pyrox.dev
gogs: mark as insecure
gogs is affected by the recent vulnerabilities reported by the forgejo
team. There is little/no real development activities in the gogs
repository and the upstream maintainers do not seem to have
acknowledged the security issues.
authored by Thomas Gerbet and committed by Martin Weinelt aa629d98 af8901aa
+7
pkgs/applications/version-management/gogs/default.nix
+7
pkgs/applications/version-management/gogs/default.nix
···
45
license = licenses.mit;
46
maintainers = [ maintainers.schneefux ];
47
mainProgram = "gogs";
48
+
knownVulnerabilities = [ ''
49
+
Gogs has known unpatched vulnerabilities and upstream maintainers appears to be unresponsive.
50
+
51
+
More information can be found in forgejo's blogpost: https://forgejo.org/2023-11-release-v1-20-5-1/
52
+
53
+
You might want to consider migrating to Gitea or forgejo.
54
+
'' ];
55
};
56
}