Fedora 42: forgejo Important Security Release Notice FEDORA-2025-bac4da5419

fedora

September 18, 2025

This is an upstream security and bugfix release

Summary

Forgejo (pronounced /for\u02c8d\u0361\u0292e.jo/) is a lightweight software forge. Use it to

host git repositories, track their issues and allow people to contribute to

them!

Update Information:

This is an upstream security and bugfix release. Please refer to the upstream release notes for versions 12.0.2 and 12.0.3 for details about changes.

Topics Covered

security advisory fedora cross site scripting important memory leak software forge

Change Log

* Tue Sep 9 2025 Nils Philippsen <nils@redhat.com> - 12.0.3-1 - Update to version 12.0.3 * Thu Sep 4 2025 Nils Philippsen <nils@redhat.com> - 12.0.2-1 - Update to version 12.0.2 * Fri Aug 15 2025 Maxwell G <maxwell@gtmx.me> - 12.0.1-4 - Rebuild for golang-1.25.0 * Fri Aug 15 2025 Maxwell G <maxwell@gtmx.me> - 12.0.1-3 - Revert "Rebuild for golang-1.25.0" * Fri Aug 15 2025 Maxwell G <maxwell@gtmx.me> - 12.0.1-2 - Rebuild for golang-1.25.0

References

[ 1 ] Bug #2389838 - CVE-2025-54881 forgejo: Mermaid cross site scripting [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2389838 [ 2 ] Bug #2389839 - CVE-2025-54880 forgejo: Mermaid cross site scripting [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2389839 [ 3 ] Bug #2391657 - CVE-2025-58058 forgejo: github.com/ulikunitz/xz leaks memory [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2391657

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-bac4da5419' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity

important

Lowest

Low

Medium

High

Critical

Name: forgejo

Product: Fedora 42

Version: 12.0.3

Release: 1.fc42

URL: https://forgejo.org

Summary: A lightweight software forge

Topics Covered

security advisory fedora cross site scripting important memory leak software forge

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 42: forgejo Important Security Release Notice FEDORA-2025-bac4da5419

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 42: forgejo Important Security Release Notice FEDORA-2025-bac4da5419

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!