diff options
author | Thomas Gerbet <thomas@gerbet.me> | 2023-12-02 00:55:04 +0100 |
---|---|---|
committer | Martin Weinelt <mweinelt@users.noreply.github.com> | 2024-01-07 18:38:17 +0100 |
commit | aa629d9877cdeac2638223c8e75936657a590647 (patch) | |
tree | 1c40d0d39409cfcd5a210f35b0b91056cffeafba /pkgs/applications/version-management/gogs/default.nix | |
parent | af8901aa2c81b7cf3ce1ada33fe508d46f36431e (diff) |
gogs: mark as insecure
gogs is affected by the recent vulnerabilities reported by the forgejo team. There is little/no real development activities in the gogs repository and the upstream maintainers do not seem to have acknowledged the security issues.
Diffstat (limited to 'pkgs/applications/version-management/gogs/default.nix')
-rw-r--r-- | pkgs/applications/version-management/gogs/default.nix | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/pkgs/applications/version-management/gogs/default.nix b/pkgs/applications/version-management/gogs/default.nix index e0f20d1467f61..0f3c106a7e1fb 100644 --- a/pkgs/applications/version-management/gogs/default.nix +++ b/pkgs/applications/version-management/gogs/default.nix @@ -45,5 +45,12 @@ buildGoModule rec { license = licenses.mit; maintainers = [ maintainers.schneefux ]; mainProgram = "gogs"; + knownVulnerabilities = [ '' + Gogs has known unpatched vulnerabilities and upstream maintainers appears to be unresponsive. + + More information can be found in forgejo's blogpost: https://forgejo.org/2023-11-release-v1-20-5-1/ + + You might want to consider migrating to Gitea or forgejo. + '' ]; }; } |