fix(security): remove user / password from the URL #102

Merged

earl-warren merged 1 commit from earl-warren/release-notes-assistant:wip-read-token into main 2025-08-02 11:52:59 +00:00

Conversation 1 Commits 1 Files changed 2 +20 -2

earl-warren commented 2025-08-02 09:09:10 +00:00

Contributor

Copy link

If a URL such as http://user:password@example.com is provided to the --forgejo-url argument, remove it. The credentials can only be provided via the --token argument. The would otherwise be leaked in the release notes, as part of the URL to the pull requests.

If a URL such as http://user:password@example.com is provided to the --forgejo-url argument, remove it. The credentials can only be provided via the --token argument. The would otherwise be leaked in the release notes, as part of the URL to the pull requests.

earl-warren added the

bug

label 2025-08-02 09:09:10 +00:00

earl-warren self-assigned this 2025-08-02 09:09:10 +00:00

earl-warren added 1 commit 2025-08-02 09:09:10 +00:00

fix(security): remove user / password from the URL ... 143f112344

If a URL such as http://user:password@example.com is provided
to the --forgejo-url argument, remove it. The credentials can only be
provided via the --token argument. The would otherwise be leaked in
the release notes, as part of the URL to the pull requests.

earl-warren 2025-08-02 09:09:39 +00:00

• added the
  security
  label
• requested reviews from viceice, Gusted

viceice approved these changes 2025-08-02 11:36:12 +00:00

earl-warren merged commit 6ff65648a1 into main 2025-08-02 11:52:59 +00:00

earl-warren deleted branch wip-read-token 2025-08-02 11:53:00 +00:00

earl-warren referenced this pull request from a commit 2025-08-02 11:53:00 +00:00

fix(security): remove user / password from the URL (#102)

viceice-bot referenced this pull request from actions/forgejo-release 2025-08-02 13:01:09 +00:00

Update dependency forgejo/release-notes-assistant to v1.4.0 #78

earl-warren referenced this pull request from a commit 2025-08-02 13:14:50 +00:00

Update dependency forgejo/release-notes-assistant to v1.4.0 (#78)

viceice-bot referenced this pull request from forgejo/runner 2025-08-02 19:31:02 +00:00

Update dependency forgejo/release-notes-assistant to v1.4.0 #795

earl-warren referenced this pull request from a commit 2025-08-02 20:13:44 +00:00

Update dependency forgejo/release-notes-assistant to v1.4.0 (#795)

release-manager-mirror referenced this pull request from a commit 2025-08-03 00:17:28 +00:00

Update dependency forgejo/release-notes-assistant to v1.4.0 (#364)

forgejo-mirror referenced this pull request from a commit 2025-09-12 06:01:25 +00:00

Update dependency forgejo/release-notes-assistant to v1.4.1 (forgejo) (#9265)

Sign in to join this conversation.

Reviewers

No reviewers

Gusted

viceice

Labels

Clear labels   

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

invalid

Something is wrong

  

question

More information is needed

  

security

Security fix or enhancement

  

wontfix

This won't be fixed

No labels

bug

duplicate

enhancement

help wanted

invalid

question

security

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

earl-warren

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Reference

forgejo/release-notes-assistant!102

No description provided.