fix(auth): set User-Agent on avatar fetch and sync avatar on link-account register (#37564) by pandareen · Pull Request #37588 · go-gitea/gitea

pandareen · 2026-05-07T13:50:39Z

Summary

Fixes go-gitea/gitea#37564: when an OIDC provider returns a picture claim, Gitea is supposed to download that image as the user's avatar (if [oauth2_client] UPDATE_AVATAR = true). Two latent bugs prevented this from working consistently:

Default Go User-Agent rejected by some image hosts. oauth2UpdateAvatarIfNeed used http.Get, which sends User-Agent: Go-http-client/1.1. Hosts like upload.wikimedia.org reject that UA with 403, and every error path silently returned, so the user was left with an identicon and no log line to diagnose the issue.
Link-account register path skipped avatar sync. First-time OIDC sign-ins where auto-registration is disabled (or required a username/password retype) go through LinkAccountPostRegister, which created the user but never called oauth2SignInSync. So the avatar / full name / SSH keys from the IdP were dropped on the floor for those users, even though the existing-account-link path (oauth2LinkAccount) and the auto-register path (handleOAuth2SignIn) both already did the sync.

Changes

routers/web/auth/oauth.go — oauth2UpdateAvatarIfNeed now uses http.NewRequest + http.DefaultClient.Do, sets User-Agent: Gitea <version>, and logs every failure path at Warn (invalid URL, fetch error, non-200, body read error, oversize body, upload error). No silent failures.
routers/web/auth/linkaccount.go — LinkAccountPostRegister now calls oauth2SignInSync after a successful user creation, mirroring the auto-register and link-existing-account flows.
tests/integration/oauth_avatar_test.go — new TestOAuth2AvatarFromPicture integration test with five sub-cases:
- AutoRegister_FetchesAvatarFromPictureWithGiteaUA — happy path, asserts use_custom_avatar=true, an avatar hash is set, exactly one HTTP request was made, and the request carried a Gitea UA. The mock server enforces the UA prefix to mirror real-world hosts that reject Go's default UA.
- AutoRegister_NonOK_DoesNotUpdateAvatar — server returns 403; user's avatar must remain unset.
- AutoRegister_EmptyPicture_NoFetch — empty picture claim must not trigger any HTTP request.
- AutoRegister_UpdateAvatarFalse_NoFetch — UPDATE_AVATAR=false must not trigger any HTTP request.
- LinkAccountRegister_FetchesAvatarFromPicture — guards the linkaccount.go fix; without the new oauth2SignInSync call this assertion fails.

Test plan

go test -tags 'sqlite sqlite_unlock_notify' -run '^TestOAuth2AvatarFromPicture$' ./tests/integration/ -v — 5/5 sub-tests pass.
Manual: log in as a Keycloak user with picture claim pointing at https://avatars.githubusercontent.com/u/9919?v=4 — Gitea avatar is replaced with the GitHub picture.
Manual: same flow with https://upload.wikimedia.org/... — request now succeeds (or returns a clearly logged Warn line if rate-limited with 429); previously it silently 403'd.
Manual: UPDATE_AVATAR=false — user keeps the identicon, no outbound request in container logs.
Reviewer: please double-check that no other call sites of oauth2UpdateAvatarIfNeed rely on the old http.Get behaviour.

In Gitea: set [oauth2_client] ENABLE_AUTO_REGISTRATION = false (forces link/register UI).
Delete the OIDC user from DB so next login is a fresh registration:
DELETE FROM "user" WHERE login_type = 6;
Restart Gitea.
Login via Keycloak with valid picture.
Click Create new account in the link page; submit registration form.

Expected:

oauth2UpdateAvatarIfNeed IS called now (visible in logs).
User has the picture-claim avatar immediately, not identicon.
SSH keys and full name also synced if claim names are configured.

Test 8 — Existing OIDC user via link-account LINK flow (regression)

Same setup as Test 7 but instead of creating new account, click Sign in with existing account and provide local credentials.

