Update cgit to version 1.2.1
Directory traversal through http cloning (which we have enabled) in versions < 1.2.1. We should update soonish.
#2 Updated by zecke about 1 year ago
- Status changed from Resolved to New
I had to reboot host2.osmocom.org and after a manual "docker-compose start" it seems we are back to a vulnerable version:
dpkg -l | grep cgit ii cgit 1.1+git2.10.2-3 apt-cache show cgit Package: cgit Version: 1.1+git2.10.2-3
Patched version: 1.1+git2.10.2-3+deb9u1
- Status changed from New to Resolved
fixed almost immediately after the ticket was created, just forgot to update the ticket.
root@host2 /etc/compose # docker-compose exec cgit bash root@cgit:/# dpkg -l | grep -i cgit ii cgit 1.1+git2.10.2-3+deb9u1 amd64 hyperfast web frontend for git repositories written in C