Qnap [ Gogs ] [ 0.12.10 ] GitHub Fork

QoolBox

Représentant QNAP
2 Janvier 2014
10 559
163
153
49
France
www.qnap.com
gogs.png

Source : https://github.com/gogits/gogs

download :


Dependency :

QGit : https://www.forum-nas.fr/viewtopic.php?f=21&t=1810&hilit=Qgit



10-gogs-100529110-orig.png


;)
 
Dernière édition:
Bonjour,

j'ai voulu installer Gogs sur mon NAS QNAP TS-453mini, mais j'ai un problème à l'installation.
Avec les valeurs par défaut (MySQL, et en saisissant l'identifiant et mot de passe de l'admin DB), j'ai le message d'erreur :
Database setting is not correct: Error 1045: Access denied for user '*********'@'localhost' (using password: YES)

Le compte DB user/pswd fonctionne, je l'utilise pour accéder avec succès à phpmyadmin.

Ma config :
- TS-453mini (Intel x86)
- QTS 4.2.0 dernier build (date du 11/03/2016)
- MySQL - Maria DB 5.5.44

Y a-t-il de la doc sur cette page web initiale d'installation (ouverture avec le raccourci créé sur le bureau QTS à l'installation du qpkg) ?
 
updated

first try to make it use ProxyPass.. a bit an headeach not sure working 100% over web server /gogs/
if not please use port 3000..

also only tested the x86_64 due to lack of time
 

0.12.8​


Changed​

  • All users (including admins) need to use the configuration option [security] LOCAL_NETWORK_ALLOWLIST to allow repository migration and webhooks to be able to access local network addresses, which is a comma separated list of hostnames. #6988

Fixed​

  • Security: SSRF in webhook. #6901
  • Security: XSS in cookies. #6953
  • Security: OS Command Injection in file uploading. #6968
  • Security: Remote Command Execution in file editing. #6555

0.12.7​

Fixed​

  • Security: Stored XSS in issues. #6919
  • Invalid character in Access-Control-Allow-Credentials response header. #4983
  • Mysterious ssh: overflow reading version string errors from builtin SSH server. #6882

0.12.6​

Fixed​

  • Security: Remote command execution in file uploading. #6833
  • Regression: Unable to migrate repository from other local Git hosting. Added a new configuration option [security] LOCAL_NETWORK_ALLOWLIST, which is a comma separated list of hostnames that are explicitly allowed to be accessed within the local network. #6841
  • Slow start of Docker containers using NAS devices. #6554

0.12.5​

Fixed​

  • Security: Potential SSRF in repository migration. #6754
  • Security: Improper PAM authorization handling. #6810

0.12.4​

Fixed​

  • Security: Potential SSRF attack by CRLF injection via repository migration. #6413
  • Regression: Fixed smart links for issues stops rendering. #6506
  • Added X-Frame-Options header to prevent Clickjacking. #6409

0.12.3​

Fixed​

  • Regression: When running Gogs on Windows, push commits no longer fail on a daily basis with the error "pre-receive hook declined". #6316
  • Auto-linked commit SHAs now have correct links. #6300
  • Git LFS client (with version >= 2.5.0) wasn't able to upload files with known format (e.g. PNG, JPEG), and the server is expecting the HTTP Header Content-Type to be application/octet-stream. The server now tells the LFS client to always use Content-Type: application/octet-stream when upload files.

0.12.2​

Fixed​

  • Regression: Pages are correctly rendered when requesting ?go-get=1 for subdirectories. #6314
  • Regression: Submodule with a relative path is linked correctly. #6319
  • Backup can be processed when --target is specified on Windows. #6339
  • Commit message contains keywords look like an issue reference no longer fails the push entirely. #6289

0.12.1​

Fixed​

  • The updated_at field is now correctly updated when updates an issue. #6209
  • Fixed a regression which created login_source.cfg column to have VARCHAR(255) instead of TEXT in MySQL. #6280

0.12.0​

Added​

  • Support for Git LFS, you can read documentation for both user and admin. #1322
  • Allow admin to remove observers from the repository. #5803
  • Use Last-Modified HTTP header for raw files. #5811
  • Support syntax highlighting for SAS code files (i.e. .r, .sas, .tex, .yaml). #5856
  • Able to fill in pull request title with a template. #5901
  • Able to override static files under public/ directory, please refer to documentation for usage. #5920
  • New API endpoint GET /admin/teams/:teamid/members to list members of a team. #5877
  • Support backup with retention policy for Docker deployments. #6140

