Version 1.28.2

luckily, sshd does not error if the interface has no IPv6 address

CHANGELOG.md

@@ -799,3 +799,403 @@
 * Add caller to cat-file batch calls (#17082) (#17089)
 * Many bug fixes
 
+[1.22.4]
+* Update Gitea to 1.15.4
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.15.4)
+* Raw file API: don't try to interpret 40char filenames as commit SHA (#17185) (#17272)
+* Don't allow merged PRs to be reopened (#17192) (#17271)
+* Fix incorrect repository count on organization tab of dashboard (#17256) (#17266)
+* Fix unwanted team review request deletion (#17257) (#17264)
+* Fix broken Activities link in team dashboard (#17255) (#17258)
+* API pull's head/base have correct permission(#17214) (#17245)
+* Fix stange behavior of DownloadPullDiffOrPatch in incorect index (#17223) (#17227)
+* Upgrade xorm to v1.2.5 (#17177) (#17188)
+* Fix missing repo link in issue/pull assigned emails (#17183) (#17184)
+* Fix bug of get context user (#17169) (#17172)
+* Nicely handle missing user in collaborations (#17049) (#17166)
+* Add Horizontal scrollbar to inner menu on Chrome (#17086) (#17164)
+* Fix wrong i18n keys (#17150) (#17153)
+* Fix Archive Creation: correct transaction ending (#17151)
+* Prevent panic in Org mode HighlightCodeBlock (#17140) (#17141)
+* Create doctor command to fix repo_units broken by dumps from 1.14.3-1.14.6 (#17136) (#17137)
+
+[1.22.5]
+* Update Gitea to 1.15.5
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.15.5)
+* Upgrade Bluemonday to v1.0.16 (#17372) (#17374)
+* Ensure correct SSH permissions check for private and restricted users (#17370) (#17373)
+* Prevent NPE in CSV diff rendering when column removed (#17018) (#17377)
+* Offer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH (#17281) (#17376)
+* Don't panic if we fail to parse U2FRegistration data (#17304) (#17371)
+* Ensure popup text is aligned left (backport for 1.15) (#17343)
+* Ensure that git daemon export ok is created for mirrors (#17243) (#17306)
+* Disable core.protectNTFS (#17300) (#17302)
+* Use pointer for wrappedConn methods (#17295) (#17296)
+* AutoRegistration is supposed to be working with disabled registration (backport) (#17292)
+* Handle duplicate keys on GPG key ring (#17242) (#17284)
+* Fix SVG side by side comparison link (#17375) (#17391)
+
+[1.22.6]
+* Update Gitea to 1.15.6
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.15.6)
+* Prevent panic in serv.go with Deploy Keys (#17434) (#17435)
+* Fix CSV render error (#17406) (#17431)
+* Read expected buffer size (#17409) (#17430)
+* Ensure that restricted users can access repos for which they are members (#17460) (#17464)
+* Make commit-statuses popup show correctly (#17447) (#17466)
+
+[1.23.0]
+* Update Gitea to 1.15.7
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.15.7)
+* Enable rendering of jupyter notebooks, rst, asciidoc by default
+* Only allow webhook to send requests to allowed hosts (#17482) (#17510)
+* Fix login redirection links (#17451) (#17473)
+
+[1.23.1]
+* Update Gitea to 1.15.8
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.15.8)
+* Move POST /{username}/action/{action} to simply POST /{username} (#18045) (#18046)
+* Fix delete u2f keys bug (#18040) (#18042)
+* Reset Session ID on login (#18018) (#18041)
+* Prevent off-by-one error on comments on newly appended lines (#18029) (#18035)
+* Stop printing 03d after escaped characters in logs (#18030) (#18034)
+
+[1.23.2]
+* Update Gitea to 1.15.9
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.15.9)
+* Fix wrong redirect on org labels (#18128) (#18134)
+* Fix: unstable sort skips/duplicates issues across pages (#18094) (#18095)
+* Revert "Fix delete u2f keys bug (#18042)" (#18107)
+* Migrating wiki don't require token, so we should move it out of the require form (#17645) (#18104)
+* Prevent NPE if gitea uploader fails to open url (#18080) (#18101)
+* Reset locale on login (#17734) (#18100)
+* Correctly handle failed migrations (#17575) (#18099)
+* Instead of using routerCtx just escape the url before routing (#18086) (#18098)
+* Quote references to the user table in consistency checks (#18072) (#18073)
