opensource/gitea
1
0
Fork 0
mirror of https://gitcode.com/gitea/gitea.git synced 2025-10-11 10:15:17 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
gitea/modules
History
shashank-netapp 03fce8f3d0 Fixing issue #35530: Password Leak in Log Messages (#35584) 
The Gitea codebase was logging `Elasticsearch` and `Meilisearch`
connection strings directly to log files without sanitizing them. Since
connection strings often contain credentials in the format
`protocol://username:password@host:port`, this resulted in passwords
being exposed in plain text in log output.

Fix:
- wrapped all instances of setting.Indexer.RepoConnStr and
setting.Indexer.IssueConnStr with the `util.SanitizeCredentialURLs()`
function before logging them.

Fixes: #35530

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2025-10-07 09:26:47 -07:00
..
actions
[Fix] Trigger 'unlabeled' event when label is Deleted from PR (#34316)
2025-09-24 09:45:38 -07:00
activitypub
Remove incorrect "db.DefaultContext" usages (#35366)
2025-08-28 03:52:43 +00:00
analyze
Refactor older tests to use testify (#33140)
2025-01-09 09:21:47 +08:00
assetfs
use experimental go json v2 library (#35392)
2025-09-28 08:03:36 +00:00
auth
Address some CodeQL security concerns (#35572)
2025-10-04 01:21:26 +08:00
avatar
Fix various typos in codebase (#35480)
2025-09-13 10:34:43 -04:00
badge
Add flat-square action badge style (#34062)
2025-04-01 09:42:10 +00:00
base
Fix http auth header parsing (#34936)
2025-07-03 03:02:38 +00:00
cache
enforce explanation for necessary nolints and fix bugs (#34883)
2025-06-27 21:48:03 +08:00
cachegroup
Cache GPG keys, emails and users when list commits (#34086)
2025-04-09 16:34:38 +00:00
charset
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
commitstatus
enforce nolint scope (#34851)
2025-06-27 07:59:55 +02:00
container
Refactor sidebar assignee&milestone&project selectors (#32465)
2024-11-11 04:07:54 +08:00
csv
Disable Field count validation of CSV viewer (#35228)
2025-09-04 09:54:58 -07:00
dump
Use github.com/mholt/archives replace github.com/mholt/archiver (#35390)
2025-09-01 19:40:12 +00:00
emoji
Refactor older tests to use testify (#33140)
2025-01-09 09:21:47 +08:00
eventsource
Refactor older tests to use testify (#33140)
2025-01-09 09:21:47 +08:00
fileicon
Follow file symlinks in the UI to their target (#28835)
2025-07-01 06:55:36 +08:00
generate
Refactor JWT secret generating & decoding code (#29172)
2024-02-16 15:18:30 +00:00
git
Move some functions to gitrepo package (#35543)
2025-10-07 17:06:51 +08:00
gitrepo
Move some functions to gitrepo package (#35543)
2025-10-07 17:06:51 +08:00
glob
Replace gobwas/glob package (#35478)
2025-09-13 18:01:00 +00:00
globallock
Upgrade golang to 1.25.1 and add descriptions for the swagger structs' fields (#35418)
2025-09-06 16:52:41 +00:00
graceful
Fix context usages (#35348)
2025-08-27 11:00:01 +00:00
gtprof
Add start time on perf trace because it seems some steps haven't been recorded. (#35282)
2025-08-18 15:17:19 +00:00
hcaptcha
Consume hcaptcha and pwn deps (#22610)
2023-01-29 09:49:51 -06:00
highlight
Enable testifylint rules (#34075)
2025-03-31 01:53:48 -04:00
hostmatcher
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
htmlutil
Improve labels-list rendering (#34846)
2025-06-27 23:12:25 +08:00
httpcache
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
httplib
Fix context usages (#35348)
2025-08-27 11:00:01 +00:00
indexer
Fixing issue #35530: Password Leak in Log Messages (#35584)
2025-10-07 09:26:47 -07:00
issue/template
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
json
Drop json-iterator dependency (#35544)
2025-09-28 22:30:28 +08:00
label
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
lfs
Drop json-iterator dependency (#35544)
2025-09-28 22:30:28 +08:00
lfstransfer
Fix SSH LFS timeout (#34838)
2025-06-24 15:49:31 +00:00
log
Address some CodeQL security concerns (#35572)
2025-10-04 01:21:26 +08:00
markup
Fix various typos in codebase (#35480)
