gitea

yel/gitea

mirror of https://github.com/go-gitea/gitea.git synced 2025-12-18 23:16:04 +08:00

History

Giteabot 0a87bf9016 Some checks failed release-nightly / nightly-binary (push) Has been cancelled Details release-nightly / nightly-docker-rootful (push) Has been cancelled Details release-nightly / nightly-docker-rootless (push) Has been cancelled Details Fixing issue #35530 : Password Leak in Log Messages (#35584 ) (#35665 ) Backport #35584 by @shashank-netapp # Summary The Gitea codebase was logging `Elasticsearch` and `Meilisearch` connection strings directly to log files without sanitizing them. Since connection strings often contain credentials in the format `protocol://username:password@host:port`, this resulted in passwords being exposed in plain text in log output. Fix: - wrapped all instances of setting.Indexer.RepoConnStr and setting.Indexer.IssueConnStr with the `util.SanitizeCredentialURLs()` function before logging them. Fixes: #35530 Co-authored-by: shashank-netapp <108022276+shashank-netapp@users.noreply.github.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>		2025-10-15 09:39:33 +00:00
..
bleve	update go&js dependencies (#34262 )	2025-04-23 21:22:40 +00:00
elasticsearch	Enable testifylint rules (#34075 )	2025-03-31 01:53:48 -04:00
gitgrep	enable staticcheck QFxxxx rules (#34064 )	2025-03-29 17:32:28 -04:00
internal	Enable addtional linters (#34085 )	2025-04-01 10:14:01 +00:00
git.go	Remove context from git struct (#33793 )	2025-03-04 11:56:11 -08:00
indexer_test.go	Enable testifylint rules (#34075 )	2025-03-31 01:53:48 -04:00
indexer.go	Fixing issue #35530 : Password Leak in Log Messages (#35584 ) (#35665 )	2025-10-15 09:39:33 +00:00
search.go	Improve issue & code search (#33860 )	2025-03-13 11:07:48 +08:00