+* Add NotFound handler (#18062) (#18067)
+* Ensure that git repository is closed before transfer (#18049) (#18057)
+* Use common sessioner for API and web routes (#18114)
+
+[1.23.3]
+* Update Gitea to 1.15.10
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.15.10)
+* Fix inconsistent PR comment counts (#18260) (#18261)
+* Fix release link broken (#18252) (#18253)
+* Fix update user from site administration page bug (#18250) (#18251)
+* Set HeadCommit when creating tags (#18116) (#18173)
+* Use correct translation key for error messages due to max repo limits (#18135 & #18153) (#18152)
+* Fix purple color in suggested label colors (#18241) (#18242)
+* Bump mermaid from 8.10.1 to 8.13.8 (#18198) (#18206)
+
+[1.23.4]
+* Update Gitea to 1.16.0
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.16.0)
+
+[1.23.5]
+* Update Gitea to 1.16.1
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.16.1)
+* Update JS dependencies, fix lint (#18389) (#18540)
+* Add dropdown icon to label set template dropdown (#18564) (#18571)
+* Comments on migrated issues/prs must link to the comment ID (#18630) (#18637)
+* Stop logging an error when notes are not found (#18626) (#18635)
+* Ensure that blob-excerpt links work for wiki (#18587) (#18624)
+* Only attempt to flush queue if the underlying worker pool is not finished (#18593) (#18620)
+
+[1.23.6]
+* Update Gitea to 1.16.2
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.16.2)
+* Show fullname on issue edits and gpg/ssh signing info (#18828)
+* Immediately Hammer if second kill is sent (#18823) (#18826)
+* Allow mermaid render error to wrap (#18791)
+
+[1.23.7]
+* Update Gitea to 1.16.3
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.16.3)
+
+[1.23.8]
+* Update Gitea to 1.16.4
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.16.4)
+* Restrict email address validation (#17688) (#19085)
+* Fix lfs bug (#19072) (#19080)
+
+[1.23.9]
+* Update Gitea to 1.16.5
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.16.5)
+* Prevent redirect to Host (2) (#19175) (#19186)
+* Try to prevent autolinking of displaynames by email readers (#19169) (#19183)
+* Clean paths when looking in Storage (#19124) (#19179)
+* Do not send notification emails to inactive users (#19131) (#19139)
+* Do not send activation email if manual confirm is set (#19119) (#19122)
+
+[1.23.10]
+* Update Gitea to 1.16.6
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.16.6)
+
+[1.23.11]
+* Update Gitea to 1.16.7
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.16.7)
+* Escape git fetch remote (#19487) (#19490)
+* On Migrations, only write commit-graph if wiki clone was successful (#19563) (#19568)
+* Respect DefaultUserIsRestricted system default when creating new user (#19310) (#19560)
+* Don't error when branch's commit doesn't exist (#19547) (#19548)
+* Support hostname:port to pass host matcher's check (#19543) (#19544)
+* Prevent dangling archiver goroutine (#19516) (#19526)
+* Fix migrate release from github (#19510) (#19523)
+* When view `_Siderbar` or `_Footer`, just display once (#19501) (#19522)
+* Fix blame page select range error and some typos (#19503)
+* Fix name of doctor fix "authorized-keys" in hints (#19464) (#19484)
+* User specific repoID or xorm builder conditions for issue search (#19475) (#19476)
+* Prevent dangling cat-file calls (goroutine alternative) (#19454) (#19466)
+* RepoAssignment ensure to close before overwrite (#19449) (#19460)
+* Set correct PR status on 3way on conflict checking (#19457) (#19458)
+* Mark TemplateLoading error as "UnprocessableEntity" (#19445) (#19446)
+
+[1.23.12]
+* Update Gitea to 1.16.8
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.16.8)
+* Add doctor check/fix for bogus action rows (#19656) (#19669)
+* Make .cs highlighting legible on dark themes (#19604) (#19605)
+* Delete user related oauth stuff on user deletion too (#19677) (#19680)
+* Fix new release from tags list UI (#19670) (#19673)
+* Prevent NPE when checking repo units if the user is nil (#19625) (#19630)
+
+[1.24.0]
+* Update Gitea to 1.17.0
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.17.0)
+* Automatically render wiki TOC (#19873)
