Init support to google drive in storage#1
Merged
Merged
Conversation
Sirherobrine23
force-pushed
the
google-drive
branch
3 times, most recently
from
45ff34c to
6984a32
Compare
Sirherobrine23
force-pushed
the
google-drive
branch
from
6984a32 to
ec8cc4d
Compare
Sirherobrine23
pushed a commit
that referenced
this pull request
Feb 16, 2026
## Overview This PR updates the Go toolchain version from `1.25.5` to `1.25.6` for the Gitea project. ## Changes ### Toolchain Update - **Go Toolchain**: Updated from `go1.25.5` to `go1.25.6` This is a minor toolchain version bump that ensures the project uses the latest patch release of Go 1.25. ## Security Improvements While this PR primarily addresses the toolchain update, the project maintains a strong security posture through: ### Current Security Measures ```log Vulnerability #1: GO-2026-4342 Excessive CPU consumption when building archive index in archive/zip More info: https://pkg.go.dev/vuln/GO-2026-4342 Standard library Found in: archive/zip@go1.25.5 Fixed in: archive/zip@go1.25.6 Example traces found: #1: modules/packages/nuget/metadata.go:217:25: nuget.ParseNuspecMetaData calls zip.Reader.Open Vulnerability go-gitea#2: GO-2026-4341 Memory exhaustion in query parameter parsing in net/url More info: https://pkg.go.dev/vuln/GO-2026-4341 Standard library Found in: net/url@go1.25.5 Fixed in: net/url@go1.25.6 Example traces found: #1: modules/storage/minio.go:284:34: storage.MinioStorage.URL calls url.ParseQuery go-gitea#2: routers/api/v1/repo/action.go:1640:29: repo.DownloadArtifactRaw calls url.URL.Query Vulnerability go-gitea#3: GO-2026-4340 Handshake messages may be processed at the incorrect encryption level in crypto/tls More info: https://pkg.go.dev/vuln/GO-2026-4340 Standard library Found in: crypto/tls@go1.25.5 Fixed in: crypto/tls@go1.25.6 Example traces found: #1: services/auth/source/ldap/source_search.go:129:25: ldap.dial calls ldap.Conn.StartTLS, which calls tls.Conn.Handshake go-gitea#2: modules/graceful/server.go:156:14: graceful.Server.Serve calls http.Server.Serve, which eventually calls tls.Conn.HandshakeContext go-gitea#3: modules/lfs/content_store.go:132:27: lfs.hashingReader.Read calls tls.Conn.Read go-gitea#4: modules/proxyprotocol/conn.go:91:21: proxyprotocol.Conn.Write calls tls.Conn.Write go-gitea#5: modules/session/virtual.go:168:39: session.VirtualStore.Release calls couchbase.CouchbaseProvider.Exist, which eventually calls tls.Dial go-gitea#6: services/auth/source/ldap/source_search.go:120:22: ldap.dial calls ldap.DialTLS, which calls tls.DialWithDialer go-gitea#7: services/migrations/gogs.go:114:34: migrations.client calls http.Transport.RoundTrip, which eventually calls tls.Dialer.DialContext ``` ## Breaking Changes None expected. This is a minor toolchain patch update.
Sirherobrine23
pushed a commit
that referenced
this pull request
Feb 16, 2026
# Summary: - Adjust the toolchain version to fix the security issues ```log Vulnerability #1: GO-2026-4337 Unexpected session resumption in crypto/tls More info: https://pkg.go.dev/vuln/GO-2026-4337 Standard library Found in: crypto/tls@go1.25.6 Fixed in: crypto/tls@go1.25.7 Example traces found: ``` Signed-off-by: Pascal Zimmermann <pascal.zimmermann@theiotstudio.com>
Sirherobrine23
pushed a commit
that referenced
this pull request
Mar 4, 2026
# Summary: - Adjust the toolchain version to fix the security issues ```log Vulnerability #1: GO-2026-4337 Unexpected session resumption in crypto/tls More info: https://pkg.go.dev/vuln/GO-2026-4337 Standard library Found in: crypto/tls@go1.25.6 Fixed in: crypto/tls@go1.25.7 Example traces found: ``` Signed-off-by: Pascal Zimmermann <pascal.zimmermann@theiotstudio.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add support to Google drive