bewährt — keine offenen Regressionen, etabliert · 0 open bugs, 0 Regressions
Zeitnah aktualisieren
Derived automatically from release, repo and CVE data — no judgment by a language model.
Gitea uses insecure SSH configurations by default with weak encryption algorithms that are considered compromised or use outdated hash functions, compromising the security of SSH connections.
A vulnerability in Gitea allows public-only scoped API tokens to access private organization data, despite being restricted to public content only.
A vulnerability in Gitea allows authenticated users with only read access to push arbitrary commits directly to repositories, bypassing all write access controls, which can lead to complete repository compromise.
Gitea bypasses OAuth2 permission restrictions when tokens are submitted via HTTP Basic Authentication instead of Bearer tokens, allowing apps with limited scopes to gain write access to user profiles and repositories.
A security vulnerability in Gitea allows accessing private Git repositories with OAuth2/Bearer tokens that lack required repository permissions, because scope validation only occurs during Basic authentication but not Bearer authentication.
A security vulnerability in Gitea allows downloading complete private repository archives using access tokens that only have permissions for other areas like issues, not repository content.
Three API endpoints in Gitea allow users with limited permissions to read issue template and configuration files from private repositories, even though they should not have access to the code section.
Security update with fixes for permissions, token scopes, OAuth validation and various authentication issues
Bugfix release with fixes for OAuth2 escaping, container authentication, Actions workflows, Mermaid diagrams and various UI issues
Gitea v1.26.0 introduces breaking changes to Swagger annotations and API endpoints, new Actions features, Terraform registry, global banners and numerous performance improvements
Gitea v1.26.0-rc0 introduces breaking changes to Swagger annotations and API endpoints, new Actions features, Terraform registry support, and numerous UI enhancements
Security update fixing multiple critical vulnerabilities in OAuth2, user permissions and path resolution along with various bug fixes
Security update with fixes for repository permissions, attachments, LFS locks and various authentication issues
Security update with Go 1.25.5, markdown editor improvements and fixes for various bugs in SSH cloning, email handling and pull requests
Security update with cryptography library upgrade and fixes for various permission and login bugs plus numerous bugfixes
Bugfix release with fixes for ACME email configuration, pull request counters, actions issues and various UI improvements
Gitea v1.25.0 introduces breaking changes to API responses and metrics, security updates, new features like 3D file preview and workflow emails, plus numerous enhancements and bug fixes
Security update fixes LFS authentication bypass, symlink bypass, password leaks in logs and OAuth2 issues
Gitea v1.25.0-rc0 Release Candidate with breaking changes in API responses and metrics, new features like 3D file preview and workflow emails
Security update for xz library and bug fixes for compare pages, pull request redirects, API responses and webhook functionality
Bug fixes for LFS garbage collection, webhook comment counting and pull request reviews plus UI improvement for resolved comments
Bug fixes for migration inputs, file upload display, review comments, submodules and improvements to syntax highlighting and commit display
Bugfix release with corrections for submodules, git graph, API responses, user permissions and various UI issues
Quick bugfix release addressing Docker image push issues and Chi framework update
Maintenance update with improvements for commit status display and PR parameters plus bug fixes for package deletion, markdown rendering and API panics
Gitea v1.24.0 introduces breaking changes to configuration handling, new features like 2FA enforcement and anonymous access to private repositories, plus performance improvements
Security update for Gitea with fixes for LFS SSH upload bug and network package updates plus various bug fixes
Gitea v1.24.0-rc0 introduces breaking configuration changes, new 2FA enforcement, enhanced repository features and performance improvements
Security update with Go 1.23.8, new configuration option for anonymous users and various bug fixes
Security update with fixes for LFS URLs, JWT/Redis packages and various bugfixes for OAuth2, Maven, markdown rendering and UI issues
Security update with Go 1.23.7 and OAuth2/crypto libraries, performance improvements for user dashboard and various bug fixes
Security update with enhancements for Actions routers, performance optimizations for pull request comments, and various bug fixes
Security update with Golang 1.23.6 and fix for status webhook template bug
Gitea v1.23.2 fixes webhook structure issues and brings UI improvements along with numerous bugfixes
Maintenance update with UI improvements and bug fixes for repository display, API references and editor functionality
Gitea v1.23.0 introduces breaking changes to SSH RSA signing, OIDC authentication and configuration options along with new features like Passkey login, Arch package registry and improved performance
Gitea v1.23.0-rc0 introduces breaking changes to configuration and SSH signatures, new features like Passkey login and Arch package registry, plus security fixes