this is now the second time someone had to randomly mention in passing that I should upgrade my gitea, because there's a critical security issue you're just supposed to know about
@tastytea CVE, communication with maintainers, and the fix was also just publicly available in main for a week. After discussing with a maintainer, their discord is apparently the only place to get such announcements
@tastytea there's also 0 info on the criticality, even though it's rather serious