mirror of
https://codeberg.org/forgejo/forgejo
synced 2025-10-19 19:11:23 +02:00
f7603e7356
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/9638 Strips EXIF information from uploaded avatars (excluding the orientation tag), affecting both user & repo avatars. Adds a new subcommand `forgejo doctor avatar-strip-exif` to perform a retroactive update of avatar files. Fixes #9608. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [ ] I want the title to show in the release notes with a link to this pull request. - [x] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - Features - [PR](https://codeberg.org/forgejo/forgejo/pulls/9689): <!--number 9689 --><!--line 0 --><!--description VXBsb2FkZWQgYXZhdGFyIGltYWdlcyBjYW4gc29tZXRpbWVzIGNvbnRhaW4gdW5leHBlY3RlZCBtZXRhZGF0YSBzdWNoIGFzIHRoZSBsb2NhdGlvbiB3aGVyZSB0aGUgaW1hZ2Ugd2FzIGNyZWF0ZWQsIG9yIHRoZSBkZXZpY2UgdGhlIGltYWdlIHdhcyBjcmVhdGVkIHdpdGgsIHN0b3JlZCBpbiBhIGZvcm1hdCBjYWxsZWQgRVhJRi4gRm9yZ2VqbyBub3cgcmVtb3ZlcyBFWElGIGRhdGEgd2hlbiBjdXN0b20gdXNlciBhbmQgcmVwb3NpdG9yeSBpbWFnZXMgYXJlIHVwbG9hZGVkIGluIG9yZGVyIHRvIHJlZHVjZSB0aGUgcmlzayBvZiBwZXJzb25hbGx5IGlkZW50aWZpYWJsZSBpbmZvcm1hdGlvbiBiZWluZyBsZWFrZWQgdW5leHBlY3RlZGx5LiBBIG5ldyBDTEkgc3ViY29tbWFuZCBgZm9yZ2VqbyBkb2N0b3IgYXZhdGFyLXN0cmlwLWV4aWZgIGNhbiBiZSB1c2VkIHRvIHN0cmlwIEVYSUYgaW5mb3JtYXRpb24gZnJvbSBhbGwgZXhpc3RpbmcgYXZhdGFyczsgd2UgcmVjb21tZW5kIHRoYXQgYWRtaW5pc3RyYXRvcnMgcnVuIHRoaXMgY29tbWFuZCBvbmNlIGFmdGVyIHVwZ3JhZGUgaW4gb3JkZXIgdG8gbWluaW1pemUgdGhpcyByaXNrIGZvciBleGlzdGluZyBzdG9yZWQgZmlsZXMu-->Uploaded avatar images can sometimes contain unexpected metadata such as the location where the image was created, or the device the image was created with, stored in a format called EXIF. Forgejo now removes EXIF data when custom user and repository images are uploaded in order to reduce the risk of personally identifiable information being leaked unexpectedly. A new CLI subcommand `forgejo doctor avatar-strip-exif` can be used to strip EXIF information from all existing avatars; we recommend that administrators run this command once after upgrade in order to minimize this risk for existing stored files.<!--description--> <!--end release-notes-assistant--> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9689 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> |
||
|---|---|---|
| .. | ||
| 3139.md | ||
| 3285.md | ||
| 3307.md | ||
| 3334.md | ||
| 3337.md | ||
| 3363.md | ||
| 3383.md | ||
| 3414.md | ||
| 3430.md | ||
| 3434.md | ||
| 3442.md | ||
| 3642.md | ||
| 3654.md | ||
| 3723.md | ||
| 3724.md | ||
| 3729.md | ||
| 3752.md | ||
| 3791.md | ||
| 3808.md | ||
| 3811.md | ||
| 3830.md | ||
| 3836.md | ||
| 3838.md | ||
| 3847.md | ||
| 3870.md | ||
| 3886.md | ||
| 3917.md | ||
| 3922.md | ||
| 3934.md | ||
| 3985.md | ||
| 3989.md | ||
| 4026.md | ||
| 4027.md | ||
| 4072.md | ||
| 4083.md | ||
| 4095.md | ||
| 4125.md | ||
| 4134.md | ||
| 4136.md | ||
| 4139.md | ||
| 4143.md | ||
| 4145.md | ||
| 4160.md | ||
| 4189.md | ||
| 4201.md | ||
| 4212.md | ||
| 4218.md | ||
| 4222.md | ||
| 4240.md | ||
| 4253.md | ||
| 4262.md | ||
| 4266.md | ||
| 4291.md | ||
| 4367.md | ||
| 4375.md | ||
| 4400.md | ||
| 4427.md | ||
| 4429.md | ||
| 4439.md | ||
| 4487.md | ||
| 4506.md | ||
| 4547.md | ||
| 4595.md | ||
| 4605.md | ||
| 4607.md | ||
| 4635.md | ||
| 4684.md | ||
| 4716.md | ||
| 4724.md | ||
| 4801.md | ||
| 4819.md | ||
| 4907.md | ||
| 4924.md | ||
| 4941.md | ||
| 4998.md | ||
| 5065.md | ||
| 5090.md | ||
| 5109.md | ||
| 5120.md | ||
| 5149.md | ||
| 5195.md | ||
| 5205.md | ||
| 5325.md | ||
| 5372.md | ||
| 5416.md | ||
| 5459.md | ||
| 5477.md | ||
| 5515.md | ||
| 5543.md | ||
| 5601.md | ||
| 5621.md | ||
| 5677.md | ||
| 5714.md | ||
| 5718.md | ||
| 5719.md | ||
| 5751.md | ||
| 5778.md | ||
| 5789.md | ||
| 5974.md | ||
| 5988.md | ||
| 5997.md | ||
| 6062.md | ||
| 6110.md | ||
| 6200.md | ||
| 6271.md | ||
| 6351.md | ||
| 6445.md | ||
| 6471.md | ||
| 6523.md | ||
| 6639.md | ||
| 6763.md | ||
| 6813.md | ||
| 6933.md | ||
| 7251.md | ||
| 8035.md | ||
| 8502.md | ||
| 9023.md | ||
| 9362.md | ||
| 9689.md | ||