maxbirkin/gooseek
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: upgrade Gitea to 1.25.4, add security headers
Some checks failed
Build and Deploy GooSeek / build-and-deploy (push) Has been cancelled
Details

Browse Source 
- Update Gitea from 1.22.6 to 1.25.4 (fixes CVE-2026-20736, CVE-2026-20912)
- Disable public registration
- Disable Swagger API
- Add nginx-ingress security headers:
  - X-Content-Type-Options: nosniff
  - X-XSS-Protection: 1; mode=block
  - Referrer-Policy: strict-origin-when-cross-origin
  - Permissions-Policy
- Enable HSTS preload
- Reorganize Gitea K8s manifests into gitea/ directory

Made-with: Cursor
This commit is contained in:
home
2026-03-02 22:01:51 +03:00
parent c3965a2c6a
commit d2ef146474
11 changed files with 517 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
backend/deploy/k8s/gitea/namespace.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
kind: Namespace
metadata:
name: gitea
labels:
app.kubernetes.io/name: gitea
app.kubernetes.io/part-of: gooseek