new deploy: 2022-06-02T10:36:46+00:00

blog/atom.xml

@@ -31,7 +31,7 @@
 </content>
 	</entry>
 	<entry xml:lang="en">
-		<title>[solved] Gitea 1.16.6 1.16.7 error: fatal: unsafe repository is owned by someone else</title>
+		<title>[solved] Gitea 1.16.[678] error: fatal: unsafe repository is owned by someone else</title>
 		<published>2022-05-15T00:00:00+00:00</published>
 		<updated>2022-05-15T00:00:00+00:00</updated>
 		<link href="https://hostea.org/blog/unsafe-repository-is-owned-by-someone-else/" type="text/html"/>
@@ -48,8 +48,8 @@
 &lt;ul&gt;
 &lt;li&gt;If using &lt;a href=&quot;https:&#x2F;&#x2F;hub.docker.com&#x2F;r&#x2F;gitea&#x2F;gitea&quot;&gt;Gitea docker images&lt;&#x2F;a&gt;:
 &lt;ul&gt;
-&lt;li&gt;do not upgrade to 1.16.6 or 1.16.7, or&lt;&#x2F;li&gt;
+&lt;li&gt;do not upgrade to 1.16.6, 1.16.7 or 1.16.8, or&lt;&#x2F;li&gt;
-&lt;li&gt;downgrade from 1.16.6 or 1.16.7 to 1.16.5 (do &lt;strong&gt;not&lt;&#x2F;strong&gt; downgrade from 1.17.x, it may corrupt your the Gitea database)&lt;&#x2F;li&gt;
+&lt;li&gt;downgrade from 1.16.6, 1.16.7 or 1.16.8 to 1.16.5 (do &lt;strong&gt;not&lt;&#x2F;strong&gt; downgrade from 1.17.x, it may corrupt your the Gitea database)&lt;&#x2F;li&gt;
 &lt;&#x2F;ul&gt;
 &lt;&#x2F;li&gt;
 &lt;li&gt;If the Gitea binary was installed independently of git, upgrade git to a version that is &lt;a href=&quot;https:&#x2F;&#x2F;git-scm.com&#x2F;docs&#x2F;git-config#Documentation&#x2F;git-config.txt-safedirectory&quot;&gt;greater or equal to 2.36&lt;&#x2F;a&gt; and disable the security check entirely with:
@@ -63,7 +63,7 @@
   &gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
 &gt;
 &lt;&#x2F;h3&gt;
-&lt;p&gt;The &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;pull&#x2F;19707&quot;&gt;bug fix&lt;&#x2F;a&gt; is for Gitea to ensure &lt;code&gt;git config --global --replace-all safe.directory &#x27;*&#x27;&lt;&#x2F;code&gt; is set on its &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-from-binary&#x2F;#recommended-server-configuration&quot;&gt;dedicated user&lt;&#x2F;a&gt; when it initializes. It is effective on the condition that the git CLI version is &lt;a href=&quot;https:&#x2F;&#x2F;git-scm.com&#x2F;docs&#x2F;git-config#Documentation&#x2F;git-config.txt-safedirectory&quot;&gt;greater or equal to 2.36&lt;&#x2F;a&gt;.&lt;&#x2F;p&gt;
+&lt;p&gt;The &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;pull&#x2F;19870&quot;&gt;bug fix&lt;&#x2F;a&gt; is for Gitea to ensure &lt;code&gt;git config --global --replace-all safe.directory &#x27;*&#x27;&lt;&#x2F;code&gt; is set on its &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-from-binary&#x2F;#recommended-server-configuration&quot;&gt;dedicated user&lt;&#x2F;a&gt; when it initializes. It is effective on the condition that the git CLI version is &lt;a href=&quot;https:&#x2F;&#x2F;git-scm.com&#x2F;docs&#x2F;git-config#Documentation&#x2F;git-config.txt-safedirectory&quot;&gt;greater or equal to 2.36&lt;&#x2F;a&gt;.&lt;&#x2F;p&gt;
 &lt;h3 id=&quot;bug-fix-rationale&quot;&gt;Bug fix rationale&lt;a class=&quot;zola-anchor&quot; href=&quot;#bug-fix-rationale&quot; aria-label=&quot;Anchor link for: bug-fix-rationale&quot;
   &gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
 &gt;
@@ -71,7 +71,7 @@
 &lt;p&gt;It is safe to &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;merge_requests&#x2F;50&#x2F;diffs&quot;&gt;disable the security check in Gitea&lt;&#x2F;a&gt;. It is not vulnerable to &lt;strong&gt;&lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;git-for-windows&#x2F;git&#x2F;security&#x2F;advisories&#x2F;GHSA-vw2c-22j4-2fh2&quot;&gt;CVE-2022-24765&lt;&#x2F;a&gt;&lt;&#x2F;strong&gt; because it calls the git CLI &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;blob&#x2F;main&#x2F;modules&#x2F;git&#x2F;command.go#L160&quot;&gt;after changing its working directory&lt;&#x2F;a&gt; to be the git repository targeted by the command (for instance &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;blob&#x2F;main&#x2F;modules&#x2F;git&#x2F;diff.go#L38-L45&quot;&gt;diff&lt;&#x2F;a&gt;) or a temporary directory. Therefore &lt;strong&gt;it will not explore the parent directories looking for a git configuration file&lt;&#x2F;strong&gt;.&lt;&#x2F;p&gt;
 &lt;p&gt;The security check is triggered because the repository is owned by an unexpected user (root instead of git typically) and &lt;strong&gt;not because a parent directory is owned by an unexpected user&lt;&#x2F;strong&gt;. This, in itself, is a problem worth investigating but it is unrelated and was revealed by the newer security check of git even though it does not match the threat described in &lt;strong&gt;&lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;git-for-windows&#x2F;git&#x2F;security&#x2F;advisories&#x2F;GHSA-vw2c-22j4-2fh2&quot;&gt;CVE-2022-24765&lt;&#x2F;a&gt;&lt;&#x2F;strong&gt;.&lt;&#x2F;p&gt;
 &lt;p&gt;It appears non trivial to enforce a consistent ownership of files and directories, either within docker or outside docker when networked file systems are involved. The Gitea server was not troubled by this inconsistency so far because the permissions allow it to write and read where expected, regardless of the owner. It is not worth looking into but it is ancient and unrelated.&lt;&#x2F;p&gt;
-&lt;p&gt;Gitea runs under a dedicated user, either when installed &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-from-binary&#x2F;#recommended-server-configuration&quot;&gt;from binary&lt;&#x2F;a&gt; or from &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-with-docker&#x2F;&quot;&gt;docker&lt;&#x2F;a&gt; and &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;blob&#x2F;main&#x2F;modules&#x2F;git&#x2F;git.go#L196-L207&quot;&gt;modifies the global git configuration&lt;&#x2F;a&gt; depending on the git version at initialization time. Fixing the problem can therefore be done by  &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;merge_requests&#x2F;50&#x2F;diffs#bcd72ff867cbd1ddd5b6518c3a05b5f1a6021286_209_209&quot;&gt;disabling the security check in the global git config file at initialization time&lt;&#x2F;a&gt;. It also requires a minimum version of git 2.36 to be installed &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;merge_requests&#x2F;50&#x2F;diffs#6651ddff6eb82c840ced7c1dddee15c6e1913dd4_44_49&quot;&gt;in the Gitea docker image&lt;&#x2F;a&gt;. &lt;&#x2F;p&gt;
+&lt;p&gt;Gitea runs under a dedicated user, either when installed &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-from-binary&#x2F;#recommended-server-configuration&quot;&gt;from binary&lt;&#x2F;a&gt; or from &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-with-docker&#x2F;&quot;&gt;docker&lt;&#x2F;a&gt; and &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;blob&#x2F;main&#x2F;modules&#x2F;git&#x2F;git.go#L196-L207&quot;&gt;modifies the global git configuration&lt;&#x2F;a&gt; depending on the git version at initialization time. Fixing the problem can therefore be done by  &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;merge_requests&#x2F;50&#x2F;diffs#bcd72ff867cbd1ddd5b6518c3a05b5f1a6021286_209_209&quot;&gt;disabling the security check in the global git config file at initialization time&lt;&#x2F;a&gt;. It also requires a minimum version of git 2.36 to be installed, which is the case for Gitea docker images with &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;pull&#x2F;19871&quot;&gt;versions &amp;gt;= 1.16.9&lt;&#x2F;a&gt;.&lt;&#x2F;p&gt;
 </content>
 	</entry>
 	<entry xml:lang="en">

