security: upgrade Gitea to 1.25.4, add security headers
Some checks failed
Build and Deploy GooSeek / build-and-deploy (push) Has been cancelled
Some checks failed
Build and Deploy GooSeek / build-and-deploy (push) Has been cancelled
- Update Gitea from 1.22.6 to 1.25.4 (fixes CVE-2026-20736, CVE-2026-20912) - Disable public registration - Disable Swagger API - Add nginx-ingress security headers: - X-Content-Type-Options: nosniff - X-XSS-Protection: 1; mode=block - Referrer-Policy: strict-origin-when-cross-origin - Permissions-Policy - Enable HSTS preload - Reorganize Gitea K8s manifests into gitea/ directory Made-with: Cursor
This commit is contained in:
home
22
backend/deploy/k8s/gitea/kustomization.yaml
Normal file
22
backend/deploy/k8s/gitea/kustomization.yaml
Normal file
@@ -0,0 +1,22 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
namespace: gitea
|
||||
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- pvc.yaml
|
||||
- configmap.yaml
|
||||
- deployment.yaml
|
||||
- service.yaml
|
||||
- ingress.yaml
|
||||
|
||||
labels:
|
||||
- pairs:
|
||||
app.kubernetes.io/name: gitea
|
||||
app.kubernetes.io/part-of: gooseek
|
||||
app.kubernetes.io/managed-by: kustomize
|
||||
includeSelectors: false
|
||||
|
||||
commonAnnotations:
|
||||
app.kubernetes.io/version: "1.25.4"
|
||||
Reference in New Issue
Block a user