Changed​

  • The organization profile page has changed to display at most 12 members. #5506
  • The required Go version to compile source code changed to 1.14.
  • All assets are now embedded into binary and served from memory by default. Set [server] LOAD_ASSETS_FROM_DISK = true to load them from disk. #5920
  • Application and Go versions are removed from page footer and only show in the admin dashboard.
  • Build tag for running as Windows Service has been changed from miniwinsvc to minwinsvc.
  • Configuration option APP_NAME is deprecated and will end support in 0.13.0, please start using BRAND_NAME.
  • Configuration option [server] ROOT_URL is deprecated and will end support in 0.13.0, please start using [server] EXTERNAL_URL.
  • Configuration option [server] LANDING_PAGE is deprecated and will end support in 0.13.0, please start using [server] LANDING_URL.
  • Configuration option [database] DB_TYPE is deprecated and will end support in 0.13.0, please start using [database] TYPE.
  • Configuration option [database] PASSWD is deprecated and will end support in 0.13.0, please start using [database] PASSWORD.
  • Configuration option [security] REVERSE_PROXY_AUTHENTICATION_USER is deprecated and will end support in 0.13.0, please start using [auth] REVERSE_PROXY_AUTHENTICATION_HEADER.
  • Configuration section [mailer] is deprecated and will end support in 0.13.0, please start using .
    [*]Configuration section [service] is deprecated and will end support in 0.13.0, please start using [auth].
    [*]Configuration option [auth] ACTIVE_CODE_LIVE_MINUTES is deprecated and will end support in 0.13.0, please start using [auth] ACTIVATE_CODE_LIVES.
    [*]Configuration option [auth] RESET_PASSWD_CODE_LIVE_MINUTES is deprecated and will end support in 0.13.0, please start using [auth] RESET_PASSWORD_CODE_LIVES.
    [*]Configuration option [auth] ENABLE_CAPTCHA is deprecated and will end support in 0.13.0, please start using [auth] ENABLE_REGISTRATION_CAPTCHA.
    [*]Configuration option [auth] ENABLE_NOTIFY_MAIL is deprecated and will end support in 0.13.0, please start using [user] ENABLE_EMAIL_NOTIFICATION.
    [*]Configuration option [session] GC_INTERVAL_TIME is deprecated and will end support in 0.13.0, please start using [session] GC_INTERVAL.
    [*]Configuration option [session] SESSION_LIFE_TIME is deprecated and will end support in 0.13.0, please start using [session] MAX_LIFE_TIME.
    [*]The name - is reserved and cannot be used for users or organizations.
    [/LIST]
    [HEADING=3]Fixed[/HEADING]
    [LIST]
    [*][Security] Potential open redirection with i18n.
    [*][Security] Potential ability to delete files outside a repository.
    [*][Security] Potential ability to set primary email on others' behalf from their verified emails.
    [*][Security] Potential XSS attack via .ipynb. [URL='https://github.com/gogs/gogs/issues/5170']#5170[/URL]
    [*][Security] Potential SSRF attack via webhooks. [URL='https://github.com/gogs/gogs/issues/5366']#5366[/URL]
    [*][Security] Potential CSRF attack in admin panel. [URL='https://github.com/gogs/gogs/issues/5367']#5367[/URL]
    [*][Security] Potential stored XSS attack in some browsers. [URL='https://github.com/gogs/gogs/issues/5397']#5397[/URL]
    [*][Security] Potential RCE on mirror repositories. [URL='https://github.com/gogs/gogs/issues/5767']#5767[/URL]
    [*][Security] Potential XSS attack with raw markdown API. [URL='https://github.com/gogs/gogs/pull/5907']#5907[/URL]
    [*]File both modified and renamed within a commit treated as separate files. [URL='https://github.com/gogs/gogs/issues/5056']#5056[/URL]
    [*]Unable to restore the database backup to MySQL 8.0 with syntax error. [URL='https://github.com/gogs/gogs/issues/5602']#5602[/URL]
    [*]Open/close milestone redirects to a 404 page. [URL='https://github.com/gogs/gogs/issues/5677']#5677[/URL]
    [*]Disallow multiple tokens with same name. [URL='https://github.com/gogs/gogs/issues/5587']#5587[/URL] [URL='https://github.com/gogs/gogs/pull/5820']#5820[/URL]
    [*]Enable Federated Avatar Lookup could cause server to crash. [URL='https://github.com/gogs/gogs/issues/5848']#5848[/URL]
    [*]Private repositories are hidden in the organization's view. [URL='https://github.com/gogs/gogs/issues/5869']#5869[/URL]
    [*]Users have access to base repository cannot view commits in forks. [URL='https://github.com/gogs/gogs/issues/5878']#5878[/URL]
    [*]Server error when changing email address in user settings page. [URL='https://github.com/gogs/gogs/issues/5899']#5899[/URL]
    [*]Fall back to use RFC 3339 as time layout when misconfigured. [URL='https://github.com/gogs/gogs/issues/6098']#6098[/URL]
    [*]Unable to update team with server error. [URL='https://github.com/gogs/gogs/issues/6185']#6185[/URL]
    [*]Webhooks are not fired after push when [service] REQUIRE_SIGNIN_VIEW = true.
    [*]Files with identical content are randomly displayed one of them.
    [/LIST]
    [HEADING=3]Removed[/HEADING]
    [LIST]
    [*]Configuration option [other] SHOW_FOOTER_VERSION
    [*]Configuration option [server] STATIC_ROOT_PATH
    [*]Configuration option [repository] MIRROR_QUEUE_LENGTH
    [*]Configuration option [repository] PULL_REQUEST_QUEUE_LENGTH
    [*]Configuration option [session] ENABLE_SET_COOKIE
    [*]Configuration option [release.attachment] PATH
    [*]Configuration option [webhook] QUEUE_LENGTH
    [*]Build tag sqlite, which means CGO is now required.
    [/LIST]
    [/QUOTE]
 

0.12.10​


Changed​

  • Support using [security] LOCAL_NETWORK_ALLOWLIST = * to allow all hostnames. #7111

Fixed​

  • Unable to send webhooks to local network addresses after configured [security] LOCAL_NETWORK_ALLOWLIST. #7074
Previous patch releases

0.12.9​

Fixed​

  • Security: OS Command Injection in file editor. #7000
  • Security: Sanitize DisplayName in repository issue list. #7009
  • Security: Path Traversal in file editor on Windows. #7001
  • Security: Path Traversal in Git HTTP endpoints. #7002
  • Unable to init repository during creation on Windows. #6967
  • Mysterious panic on Value not found for type *repo.HTTPContext. #6963