gogs: mark as insecure

gogs is affected by the recent vulnerabilities reported by the forgejo team. There is little/no real development activities in the gogs repository and the upstream maintainers do not seem to have acknowledged the security issues.
2023-12-02 00:55:04 +01:00 · 2023-12-02 00:55:04 +01:00 · aa629d9877
commit aa629d9877
parent af8901aa2c
1 changed files with 7 additions and 0 deletions
--- a/pkgs/applications/version-management/gogs/default.nix
+++ b/pkgs/applications/version-management/gogs/default.nix
@ -45,5 +45,12 @@ buildGoModule rec {
    license = licenses.mit;
    maintainers = [ maintainers.schneefux ];
    mainProgram = "gogs";
+    knownVulnerabilities = [ ''
+      Gogs has known unpatched vulnerabilities and upstream maintainers appears to be unresponsive.
+
+      More information can be found in forgejo's blogpost: https://forgejo.org/2023-11-release-v1-20-5-1/
+
+      You might want to consider migrating to Gitea or forgejo.
+    '' ];
  };
 }