Hackers exploit unpatched #Gogs zero-day to breach 700 servers
#gogs
»Self-hosted Git — Jeder zweite Gogs-Server im Netz ist wohl kompromittiert:
Auch in Deutschland dürften einige Gogs-Instanzen betroffen sein. Angreifer können über eine bisher ungepatchte Lücke Schadcode einschleusen.«
Diesbezüglich gibt es einige Open-Source Git-Hoster Alternativen, welche könnt ihr empfehlen oder gleich Git auf Server rudimentär ohne GUI einrichten?
#git #gogs #selfhosting #opensource #it #github #selfhostedgit #itsicherheit #web #itsec
Gogs bị phát hiện lỗ hổng RCE Zero-Day (CVE-2025-8110) đang bị khai thác. Wiz Blog cảnh báo nguy cơ an ninh nghiêm trọng. #CVE20258110 #CyberSecurity #LỗHổngZeroDay #Gogs #AnNinhMạng
Alarming: Jeder zweite self-hosted Gogs-Server im Netz ist kompromittiert! 🔒💥 Forscher entdecken schwere Sicherheitslücken in der Git-Software. Zeit für Updates oder Alternativen wie Gitea?
Critical #Gogs zero-day under attack, 700 servers hacked
https://securityaffairs.com/185593/hacking/critical-gogs-zero-day-under-attack-700-servers-hacked.html
#securityaffairs #hacking
Sites built with Gogs (for self-hosting) are getting clobbered at the moment.
https://www.theregister.com/2025/12/10/gogs_0day_under_active_exploitation/?td=rt-3a
Si vous utilisez Gogs, vous avez un gros problème
https://fed.brid.gy/r/https://korben.info/gogs-faille-zero-day-rce-alerte-migrer-gitea.html
@luyapapi @LePertti I sync all my laptop/phone/tablet stuff with #nextcloud. It comes with many daily helpers too. Photos with #immich, share them and videos to TV with #jellyfin. Ad block and vpn with #opnsense. Version control at home with #gogs. Home automation with #HomeAssistant...
I can see tons of #forgejo, #gitea or #gogs #selfhosted git servers out there in the wild. Which is cool. But I don’t see nearly as much about #softserve by the #charmbracelet peeps: https://github.com/charmbracelet/soft-serve If you are after something small, and TUI is all you need, don’t miss out on this one! You can check the “demo mode” via `ssh git.charm.sh`. You’re welcome ☺️
Gogs Authors released #Gogs version 0.13.3. https://gogs.io/
From last week's ADMIN Update newsletter: Thomas Reuß shows you how to migrate your Git repositories to Gitea
https://www.admin-magazine.com/Archive/2024/84/Migrate-your-Git-repositories-to-Gitea?utm_source=SM
#Gitea #GitHub #repository #VersionControl #Gogs #fork
@Dokza @Blort I don't know how #forgejo compares to #gogs, but the latter was very easy to set up. The UI is a perfect mimic of GitHub. #selfhosting
@simonmic It took 10y to get my friends off of #whatsapp and most are probably not keen on installing yet another messenger. But #simplex surely looks very intriguing.
Same with #radicle now that they've nailed the protocols. I've moved from #gogs / #gitea / #forgejo to plain ssh 2y ago, maintenance had become too much of a burden. It's been great for me but unsurprisingly collaboration has gone down to zero. Maybe this can provide some middle ground? Will definitely try it out this year
I've been using #bitbucket for 10 years and I don't feel great about the 1 GB limit suddenly set to the sum of all repositories.
While I could just rely on my beloved #Gogs local git server, I would prefer to move to #Github, but the lack of transparency/commitment over AI training on private repositories on the free plans worries me (https://github.com/orgs/community/discussions/135400).
Any suggestions (beside paying, I know I know, but I'd rather not)? Just Gogs it is? https://toot.rainbow-100.com/objects/1b05414b-950e-401b-abd8-b2e8a8a15ffc
i mirrored this "frustration project" to GitHub ... and realised i haven't been maintaining it (just using it)
https://github.com/g-pechorin/shugits/tree/default/shugits.sbt
I also installed several private instances of #Forgejo, including one for my own needs, looks promising, but at current time, their runner (needed for CI/CD), that I still need to setup, is marked as "alpha release, should not be considered secure enough to deploy in production". For information and found some other interesting related documentation, Forgejo is a fork by Codeberg.org of #Gitea that is itself a fork of #GOGS.
Already installed some #Gilab instances+runners, some Gitea/Forgejo servers without runners, need to learn its whole setup (runners+act+) and how to make test recipes, only tried some made by other ones on opensource project. Learnt and tested the basis of LXC deployment/management last week on #ArchLinux. Still few problems about IPv4 assignment in cross-architecture deployment (maybe a LXC-net bug?), IPv6 and lxc-attach for direct,local connexion to container works fine. #LXC would be far lighter than docker for tests.
LXC already has some #RISCV and #ARM pre-made templates image in default repository that works well in x86_64 server environment, that's probably not a big work to create and add new "templates". Forgejo can support LXC containers.
Already installed some #Gilab instances+runners, some Gitea/Forgejo servers without runners, need to learn its whole setup (runners+act+) and how to make test recipes, only tried some made by other ones on opensource project. Learnt and tested the basis of LXC deployment/management last week on #ArchLinux. Still few problems about IPv4 assignment in cross-architecture deployment (maybe a LXC-net bug?), IPv6 and lxc-attach for direct,local connexion to container works fine. #LXC would be far lighter than docker for tests.
LXC already has some #RISCV and #ARM pre-made templates image in default repository that works well in x86_64 server environment, that's probably not a big work to create and add new "templates". Forgejo can support LXC containers.
$ /usr/share/lxc/templates/lxc-download -l | grep riscv
alpine 3.20 riscv64 default 20250107_13:00
alpine 3.21 riscv64 default 20250107_13:00
alpine edge riscv64 default 20250107_13:03
debian trixie riscv64 default 20250108_05:24
ubuntu focal riscv64 default 20250108_09:58
ubuntu jammy riscv64 default 20250108_08:42
ubuntu noble riscv64 default 20250108_07:42
ubuntu oracular riscv64 default 20250108_08:18
Seriously though if anyone out there has ever tried GOGs, please let me know how it compares to Forgejo and Gitea.
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst