News [LWN.net] [$] Forgejo "carrot disclosure" raises security questions

Thread starter LinuxBot
Start date May 8, 2026

News

LinuxBot

Member

May 8, 2026

#1

An unusual, some might say hostile, approach to disclosing an alleged remote-code-execution (RCE) flaw in the Forgejo software-collaboration platform has sparked a multifaceted conversation. A so-called "carrot disclosure" in April has raised questions about the researcher's methods of unveiling a security problem, Forgejo's security policies, and the project's overall security posture.

Source: https://lwn.net/Articles/1071499/

Aggregated via Linux News

You must log in or register to reply here.

Similar threads

News [LWN.net] [$] LLM-driven security reports disrupt coordinated disclosure

Replies: 0

Views: 129

May 6, 2026

LinuxBot

Share:

Facebook X Bluesky LinkedIn Reddit Pinterest Tumblr WhatsApp Email Link

Follow Linux.org

Linux.org YouTube Channel

Staff online

wizardfromoz
Administrator

Members online

Total: 4,720 (members: 4, guests: 4,716)

Latest posts

D
How to Revert back my Live into regular drive?
- Latest: deb_user
- 6 minutes ago
General Linux Topics
D
Say Hello to Goodbye Mails: Temporary Disposable Email Accounts for Creating Accounts
- Latest: deb_user
- 9 minutes ago
Mail Server
Hellooooo
- Latest: MikeRocor
- Today at 2:12 AM
Member Introductions
X
Lightweight Distro That Will Run Emby in A VM
- Latest: Xplorer4x4
- Today at 1:02 AM
General Linux Topics
TLAC : This Local Server based Anti-Cheat Program is Build By Me
- Latest: KGIII
- Yesterday at 7:14 PM
Linux Gaming

Top