Gogs v0.12.8 Release Notes

  • ๐Ÿ”„ Changed

    • All users (including admins) need to use the configuration option [security] LOCAL_NETWORK_ALLOWLIST to allow repository migration and webhooks to be able to access local network addresses, which is a comma separated list of hostnames. #6988

    ๐Ÿ›  Fixed

    • ๐Ÿ”’ Security: SSRF in webhook. #6901
    • ๐Ÿ”’ Security: XSS in cookies. #6953
    • ๐Ÿ”’ Security: OS Command Injection in file uploading. #6968
    • ๐Ÿ”’ Security: Remote Command Execution in file editing. #6555