MokoConsulting/MokoGitea
1
0
Fork 0
Code Issues 142 Pull Requests Releases 90 Wiki Activity

SECURITY: fix release download gating and require login for actions #415

Merged
jmiller merged 1 commits from dev into main 2026-06-02 13:41:15 +00:00
Conversation 0 Commits 1 Files Changed 2
+23 -4

1 Commits

Author SHA1 Message Date
Jonathan Miller b65b155446 SECURITY: fix release download gating and require login for actions
Branch Policy Check / Verify merge target (pull_request) Successful in 1s
Details
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 5s
Details
Branch Cleanup / Delete merged branch (pull_request) Has been skipped
Details
PR RC Release / Build RC Release (pull_request) Successful in 21s
Details
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Details 
Release gating: HideReleaseDownloads now checks download_gating
setting in addition to feed_visibility. When licensing is enabled
and download_gating != "none", anonymous users see "Sign in to
download" instead of download links on the release page.

Actions: changed from optSignIn to reqSignIn on the repo actions
route group. Anonymous users can no longer view CI/CD runs, logs,
or artifacts. This is a MokoGitea policy override — upstream Gitea
allows public actions on public repos.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-06-02 08:40:40 -05:00