Gogs fix- login exploit

Gogs has been fixed, ddoser has been banned and a login exploit had been fixed.

Thank you for your cooperation

Credit to @tech_dude1 for finding and patching the login exploit, Login exploit patch is slowly being rolled out.


@17lwinn CEO/Head Admin
@tech_dude1 Head Admin/Community Manager/ Trust and Safety Director
@J-Tech-Foundation Trust and Safety Team Specialist
@javaarchive Trust and Safety Team Specialist

1 Like

Will you disclose this vulnerability to the public, for other Gogs operators?

Any kind of attack or vulnerability that threatens a user’s safety we will disclose to the public

This is to say that the login exploit is not one that threatens a user’s safety, and that you won’t report this?

The exploit was allowing regular users to access staff accounts, it has now been resolved.

All reports will be on OUR forum, check The new Gogs support forum is open!