VuXML: gitea -- multiple vulnerabilities

VuXML ID	be088777-6085-11ea-8609-08002731610e
Discovery	2019-11-18
Entry	2020-03-07

The Gitea Team reports for release 1.11.0:

Never allow an empty password to validate (#9682) (#9683)

Prevent redirect to Host (#9678) (#9679)

Swagger hide search field (#9554)

Add "search" to reserved usernames (#9063)

Switch to fomantic-ui (#9374)

Only serve attachments when linked to issue/release and if accessible by user (#9340)

[source]

The Gitea Team reports for release 1.11.2:

Ensure only own addresses are updated (#10397) (#10399)

Logout POST action (#10582) (#10585)

Org action fixes and form cleanup (#10512) (#10514)

Change action GETs to POST (#10462) (#10464)

Fix admin notices (#10480) (#10483)

Change admin dashboard to POST (#10465) (#10466)

Update markbates/goth (#10444) (#10445)

Update crypto vendors (#10385) (#10398)

[source]

FreeBSD PR	ports/244025
URL	https://blog.gitea.io/2020/02/gitea-1.11.0-is-released/
URL	https://blog.gitea.io/2020/03/gitea-1.11.2-is-released/

gitea -- multiple vulnerabilities

Details

References