Gogs has been fixed, ddoser has been banned and a login exploit had been fixed.
Thank you for your cooperation
Credit to @Techy for finding and patching the login exploit, Login exploit patch is slowly being rolled out.
@random CEO/Head Admin
@Techy Head Admin/Community Manager/ Trust and Safety Director
@J-Tech-Foundation Trust and Safety Team Specialist
@javaarchive Trust and Safety Team Specialist
Will you disclose this vulnerability to the public, for other Gogs operators?
Any kind of attack or vulnerability that threatens a user’s safety we will disclose to the public
This is to say that the login exploit is not one that threatens a user’s safety, and that you won’t report this?
The exploit was allowing regular users to access staff accounts, it has now been resolved.
All reports will be on OUR forum, check The new Gogs support forum is open!