Expected:

still works exactly as before (this path already called oauth2SignInSync).

Test 9 — Auto-register flow (regression)

Set [oauth2_client] ENABLE_AUTO_REGISTRATION = true.
Delete OIDC user, restart, login fresh.

Expected:

auto-creates user AND fetches avatar (existing behavior preserved).

…lose linter

Copilot

Pull request overview

This PR fixes OIDC/OAuth2 avatar synchronization from the picture claim when [oauth2_client] UPDATE_AVATAR = true, addressing cases where some avatar hosts reject Go’s default User-Agent, and ensuring the link-account “register” flow performs the same post-login sync as other OAuth2 paths.

Changes:

Update OAuth avatar fetch to send a User-Agent: Gitea <version> header and warn-log failures instead of silently ignoring them.
Ensure LinkAccountPostRegister calls oauth2SignInSync so newly created linked accounts also sync avatar/full name/SSH keys.
Add integration tests covering successful fetch, non-200 handling, empty picture, UPDATE_AVATAR disabled, and link-account register sync.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
`routers/web/auth/oauth.go`	Switch avatar download to an explicit request with a Gitea UA and add warning logs for failure paths.
`routers/web/auth/linkaccount.go`	Invoke `oauth2SignInSync` after creating a user in the link-account register flow.
`tests/integration/oauth_avatar_test.go`	Add integration coverage for avatar fetching from `picture` (including UA enforcement) and the link-account register path.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

…n context

pandareen · 2026-05-08T02:17:26Z

@silverwind @wxiaoguang requesting a review here

techknowlogick

Thanks for this PR, just a bit of feedback:
There's a centralized http client package that should be used as it contains things such as SSRF handling, timeouts, etc.. The User-Agent handling should be centralized in that package, since webhooks and other such outbound requests should be treated the same.

wxiaoguang · 2026-05-08T04:49:11Z

There's a centralized http client package that should be used as it contains things such as SSRF handling, timeouts, etc.. The User-Agent handling should be centralized in that package, since webhooks and other such outbound requests should be treated the same.

Why it must be in this PR's scope? It is just unrelated.

This PR aims to fix the "sync" bug, the "http client" is the same as before, it doesn't make anything worse.

The SSRF problem is another problem, and there is already a PR Fix OAuth2 avatar fetch SSRF guard with source-based allowlist #37123, but the author just made it stale.

dismiss wrong change request

pandareen · 2026-05-08T15:32:59Z

@wxiaoguang please can I get a review here

wxiaoguang · 2026-05-08T16:16:36Z

@wxiaoguang please can I get a review here

@silverwind @techknowlogick they first

pandareen · 2026-05-10T04:21:42Z

@silverwind @techknowlogick please let me know if this PR looks good
Thanks!

pandareen · 2026-05-11T05:59:35Z

@silverwind can I get your review here

pandareen · 2026-05-12T06:23:35Z

@silverwind @techknowlogick Can we get an approval if everything looks good thanks!

http.DefaultClient has no timeout, so a slow or hanging picture host (e.g. a rate-limiting CDN or a misbehaving IdP-supplied URL) could stall the OAuth callback handler indefinitely. Use a dedicated http.Client with a 30s Timeout for avatar downloads, matching the pattern used by the webhook and migration outbound clients. Co-Authored-By: Claude (Opus 4.7) <noreply@anthropic.com>

- Drop 3 of 5 subtests in TestOAuth2AvatarFromPicture: the empty-URL, UPDATE_AVATAR=false, and non-200 paths exercise pre-existing guard branches that this PR did not change. - Test server enforces the "Gitea " UA via 403, so a successful avatar sync implicitly proves the UA fix without an explicit header assert. - Reduce TestStripURL from 7 cases to 3 (plain, combined strip, parse error). - Trim verbose doc/comment blocks throughout. Co-Authored-By: Claude (Opus 4.7) <noreply@anthropic.com>

silverwind · 2026-05-13T04:02:46Z

Cut down a lot of AI comment cruft and useless tests.

