mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-21 21:27:13 +00:00
add security fixes details, link to compare
This commit is contained in:
parent
95fa27374b
commit
2b2c0f1ae2
|
@ -6,7 +6,7 @@ The Forgejo admin should carefully read the required manual actions before upgra
|
|||
|
||||
## 1.21.11-0
|
||||
|
||||
The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.21/forgejo) included in the `Forgejo v1.21.11-0` release can be reviewed from the command line with:
|
||||
[The complete list of new commits included in the Forgejo v1.21.11-0 release can be reviewed here](https://codeberg.org/forgejo/forgejo/compare/v1.21.10-0...v1.21.11-0), or from the comand line with:
|
||||
|
||||
```shell
|
||||
$ git clone https://codeberg.org/forgejo/forgejo
|
||||
|
@ -25,7 +25,8 @@ This stable release contains bug fixes and a **security fix**.
|
|||
|
||||
* Security fix
|
||||
|
||||
[This is a security release](https://codeberg.org/forgejo/security-announcements/issues/9), details about the bug and fix are currently TBA.
|
||||
* [Fixed a bug that allows user-supplied, non-sandboxed JavaScript to be run from the same domain as the forge](https://codeberg.org/forgejo/forgejo/commit/8dcc7d9e8ce36d94bae1a1becddc4735f51add3c), via `/{owner}/{repo}/render/branch/{branch}/{filename}` URLs.
|
||||
* [Fixed a privilege escalation through git push options](https://codeberg.org/forgejo/forgejo/commit/cc80e661531794fff7f8a336eaaefdb7e3bd3956) that allows any user to change the visibility of any repository they can see, regardless of their level of access.
|
||||
|
||||
* Bug fixes
|
||||
|
||||
|
|
Loading…
Reference in a new issue