mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2026-04-21 01:26:57 -04:00
6 lines
No EOL
1.2 KiB
Markdown
6 lines
No EOL
1.2 KiB
Markdown
Accessing the `/repositories/{id}` API with a public-only access token did not restrict read access to only public repositories, which is now prevented.
|
|
Accessing the `/repos/{owner}/{repo}/issues/{index}/dependencies` and `/repos/{owner}/{repo}/issues/{index}/blocks` APIs with a public-only access token had access to modification operations against private repositories in the *form* component of the API (not the URL component), which is now prevented.
|
|
Accessing the `/repos/{owner}/{repo}/issues/{index}/dependencies` and `/repos/{owner}/{repo}/issues/{index}/blocks` APIs with a public-only access token could view dependencies or blocking issues from private repositories, which is now prevented.
|
|
Accessing the `/repos/{owner}/{repo}/issues/{index}/timeline` API with a public-only access token could view comment cross-references from private repositories, which is now prevented.
|
|
Accessing the `/teams/{id}/repos/{org}/{repo}` API with a public-only access token could view private repositories assigned to a team, which is now prevented.
|
|
Access the watched repos and starred repos of a your own user through /user/subscriptions and /user/starred APIs with a public-only access token could view private repositories, which is now prevented. |