blog/index.html

@@ -242,7 +242,7 @@
                           
               <li class="blog__post-item">
               <a href="https://hostea.org/blog/unsafe-repository-is-owned-by-someone-else/" class="blog__post-link">
-                <h2 class="blog__post-title">[solved] Gitea 1.16.6 1.16.7 error: fatal: unsafe repository is owned by someone else</h2>
+                <h2 class="blog__post-title">[solved] Gitea 1.16.[678] error: fatal: unsafe repository is owned by someone else</h2>
 					  <p class="blog__post-meta"> 
  
   

blog/unsafe-repository-is-owned-by-someone-else/index.html

@@ -33,21 +33,21 @@
     <meta name="referrer" content="no-referrer-when-downgrade" />
     <meta name="viewport" content="width=device-width, initial-scale=1" />
 
-    <title>[solved] Gitea 1.16.6 1.16.7 error: fatal: unsafe repository is owned by someone else | Hostea: Managed Gitea Hosting </title>
+    <title>[solved] Gitea 1.16.[678] error: fatal: unsafe repository is owned by someone else | Hostea: Managed Gitea Hosting </title>
     <meta name="referrer" content="no-referrer-when-downgrade" />
     <meta name="viewport" content="width=device-width, initial-scale=1" />
 
     <meta name="description" content="If Gitea runs as user git, calls a patched Git version and a parent directory of the git repositories is owned by a user other than git, it will fail." />
     
 
-    <meta property="og:title" content="[solved] Gitea 1.16.6 1.16.7 error: fatal: unsafe repository is owned by someone else | Hostea: Managed Gitea Hosting " />
+    <meta property="og:title" content="[solved] Gitea 1.16.[678] error: fatal: unsafe repository is owned by someone else | Hostea: Managed Gitea Hosting " />
     <meta property="og:type" content="article" />
     <meta property="og:url" content="https:&#x2F;&#x2F;hostea.org" />
 
     <meta property="og:description" content="If Gitea runs as user git, calls a patched Git version and a parent directory of the git repositories is owned by a user other than git, it will fail." />
     <meta
       property="og:site_name"
-      content="[solved] Gitea 1.16.6 1.16.7 error: fatal: unsafe repository is owned by someone else | Hostea: Managed Gitea Hosting "
+      content="[solved] Gitea 1.16.[678] error: fatal: unsafe repository is owned by someone else | Hostea: Managed Gitea Hosting "
     />
   <link
     rel="apple-touch-icon"
@@ -197,7 +197,7 @@
         
 
 <div class="page__container">
-  <h1 class="page__group-title">[solved] Gitea 1.16.6 1.16.7 error: fatal: unsafe repository is owned by someone else</h1>
+  <h1 class="page__group-title">[solved] Gitea 1.16.[678] error: fatal: unsafe repository is owned by someone else</h1>
    <p class="blog__post-meta"> 
  
   
@@ -228,8 +228,8 @@
 <ul>
 <li>If using <a href="https://hub.docker.com/r/gitea/gitea">Gitea docker images</a>:
 <ul>
-<li>do not upgrade to 1.16.6 or 1.16.7, or</li>
+<li>do not upgrade to 1.16.6, 1.16.7 or 1.16.8, or</li>
-<li>downgrade from 1.16.6 or 1.16.7 to 1.16.5 (do <strong>not</strong> downgrade from 1.17.x, it may corrupt your the Gitea database)</li>
+<li>downgrade from 1.16.6, 1.16.7 or 1.16.8 to 1.16.5 (do <strong>not</strong> downgrade from 1.17.x, it may corrupt your the Gitea database)</li>
 </ul>
 </li>
 <li>If the Gitea binary was installed independently of git, upgrade git to a version that is <a href="https://git-scm.com/docs/git-config#Documentation/git-config.txt-safedirectory">greater or equal to 2.36</a> and disable the security check entirely with:
@@ -243,7 +243,7 @@
   ><span class="anchor-icon">#</span></a
 >
 </h3>
-<p>The <a href="https://github.com/go-gitea/gitea/pull/19707">bug fix</a> is for Gitea to ensure <code>git config --global --replace-all safe.directory '*'</code> is set on its <a href="https://docs.gitea.io/en-us/install-from-binary/#recommended-server-configuration">dedicated user</a> when it initializes. It is effective on the condition that the git CLI version is <a href="https://git-scm.com/docs/git-config#Documentation/git-config.txt-safedirectory">greater or equal to 2.36</a>.</p>
+<p>The <a href="https://github.com/go-gitea/gitea/pull/19870">bug fix</a> is for Gitea to ensure <code>git config --global --replace-all safe.directory '*'</code> is set on its <a href="https://docs.gitea.io/en-us/install-from-binary/#recommended-server-configuration">dedicated user</a> when it initializes. It is effective on the condition that the git CLI version is <a href="https://git-scm.com/docs/git-config#Documentation/git-config.txt-safedirectory">greater or equal to 2.36</a>.</p>
 <h3 id="bug-fix-rationale">Bug fix rationale<a class="zola-anchor" href="#bug-fix-rationale" aria-label="Anchor link for: bug-fix-rationale"
   ><span class="anchor-icon">#</span></a
 >
@@ -251,7 +251,7 @@
 <p>It is safe to <a href="https://lab.forgefriends.org/forgefriends/forgefriends/-/merge_requests/50/diffs">disable the security check in Gitea</a>. It is not vulnerable to <strong><a href="https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2">CVE-2022-24765</a></strong> because it calls the git CLI <a href="https://github.com/go-gitea/gitea/blob/main/modules/git/command.go#L160">after changing its working directory</a> to be the git repository targeted by the command (for instance <a href="https://github.com/go-gitea/gitea/blob/main/modules/git/diff.go#L38-L45">diff</a>) or a temporary directory. Therefore <strong>it will not explore the parent directories looking for a git configuration file</strong>.</p>
 <p>The security check is triggered because the repository is owned by an unexpected user (root instead of git typically) and <strong>not because a parent directory is owned by an unexpected user</strong>. This, in itself, is a problem worth investigating but it is unrelated and was revealed by the newer security check of git even though it does not match the threat described in <strong><a href="https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2">CVE-2022-24765</a></strong>.</p>
 <p>It appears non trivial to enforce a consistent ownership of files and directories, either within docker or outside docker when networked file systems are involved. The Gitea server was not troubled by this inconsistency so far because the permissions allow it to write and read where expected, regardless of the owner. It is not worth looking into but it is ancient and unrelated.</p>
-<p>Gitea runs under a dedicated user, either when installed <a href="https://docs.gitea.io/en-us/install-from-binary/#recommended-server-configuration">from binary</a> or from <a href="https://docs.gitea.io/en-us/install-with-docker/">docker</a> and <a href="https://github.com/go-gitea/gitea/blob/main/modules/git/git.go#L196-L207">modifies the global git configuration</a> depending on the git version at initialization time. Fixing the problem can therefore be done by  <a href="https://lab.forgefriends.org/forgefriends/forgefriends/-/merge_requests/50/diffs#bcd72ff867cbd1ddd5b6518c3a05b5f1a6021286_209_209">disabling the security check in the global git config file at initialization time</a>. It also requires a minimum version of git 2.36 to be installed <a href="https://lab.forgefriends.org/forgefriends/forgefriends/-/merge_requests/50/diffs#6651ddff6eb82c840ced7c1dddee15c6e1913dd4_44_49">in the Gitea docker image</a>. </p>
+<p>Gitea runs under a dedicated user, either when installed <a href="https://docs.gitea.io/en-us/install-from-binary/#recommended-server-configuration">from binary</a> or from <a href="https://docs.gitea.io/en-us/install-with-docker/">docker</a> and <a href="https://github.com/go-gitea/gitea/blob/main/modules/git/git.go#L196-L207">modifies the global git configuration</a> depending on the git version at initialization time. Fixing the problem can therefore be done by  <a href="https://lab.forgefriends.org/forgefriends/forgefriends/-/merge_requests/50/diffs#bcd72ff867cbd1ddd5b6518c3a05b5f1a6021286_209_209">disabling the security check in the global git config file at initialization time</a>. It also requires a minimum version of git 2.36 to be installed, which is the case for Gitea docker images with <a href="https://github.com/go-gitea/gitea/pull/19871">versions &gt;= 1.16.9</a>.</p>
 
