MokoConsulting/MokoGitea-APP
1
0
Fork 0
Code Issues 158 Pull Requests 3 Releases 96 Wiki Activity

fix(actions): make artifact signature payloads unambiguous #146

New Issue
Closed
opened 2026-05-24 08:22:03 +00:00 by jmiller · 0 comments
jmiller commented 2026-05-24 08:22:03 +00:00
Owner
Copy Link
Copy Source

Summary

Replaces concatenation-style HMAC signing with unambiguous binary payload for artifact URLs. Prevents potential signature confusion attacks.

Upstream Reference

Severity: Medium

Security hardening for artifact URL signing.

Action

Cherry-pick from upstream release/v1.26.

Authored-by: Claude Opus 4.6 (1M context) noreply@anthropic.com

## Summary Replaces concatenation-style HMAC signing with unambiguous binary payload for artifact URLs. Prevents potential signature confusion attacks. ## Upstream Reference - PR: https://github.com/go-gitea/gitea/pull/37795 (backport of #37707) - Merged: 2026-05-20 - Branch: release/v1.26 ## Severity: Medium Security hardening for artifact URL signing. ## Action Cherry-pick from upstream `release/v1.26`. --- *Authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>*
jmiller added the securityupstream labels 2026-05-24 08:25:46 +00:00
Sign in to join this conversation.
Labels
Clear labels
breaking-change
Breaking API or behavior change
 ci-cd
CI/CD pipeline changes
 config
Configuration changes
 dependencies
Dependency updates
 deploy-failure
Deployment failed
 docker
Docker/container changes
 documentation
Documentation changes
 good first issue
Good for newcomers
 health-check
Repo health check result
 help wanted
Extra attention needed
 mokostandards
Related to MokoStandards framework
 push-failure
Git push operation failed
 security
Security vulnerability or hardening
 size/l
200-500 lines changed
 size/m
50-200 lines changed
 size/s
10-50 lines changed
 size/xl
500+ lines changed
 size/xs
< 10 lines changed
 standards-drift
Deviates from MokoStandards
 standards-update
MokoStandards compliance update
 sync-failure
Sync or mirror failed
 tech-debt
Technical debt and TODO/FIXME items
 upstream
upstream
Inherited from upstream Gitea
 work-in-progress
Draft or incomplete work
No labels security upstream
Priority High
Type Bug
Milestone
No items
No Milestone
Assignees
Clear assignees
jmiller (Jonathan Miller) moko-deploy (Moko Deploy Bot)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: MokoConsulting/MokoGitea-APP#146
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?