Good evening,
Waddlesplash alerted me of CVE-2018-14912 published this afternoon.
https://nvd.nist.gov/vuln/detail/CVE-2018-14912 ;
(https://nvd.nist.gov/vuln/detail/CVE-2018-14912)
cgit allows read access to the entire filesystem access when http clones are
enabled.
I've temporarily disabled http/https clones until we can get it upgraded.
Since cgit is in an isolated Docker container, no risk of data exposure or
compromise is present.
The Github mirrors are a great option if you need http/https access to our
repositories until fixed.
Thanks!
-- Alexander von Gluck IV