   </div>
   <br>

tags/gitea/atom.xml

@@ -31,7 +31,7 @@
 </content>
 	</entry>
 	<entry xml:lang="en">
-		<title>[solved] Gitea 1.16.6 1.16.7 error: fatal: unsafe repository is owned by someone else</title>
+		<title>[solved] Gitea 1.16.[678] error: fatal: unsafe repository is owned by someone else</title>
 		<published>2022-05-15T00:00:00+00:00</published>
 		<updated>2022-05-15T00:00:00+00:00</updated>
 		<link href="https://hostea.org/blog/unsafe-repository-is-owned-by-someone-else/" type="text/html"/>
@@ -48,8 +48,8 @@
 &lt;ul&gt;
 &lt;li&gt;If using &lt;a href=&quot;https:&#x2F;&#x2F;hub.docker.com&#x2F;r&#x2F;gitea&#x2F;gitea&quot;&gt;Gitea docker images&lt;&#x2F;a&gt;:
 &lt;ul&gt;
-&lt;li&gt;do not upgrade to 1.16.6 or 1.16.7, or&lt;&#x2F;li&gt;
+&lt;li&gt;do not upgrade to 1.16.6, 1.16.7 or 1.16.8, or&lt;&#x2F;li&gt;
-&lt;li&gt;downgrade from 1.16.6 or 1.16.7 to 1.16.5 (do &lt;strong&gt;not&lt;&#x2F;strong&gt; downgrade from 1.17.x, it may corrupt your the Gitea database)&lt;&#x2F;li&gt;
+&lt;li&gt;downgrade from 1.16.6, 1.16.7 or 1.16.8 to 1.16.5 (do &lt;strong&gt;not&lt;&#x2F;strong&gt; downgrade from 1.17.x, it may corrupt your the Gitea database)&lt;&#x2F;li&gt;
 &lt;&#x2F;ul&gt;
 &lt;&#x2F;li&gt;
 &lt;li&gt;If the Gitea binary was installed independently of git, upgrade git to a version that is &lt;a href=&quot;https:&#x2F;&#x2F;git-scm.com&#x2F;docs&#x2F;git-config#Documentation&#x2F;git-config.txt-safedirectory&quot;&gt;greater or equal to 2.36&lt;&#x2F;a&gt; and disable the security check entirely with:
@@ -63,7 +63,7 @@
   &gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
 &gt;
 &lt;&#x2F;h3&gt;
-&lt;p&gt;The &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;pull&#x2F;19707&quot;&gt;bug fix&lt;&#x2F;a&gt; is for Gitea to ensure &lt;code&gt;git config --global --replace-all safe.directory &#x27;*&#x27;&lt;&#x2F;code&gt; is set on its &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-from-binary&#x2F;#recommended-server-configuration&quot;&gt;dedicated user&lt;&#x2F;a&gt; when it initializes. It is effective on the condition that the git CLI version is &lt;a href=&quot;https:&#x2F;&#x2F;git-scm.com&#x2F;docs&#x2F;git-config#Documentation&#x2F;git-config.txt-safedirectory&quot;&gt;greater or equal to 2.36&lt;&#x2F;a&gt;.&lt;&#x2F;p&gt;
+&lt;p&gt;The &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;pull&#x2F;19870&quot;&gt;bug fix&lt;&#x2F;a&gt; is for Gitea to ensure &lt;code&gt;git config --global --replace-all safe.directory &#x27;*&#x27;&lt;&#x2F;code&gt; is set on its &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-from-binary&#x2F;#recommended-server-configuration&quot;&gt;dedicated user&lt;&#x2F;a&gt; when it initializes. It is effective on the condition that the git CLI version is &lt;a href=&quot;https:&#x2F;&#x2F;git-scm.com&#x2F;docs&#x2F;git-config#Documentation&#x2F;git-config.txt-safedirectory&quot;&gt;greater or equal to 2.36&lt;&#x2F;a&gt;.&lt;&#x2F;p&gt;
 &lt;h3 id=&quot;bug-fix-rationale&quot;&gt;Bug fix rationale&lt;a class=&quot;zola-anchor&quot; href=&quot;#bug-fix-rationale&quot; aria-label=&quot;Anchor link for: bug-fix-rationale&quot;
   &gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
 &gt;
@@ -71,7 +71,7 @@
 &lt;p&gt;It is safe to &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;merge_requests&#x2F;50&#x2F;diffs&quot;&gt;disable the security check in Gitea&lt;&#x2F;a&gt;. It is not vulnerable to &lt;strong&gt;&lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;git-for-windows&#x2F;git&#x2F;security&#x2F;advisories&#x2F;GHSA-vw2c-22j4-2fh2&quot;&gt;CVE-2022-24765&lt;&#x2F;a&gt;&lt;&#x2F;strong&gt; because it calls the git CLI &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;blob&#x2F;main&#x2F;modules&#x2F;git&#x2F;command.go#L160&quot;&gt;after changing its working directory&lt;&#x2F;a&gt; to be the git repository targeted by the command (for instance &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;blob&#x2F;main&#x2F;modules&#x2F;git&#x2F;diff.go#L38-L45&quot;&gt;diff&lt;&#x2F;a&gt;) or a temporary directory. Therefore &lt;strong&gt;it will not explore the parent directories looking for a git configuration file&lt;&#x2F;strong&gt;.&lt;&#x2F;p&gt;
 &lt;p&gt;The security check is triggered because the repository is owned by an unexpected user (root instead of git typically) and &lt;strong&gt;not because a parent directory is owned by an unexpected user&lt;&#x2F;strong&gt;. This, in itself, is a problem worth investigating but it is unrelated and was revealed by the newer security check of git even though it does not match the threat described in &lt;strong&gt;&lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;git-for-windows&#x2F;git&#x2F;security&#x2F;advisories&#x2F;GHSA-vw2c-22j4-2fh2&quot;&gt;CVE-2022-24765&lt;&#x2F;a&gt;&lt;&#x2F;strong&gt;.&lt;&#x2F;p&gt;
 &lt;p&gt;It appears non trivial to enforce a consistent ownership of files and directories, either within docker or outside docker when networked file systems are involved. The Gitea server was not troubled by this inconsistency so far because the permissions allow it to write and read where expected, regardless of the owner. It is not worth looking into but it is ancient and unrelated.&lt;&#x2F;p&gt;
-&lt;p&gt;Gitea runs under a dedicated user, either when installed &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-from-binary&#x2F;#recommended-server-configuration&quot;&gt;from binary&lt;&#x2F;a&gt; or from &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-with-docker&#x2F;&quot;&gt;docker&lt;&#x2F;a&gt; and &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;blob&#x2F;main&#x2F;modules&#x2F;git&#x2F;git.go#L196-L207&quot;&gt;modifies the global git configuration&lt;&#x2F;a&gt; depending on the git version at initialization time. Fixing the problem can therefore be done by  &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;merge_requests&#x2F;50&#x2F;diffs#bcd72ff867cbd1ddd5b6518c3a05b5f1a6021286_209_209&quot;&gt;disabling the security check in the global git config file at initialization time&lt;&#x2F;a&gt;. It also requires a minimum version of git 2.36 to be installed &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;merge_requests&#x2F;50&#x2F;diffs#6651ddff6eb82c840ced7c1dddee15c6e1913dd4_44_49&quot;&gt;in the Gitea docker image&lt;&#x2F;a&gt;. &lt;&#x2F;p&gt;
+&lt;p&gt;Gitea runs under a dedicated user, either when installed &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-from-binary&#x2F;#recommended-server-configuration&quot;&gt;from binary&lt;&#x2F;a&gt; or from &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-with-docker&#x2F;&quot;&gt;docker&lt;&#x2F;a&gt; and &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;blob&#x2F;main&#x2F;modules&#x2F;git&#x2F;git.go#L196-L207&quot;&gt;modifies the global git configuration&lt;&#x2F;a&gt; depending on the git version at initialization time. Fixing the problem can therefore be done by  &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;merge_requests&#x2F;50&#x2F;diffs#bcd72ff867cbd1ddd5b6518c3a05b5f1a6021286_209_209&quot;&gt;disabling the security check in the global git config file at initialization time&lt;&#x2F;a&gt;. It also requires a minimum version of git 2.36 to be installed, which is the case for Gitea docker images with &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;pull&#x2F;19871&quot;&gt;versions &amp;gt;= 1.16.9&lt;&#x2F;a&gt;.&lt;&#x2F;p&gt;
 </content>
 	</entry>
 	<entry xml:lang="en">

