ughhh critical Gitea security issues (again!) and 0 proper disclosure nor info
Upgrade to 1.16.7 ASAP if you have untrusted user accounts
@f0x@social.pixie.town The release notes say there is a security fix, what else should they have done?
@tastytea CVE, communication with maintainers, and the fix was also just publicly available in main for a week. After discussing with a maintainer, their discord is apparently the only place to get such announcements
@tastytea there's also 0 info on the criticality, even though it's rather serious
@f0x@social.pixie.town Oof didn't realise it was public for so long before the release.
this is now the second time someone had to randomly mention in passing that I should upgrade my gitea, because there's a critical security issue you're just supposed to know about