From 22717a1c064511cf37c46af5e650baf7184cf25b Mon Sep 17 00:00:00 2001
From: ᴜɴᴋɴᴡᴏɴ <u@gogs.io>
Date: Sun, 22 Mar 2020 22:07:22 +0800
Subject: webhook: overhaul route handlers (#6002)

* Overual route handlers and fixes #5366

* Merge routes for repo and org

* Inject OrgRepoContext

* DRY validateWebhook

* DRY c.HasError

* Add tests

* Update CHANGELOG
---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

(limited to 'CHANGELOG.md')

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c72230d8..49c9c6a0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -40,6 +40,7 @@ All notable changes to Gogs are documented in this file.
 - [Security] Potential ability to delete files outside a repository.
 - [Security] Potential ability to set primary email on others' behalf from their verified emails.
 - [Security] Potential XSS attack via `.ipynb`. [#5170](https://github.com/gogs/gogs/issues/5170)
+- [Security] Potential SSRF attack via webhooks. [#5366](https://github.com/gogs/gogs/issues/5366)
 - [Security] Potential CSRF attack in admin panel. [#5367](https://github.com/gogs/gogs/issues/5367)
 - [Security] Potential RCE on mirror repositories. [#5767](https://github.com/gogs/gogs/issues/5767)
 - [Security] Potential XSS attack with raw markdown API. [#5907](https://github.com/gogs/gogs/pull/5907)
-- 
cgit v1.2.3