tags/gitea/index.html

@@ -239,7 +239,7 @@
                           
               <li class="blog__post-item">
               <a href="https://hostea.org/blog/unsafe-repository-is-owned-by-someone-else/" class="blog__post-link">
-                <h2 class="blog__post-title">[solved] Gitea 1.16.6 1.16.7 error: fatal: unsafe repository is owned by someone else</h2>
+                <h2 class="blog__post-title">[solved] Gitea 1.16.[678] error: fatal: unsafe repository is owned by someone else</h2>
                   <p class="blog__post-meta"> 
                     15 
 	 May

tags/hostea/atom.xml

@@ -31,7 +31,7 @@
 </content>
 	</entry>
 	<entry xml:lang="en">
-		<title>[solved] Gitea 1.16.6 1.16.7 error: fatal: unsafe repository is owned by someone else</title>
+		<title>[solved] Gitea 1.16.[678] error: fatal: unsafe repository is owned by someone else</title>
 		<published>2022-05-15T00:00:00+00:00</published>
 		<updated>2022-05-15T00:00:00+00:00</updated>
 		<link href="https://hostea.org/blog/unsafe-repository-is-owned-by-someone-else/" type="text/html"/>
@@ -48,8 +48,8 @@
 &lt;ul&gt;
 &lt;li&gt;If using &lt;a href=&quot;https:&#x2F;&#x2F;hub.docker.com&#x2F;r&#x2F;gitea&#x2F;gitea&quot;&gt;Gitea docker images&lt;&#x2F;a&gt;:
 &lt;ul&gt;
-&lt;li&gt;do not upgrade to 1.16.6 or 1.16.7, or&lt;&#x2F;li&gt;
+&lt;li&gt;do not upgrade to 1.16.6, 1.16.7 or 1.16.8, or&lt;&#x2F;li&gt;
-&lt;li&gt;downgrade from 1.16.6 or 1.16.7 to 1.16.5 (do &lt;strong&gt;not&lt;&#x2F;strong&gt; downgrade from 1.17.x, it may corrupt your the Gitea database)&lt;&#x2F;li&gt;
+&lt;li&gt;downgrade from 1.16.6, 1.16.7 or 1.16.8 to 1.16.5 (do &lt;strong&gt;not&lt;&#x2F;strong&gt; downgrade from 1.17.x, it may corrupt your the Gitea database)&lt;&#x2F;li&gt;
 &lt;&#x2F;ul&gt;
 &lt;&#x2F;li&gt;
 &lt;li&gt;If the Gitea binary was installed independently of git, upgrade git to a version that is &lt;a href=&quot;https:&#x2F;&#x2F;git-scm.com&#x2F;docs&#x2F;git-config#Documentation&#x2F;git-config.txt-safedirectory&quot;&gt;greater or equal to 2.36&lt;&#x2F;a&gt; and disable the security check entirely with:
@@ -63,7 +63,7 @@
   &gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
 &gt;
 &lt;&#x2F;h3&gt;
-&lt;p&gt;The &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;pull&#x2F;19707&quot;&gt;bug fix&lt;&#x2F;a&gt; is for Gitea to ensure &lt;code&gt;git config --global --replace-all safe.directory &#x27;*&#x27;&lt;&#x2F;code&gt; is set on its &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-from-binary&#x2F;#recommended-server-configuration&quot;&gt;dedicated user&lt;&#x2F;a&gt; when it initializes. It is effective on the condition that the git CLI version is &lt;a href=&quot;https:&#x2F;&#x2F;git-scm.com&#x2F;docs&#x2F;git-config#Documentation&#x2F;git-config.txt-safedirectory&quot;&gt;greater or equal to 2.36&lt;&#x2F;a&gt;.&lt;&#x2F;p&gt;
+&lt;p&gt;The &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;pull&#x2F;19870&quot;&gt;bug fix&lt;&#x2F;a&gt; is for Gitea to ensure &lt;code&gt;git config --global --replace-all safe.directory &#x27;*&#x27;&lt;&#x2F;code&gt; is set on its &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-from-binary&#x2F;#recommended-server-configuration&quot;&gt;dedicated user&lt;&#x2F;a&gt; when it initializes. It is effective on the condition that the git CLI version is &lt;a href=&quot;https:&#x2F;&#x2F;git-scm.com&#x2F;docs&#x2F;git-config#Documentation&#x2F;git-config.txt-safedirectory&quot;&gt;greater or equal to 2.36&lt;&#x2F;a&gt;.&lt;&#x2F;p&gt;
 &lt;h3 id=&quot;bug-fix-rationale&quot;&gt;Bug fix rationale&lt;a class=&quot;zola-anchor&quot; href=&quot;#bug-fix-rationale&quot; aria-label=&quot;Anchor link for: bug-fix-rationale&quot;
   &gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
 &gt;
@@ -71,7 +71,7 @@
 &lt;p&gt;It is safe to &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;merge_requests&#x2F;50&#x2F;diffs&quot;&gt;disable the security check in Gitea&lt;&#x2F;a&gt;. It is not vulnerable to &lt;strong&gt;&lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;git-for-windows&#x2F;git&#x2F;security&#x2F;advisories&#x2F;GHSA-vw2c-22j4-2fh2&quot;&gt;CVE-2022-24765&lt;&#x2F;a&gt;&lt;&#x2F;strong&gt; because it calls the git CLI &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;blob&#x2F;main&#x2F;modules&#x2F;git&#x2F;command.go#L160&quot;&gt;after changing its working directory&lt;&#x2F;a&gt; to be the git repository targeted by the command (for instance &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;blob&#x2F;main&#x2F;modules&#x2F;git&#x2F;diff.go#L38-L45&quot;&gt;diff&lt;&#x2F;a&gt;) or a temporary directory. Therefore &lt;strong&gt;it will not explore the parent directories looking for a git configuration file&lt;&#x2F;strong&gt;.&lt;&#x2F;p&gt;
 &lt;p&gt;The security check is triggered because the repository is owned by an unexpected user (root instead of git typically) and &lt;strong&gt;not because a parent directory is owned by an unexpected user&lt;&#x2F;strong&gt;. This, in itself, is a problem worth investigating but it is unrelated and was revealed by the newer security check of git even though it does not match the threat described in &lt;strong&gt;&lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;git-for-windows&#x2F;git&#x2F;security&#x2F;advisories&#x2F;GHSA-vw2c-22j4-2fh2&quot;&gt;CVE-2022-24765&lt;&#x2F;a&gt;&lt;&#x2F;strong&gt;.&lt;&#x2F;p&gt;
 &lt;p&gt;It appears non trivial to enforce a consistent ownership of files and directories, either within docker or outside docker when networked file systems are involved. The Gitea server was not troubled by this inconsistency so far because the permissions allow it to write and read where expected, regardless of the owner. It is not worth looking into but it is ancient and unrelated.&lt;&#x2F;p&gt;
-&lt;p&gt;Gitea runs under a dedicated user, either when installed &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-from-binary&#x2F;#recommended-server-configuration&quot;&gt;from binary&lt;&#x2F;a&gt; or from &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-with-docker&#x2F;&quot;&gt;docker&lt;&#x2F;a&gt; and &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;blob&#x2F;main&#x2F;modules&#x2F;git&#x2F;git.go#L196-L207&quot;&gt;modifies the global git configuration&lt;&#x2F;a&gt; depending on the git version at initialization time. Fixing the problem can therefore be done by  &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;merge_requests&#x2F;50&#x2F;diffs#bcd72ff867cbd1ddd5b6518c3a05b5f1a6021286_209_209&quot;&gt;disabling the security check in the global git config file at initialization time&lt;&#x2F;a&gt;. It also requires a minimum version of git 2.36 to be installed &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;merge_requests&#x2F;50&#x2F;diffs#6651ddff6eb82c840ced7c1dddee15c6e1913dd4_44_49&quot;&gt;in the Gitea docker image&lt;&#x2F;a&gt;. &lt;&#x2F;p&gt;
+&lt;p&gt;Gitea runs under a dedicated user, either when installed &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-from-binary&#x2F;#recommended-server-configuration&quot;&gt;from binary&lt;&#x2F;a&gt; or from &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-with-docker&#x2F;&quot;&gt;docker&lt;&#x2F;a&gt; and &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;blob&#x2F;main&#x2F;modules&#x2F;git&#x2F;git.go#L196-L207&quot;&gt;modifies the global git configuration&lt;&#x2F;a&gt; depending on the git version at initialization time. Fixing the problem can therefore be done by  &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;merge_requests&#x2F;50&#x2F;diffs#bcd72ff867cbd1ddd5b6518c3a05b5f1a6021286_209_209&quot;&gt;disabling the security check in the global git config file at initialization time&lt;&#x2F;a&gt;. It also requires a minimum version of git 2.36 to be installed, which is the case for Gitea docker images with &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;pull&#x2F;19871&quot;&gt;versions &amp;gt;= 1.16.9&lt;&#x2F;a&gt;.&lt;&#x2F;p&gt;
 </content>
 	</entry>
 	<entry xml:lang="en">

