Security issue .git/config is accessable from the web
I use this image a lot, but found a security flaw. In standard configuration, just doing a config of the git pull settings, the .git folder is PUBLICLY accessible including the .git/config file that holds the username, token and url for the git pull. This is a major issue in my opinion. I use a read only user that has limited access, but still other people can now pull my code.