2025-09-13 10:34:43 -04:00
mcaptcha
Implement FSFE REUSE for golang files (#21840)
2022-11-27 18:20:29 +00:00
metrics
Remove incorrect "db.DefaultContext" usages (#35366)
2025-08-28 03:52:43 +00:00
migration
Fix some missed GitHeadRefName when renaming (#35102)
2025-07-17 14:01:11 +00:00
nosql
Refactor older tests to use testify (#33140)
2025-01-09 09:21:47 +08:00
optional
use experimental go json v2 library (#35392)
2025-09-28 08:03:36 +00:00
options
Refactor embedded assets and drop unnecessary dependencies (#34692)
2025-06-12 03:59:33 +00:00
packages
use experimental go json v2 library (#35392)
2025-09-28 08:03:36 +00:00
paginator
Only use prev and next buttons for pagination on user dashboard (#33981)
2025-03-23 19:52:43 +00:00
pprof
Implement FSFE REUSE for golang files (#21840)
2022-11-27 18:20:29 +00:00
private
Fix a bug when uploading file via lfs ssh command (#34408)
2025-05-09 16:17:08 +00:00
process
Use test context in tests and new loop system in benchmarks (#33648)
2025-02-20 09:57:40 +00:00
proxy
Replace gobwas/glob package (#35478)
2025-09-13 18:01:00 +00:00
proxyprotocol
Enable addtional linters (#34085)
2025-04-01 10:14:01 +00:00
public
Upgrade gopls to v0.19.0, add make fix (#34772)
2025-06-18 19:30:40 +00:00
queue
Fix various typos in codebase (#35480)
2025-09-13 10:34:43 -04:00
recaptcha
Implement FSFE REUSE for golang files (#21840)
2022-11-27 18:20:29 +00:00
references
Enable testifylint rules (#34075)
2025-03-31 01:53:48 -04:00
regexplru
Enable testifylint rules (#34075)
2025-03-31 01:53:48 -04:00
repository
Move some functions to gitrepo package (#35543)
2025-10-07 17:06:51 +08:00
reqctx
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
secret
Upgrade golangci-lint to v1.64.5 (#33654)
2025-02-21 00:05:40 +08:00
session
Add proper error message if session provider can not be created (#35520)
2025-09-28 12:24:19 +00:00
setting
Address some CodeQL security concerns (#35572)
2025-10-04 01:21:26 +08:00
sitemap
Fix sitemap (#22272)
2022-12-30 23:31:00 +08:00
ssh
Update x/crypto package and make builtin SSH use default parameters (#34667)
2025-06-09 19:51:02 +00:00
storage
Fix error logs and improve some comments/messages (#35105)
2025-07-17 19:09:54 +08:00
structs
feat: adds option to force update new branch in contents routes (#35592)
2025-10-06 21:23:14 -07:00
svg
Add sub issue list support (#32940)
2024-12-24 01:54:19 +00:00
system
Remove incorrect "db.DefaultContext" usages (#35366)
2025-08-28 03:52:43 +00:00
tailmsg
Support performance trace (#32973)
2025-01-21 18:57:07 +00:00
tempdir
Address some CodeQL security concerns (#35572)
2025-10-04 01:21:26 +08:00
templates
Move git config/remote to gitrepo package and add global lock to resolve possible conflict when updating repository git config file (#35151)
2025-09-01 18:47:04 +00:00
test
Validate hex colors when creating/editing labels (#34623)
2025-06-07 11:25:08 +03:00
testlogger
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
timeutil
Refactor embedded assets and drop unnecessary dependencies (#34692)
2025-06-12 03:59:33 +00:00
translation
Address some CodeQL security concerns (#35572)
2025-10-04 01:21:26 +08:00
turnstile
Add new captcha: cloudflare turnstile (#22369)
2023-02-05 15:29:03 +08:00
typesniffer
Fix various typos in codebase (#35480)
2025-09-13 10:34:43 -04:00
updatechecker
Enable addtional linters (#34085)
2025-04-01 10:14:01 +00:00
uri
Implement FSFE REUSE for golang files (#21840)
2022-11-27 18:20:29 +00:00
user
Refactor older tests to use testify (#33140)
2025-01-09 09:21:47 +08:00
util
Move some functions to gitrepo package (#35543)
2025-10-07 17:06:51 +08:00
validation
Replace gobwas/glob package (#35478)
2025-09-13 18:01:00 +00:00
web
Refactor to use reflect.TypeFor (#35370)
2025-08-27 20:13:31 -07:00
webhook
Add workflow_run api + webhook (#33964)
2025-06-20 20:14:00 +08:00
zstd
Refactor embedded assets and drop unnecessary dependencies (#34692)
2025-06-12 03:59:33 +00:00