tags/hostea/index.html

@@ -239,7 +239,7 @@
                           
               <li class="blog__post-item">
               <a href="https://hostea.org/blog/unsafe-repository-is-owned-by-someone-else/" class="blog__post-link">
-                <h2 class="blog__post-title">[solved] Gitea 1.16.6 1.16.7 error: fatal: unsafe repository is owned by someone else</h2>
+                <h2 class="blog__post-title">[solved] Gitea 1.16.[678] error: fatal: unsafe repository is owned by someone else</h2>
                   <p class="blog__post-meta"> 
                     15 
 	 May

tags/problem/atom.xml

@@ -31,7 +31,7 @@
 </content>
 	</entry>
 	<entry xml:lang="en">
-		<title>[solved] Gitea 1.16.6 1.16.7 error: fatal: unsafe repository is owned by someone else</title>
+		<title>[solved] Gitea 1.16.[678] error: fatal: unsafe repository is owned by someone else</title>
 		<published>2022-05-15T00:00:00+00:00</published>
 		<updated>2022-05-15T00:00:00+00:00</updated>
 		<link href="https://hostea.org/blog/unsafe-repository-is-owned-by-someone-else/" type="text/html"/>
@@ -48,8 +48,8 @@
 &lt;ul&gt;
 &lt;li&gt;If using &lt;a href=&quot;https:&#x2F;&#x2F;hub.docker.com&#x2F;r&#x2F;gitea&#x2F;gitea&quot;&gt;Gitea docker images&lt;&#x2F;a&gt;:
 &lt;ul&gt;
-&lt;li&gt;do not upgrade to 1.16.6 or 1.16.7, or&lt;&#x2F;li&gt;
+&lt;li&gt;do not upgrade to 1.16.6, 1.16.7 or 1.16.8, or&lt;&#x2F;li&gt;
-&lt;li&gt;downgrade from 1.16.6 or 1.16.7 to 1.16.5 (do &lt;strong&gt;not&lt;&#x2F;strong&gt; downgrade from 1.17.x, it may corrupt your the Gitea database)&lt;&#x2F;li&gt;
+&lt;li&gt;downgrade from 1.16.6, 1.16.7 or 1.16.8 to 1.16.5 (do &lt;strong&gt;not&lt;&#x2F;strong&gt; downgrade from 1.17.x, it may corrupt your the Gitea database)&lt;&#x2F;li&gt;
 &lt;&#x2F;ul&gt;
 &lt;&#x2F;li&gt;
 &lt;li&gt;If the Gitea binary was installed independently of git, upgrade git to a version that is &lt;a href=&quot;https:&#x2F;&#x2F;git-scm.com&#x2F;docs&#x2F;git-config#Documentation&#x2F;git-config.txt-safedirectory&quot;&gt;greater or equal to 2.36&lt;&#x2F;a&gt; and disable the security check entirely with:
@@ -63,7 +63,7 @@
   &gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
 &gt;
 &lt;&#x2F;h3&gt;
-&lt;p&gt;The &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;pull&#x2F;19707&quot;&gt;bug fix&lt;&#x2F;a&gt; is for Gitea to ensure &lt;code&gt;git config --global --replace-all safe.directory &#x27;*&#x27;&lt;&#x2F;code&gt; is set on its &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-from-binary&#x2F;#recommended-server-configuration&quot;&gt;dedicated user&lt;&#x2F;a&gt; when it initializes. It is effective on the condition that the git CLI version is &lt;a href=&quot;https:&#x2F;&#x2F;git-scm.com&#x2F;docs&#x2F;git-config#Documentation&#x2F;git-config.txt-safedirectory&quot;&gt;greater or equal to 2.36&lt;&#x2F;a&gt;.&lt;&#x2F;p&gt;
+&lt;p&gt;The &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;pull&#x2F;19870&quot;&gt;bug fix&lt;&#x2F;a&gt; is for Gitea to ensure &lt;code&gt;git config --global --replace-all safe.directory &#x27;*&#x27;&lt;&#x2F;code&gt; is set on its &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-from-binary&#x2F;#recommended-server-configuration&quot;&gt;dedicated user&lt;&#x2F;a&gt; when it initializes. It is effective on the condition that the git CLI version is &lt;a href=&quot;https:&#x2F;&#x2F;git-scm.com&#x2F;docs&#x2F;git-config#Documentation&#x2F;git-config.txt-safedirectory&quot;&gt;greater or equal to 2.36&lt;&#x2F;a&gt;.&lt;&#x2F;p&gt;
 &lt;h3 id=&quot;bug-fix-rationale&quot;&gt;Bug fix rationale&lt;a class=&quot;zola-anchor&quot; href=&quot;#bug-fix-rationale&quot; aria-label=&quot;Anchor link for: bug-fix-rationale&quot;
   &gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
 &gt;
@@ -71,7 +71,7 @@
 &lt;p&gt;It is safe to &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;merge_requests&#x2F;50&#x2F;diffs&quot;&gt;disable the security check in Gitea&lt;&#x2F;a&gt;. It is not vulnerable to &lt;strong&gt;&lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;git-for-windows&#x2F;git&#x2F;security&#x2F;advisories&#x2F;GHSA-vw2c-22j4-2fh2&quot;&gt;CVE-2022-24765&lt;&#x2F;a&gt;&lt;&#x2F;strong&gt; because it calls the git CLI &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;blob&#x2F;main&#x2F;modules&#x2F;git&#x2F;command.go#L160&quot;&gt;after changing its working directory&lt;&#x2F;a&gt; to be the git repository targeted by the command (for instance &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;blob&#x2F;main&#x2F;modules&#x2F;git&#x2F;diff.go#L38-L45&quot;&gt;diff&lt;&#x2F;a&gt;) or a temporary directory. Therefore &lt;strong&gt;it will not explore the parent directories looking for a git configuration file&lt;&#x2F;strong&gt;.&lt;&#x2F;p&gt;
