Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

gitcmd

package

Go to main page

Versions in this module

v1

v1.26.0-dev

Sep 24, 2025 GO-2025-4261

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

v1.25.4

Jan 22, 2026 GO-2025-4261

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

v1.25.3

Dec 18, 2025 GO-2025-4261 +9 more

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2026-4362: Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea

GO-2026-4363: Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea

GO-2026-4364: Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea

GO-2026-4365: Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea

GO-2026-4366: Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea

GO-2026-4367: Gitea has improper access control for uploaded attachments in code.gitea.io/gitea

GO-2026-4368: Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea

GO-2026-4369: Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea

GO-2026-4370: Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea

v1.25.2

Nov 22, 2025 GO-2025-4261 +9 more

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2026-4362: Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea

GO-2026-4363: Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea

GO-2026-4364: Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea

GO-2026-4365: Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea

GO-2026-4366: Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea

GO-2026-4367: Gitea has improper access control for uploaded attachments in code.gitea.io/gitea

GO-2026-4368: Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea

GO-2026-4369: Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea

GO-2026-4370: Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea

v1.25.1

Nov 4, 2025 GO-2025-4258 +11 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2026-4274: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea

GO-2026-4362: Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea

GO-2026-4363: Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea

GO-2026-4364: Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea

GO-2026-4365: Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea

GO-2026-4366: Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea

GO-2026-4367: Gitea has improper access control for uploaded attachments in code.gitea.io/gitea

GO-2026-4368: Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea

GO-2026-4369: Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea

GO-2026-4370: Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea

v1.25.0

Oct 29, 2025 GO-2025-4258 +11 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2026-4274: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea

GO-2026-4362: Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea

GO-2026-4363: Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea

GO-2026-4364: Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea

GO-2026-4365: Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea

GO-2026-4366: Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea

GO-2026-4367: Gitea has improper access control for uploaded attachments in code.gitea.io/gitea

GO-2026-4368: Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea

GO-2026-4369: Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea

GO-2026-4370: Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea

Changes in this version

+ const DefaultLocale

+ var ErrBrokenCommand = errors.New("git command is broken")

+ var GitExecutable = "git"

+ func CommonCmdServEnvs() []string

+ func CommonGitCmdEnvs() []string

+ func ConcatenateError(err error, stderr string) error

+ func HomeDir() string

+ func IsErrorExitCode(err error, code int) bool

+ func SetDefaultCommandExecutionTimeout(timeout time.Duration)

+ func SetExecutablePath(path string) error

+ type Command struct

+ func NewCommand(args ...internal.CmdArg) *Command

+ func (c *Command) AddArguments(args ...internal.CmdArg) *Command

+ func (c *Command) AddConfig(key, value string) *Command

+ func (c *Command) AddDashesAndList(list ...string) *Command

+ func (c *Command) AddDynamicArguments(args ...string) *Command

+ func (c *Command) AddOptionFormat(opt string, args ...any) *Command

+ func (c *Command) AddOptionValues(opt internal.CmdArg, args ...string) *Command

+ func (c *Command) LogString() string

+ func (c *Command) ProcessState() string

+ func (c *Command) Run(ctx context.Context, opts *RunOpts) error

+ func (c *Command) RunStdBytes(ctx context.Context, opts *RunOpts) (stdout, stderr []byte, runErr RunStdError)

+ func (c *Command) RunStdString(ctx context.Context, opts *RunOpts) (stdout, stderr string, runErr RunStdError)

+ type RunOpts struct

+ Dir string

+ Env []string

+ PipelineFunc func(context.Context, context.CancelFunc) error

+ Stderr io.Writer

+ Stdin io.Reader

+ Stdout io.Writer

+ Timeout time.Duration

+ UseContextTimeout bool

+ type RunStdError interface

+ Stderr func() string

+ Unwrap func() error

+ type TrustedCmdArgs []internal.CmdArg

+ func ToTrustedCmdArgs(args []string) TrustedCmdArgs

v1.25.0-rc0

Sep 25, 2025 GO-2025-4258 +11 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2026-4274: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea

GO-2026-4362: Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea

GO-2026-4363: Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea

GO-2026-4364: Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea

GO-2026-4365: Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea

GO-2026-4366: Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea

GO-2026-4367: Gitea has improper access control for uploaded attachments in code.gitea.io/gitea

GO-2026-4368: Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea

GO-2026-4369: Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea

GO-2026-4370: Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea