**‍fuchsiaaaaaaaaaaaaaaaaa** @f0x@pixie.town · 2022-05-15T01:16:18Z

‍fuchsiaaaaaaaaaaaaaaaaa @f0x@pixie.town

‍fuchsiaaaaaaaaaaaaaaaaa @f0x@pixie.town

ughhh critical Gitea security issues (again!) and 0 proper disclosure nor info

Upgrade to 1.16.7 ASAP if you have untrusted user accounts

May 15, 2022, 01:16 · · · ·

**‍fuchsiaaaaaaaaaaaaaaaaa** @f0x@pixie.town · May 15, 2022, 01:16

**‍fuchsiaaaaaaaaaaaaaaaaa** @f0x@pixie.town · May 15, 2022, 01:16

May 15, 2022, 01:16

‍fuchsiaaaaaaaaaaaaaaaaa @f0x@pixie.town

this is now the second time someone had to randomly mention in passing that I should upgrade my gitea, because there's a critical security issue you're just supposed to know about

**cuddly tea** @tastytea@very.tastytea.de · May 15, 2022, 01:22

**cuddly tea** @tastytea@very.tastytea.de · May 15, 2022, 01:22

May 15, 2022, 01:22

cuddly tea @tastytea@very.tastytea.de

@f0x@social.pixie.town The release notes say there is a security fix, what else should they have done?

**‍fuchsiaaaaaaaaaaaaaaaaa** @f0x@pixie.town · May 15, 2022, 01:24

**‍fuchsiaaaaaaaaaaaaaaaaa** @f0x@pixie.town · May 15, 2022, 01:24

May 15, 2022, 01:24

‍fuchsiaaaaaaaaaaaaaaaaa @f0x@pixie.town

@tastytea CVE, communication with maintainers, and the fix was also just publicly available in main for a week. After discussing with a maintainer, their discord is apparently the only place to get such announcements

**‍fuchsiaaaaaaaaaaaaaaaaa** @f0x@pixie.town · May 15, 2022, 01:26

**‍fuchsiaaaaaaaaaaaaaaaaa** @f0x@pixie.town · May 15, 2022, 01:26

May 15, 2022, 01:26

‍fuchsiaaaaaaaaaaaaaaaaa @f0x@pixie.town

@tastytea there's also 0 info on the criticality, even though it's rather serious

**cuddly tea** @tastytea@very.tastytea.de · May 15, 2022, 01:31

**cuddly tea** @tastytea@very.tastytea.de · May 15, 2022, 01:31

May 15, 2022, 01:31

cuddly tea @tastytea@very.tastytea.de

@f0x@social.pixie.town Oof didn't realise it was public for so long before the release.

Resources

Developers

What is Mastodon?

pixie.town

More…