gogs: mark as insecure

gogs is affected by the recent vulnerabilities reported by the forgejo team. There is little/no real development activities in the gogs repository and the upstream maintainers do not seem to have acknowledged the security issues.
author: Thomas Gerbet <thomas@gerbet.me> 2023-12-02 00:55:04 +0100
committer: Martin Weinelt <mweinelt@users.noreply.github.com> 2024-01-07 18:38:17 +0100
commit: aa629d9877cdeac2638223c8e75936657a590647 (patch)
tree: 1c40d0d39409cfcd5a210f35b0b91056cffeafba /pkgs/applications/version-management/gogs/default.nix
parent: af8901aa2c81b7cf3ce1ada33fe508d46f36431e (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/pkgs/applications/version-management/gogs/default.nix b/pkgs/applications/version-management/gogs/default.nix
index e0f20d1467f61..0f3c106a7e1fb 100644
--- a/pkgs/applications/version-management/gogs/default.nix
+++ b/pkgs/applications/version-management/gogs/default.nix
@@ -45,5 +45,12 @@ buildGoModule rec {
     license = licenses.mit;
     maintainers = [ maintainers.schneefux ];
     mainProgram = "gogs";
+    knownVulnerabilities = [ ''
+      Gogs has known unpatched vulnerabilities and upstream maintainers appears to be unresponsive.
+
+      More information can be found in forgejo's blogpost: https://forgejo.org/2023-11-release-v1-20-5-1/
+
+      You might want to consider migrating to Gitea or forgejo.
+    '' ];
   };
 }
author	Thomas Gerbet <thomas@gerbet.me>	2023-12-02 00:55:04 +0100
committer	Martin Weinelt <mweinelt@users.noreply.github.com>	2024-01-07 18:38:17 +0100
commit	aa629d9877cdeac2638223c8e75936657a590647 (patch)
tree	1c40d0d39409cfcd5a210f35b0b91056cffeafba /pkgs/applications/version-management/gogs/default.nix
parent	af8901aa2c81b7cf3ce1ada33fe508d46f36431e (diff)