Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Local storage should not store files as executable (#22162) #22163

Merged
merged 1 commit into from
Dec 18, 2022
Merged

Local storage should not store files as executable (#22162) #22163

merged 1 commit into from
Dec 18, 2022

Conversation

zeripath
Copy link
Contributor

Backport #22162

The PR #21198 introduced a probable security vulnerability which resulted in making all storage files be marked as executable.

This PR ensures that these are forcibly marked as non-executable.

Fix #22161

Signed-off-by: Andrew Thornton art27@cantab.net

@zeripath
Local storage should not store files as executable (go-gitea#22162)
6b599cd 
Backport go-gitea#22162

The PR go-gitea#21198 introduced a probable security vulnerability which resulted in making all
storage files be marked as executable.

This PR ensures that these are forcibly marked as non-executable.

Fix go-gitea#22161

Signed-off-by: Andrew Thornton <art27@cantab.net>
@zeripath zeripath added type/bug issue/regression Issue needs no code to be fixed, only a description on how to fix it yourself labels Dec 18, 2022
@zeripath zeripath added this to the 1.18.0 milestone Dec 18, 2022
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Dec 18, 2022
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Dec 18, 2022
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Dec 18, 2022
@lafriks lafriks merged commit 56bded9 into go-gitea:release/v1.18 Dec 18, 2022
@zeripath zeripath deleted the backport-22162-v1.18 branch December 19, 2022 13:14
@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@KN4CK3R KN4CK3R KN4CK3R approved these changes

@lafriks lafriks lafriks approved these changes

Assignees
No one assigned
Labels
issue/regression Issue needs no code to be fixed, only a description on how to fix it yourself lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/bug
Projects
None yet
Milestone
1.18.0
Development

Successfully merging this pull request may close these issues.
4 participants
@zeripath @lafriks @KN4CK3R @GiteaBot