The Forgejo Runner is a daemon that fetches workflows to run from a Forgejo instance, executes them,
sends back with the logs and ultimately reports its success or failure.
Update Information:
Update vendor dependencies to fix: * CVE-2026-33762 * CVE-2026-33817 * CVE-2026-34165
* Thu Apr 23 2026 Diego Herrera
[ 1 ] Bug #2454559 - CVE-2026-34165 forgejo-runner: go-git: Denial of Service via crafted .idx file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454559
[ 2 ] Bug #2454560 - CVE-2026-33762 forgejo-runner: go-git: Denial of Service via crafted Git index file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454560
[ 3 ] Bug #2456022 - CVE-2026-33817 forgejo-runner: go.etcd.io/bbolt: Denial of Service via index out-of-range error [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456022
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-cf660bc96a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
Get the latest Linux and open source security news straight to your inbox.