Until a patch is released, developers and CSOs in organizations with the platform in use should strictly enforce restricted network access to Gogs, Emmons said, and ensure that only those who need access can use the application. Furthermore, if user self-registration is not already disabled, it should be. Only administrators should be able to create new user accounts.
Rapid7 describes Gogs as a lightweight, self-hosted Git service written in Go that can run on any platform supported by the Go toolchain, including Linux, macOS, and Windows, as well as on ARM-based systems. It’s one of the more popular self-hosted alternatives to Microsoft-owned GitHub, says Rapid7, and is commonly deployed by companies, universities, and open-source projects.