+* Adding button to link accounts from user settings (#19792)
+* Allow set default merge style while creating repo (#19751)
+* Auto merge pull requests when all checks succeeded (#9307 & #19648)
+* Improve reviewing PR UX (#19612)
+* Add support for rendering console output with colors (#19497)
+
+[1.24.1]
+* Update Gitea to 1.17.1
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.17.1)
+* Correctly escape within tribute.js (#20831) (#20832)
+* Add support for NuGet API keys (#20721) (#20734)
+* Display project in issue list (#20583)
+* Add disable download source configuration (#20548) (#20579)
+* Add username check to doctor (#20140) (#20671)
+* Enable Wire 2 for Internal SSH Server (#20616) (#20617)
+* Use the total issue count for UI (#20785) (#20827)
+* Add proxy host into allow list (#20798) (#20819)
+* Add missing translation for queue flush workers (#20791) (#20792)
+* Improve comment header for mobile (#20781) (#20789)
+* Fix git.Init for doctor sub-command (#20782) (#20783)
+* Check webhooks slice length before calling xorm (#20642) (#20768)
+* Remove manual rollback for failed generated repositories (#20639) (#20762)
+* Use correct field name in npm template (#20675) (#20760)
+* Keep download count on Container tag overwrite (#20728) (#20735)
+* Fix v220 migration to be compatible for MSSQL 2008 r2 (#20702) (#20707)
+* Use request timeout for git service rpc (#20689) (#20693)
+* Send correct NuGet status codes (#20647) (#20677)
+* Use correct context to get package content (#20673) (#20676)
+* Fix the JS error "EventSource is not defined" caused by some non-standard browsers (#20584) (#20663)
+* Add default commit messages to PR for squash merge (#20618) (#20645)
+* Fix package upload for files >32mb (#20622) (#20635)
+* Fix the new-line copy-paste for rendered code (#20612)
+* Clean up and fix clone button script (#20415 & #20600) (#20599)
+* Fix default merge style (#20564) (#20565)
+* Add repository condition for issue count (#20454) (#20496)
+* Make branch icon stand out more (#20726) (#20774)
+* Fix loading button with invalid form (#20754) (#20759)
+* Fix SecToTime edge-cases (#20610) (#20611)
+* Executable check always returns true for windows (#20637) (#20835)
+* Check issue labels slice length before calling xorm Insert (#20655) (#20836)
+* Fix owners cannot create organization repos bug (#20841) (#20854)
+* Prevent 500 is head repo does not have PullRequest unit in IsUserAllowedToUpdate (#20839) (#20848)
+
+[1.24.2]
+* Update Gitea to 1.17.2
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.17.2)
+* Double check CloneURL is acceptable (#20869) (#20892)
+* Add more checks in migration code (#21011) (#21050)
+* Fix hard-coded timeout and error panic in API archive download endpoint (#20925) (#21051)
+* Improve arc-green code theme (#21039) (#21042)
+* Enable contenthash in filename for dynamic assets (#20813) (#20932)
+* Don't open new page for ext wiki on same repository (#20725) (#20910)
+* Disable doctor logging on panic (#20847) (#20898)
+* Remove calls to load Mirrors in user.Dashboard (#20855) (#20897)
+* Update codemirror to 5.65.8 (#20875)
+* Rework repo buttons (#20602, #20718) (#20719)
+* Ensure delete user deletes all comments (#21067) (#21068)
+* Delete unreferenced packages when deleting a package version (#20977) (#21060)
+* Redirect if user does not exist on admin pages (#20981) (#21059)
+* Set uploadpack.allowFilter etc on gitea serv to enable partial clones with ssh (#20902) (#21058)
+* Fix 500 on time in timeline API (#21052) (#21057)
+* Fill the specified ref in webhook test payload (#20961) (#21055)
+* Add another index for Action table on postgres (#21033) (#21054)
+* Fix broken insecureskipverify handling in redis connection uris (#20967) (#21053)
+* Add Dev, Peer and Optional dependencies to npm PackageMetadataVersion (#21017) (#21044)
+* Do not add links to Posters or Assignees with ID < 0 (#20577) (#21037)
+* Fix modified due date message (#20388) (#21032)
+* Fix missed sort bug (#21006)
+* Fix input.value attr for RequiredClaimName/Value (#20946) (#21001)
+* Change review buttons to icons to make space for text (#20934) (#20978)
