Fix vulnerability reported in #4006

4 files changed, 4 insertions, 4 deletions

diff --git a/README.md b/README.md
index f7e0088f..819ed1ab 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@ Gogs - Go Git Service [![Build Status](https://travis-ci.org/gogits/gogs.svg?bra
 
 ![](https://github.com/gogits/gogs/blob/master/public/img/gogs-large-resize.png?raw=true)
 
-##### Current tip version: 0.9.114 (see [Releases](https://github.com/gogits/gogs/releases) for binary versions ~~or submit a task on [alpha stage automated binary building system](https://build.gogs.io/)~~)
+##### Current tip version: 0.9.115 (see [Releases](https://github.com/gogits/gogs/releases) for binary versions ~~or submit a task on [alpha stage automated binary building system](https://build.gogs.io/)~~)
 
 | Web | UI  | Preview  |
 |:-------------:|:-------:|:-------:|
diff --git a/gogs.go b/gogs.go
index f99dccf6..cb56bb5f 100644
--- a/gogs.go
+++ b/gogs.go
@@ -17,7 +17,7 @@ import (
 	"github.com/gogits/gogs/modules/setting"
 )
 
-const APP_VER = "0.9.114.1227"
+const APP_VER = "0.9.115.0103"
 
 func init() {
 	runtime.GOMAXPROCS(runtime.NumCPU())
diff --git a/routers/repo/pull.go b/routers/repo/pull.go
index 4f0ef1ed..1348c7de 100644
--- a/routers/repo/pull.go
+++ b/routers/repo/pull.go
@@ -49,7 +49,7 @@ func getForkRepository(ctx *context.Context) *models.Repository {
 		return nil
 	}
 
-	if !forkRepo.CanBeForked() {
+	if !forkRepo.CanBeForked() || !ctx.Repo.HasAccess() {
 		ctx.Handle(404, "getForkRepository", nil)
 		return nil
 	}
diff --git a/templates/.VERSION b/templates/.VERSION
index 1bc48f34..5014f536 100644
--- a/templates/.VERSION
+++ b/templates/.VERSION
@@ -1 +1 @@
-0.9.114.1227
\ No newline at end of file
+0.9.115.0103
\ No newline at end of file