 &lt;p&gt;The security check is triggered because the repository is owned by an unexpected user (root instead of git typically) and &lt;strong&gt;not because a parent directory is owned by an unexpected user&lt;&#x2F;strong&gt;. This, in itself, is a problem worth investigating but it is unrelated and was revealed by the newer security check of git even though it does not match the threat described in &lt;strong&gt;&lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;git-for-windows&#x2F;git&#x2F;security&#x2F;advisories&#x2F;GHSA-vw2c-22j4-2fh2&quot;&gt;CVE-2022-24765&lt;&#x2F;a&gt;&lt;&#x2F;strong&gt;.&lt;&#x2F;p&gt;
 &lt;p&gt;It appears non trivial to enforce a consistent ownership of files and directories, either within docker or outside docker when networked file systems are involved. The Gitea server was not troubled by this inconsistency so far because the permissions allow it to write and read where expected, regardless of the owner. It is not worth looking into but it is ancient and unrelated.&lt;&#x2F;p&gt;
-&lt;p&gt;Gitea runs under a dedicated user, either when installed &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-from-binary&#x2F;#recommended-server-configuration&quot;&gt;from binary&lt;&#x2F;a&gt; or from &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-with-docker&#x2F;&quot;&gt;docker&lt;&#x2F;a&gt; and &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;blob&#x2F;main&#x2F;modules&#x2F;git&#x2F;git.go#L196-L207&quot;&gt;modifies the global git configuration&lt;&#x2F;a&gt; depending on the git version at initialization time. Fixing the problem can therefore be done by  &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;merge_requests&#x2F;50&#x2F;diffs#bcd72ff867cbd1ddd5b6518c3a05b5f1a6021286_209_209&quot;&gt;disabling the security check in the global git config file at initialization time&lt;&#x2F;a&gt;. It also requires a minimum version of git 2.36 to be installed &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;merge_requests&#x2F;50&#x2F;diffs#6651ddff6eb82c840ced7c1dddee15c6e1913dd4_44_49&quot;&gt;in the Gitea docker image&lt;&#x2F;a&gt;. &lt;&#x2F;p&gt;
+&lt;p&gt;Gitea runs under a dedicated user, either when installed &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-from-binary&#x2F;#recommended-server-configuration&quot;&gt;from binary&lt;&#x2F;a&gt; or from &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-with-docker&#x2F;&quot;&gt;docker&lt;&#x2F;a&gt; and &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;blob&#x2F;main&#x2F;modules&#x2F;git&#x2F;git.go#L196-L207&quot;&gt;modifies the global git configuration&lt;&#x2F;a&gt; depending on the git version at initialization time. Fixing the problem can therefore be done by  &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;merge_requests&#x2F;50&#x2F;diffs#bcd72ff867cbd1ddd5b6518c3a05b5f1a6021286_209_209&quot;&gt;disabling the security check in the global git config file at initialization time&lt;&#x2F;a&gt;. It also requires a minimum version of git 2.36 to be installed, which is the case for Gitea docker images with &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;pull&#x2F;19871&quot;&gt;versions &amp;gt;= 1.16.9&lt;&#x2F;a&gt;.&lt;&#x2F;p&gt;
 </content>
 	</entry>
 	<entry xml:lang="en">

tags/problem/index.html

@@ -239,7 +239,7 @@
                           
               <li class="blog__post-item">
               <a href="https://hostea.org/blog/unsafe-repository-is-owned-by-someone-else/" class="blog__post-link">
-                <h2 class="blog__post-title">[solved] Gitea 1.16.6 1.16.7 error: fatal: unsafe repository is owned by someone else</h2>
+                <h2 class="blog__post-title">[solved] Gitea 1.16.[678] error: fatal: unsafe repository is owned by someone else</h2>
                   <p class="blog__post-meta"> 
                     15 
 	 May