+* Fix download archiver of a commit (#20962) (#20971)
+* Return 404 NotFound if requested attachment does not exist (#20886) (#20941)
+* Set no-tags in git fetch on compare (#20893) (#20936)
+* Allow multiple metadata files for Maven packages (#20674) (#20916)
+* Increase Content field size of gpg_key and public_key to MEDIUMTEXT (#20896) (#20911)
+* Fix mirror address setting not working (#20850) (#20904)
+* Fix push mirror address backend get error Address cause setting page display error (#20593) (#20901)
+* Fix panic when an invalid oauth2 name is passed (#20820) (#20900)
+* In PushMirrorsIterate and MirrorsIterate if limit is negative do not set it (#20837) (#20899)
+* Ensure that graceful start-up is informed of unused SSH listener (#20877) (#20888)
+* Pad GPG Key ID with preceding zeroes (#20878) (#20885)
+* Fix SQL Query for SearchTeam (#20844) (#20872)
+* Fix the mode of custom dir to 0700 in docker-rootless (#20861) (#20867)
+* Fix UI mis-align for PR commit history (#20845) (#20859)
+
+[1.24.3]
+* Update Gitea to 1.17.3
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.17.3)
+* SECURITY
+  * Sanitize and Escape refs in git backend (#21464) (#21463)
+  * Bump golang.org/x/text (#21412) (#21413)
+  * Update bluemonday (#21281) (#21287)
+* ENHANCEMENTS
+  * Fix empty container layer history and UI (#21251) (#21278)
+  * Use en-US as fallback when using other default language (#21200) (#21256)
+  * Make the vscode clone link respect transport protocol (#20557) (#21128)
+
+[1.24.4]
+* Make email display name configurable
+
+[1.24.5]
+* Support autosigning via gnupg
+
+[1.25.0]
+* Update Gitea to 1.17.4
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.17.4)
+* Do not allow Ghost access to limited visible user/org (#21849) (#21875)
+* Fix package access for admins and inactive users (#21580) (#21592)
+* Fix button in branch list, avoid unexpected page jump before restore branch actually done (#21562) (#21927)
+* Fix vertical align of committer avatar rendered by email address (#21884) (#21919)
+* Fix setting HTTP headers after write (#21833) (#21874)
+* Ignore line anchor links with leading zeroes (#21728) (#21777)
+* Enable Monaco automaticLayout (#21516)
+
+[1.25.1]
+* Trust reverse proxy IP
+
+[1.26.0]
+* Update Gitea to 1.18.0
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.18.0)
+* Remove ReverseProxy authentication from the API (#22219) (#22251)
+* Support Go Vulnerability Management (#21139)
+* Forbid HTML string tooltips (#20935)
+* Rework mailer settings (#18982)
+* Remove U2F support (#20141)
+* Refactor i18n to locale (#20153)
+* Enable contenthash in filename for dynamic assets (#20813)
+* And a lot more enhancements
+
+[1.26.1]
+* Update Gitea to 1.18.1
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.18.1)
+* Update github.com/zeripath/zapx/v15 (#22485)
+* Fix pull request API field closed_at always being null (#22482) (#22483)
+* Fix container blob mount (#22226) (#22476)
+* Fix error when calculating repository size (#22392) (#22474)
+* Fix Operator does not exist bug on explore page with ONLY_SHOW_RELEVANT_REPOS (#22454) (#22472)
+* Fix environments for KaTeX and error reporting (#22453) (#22473)
+* Remove the netgo tag for Windows build (#22467) (#22468)
+* Fix migration from GitBucket (#22477) (#22465)
+* Prevent panic on looking at api "git" endpoints for empty repos (#22457) (#22458)
+* Fix PR status layout on mobile (#21547) (#22441)
+* Fix wechatwork webhook sends empty content in PR review (#21762) (#22440)
+* Remove duplicate "Actions" label in mobile view (#21974) (#22439)
+* Fix leaving organization bug on user settings -> orgs (#21983) (#22438)
+* Fixed colour transparency regex matching in project board sorting (#22092) (#22437)
+* Correctly handle select on multiple channels in Queues (#22146) (#22428)
+* Prepend refs/heads/ to issue template refs (#20461) (#22427)
+* Restore function to "Show more" buttons (#22399) (#22426)
+* Continue GCing other repos on error in one repo (#22422) (#22425)
+* Allow HOST has no port (#22280) (#22409)
+* Fix omit `avatar_url` in discord payload when empty (#22393) (#22394)
