Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
floss.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
For people who care about, support, and build Free, Libre, and Open Source Software (FLOSS).

Administered by:

Server stats:

685
active users

floss.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

Forgejo

Hello admins,

We've published a post regarding the impact of the xz backdoor (CVE-2024-3094) on the Forgejo project.
forgejo.org/2024-03-xz/

forgejo.orgImpact of CVE-2024-3094 on Forgejo
#xz#cve20243094
Mar 31, 2024, 10:52 PM·Public
24boosts·37favorites
Public
synlogic

@forgejo cut to the chase, man: is it still possible to forge jo or has jo forging been compromised?

Public
Gusted

@synlogic @forgejo The excerpt (by forgejo.org/news/):

No direct impact of the xz backdoor (CVE-2024-3094) on Forgejo. The infrastructure that powers Forgejo is not impacted by this vulnerability. Forgejo itself is also not affected, however if you run an OpenSSH server for Git over SSH you could be affected by this CVE.

forgejo.orgBlog — ForgejoForgejo is a self-hosted lightweight software forge. Easy to install and low maintenance, it just does the job.
Explore
About