Mastodon Feed
Boosted by brib@bribstodon.xyz ("brib :neofox_floof: :Nonbinary:"):
forgejo@floss.social ("Forgejo") wrote:
A security vulnerability labelled CVE-2026-27771 affecting Forgejo and Gitea is being widely reported recently.
Packages in Forgejo are visible to unauthenticated users if they are published under a public owner, as designed. It is not a security vulnerability, but a misunderstanding about the permissions and a good opportunity for users to review that they are not in a misconfigured state.
Please see the statement issued by the security team here for more details: https://codeberg.org/forgejo/website/issues/839#issuecomment-15980039