diff options
| author | ᴜɴᴋɴᴡᴏɴ <u@gogs.io> | 2020-03-22 22:07:22 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-03-22 22:07:22 +0800 |
| commit | 22717a1c064511cf37c46af5e650baf7184cf25b (patch) | |
| tree | f98bb991145605567f8b43506a7add855db0a90f /CHANGELOG.md | |
| parent | 82e511ddb1d1e98ebe6b1931766b0835fc066883 (diff) | |
webhook: overhaul route handlers (#6002)
* Overual route handlers and fixes #5366
* Merge routes for repo and org
* Inject OrgRepoContext
* DRY validateWebhook
* DRY c.HasError
* Add tests
* Update CHANGELOG
Diffstat (limited to 'CHANGELOG.md')
| -rw-r--r-- | CHANGELOG.md | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index c72230d8..49c9c6a0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -40,6 +40,7 @@ All notable changes to Gogs are documented in this file. - [Security] Potential ability to delete files outside a repository. - [Security] Potential ability to set primary email on others' behalf from their verified emails. - [Security] Potential XSS attack via `.ipynb`. [#5170](https://github.com/gogs/gogs/issues/5170) +- [Security] Potential SSRF attack via webhooks. [#5366](https://github.com/gogs/gogs/issues/5366) - [Security] Potential CSRF attack in admin panel. [#5367](https://github.com/gogs/gogs/issues/5367) - [Security] Potential RCE on mirror repositories. [#5767](https://github.com/gogs/gogs/issues/5767) - [Security] Potential XSS attack with raw markdown API. [#5907](https://github.com/gogs/gogs/pull/5907) |