{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreiaxhdu4z6mko5vgyn77t7bxw54kikqun326flvajl4pvwszzwacoq",
    "uri": "at://did:plc:b3tz6srl4ochk2wxn6dv6xpy/app.bsky.feed.post/3mleh5m4y5no2"
  },
  "path": "/Articles/1071499/",
  "publishedAt": "2026-05-08T16:30:46.000Z",
  "site": "https://lwn.net",
  "tags": [
    "Forgejo"
  ],
  "textContent": "An unusual, some might say hostile, approach to disclosing an alleged remote-code-execution (RCE) flaw in the Forgejo software-collaboration platform has sparked a multifaceted conversation. A so-called \"\"carrot disclosure\"\" in April has raised questions about the researcher's methods of unveiling a security problem, Forgejo's security policies, and the project's overall security posture.",
  "title": "[$] Forgejo \"carrot disclosure\" raises security questions"
}