Signed-off-by: silverwind <me@silverwind.io>

lafriks

As per comment

dismiss unrelated change request

pandareen · 2026-05-15T15:30:28Z

Lets merge this

bircni · 2026-05-15T15:35:27Z

@wxiaoguang go?

wxiaoguang · 2026-05-16T06:09:31Z

@lunny How many times I have told you that the commit message should be clear and correct?

Does the merged commit message match the PR's change? ef801bb

@pandareen

…ount register (#37564) (#37588) (#37726) Backport #37588 by @pandareen ## Summary Fixes [#37564](#37564): when an OIDC provider returns a `picture` claim, Gitea is supposed to download that image as the user's avatar (if `[oauth2_client] UPDATE_AVATAR = true`). Two latent bugs prevented this from working consistently: 1. **Default Go User-Agent rejected by some image hosts.** `oauth2UpdateAvatarIfNeed` used `http.Get`, which sends `User-Agent: Go-http-client/1.1`. Hosts like `upload.wikimedia.org` reject that UA with `403`, and every error path silently returned, so the user was left with an identicon and **no log line** to diagnose the issue. 2. **Link-account *register* path skipped avatar sync.** First-time OIDC sign-ins where auto-registration is disabled (or required a username/password retype) go through `LinkAccountPostRegister`, which created the user but never called `oauth2SignInSync`. So the avatar / full name / SSH keys from the IdP were dropped on the floor for those users, even though the existing-account-link path (`oauth2LinkAccount`) and the auto-register path (`handleOAuth2SignIn`) both already did the sync. ## Changes - `routers/web/auth/oauth.go` — `oauth2UpdateAvatarIfNeed` now uses `http.NewRequest` + `http.DefaultClient.Do`, sets `User-Agent: Gitea <version>`, and logs every failure path at `Warn` (invalid URL, fetch error, non-200, body read error, oversize body, upload error). No silent failures. - `routers/web/auth/linkaccount.go` — `LinkAccountPostRegister` now calls `oauth2SignInSync` after a successful user creation, mirroring the auto-register and link-existing-account flows. - `tests/integration/oauth_avatar_test.go` — new `TestOAuth2AvatarFromPicture` integration test with five sub-cases: - `AutoRegister_FetchesAvatarFromPictureWithGiteaUA` — happy path, asserts `use_custom_avatar=true`, an avatar hash is set, exactly one HTTP request was made, and the request carried a `Gitea ` UA. The mock server enforces the UA prefix to mirror real-world hosts that reject Go's default UA. - `AutoRegister_NonOK_DoesNotUpdateAvatar` — server returns 403; user's avatar must remain unset. - `AutoRegister_EmptyPicture_NoFetch` — empty `picture` claim must not trigger any HTTP request. - `AutoRegister_UpdateAvatarFalse_NoFetch` — `UPDATE_AVATAR=false` must not trigger any HTTP request. - `LinkAccountRegister_FetchesAvatarFromPicture` — guards the `linkaccount.go` fix; without the new `oauth2SignInSync` call this assertion fails. ## Test plan - [x] `go test -tags 'sqlite sqlite_unlock_notify' -run '^TestOAuth2AvatarFromPicture$' ./tests/integration/ -v` — 5/5 sub-tests pass. - [x] Manual: log in as a Keycloak user with `picture` claim pointing at `https://avatars.githubusercontent.com/u/9919?v=4` — Gitea avatar is replaced with the GitHub picture. - [x] Manual: same flow with `https://upload.wikimedia.org/...` — request now succeeds (or returns a clearly logged `Warn` line if rate-limited with `429`); previously it silently 403'd. - [x] Manual: `UPDATE_AVATAR=false` — user keeps the identicon, no outbound request in container logs. - [ ] Reviewer: please double-check that no other call sites of `oauth2UpdateAvatarIfNeed` rely on the old `http.Get` behaviour. ## Related - Upstream issue: #37564 -------------------------------------------- AI Editor was used in this PR --------- Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: pandareen <7270563+pandareen@users.noreply.github.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Nicolas <bircni@icloud.com>