tags/troubleshoot/atom.xml

@@ -31,7 +31,7 @@
 </content>
 	</entry>
 	<entry xml:lang="en">
-		<title>[solved] Gitea 1.16.6 1.16.7 error: fatal: unsafe repository is owned by someone else</title>
+		<title>[solved] Gitea 1.16.[678] error: fatal: unsafe repository is owned by someone else</title>
 		<published>2022-05-15T00:00:00+00:00</published>
 		<updated>2022-05-15T00:00:00+00:00</updated>
 		<link href="https://hostea.org/blog/unsafe-repository-is-owned-by-someone-else/" type="text/html"/>
@@ -48,8 +48,8 @@
 &lt;ul&gt;
 &lt;li&gt;If using &lt;a href=&quot;https:&#x2F;&#x2F;hub.docker.com&#x2F;r&#x2F;gitea&#x2F;gitea&quot;&gt;Gitea docker images&lt;&#x2F;a&gt;:
 &lt;ul&gt;
-&lt;li&gt;do not upgrade to 1.16.6 or 1.16.7, or&lt;&#x2F;li&gt;
+&lt;li&gt;do not upgrade to 1.16.6, 1.16.7 or 1.16.8, or&lt;&#x2F;li&gt;
-&lt;li&gt;downgrade from 1.16.6 or 1.16.7 to 1.16.5 (do &lt;strong&gt;not&lt;&#x2F;strong&gt; downgrade from 1.17.x, it may corrupt your the Gitea database)&lt;&#x2F;li&gt;
+&lt;li&gt;downgrade from 1.16.6, 1.16.7 or 1.16.8 to 1.16.5 (do &lt;strong&gt;not&lt;&#x2F;strong&gt; downgrade from 1.17.x, it may corrupt your the Gitea database)&lt;&#x2F;li&gt;
 &lt;&#x2F;ul&gt;
 &lt;&#x2F;li&gt;
 &lt;li&gt;If the Gitea binary was installed independently of git, upgrade git to a version that is &lt;a href=&quot;https:&#x2F;&#x2F;git-scm.com&#x2F;docs&#x2F;git-config#Documentation&#x2F;git-config.txt-safedirectory&quot;&gt;greater or equal to 2.36&lt;&#x2F;a&gt; and disable the security check entirely with:
@@ -63,7 +63,7 @@
   &gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
 &gt;
 &lt;&#x2F;h3&gt;
-&lt;p&gt;The &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;pull&#x2F;19707&quot;&gt;bug fix&lt;&#x2F;a&gt; is for Gitea to ensure &lt;code&gt;git config --global --replace-all safe.directory &#x27;*&#x27;&lt;&#x2F;code&gt; is set on its &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-from-binary&#x2F;#recommended-server-configuration&quot;&gt;dedicated user&lt;&#x2F;a&gt; when it initializes. It is effective on the condition that the git CLI version is &lt;a href=&quot;https:&#x2F;&#x2F;git-scm.com&#x2F;docs&#x2F;git-config#Documentation&#x2F;git-config.txt-safedirectory&quot;&gt;greater or equal to 2.36&lt;&#x2F;a&gt;.&lt;&#x2F;p&gt;
+&lt;p&gt;The &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;pull&#x2F;19870&quot;&gt;bug fix&lt;&#x2F;a&gt; is for Gitea to ensure &lt;code&gt;git config --global --replace-all safe.directory &#x27;*&#x27;&lt;&#x2F;code&gt; is set on its &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-from-binary&#x2F;#recommended-server-configuration&quot;&gt;dedicated user&lt;&#x2F;a&gt; when it initializes. It is effective on the condition that the git CLI version is &lt;a href=&quot;https:&#x2F;&#x2F;git-scm.com&#x2F;docs&#x2F;git-config#Documentation&#x2F;git-config.txt-safedirectory&quot;&gt;greater or equal to 2.36&lt;&#x2F;a&gt;.&lt;&#x2F;p&gt;
 &lt;h3 id=&quot;bug-fix-rationale&quot;&gt;Bug fix rationale&lt;a class=&quot;zola-anchor&quot; href=&quot;#bug-fix-rationale&quot; aria-label=&quot;Anchor link for: bug-fix-rationale&quot;
   &gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
 &gt;
@@ -71,7 +71,7 @@
 &lt;p&gt;It is safe to &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;merge_requests&#x2F;50&#x2F;diffs&quot;&gt;disable the security check in Gitea&lt;&#x2F;a&gt;. It is not vulnerable to &lt;strong&gt;&lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;git-for-windows&#x2F;git&#x2F;security&#x2F;advisories&#x2F;GHSA-vw2c-22j4-2fh2&quot;&gt;CVE-2022-24765&lt;&#x2F;a&gt;&lt;&#x2F;strong&gt; because it calls the git CLI &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;blob&#x2F;main&#x2F;modules&#x2F;git&#x2F;command.go#L160&quot;&gt;after changing its working directory&lt;&#x2F;a&gt; to be the git repository targeted by the command (for instance &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;blob&#x2F;main&#x2F;modules&#x2F;git&#x2F;diff.go#L38-L45&quot;&gt;diff&lt;&#x2F;a&gt;) or a temporary directory. Therefore &lt;strong&gt;it will not explore the parent directories looking for a git configuration file&lt;&#x2F;strong&gt;.&lt;&#x2F;p&gt;
 &lt;p&gt;The security check is triggered because the repository is owned by an unexpected user (root instead of git typically) and &lt;strong&gt;not because a parent directory is owned by an unexpected user&lt;&#x2F;strong&gt;. This, in itself, is a problem worth investigating but it is unrelated and was revealed by the newer security check of git even though it does not match the threat described in &lt;strong&gt;&lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;git-for-windows&#x2F;git&#x2F;security&#x2F;advisories&#x2F;GHSA-vw2c-22j4-2fh2&quot;&gt;CVE-2022-24765&lt;&#x2F;a&gt;&lt;&#x2F;strong&gt;.&lt;&#x2F;p&gt;
 &lt;p&gt;It appears non trivial to enforce a consistent ownership of files and directories, either within docker or outside docker when networked file systems are involved. The Gitea server was not troubled by this inconsistency so far because the permissions allow it to write and read where expected, regardless of the owner. It is not worth looking into but it is ancient and unrelated.&lt;&#x2F;p&gt;
-&lt;p&gt;Gitea runs under a dedicated user, either when installed &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-from-binary&#x2F;#recommended-server-configuration&quot;&gt;from binary&lt;&#x2F;a&gt; or from &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-with-docker&#x2F;&quot;&gt;docker&lt;&#x2F;a&gt; and &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;blob&#x2F;main&#x2F;modules&#x2F;git&#x2F;git.go#L196-L207&quot;&gt;modifies the global git configuration&lt;&#x2F;a&gt; depending on the git version at initialization time. Fixing the problem can therefore be done by  &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;merge_requests&#x2F;50&#x2F;diffs#bcd72ff867cbd1ddd5b6518c3a05b5f1a6021286_209_209&quot;&gt;disabling the security check in the global git config file at initialization time&lt;&#x2F;a&gt;. It also requires a minimum version of git 2.36 to be installed &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;merge_requests&#x2F;50&#x2F;diffs#6651ddff6eb82c840ced7c1dddee15c6e1913dd4_44_49&quot;&gt;in the Gitea docker image&lt;&#x2F;a&gt;. &lt;&#x2F;p&gt;
+&lt;p&gt;Gitea runs under a dedicated user, either when installed &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-from-binary&#x2F;#recommended-server-configuration&quot;&gt;from binary&lt;&#x2F;a&gt; or from &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-with-docker&#x2F;&quot;&gt;docker&lt;&#x2F;a&gt; and &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;blob&#x2F;main&#x2F;modules&#x2F;git&#x2F;git.go#L196-L207&quot;&gt;modifies the global git configuration&lt;&#x2F;a&gt; depending on the git version at initialization time. Fixing the problem can therefore be done by  &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;merge_requests&#x2F;50&#x2F;diffs#bcd72ff867cbd1ddd5b6518c3a05b5f1a6021286_209_209&quot;&gt;disabling the security check in the global git config file at initialization time&lt;&#x2F;a&gt;. It also requires a minimum version of git 2.36 to be installed, which is the case for Gitea docker images with &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;pull&#x2F;19871&quot;&gt;versions &amp;gt;= 1.16.9&lt;&#x2F;a&gt;.&lt;&#x2F;p&gt;
 </content>
 	</entry>
 	<entry xml:lang="en">

tags/troubleshoot/index.html

@@ -239,7 +239,7 @@
                           
               <li class="blog__post-item">
               <a href="https://hostea.org/blog/unsafe-repository-is-owned-by-someone-else/" class="blog__post-link">
-                <h2 class="blog__post-title">[solved] Gitea 1.16.6 1.16.7 error: fatal: unsafe repository is owned by someone else</h2>
+                <h2 class="blog__post-title">[solved] Gitea 1.16.[678] error: fatal: unsafe repository is owned by someone else</h2>
                   <p class="blog__post-meta"> 
                     15 
 	 May

