forgejo: flag EOL and known vulnerabilities

author: Adam Stephens <adam@valkor.net> 2024-06-16 09:45:11 -0400
committer: Adam Stephens <adam@valkor.net> 2024-06-16 09:45:11 -0400
commit: e1f9591c2a79dcbfeb7a9fc6549312c548bbe400 (patch)
tree: 0fe2c336b739215b14ed6d05758ebc898954d4b2
parent: c884223af91820615a6146af1ae1fea25c107005 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/pkgs/applications/version-management/forgejo/default.nix b/pkgs/applications/version-management/forgejo/default.nix
index 40f95f171dc43..9de58d8fd621b 100644
--- a/pkgs/applications/version-management/forgejo/default.nix
+++ b/pkgs/applications/version-management/forgejo/default.nix
@@ -151,5 +151,9 @@ buildGoModule rec {
     maintainers = with lib.maintainers; [ emilylange urandom bendlas adamcstephens ];
     broken = stdenv.isDarwin;
     mainProgram = "gitea";
+    knownVulnerabilities = [
+      "Forgejo v1.20.x is EOL"
+      "OAuth2 implementation does not always require authentication for public clients"
+    ];
   };
 }
author	Adam Stephens <adam@valkor.net>	2024-06-16 09:45:11 -0400
committer	Adam Stephens <adam@valkor.net>	2024-06-16 09:45:11 -0400
commit	e1f9591c2a79dcbfeb7a9fc6549312c548bbe400 (patch)
tree	0fe2c336b739215b14ed6d05758ebc898954d4b2
parent	c884223af91820615a6146af1ae1fea25c107005 (diff)