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [code.gitea.io/gitea](https://github.com/go-gitea/gitea) | `v1.26.1` → `v1.26.2` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.gitea.io%2fgitea/v1.26.2?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.gitea.io%2fgitea/v1.26.1/v1.26.2?slim=true) | --- ### Release Notes <details> <summary>go-gitea/gitea (code.gitea.io/gitea)</summary> ### [`v1.26.2`](https://github.com/go-gitea/gitea/releases/tag/v1.26.2) [Compare Source](go-gitea/gitea@v1.26.1...v1.26.2) - SECURITY - fix(permissions): Fix reading permission ([#37769](go-gitea/gitea#37769)) - fix(actions): make artifact signature payloads unambiguous ([#37707](go-gitea/gitea#37707)) - fix: Unify public-only token filtering in API queries and repo access checks ([#37118](go-gitea/gitea#37118)) - fix: Add missed token scope checking ([#37735](go-gitea/gitea#37735)) - fix(oauth): bind token exchanges to the original client request ([#37704](go-gitea/gitea#37704)) - fix(oauth): strengthen PKCE validation and refresh token replay protection ([#37706](go-gitea/gitea#37706)) - fix(web): enforce token scopes on raw, media, and attachment downloads ([#37698](go-gitea/gitea#37698)) - fix(security): enforce wiki git writes and LFS token access at request time ([#37695](go-gitea/gitea#37695)) - feat(api): encrypt AWS creds ([#37679](go-gitea/gitea#37679)) - fix(deps): update dependency mermaid to v11.15.0 \[security], add e2e test - fix(packages): Add label for private and internal package and fix composor package source permission check ([#37610](go-gitea/gitea#37610)) - fix(git): Fix smart http request scope bug ([#37583](go-gitea/gitea#37583)) - Fix basic auth bug ([#37503](go-gitea/gitea#37503)) - Fix allow maintainer edit permission check ([#37479](go-gitea/gitea#37479)) ([#37484](go-gitea/gitea#37484)) - Fix URL sanitization to handle schemeless credentials ([#37440](go-gitea/gitea#37440)) ([#37471](go-gitea/gitea#37471)) - Fix attachment Content-Security-Policy ([#37455](go-gitea/gitea#37455)) ([#37464](go-gitea/gitea#37464)) - chore(deps): bump go-git/go-git/v5 to 5.19.0 ([#37608](go-gitea/gitea#37608)) - BUGFIXES - fix(pull): handle empty pull request files view to allow reviews ([#37783](go-gitea/gitea#37783)) - fix(markup): make RenderString never fail ([#37779](go-gitea/gitea#37779)) - fix: add natural sort to sortTreeViewNodes ([#37772](go-gitea/gitea#37772)) - fix: package creation unique conflict ([#37774](go-gitea/gitea#37774)) - fix!: add DEFAULT\_TITLE\_SOURCE setting for pull request title default behavior ([#37465](go-gitea/gitea#37465)) - fix: Allow direct commits for unprotected files with push restrictions ([#37657](go-gitea/gitea#37657)) - fix(actions): wrong assumption that run id always >= job id ([#37737](go-gitea/gitea#37737)) - fix(auth): set User-Agent on avatar fetch and sync avatar on link-account register ([#37564](go-gitea/gitea#37564)) ([#37588](go-gitea/gitea#37588)) - fix(actions): deadlock between PrepareRunAndInsert and UpdateTaskByState ([#37692](go-gitea/gitea#37692)) - fix(repo): /generate