tags/upgrade/atom.xml

@@ -31,7 +31,7 @@
 </content>
 	</entry>
 	<entry xml:lang="en">
-		<title>[solved] Gitea 1.16.6 1.16.7 error: fatal: unsafe repository is owned by someone else</title>
+		<title>[solved] Gitea 1.16.[678] error: fatal: unsafe repository is owned by someone else</title>
 		<published>2022-05-15T00:00:00+00:00</published>
 		<updated>2022-05-15T00:00:00+00:00</updated>
 		<link href="https://hostea.org/blog/unsafe-repository-is-owned-by-someone-else/" type="text/html"/>
@@ -48,8 +48,8 @@
 &lt;ul&gt;
 &lt;li&gt;If using &lt;a href=&quot;https:&#x2F;&#x2F;hub.docker.com&#x2F;r&#x2F;gitea&#x2F;gitea&quot;&gt;Gitea docker images&lt;&#x2F;a&gt;:
 &lt;ul&gt;
-&lt;li&gt;do not upgrade to 1.16.6 or 1.16.7, or&lt;&#x2F;li&gt;
+&lt;li&gt;do not upgrade to 1.16.6, 1.16.7 or 1.16.8, or&lt;&#x2F;li&gt;
-&lt;li&gt;downgrade from 1.16.6 or 1.16.7 to 1.16.5 (do &lt;strong&gt;not&lt;&#x2F;strong&gt; downgrade from 1.17.x, it may corrupt your the Gitea database)&lt;&#x2F;li&gt;
+&lt;li&gt;downgrade from 1.16.6, 1.16.7 or 1.16.8 to 1.16.5 (do &lt;strong&gt;not&lt;&#x2F;strong&gt; downgrade from 1.17.x, it may corrupt your the Gitea database)&lt;&#x2F;li&gt;
 &lt;&#x2F;ul&gt;
 &lt;&#x2F;li&gt;
 &lt;li&gt;If the Gitea binary was installed independently of git, upgrade git to a version that is &lt;a href=&quot;https:&#x2F;&#x2F;git-scm.com&#x2F;docs&#x2F;git-config#Documentation&#x2F;git-config.txt-safedirectory&quot;&gt;greater or equal to 2.36&lt;&#x2F;a&gt; and disable the security check entirely with:
@@ -63,7 +63,7 @@
   &gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
 &gt;
 &lt;&#x2F;h3&gt;
-&lt;p&gt;The &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;pull&#x2F;19707&quot;&gt;bug fix&lt;&#x2F;a&gt; is for Gitea to ensure &lt;code&gt;git config --global --replace-all safe.directory &#x27;*&#x27;&lt;&#x2F;code&gt; is set on its &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-from-binary&#x2F;#recommended-server-configuration&quot;&gt;dedicated user&lt;&#x2F;a&gt; when it initializes. It is effective on the condition that the git CLI version is &lt;a href=&quot;https:&#x2F;&#x2F;git-scm.com&#x2F;docs&#x2F;git-config#Documentation&#x2F;git-config.txt-safedirectory&quot;&gt;greater or equal to 2.36&lt;&#x2F;a&gt;.&lt;&#x2F;p&gt;
+&lt;p&gt;The &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;pull&#x2F;19870&quot;&gt;bug fix&lt;&#x2F;a&gt; is for Gitea to ensure &lt;code&gt;git config --global --replace-all safe.directory &#x27;*&#x27;&lt;&#x2F;code&gt; is set on its &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-from-binary&#x2F;#recommended-server-configuration&quot;&gt;dedicated user&lt;&#x2F;a&gt; when it initializes. It is effective on the condition that the git CLI version is &lt;a href=&quot;https:&#x2F;&#x2F;git-scm.com&#x2F;docs&#x2F;git-config#Documentation&#x2F;git-config.txt-safedirectory&quot;&gt;greater or equal to 2.36&lt;&#x2F;a&gt;.&lt;&#x2F;p&gt;
 &lt;h3 id=&quot;bug-fix-rationale&quot;&gt;Bug fix rationale&lt;a class=&quot;zola-anchor&quot; href=&quot;#bug-fix-rationale&quot; aria-label=&quot;Anchor link for: bug-fix-rationale&quot;
   &gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
 &gt;
@@ -71,7 +71,7 @@
 &lt;p&gt;It is safe to &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;merge_requests&#x2F;50&#x2F;diffs&quot;&gt;disable the security check in Gitea&lt;&#x2F;a&gt;. It is not vulnerable to &lt;strong&gt;&lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;git-for-windows&#x2F;git&#x2F;security&#x2F;advisories&#x2F;GHSA-vw2c-22j4-2fh2&quot;&gt;CVE-2022-24765&lt;&#x2F;a&gt;&lt;&#x2F;strong&gt; because it calls the git CLI &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;blob&#x2F;main&#x2F;modules&#x2F;git&#x2F;command.go#L160&quot;&gt;after changing its working directory&lt;&#x2F;a&gt; to be the git repository targeted by the command (for instance &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;blob&#x2F;main&#x2F;modules&#x2F;git&#x2F;diff.go#L38-L45&quot;&gt;diff&lt;&#x2F;a&gt;) or a temporary directory. Therefore &lt;strong&gt;it will not explore the parent directories looking for a git configuration file&lt;&#x2F;strong&gt;.&lt;&#x2F;p&gt;
 &lt;p&gt;The security check is triggered because the repository is owned by an unexpected user (root instead of git typically) and &lt;strong&gt;not because a parent directory is owned by an unexpected user&lt;&#x2F;strong&gt;. This, in itself, is a problem worth investigating but it is unrelated and was revealed by the newer security check of git even though it does not match the threat described in &lt;strong&gt;&lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;git-for-windows&#x2F;git&#x2F;security&#x2F;advisories&#x2F;GHSA-vw2c-22j4-2fh2&quot;&gt;CVE-2022-24765&lt;&#x2F;a&gt;&lt;&#x2F;strong&gt;.&lt;&#x2F;p&gt;
 &lt;p&gt;It appears non trivial to enforce a consistent ownership of files and directories, either within docker or outside docker when networked file systems are involved. The Gitea server was not troubled by this inconsistency so far because the permissions allow it to write and read where expected, regardless of the owner. It is not worth looking into but it is ancient and unrelated.&lt;&#x2F;p&gt;
-&lt;p&gt;Gitea runs under a dedicated user, either when installed &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-from-binary&#x2F;#recommended-server-configuration&quot;&gt;from binary&lt;&#x2F;a&gt; or from &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-with-docker&#x2F;&quot;&gt;docker&lt;&#x2F;a&gt; and &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;blob&#x2F;main&#x2F;modules&#x2F;git&#x2F;git.go#L196-L207&quot;&gt;modifies the global git configuration&lt;&#x2F;a&gt; depending on the git version at initialization time. Fixing the problem can therefore be done by  &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;merge_requests&#x2F;50&#x2F;diffs#bcd72ff867cbd1ddd5b6518c3a05b5f1a6021286_209_209&quot;&gt;disabling the security check in the global git config file at initialization time&lt;&#x2F;a&gt;. It also requires a minimum version of git 2.36 to be installed &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;merge_requests&#x2F;50&#x2F;diffs#6651ddff6eb82c840ced7c1dddee15c6e1913dd4_44_49&quot;&gt;in the Gitea docker image&lt;&#x2F;a&gt;. &lt;&#x2F;p&gt;
+&lt;p&gt;Gitea runs under a dedicated user, either when installed &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-from-binary&#x2F;#recommended-server-configuration&quot;&gt;from binary&lt;&#x2F;a&gt; or from &lt;a href=&quot;https:&#x2F;&#x2F;docs.gitea.io&#x2F;en-us&#x2F;install-with-docker&#x2F;&quot;&gt;docker&lt;&#x2F;a&gt; and &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;blob&#x2F;main&#x2F;modules&#x2F;git&#x2F;git.go#L196-L207&quot;&gt;modifies the global git configuration&lt;&#x2F;a&gt; depending on the git version at initialization time. Fixing the problem can therefore be done by  &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;merge_requests&#x2F;50&#x2F;diffs#bcd72ff867cbd1ddd5b6518c3a05b5f1a6021286_209_209&quot;&gt;disabling the security check in the global git config file at initialization time&lt;&#x2F;a&gt;. It also requires a minimum version of git 2.36 to be installed, which is the case for Gitea docker images with &lt;a href=&quot;https:&#x2F;&#x2F;github.com&#x2F;go-gitea&#x2F;gitea&#x2F;pull&#x2F;19871&quot;&gt;versions &amp;gt;= 1.16.9&lt;&#x2F;a&gt;.&lt;&#x2F;p&gt;
 </content>
 	</entry>
 	<entry xml:lang="en">

tags/upgrade/index.html

@@ -239,7 +239,7 @@
                           
               <li class="blog__post-item">
               <a href="https://hostea.org/blog/unsafe-repository-is-owned-by-someone-else/" class="blog__post-link">
-                <h2 class="blog__post-title">[solved] Gitea 1.16.6 1.16.7 error: fatal: unsafe repository is owned by someone else</h2>
+                <h2 class="blog__post-title">[solved] Gitea 1.16.[678] error: fatal: unsafe repository is owned by someone else</h2>
                   <p class="blog__post-meta"> 
                     15 
 	 May