+* Don't display stop watch top bar icon when disabled and hidden when click other place (#22374) (#22387)
+* Don't lookup mail server when using sendmail (#22300) (#22383)
+* Fix gravatar disable bug (#22337)
+* Fix update settings table on install (#22326) (#22327)
+* Fix sitemap (#22272) (#22320)
+* Fix code search title translation (#22285) (#22316)
+* Fix due date rendering the wrong date in issue (#22302) (#22306)
+* Fix get system setting bug when enabled redis cache (#22298)
+* Fix bug of DisableGravatar default value (#22297)
+* Fix key signature error page (#22229) (#22230)
+
+[1.26.2]
+* Update Gitea to 1.18.2
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.18.2)
+* When updating by rebase we need to set the environment for head repo (#22535) (#22536)
+* Fix issue not auto-closing when it includes a reference to a branch (#22514) (#22521)
+* Fix invalid issue branch reference if not specified in template (#22513) (#22520)
+* Fix 500 error viewing pull request when fork has pull requests disabled (#22512) (#22515)
+* Reliable selection of admin user (#22509) (#22511)
+* Set `disable_gravatar`/`enable_federated_avatar` when offline mode is true (#22479) (#22496)
+
+[1.26.3]
+* Update Gitea to 1.18.3
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.18.3)
+* Prevent multiple To recipients (#22566) (#22569)
+* Truncate commit summary on repo files table. (#22551) (#22552)
+* Mute all links in issue timeline (#22534)
+
+[1.26.4]
+* Update Gitea to 1.18.4
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.18.4)
+* SECURITY
+  * Provide the ability to set password hash algorithm parameters (#22942) (#22943)
+  * Add command to bulk set must-change-password (#22823) (#22928)
+* ENHANCEMENTS
+  * Use import of OCI structs (#22765) (#22805)
+  * Fix color of tertiary button on dark theme (#22739) (#22744)
+  * Link issue and pull requests status change in UI notifications directly to their event in the timelined view. (#22627) (#22642)
+* BUGFIXES
+  * Notify on container image create (#22806) (#22965)
+  * Fix blame view missing lines (#22826) (#22929)
+  * Fix incorrect role labels for migrated issues and comments (#22914) (#22923)
+  * Fix PR file tree folders no longer collapsing (#22864) (#22872)
+  * Escape filename when assemble URL (#22850) (#22871)
+
+[1.27.0]
+* Email display name support
+
+[1.27.1]
+* Update Gitea to 1.18.5
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.18.5)
+* Hide 2FA status from other members in organization members list (#22999) (#23023)
+* Add `force_merge` to merge request and fix checking mergable (#23010) (#23032)
+* Use --message=%s for git commit message (#23028) (#23029)
+* Render access log template as text instead of HTML (#23013) (#23025)
+* Fix the Manually Merged form (#23015) (#23017)
+
+[1.28.0]
+* Update Gitea to 1.19.0
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.19.0)
+
+[1.28.1]
+* Update Gitea to 1.19.1
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.19.1)
+* Breaking: Rename actions unit to repo.actions and add docs for it (#23733) (#23881)
+* Add card type to org/user level project on creation, edit and view (#24043) (#24066)
+* Refactor commit status for Actions jobs (#23786) (#24060)
+* Show errors for KaTeX and mermaid on the preview tab (#24009) (#24019)
+* Show protected branch rule names again (#23907) (#24018)
+* Adjust sticky PR header to cover background (#23956) (#23999)
+* Discolor pull request tab labels (#23950) (#23987)
+* Treat PRs with agit flow as fork PRs when triggering actions. (#23884) (#23967)
+* Left-align review comments (#23937)
+
+[1.28.2]
+* Update Gitea to 1.19.2
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.19.2)
+* Require repo scope for PATs for private repos and basic authentication (#24362) (#24364)
+* Only delete secrets belonging to its owner (#24284) (#24286)
+* Fix typo in API route (#24310) (#24332)
+* Fix access token issue on some public endpoints (#24194) (#24259)
+* Fix broken clone script on an empty archived repo (#24339) (#24348)
+* Fix Monaco IOS keyboard button (#24341) (#24347)
+* Don't set meta theme-color by default (#24340) (#24346)

