earl-warren closed issue forgejo/security-announcements#37
https://codeberg.org/forgejo/security-announcements/issues/37#issuecomment-5777975
Published: July 10, 2025 13:22
Forgejo v11.0.3 and v7.0.16 - CVE-2025-48385
🦜 Feed of "forgejo/security-announcements"
@codeberg.org.forgejo.security-announcements@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.
---
Watch this repository or subscribe to the RSS feed to get advance warning of security releases. They will not reveal the details of the vulnerability but allow Forgejo admins to plan ahead and better secure their instance.
Site URL: codeberg.org/forgejo/security-announcements
Feed URL: codeberg.org/forgejo/security-announcements.rss
Posts: 9
Followers: 1
earl-warren commented on issue forgejo/security-announcements#37
https://codeberg.org/forgejo/security-announcements/issues/37#issuecomment-5777972
Published: July 10, 2025 13:22
Forgejo v11.0.3 and v7.0.16 - CVE-2025-48385 Forgejo v11.0.3 Git update fixing CVE-2025-48385 Git vulnerabilities were disclosed 8 July 2025 and require an update of the Git version used by Forgejo to Git v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3,…
earl-warren commented on issue forgejo/security-announcements#37
https://codeberg.org/forgejo/security-announcements/issues/37#issuecomment-5763671
Published: July 9, 2025 04:28
Forgejo v11.0.3 - CVE-2025-48385 The GitHub blog has since silently been modified (previous version and current version) and shows transfer.bundleURI. The description of this announcement was updated accordingly. This will be double checked and an update…
Gusted commented on issue forgejo/security-announcements#37
https://codeberg.org/forgejo/security-announcements/issues/37#issuecomment-5762822
Published: July 9, 2025 00:22
Forgejo v11.0.3 - CVE-2025-48385 Yes it's a "typo" but rather a failure on my due diligence. We copied this from the Github blog and we did notice that this config didn't exist in the documentation. According to my shell history I copied the typo'ed…
tebriel commented on issue forgejo/security-announcements#37
https://codeberg.org/forgejo/security-announcements/issues/37#issuecomment-5762750
Published: July 9, 2025 00:11
Forgejo v11.0.3 - CVE-2025-48385 @earl-warren I don't see transport.bundleURI in man git-config but I do see transfer.bundleURI. Am I just looking in the wrong place or is this a typo? transfer.bundleURI When true, local git clone commands will request…
earl-warren opened issue forgejo/security-announcements#37
https://codeberg.org/forgejo/security-announcements/issues/37
Published: July 8, 2025 22:09
37#Forgejo v11.0.3 - CVE-2025-48385#
earl-warren closed issue forgejo/security-announcements#23
https://codeberg.org/forgejo/security-announcements/issues/23#issuecomment-4077983
Published: May 2, 2025 17:20
Forgejo v11.0.1 and v7.0.15
earl-warren commented on issue forgejo/security-announcements#23
https://codeberg.org/forgejo/security-announcements/issues/23#issuecomment-4077962
Published: May 2, 2025 17:20
Forgejo v11.0.1 and v7.0.15 v11.0.1 Security bug fixes PR (backported): If LFS is enabled on a Forgejo instance with [server].LFS_START_SERVER = true (this is not the default), it was possible for a registered user to upload LFS files to a repository to…
earl-warren opened issue forgejo/security-announcements#23
https://codeberg.org/forgejo/security-announcements/issues/23
Published: April 27, 2025 09:09
23#Forgejo v11.0.1 and v7.0.15#