must sync the branch table for the new repo ([#37693](go-gitea/gitea#37693)) - build: Fix snap build (1.26) - fix(actions): run TransferLogs on UpdateLog{Rows:\[], NoMore:true} ([#37631](go-gitea/gitea#37631)) - fix show correct mergebase - fix: make clone URL respect public URL detection setting ([#37615](go-gitea/gitea#37615)) - fix: "run as root" check ([#37622](go-gitea/gitea#37622)) - chore(deps): update dependency go to v1.26.3 ([#37601](go-gitea/gitea#37601)) - Compare dropdown fails when selecting branch with no common merge-base ([#37470](go-gitea/gitea#37470)) - fix: treat email addresses case-insensitively ([#37600](go-gitea/gitea#37600)) - fix(actions): fix blank lines after ::endgroup:: ([#37597](go-gitea/gitea#37597)) - fix(actions): report individual step status in workflow job API response ([#37592](go-gitea/gitea#37592)) - fix: Invalid UTF-8 commit messages in JSON API responses ([#37542](go-gitea/gitea#37542)) - fix: use consistent GetUser family functions ([#37553](go-gitea/gitea#37553)) - fix(api): return 409 message instead of empty JSON for wrong commit id ([#37572](go-gitea/gitea#37572)) - fix(actions): prevent panic when workflow contains null jobs ([#37570](go-gitea/gitea#37570)) - Make ServeSetHeaders default to download attachment if filename exists ([#37552](go-gitea/gitea#37552)) ([#37555](go-gitea/gitea#37555)) - Fix(actions): validate workflow param to prevent 500 error ([#37546](go-gitea/gitea#37546)) ([#37554](go-gitea/gitea#37554)) - Don't unblock run-level-concurrency-blocked runs in the resolver ([#37461](go-gitea/gitea#37461)) ([#37538](go-gitea/gitea#37538)) - Fix(packages): use file names for generic web downloads ([#37514](go-gitea/gitea#37514)) ([#37520](go-gitea/gitea#37520)) - Fix merge autodetect can't close other PRs but only the last one when multiple PRs are pushed at once ([#37512](go-gitea/gitea#37512)) ([#37516](go-gitea/gitea#37516)) - Fix update branch protection order ([#37508](go-gitea/gitea#37508)) ([#37513](go-gitea/gitea#37513)) - Fix mCaptcha broken after Vite migration ([#37492](go-gitea/gitea#37492)) ([#37509](go-gitea/gitea#37509)) - Fix review submission from single-commit PR view ([#37475](go-gitea/gitea#37475)) ([#37485](go-gitea/gitea#37485)) - Fix scheduled action panic with null event payload ([#37459](go-gitea/gitea#37459)) ([#37466](go-gitea/gitea#37466)) - Make GetPossibleUserByID can handle deleted user ([#37430](go-gitea/gitea#37430)) ([#37431](go-gitea/gitea#37431)) - Remove excessive quote from terraform instructions ([#37424](go-gitea/gitea#37424)) ([#37426](go-gitea/gitea#37426)) - Fix color regressions, add `priority` color ([#37417](go-gitea/gitea#37417)) ([#37421](go-gitea/gitea#37421)) - MISC - Add CurrentURL template variable back ([#37444](go-gitea/gitea#37444)) ([#37449](go-gitea/gitea#37449)) Instances on **[Gitea Cloud](https://cloud.gitea.com)** will be automatically upgraded to this version during the specified maintenance window. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: https://git.erwanleboucher.dev/eleboucher/apoci/pulls/47

