 07:50:19 +00:00
..
api	fix: don't show private forks in forks list	2024-11-15 11:58:58 +01:00
common	Use relative links for commits, mentions, and issues in markdown (#29427 )	2024-03-20 08:46:28 +01:00
install	Always load or generate oauth2 jwt secret (#30942 )	2024-05-24 15:15:07 +02:00
private	fix(sec): use constant time check for internal token	2024-10-28 06:17:16 +00:00
utils	Improve user search display name (#29002 )	2024-02-01 17:10:16 +00:00
web	fix(sec): web route update and delete runner variables	2025-02-08 07:50:19 +00:00
init.go	s/Gitea/Forgejo in various log messages and comments	2024-04-22 14:41:17 +00:00