Affected by GO-2025-4258 and 11 other vulnerabilities

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2026-4274: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea

GO-2026-4362: Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea

GO-2026-4363: Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea

GO-2026-4364: Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea

GO-2026-4365: Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea

GO-2026-4366: Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea

GO-2026-4367: Gitea has improper access control for uploaded attachments in code.gitea.io/gitea

GO-2026-4368: Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea

GO-2026-4369: Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea

GO-2026-4370: Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea

avatar

package

v1.24.2 Latest Latest Go to latest Published: Jun 20, 2025 License: MIT Imports: 15 Imported by: 68

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/go-gitea/gitea

Documentation ¶

Index ¶

Constants
func HashAvatar(uniqueID int64, data []byte) string
func ProcessAvatarImage(data []byte) ([]byte, error)
func RandomImage(data []byte) (image.Image, error)
func RandomImageSize(size int, data []byte) (image.Image, error)

Constants ¶

View Source

const DefaultAvatarSize = 256

DefaultAvatarSize is the target CSS pixel size for avatar generation. It is multiplied by setting.Avatar.RenderedSizeFactor and the resulting size is the usual size of avatar image saved on server, unless the original file is smaller than the size after resizing.

Variables ¶

This section is empty.

Functions ¶

func HashAvatar ¶ added in v1.19.0

func HashAvatar(uniqueID int64, data []byte) string

HashAvatar will generate a unique string, which ensures that when there's a different unique ID while the data is the same, it will generate a different output. It will generate the output according to: HEX(HASH(uniqueID || - || data)) The hash being used is SHA256. The sole purpose of the unique ID is to generate a distinct hash Such that two unique IDs with the same data will have a different hash output. The "-" byte is important to ensure that data cannot be modified such that the first byte is a number, which could lead to a "collision" with the hash of another unique ID.

func ProcessAvatarImage ¶ added in v1.20.0

func ProcessAvatarImage(data []byte) ([]byte, error)

ProcessAvatarImage process the avatar image data, crop and resize it if necessary. the returned data could be the original image if no processing is needed.

func RandomImage ¶

func RandomImage(data []byte) (image.Image, error)

RandomImage generates and returns a random avatar image unique to input data in default size (height and width).

func RandomImageSize ¶

func RandomImageSize(size int, data []byte) (image.Image, error)

RandomImageSize generates and returns a random avatar image unique to input data in custom size (height and width).

Types ¶

This section is empty.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
identicon

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL