mempool/umbrel-apps
mempool/umbrel-apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update forgejo to 11.0.11 (#5209)

Browse Source
This commit is contained in:
Alexander L. 2026-03-27 12:09:29 +01:00 committed by GitHub
parent fe3100f58a
commit 36d5669293
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
forgejo/docker-compose.yml
View File

@ -8,7 +8,7 @@ services:
PROXY_AUTH_ADD: "false"
server:
image: codeberg.org/forgejo/forgejo:11.0.10-rootless@sha256:d0247afd85fde057d4d3233fd13ba840b7a2bc569c93db8a5e6d4ef5b946a36e
image: codeberg.org/forgejo/forgejo:11.0.11-rootless@sha256:3372178750d690c577487dbf37b07d6a20cf2364acf876ca217d0ffa13046590
user: "1000:1000"
restart: on-failure
ports:

11
forgejo/umbrel-app.yml
View File

@ -2,7 +2,7 @@ manifestVersion: 1.1
id: forgejo
category: developer
name: Forgejo
version: "11.0.10"
version: "11.0.11"
tagline: A self-hosted lightweight software forge
description: >-
Forgejo is a self-hosted lightweight software forge, designed to be a fully self-hosted, privacy-respecting alternative to GitHub, GitLab, and Bitbucket. It is a fork of Gitea with additional features and community-driven enhancements. Forgejo is written in Go and can run on low-resource hardware like a Raspberry Pi.
@ -49,8 +49,13 @@ gallery:
- 3.jpg
releaseNotes: >-
🚨 This release includes important security fixes:
- Fixed excess creation of commit_status records
- Upgraded Go version to 1.25.6, addressing denial of service vulnerabilities
- Fixed PKCE challenge validation for OAuth identity provider when using the S256 algorithm
- Fixed improper scope enforcement when using OAuth Bearer tokens with HTTP basic authentication
- Fixed missing permission checks in attachment endpoints that allowed modifying attachments a user did not own
- Fixed email notifications for new releases being sent to users who lost repository access or are inactive
- Fixed missing permission checks in user/org-owned projects that allowed unauthorized changes to project state
- Fixed missing permission check that allowed unauthorized cancellation of pull request automerge
- Fixed path-traversal vulnerability in post-login redirect parameters that could allow arbitrary redirects
Full release notes are available at https://forgejo.org/releases/