Affected by GO-2025-4261
and 9 other vulnerabilities
GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea
GO-2026-4362: Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea
GO-2026-4363: Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea
GO-2026-4364: Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea
GO-2026-4365: Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea
GO-2026-4366: Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea
GO-2026-4367: Gitea has improper access control for uploaded attachments in code.gitea.io/gitea
GO-2026-4368: Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea
GO-2026-4369: Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea
GO-2026-4370: Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea
package
Version:
v1.25.3
Opens a new window with list of versions in this module.
Published: Dec 18, 2025
License: MIT
Opens a new window with license information.
Imports: 7
Opens a new window with list of imports.
Imported by: 1
Opens a new window with list of known importers.
Documentation
¶
Verify calls hCaptcha API to verify token
WithContext sets the context.Context of a Client
WithHTTP sets the http.Client of a Client
Client is an hCaptcha client
New returns a new hCaptcha Client
Verify checks the response against the hCaptcha API
type ClientOption func(*Client)
ClientOption is a func to modify a new Client
ErrorCode is any possible error from hCaptcha
const (
ErrMissingInputSecret ErrorCode = "missing-input-secret"
ErrInvalidInputSecret ErrorCode = "invalid-input-secret"
ErrMissingInputResponse ErrorCode = "missing-input-response"
ErrInvalidInputResponse ErrorCode = "invalid-input-response"
ErrBadRequest ErrorCode = "bad-request"
ErrInvalidOrAlreadySeenResponse ErrorCode = "invalid-or-already-seen-response"
ErrNotUsingDummyPasscode ErrorCode = "not-using-dummy-passcode"
ErrSitekeySecretMismatch ErrorCode = "sitekey-secret-mismatch"
)
Error fulfills the error interface
String fulfills the Stringer interface
PostOptions are optional post form values
type Response struct {
Success bool `json:"success"`
ChallengeTS string `json:"challenge_ts"`
Hostname string `json:"hostname"`
Credit bool `json:"credit,omitempty"`
ErrorCodes []ErrorCode `json:"error-codes"`
}
Response is an hCaptcha response
Source Files
¶
Click to show internal directories.
Click to hide internal directories.