A security issue was reported in cgit, with an upstream response here:
It says to expect a patch tomorrow.
Fixed in Cauldron in cgit 1.2.1-4
Packages for Mga6:
the fixed package is also installed on Mageia gitweb host
Validating since its been running for over a month on Mageia infra.
subject: Updated cgit packages fix security vulnerability
A specially crafted URL in can potentially cause cgit to excessively use
CPU and network resources, resulting in a Denial-of-Service.
This update resolves that issue
An update for this issue has been pushed to the Mageia Updates repository.