The gogs maintainer currently seems to not be doing much with it and seems to be ignoring security reports. I would probably recommend the gitea fork instead.
Sure, I reported an issue to the Gogs maintainer over two weeks ago and he hasn't acknowledged it at all. Here's the public reference that their SECURITY.md asks for: https://github.com/gogs/gogs/issues/6534
The instance also runs inside a LAN so... whatever.