Fix go-gitea#37564: Set User-Agent on avatar fetch and sync avatar on…

5287aba

… link-account registration

GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label May 7, 2026

test(integration): drop unused *http.Response return to satisfy bodyc…

17d1047

…lose linter

silverwind requested a review from Copilot May 7, 2026 15:44

Copilot started reviewing on behalf of silverwind May 7, 2026 15:45 View session

Copilot AI reviewed May 7, 2026

View reviewed changes

Comment thread routers/web/auth/oauth.go Outdated

Comment thread routers/web/auth/oauth.go

Fix go-gitea#37564: Review comments, url sanitzer, wrap httprequest i…

8c94ee8

…n context

silverwind reviewed May 8, 2026

View reviewed changes

Comment thread modules/util/url.go Outdated

techknowlogick previously requested changes May 8, 2026

View reviewed changes

GiteaBot added lgtm/blocked A maintainer has reservations with the PR and thus it cannot be merged and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels May 8, 2026

GiteaBot added lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. and removed lgtm/blocked A maintainer has reservations with the PR and thus it cannot be merged labels May 8, 2026

pandareen added 2 commits May 8, 2026 11:09

Fix go-gitea#37564: Rename to StripUrl

4646e0b

Fix go-gitea#37564: Rename to StripURL - lint review

a093b0b

pandareen requested review from silverwind and techknowlogick May 8, 2026 07:53

silverwind and others added 2 commits May 13, 2026 05:47

silverwind approved these changes May 13, 2026

View reviewed changes

wxiaoguang added 3 commits May 13, 2026 17:37

clean up

96b7e88

clean up

22f3be9

clean up

104e925

silverwind reviewed May 13, 2026

View reviewed changes

Comment thread tests/integration/oauth_test.go Outdated

silverwind and others added 2 commits May 13, 2026 11:58

typo

ecbcd14

Signed-off-by: silverwind <me@silverwind.io>

fix lint

b430971

pandareen requested a review from lunny May 15, 2026 03:36

lunny approved these changes May 15, 2026

View reviewed changes

GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels May 15, 2026

lunny added the type/bug label May 15, 2026

lafriks reviewed May 15, 2026

View reviewed changes

Comment thread routers/web/auth/oauth.go

lafriks previously requested changes May 15, 2026

View reviewed changes

GiteaBot added lgtm/blocked A maintainer has reservations with the PR and thus it cannot be merged and removed lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. labels May 15, 2026

GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/blocked A maintainer has reservations with the PR and thus it cannot be merged labels May 15, 2026

Merge branch 'main' into fix-37564-useragent-updateavatar

021bc8f

Merge branch 'main' into fix-37564-useragent-updateavatar

5cfcd80

lunny merged commit ef801bb into go-gitea:main May 15, 2026
21 checks passed

GiteaBot added this to the 1.27.0 milestone May 15, 2026

lunny added the backport/v1.26 This PR should be backported to Gitea 1.26 label May 15, 2026

GiteaBot mentioned this pull request May 16, 2026

fix(auth): set User-Agent on avatar fetch and sync avatar on link-account register (#37564) (#37588) #37726

Merged

5 tasks

GiteaBot added the backport/done All backports for this PR have been created label May 16, 2026

Uh oh!

Conversation

pandareen commented May 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Changes

Test plan

Related

Uh oh!

pandareen commented May 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

These are my manual local tests

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Uh oh!

Uh oh!

pandareen commented May 8, 2026

Uh oh!

Uh oh!

techknowlogick left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

wxiaoguang commented May 8, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

pandareen commented May 8, 2026

Uh oh!

wxiaoguang commented May 8, 2026

Uh oh!

pandareen commented May 10, 2026

Uh oh!

pandareen commented May 11, 2026

Uh oh!

pandareen commented May 12, 2026

Uh oh!

silverwind commented May 13, 2026

Uh oh!

Uh oh!

Uh oh!

lafriks left a comment

Choose a reason for hiding this comment

Uh oh!

pandareen commented May 15, 2026

Uh oh!

bircni commented May 15, 2026

Uh oh!

Uh oh!

wxiaoguang commented May 16, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

9 participants

pandareen commented May 7, 2026 •

edited

Loading

pandareen commented May 7, 2026 •

edited

Loading

techknowlogick left a comment •

edited

Loading

wxiaoguang commented May 8, 2026 •

edited

Loading