diff --git a/Dockerfile b/Dockerfile
index 973d93b784cca..77f98504d6adc 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -33,7 +33,6 @@ RUN apk --no-cache add \
     ca-certificates \
     curl \
     gettext \
-    git \
     linux-pam \
     openssh \
     s6 \
@@ -41,6 +40,14 @@ RUN apk --no-cache add \
     su-exec \
     gnupg
 
+#
+# Only required until git > 2.36 is released in alpine because Gitea needs
+# support for *
+#
+# https://git-scm.com/docs/git-config#Documentation/git-config.txt-safedirectory
+#
+RUN apk add git --repository=http://dl-cdn.alpinelinux.org/alpine/edge/main
+
 RUN addgroup \
     -S -g 1000 \
     git && \
diff --git a/docs/content/doc/installation/from-binary.en-us.md b/docs/content/doc/installation/from-binary.en-us.md
index d3486d8150996..db6e45e194885 100644
--- a/docs/content/doc/installation/from-binary.en-us.md
+++ b/docs/content/doc/installation/from-binary.en-us.md
@@ -68,6 +68,8 @@ adduser \
    git
 ```
 
+**NOTE:** If such a dedicated Gitea user is not created and Gitea is run from an already existing user instead, it may modify the global git configuration file. It is possible to use an altnerate global git configuration file by setting the [GIT_CONFIG_GLOBAL](https://git-scm.com/docs/git#Documentation/git.txt-codeGITCONFIGGLOBALcode) if [git version 2.32 or above](https://github.com/git/git/blob/master/Documentation/RelNotes/2.32.0.txt#L92-L93) is installed.
+
 ### Create required directory structure
 
 ```sh
diff --git a/modules/git/git.go b/modules/git/git.go
index 8fad07033006a..f9917ddacf748 100644
--- a/modules/git/git.go
+++ b/modules/git/git.go
@@ -206,6 +206,16 @@ func Init(ctx context.Context) error {
 		SupportProcReceive = false
 	}
 
+	if CheckGitVersionAtLeast("2.36") == nil {
+		//
+		// Disable the security check because Gitea runs the git CLI from within the
+		// repository. See https://github.com/go-gitea/gitea/issues/19455 for the full discussion.
+		//
+		if err := checkAndSetConfig("safe.directory", "*", true); err != nil {
+			return err
+		}
+	}
+
 	if runtime.GOOS == "windows" {
 		if err := checkAndSetConfig("core.longpaths", "true", true); err != nil {
 			return err