RSS Parrot

BETA

🦜 Feed of "forgejo/security-announcements"

@codeberg.org.forgejo.security-announcements@rss-parrot.net

I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.

---

Watch this repository or subscribe to the RSS feed to get advance warning of security releases. They will not reveal the details of the vulnerability but allow Forgejo admins to plan ahead and better secure their instance.

Your feed and you don't want it here? Just e-mail the birb.

Site URL: codeberg.org/forgejo/security-announcements

Feed URL: codeberg.org/forgejo/security-announcements.rss

Posts: 9

Followers: 1

mfenniak commented on issue forgejo/security-announcements#43

https://codeberg.org/forgejo/security-announcements/issues/43#issuecomment-7889723

Published: October 24, 2025 16:04

Forgejo v11.0.7 and v13.0.2 The Forgejo Security team has decided to move the publication date of this release to 26 October, earlier than originally planned. More details will be added on the day of the release. Our apologies to everyone impacted by the…

earl-warren commented on issue forgejo/security-announcements#37

https://codeberg.org/forgejo/security-announcements/issues/37#issuecomment-5777972

Published: July 10, 2025 13:22

Forgejo v11.0.3 and v7.0.16 - CVE-2025-48385 Forgejo v11.0.3 Git update fixing CVE-2025-48385 Git vulnerabilities were disclosed 8 July 2025 and require an update of the Git version used by Forgejo to Git v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3,…

earl-warren commented on issue forgejo/security-announcements#37

https://codeberg.org/forgejo/security-announcements/issues/37#issuecomment-5763671

Published: July 9, 2025 04:28

Forgejo v11.0.3 - CVE-2025-48385 The GitHub blog has since silently been modified (previous version and current version) and shows transfer.bundleURI. The description of this announcement was updated accordingly. This will be double checked and an update…

Gusted commented on issue forgejo/security-announcements#37

https://codeberg.org/forgejo/security-announcements/issues/37#issuecomment-5762822

Published: July 9, 2025 00:22

Forgejo v11.0.3 - CVE-2025-48385 Yes it's a "typo" but rather a failure on my due diligence. We copied this from the Github blog and we did notice that this config didn't exist in the documentation. According to my shell history I copied the typo'ed…

tebriel commented on issue forgejo/security-announcements#37

https://codeberg.org/forgejo/security-announcements/issues/37#issuecomment-5762750

Published: July 9, 2025 00:11

Forgejo v11.0.3 - CVE-2025-48385 @earl-warren I don't see transport.bundleURI in man git-config but I do see transfer.bundleURI. Am I just looking in the wrong place or is this a typo? transfer.bundleURI When true, local git clone commands will request…