Skip to content

Dont leak private users via extensions (#28023)#28029

Merged
6543 merged 1 commit intogo-gitea:release/v1.21from
GiteaBot:backport-28023-v1.21
Nov 13, 2023
Merged

Dont leak private users via extensions (#28023)#28029
6543 merged 1 commit intogo-gitea:release/v1.21from
GiteaBot:backport-28023-v1.21

Conversation

@GiteaBot
Copy link
Copy Markdown
Collaborator

@GiteaBot GiteaBot commented Nov 13, 2023

Backport #28023 by @6543

there was no check in place if a user could see a other user, if you append e.g. .rss

@GiteaBot GiteaBot added topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/bug labels Nov 13, 2023
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Nov 13, 2023
@GiteaBot GiteaBot requested a review from delvh November 13, 2023 22:30
@GiteaBot GiteaBot added this to the 1.21.0 milestone Nov 13, 2023
@GiteaBot GiteaBot requested a review from denyskon November 13, 2023 22:30
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Nov 13, 2023
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Nov 13, 2023
@6543 6543 merged commit eef4148 into go-gitea:release/v1.21 Nov 13, 2023
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Feb 12, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@6543 6543 6543 approved these changes

@jolheiser jolheiser jolheiser approved these changes

@delvh delvh delvh approved these changes

@denyskon denyskon Awaiting requested review from denyskon

Assignees

@6543 6543

Labels

lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/bug

Projects

None yet

Milestone

1.21.0

Development

Successfully merging this pull request may close these issues.

4 participants

@GiteaBot @6543 @jolheiser @delvh