Gitea versions up to and including 1.26.2 have incomplete SSRF protection in webhook and migration allow-list filtering.CreditsJLLeitschuhReferenceshttps://github.com/go-gitea/gitea/security/advisories/GHSA-2r5c-gw76-rh3whttps://github.com/go-gitea/gitea/pull/38173https://github.com/go-gitea/gitea/pull/38059https://github.com/go-gitea/gitea/releases/tag/v1.26.3https://blog.gitea.com/release-of-1.26.3-and-1.26.4/