CloudronManifest.json

@@ -4,14 +4,15 @@
   "author": "Gitea developers",
   "description": "file://DESCRIPTION.md",
   "tagline": "A painless self-hosted Git Service",
-  "version": "1.22.3",
+  "version": "1.28.2",
+  "upstreamVersion": "1.19.2",
   "healthCheckPath": "/explore",
   "httpPort": 3000,
   "memoryLimit": 536870912,
   "addons": {
     "mysql": { },
     "sendmail": { },
-    "localstorage": { },
+    "localstorage": { "supportsDisplayName": true },
     "ldap": { }
   },
   "tcpPorts": {
@@ -34,9 +35,9 @@
     "https://screenshots.cloudron.io/io.gitea.cloudronapp/5.png"
   ],
   "tags": [ "version control", "git", "code hosting", "development", "github", "bitbucket", "gitlab" ],
-  "changelog": "file://CHANGELOG",
+  "changelog": "file://CHANGELOG.md",
   "postInstallMessage": "file://POSTINSTALL.md",
-  "minBoxVersion": "5.3.0",
+  "minBoxVersion": "7.3.0",
   "forumUrl": "https://forum.cloudron.io/category/19/gitea",
   "documentationUrl": "https://docs.cloudron.io/apps/gitea/"
 }

DESCRIPTION.md

@@ -1,5 +1,3 @@
-This app packages Gitea <upstream>1.15.3</upstream>
-
 Gitea is a painless self-hosted Git service. It is similar to GitHub, Bitbucket or Gitlab.
 
 ### Purpose

Dockerfile

@@ -1,9 +1,10 @@
-FROM cloudron/base:3.0.0@sha256:455c70428723e3a823198c57472785437eb6eab082e79b3ff04ea584faf46e92
+FROM cloudron/base:4.0.0@sha256:31b195ed0662bdb06a6e8a5ddbedb6f191ce92e8bee04c03fb02dd4e9d0286df
 
 RUN apt-get update && \
-    apt-get install -y openssh-server git && \
+    apt-get install -y openssh-server git asciidoctor pandoc && \
     rm -rf /etc/ssh_host_* && \
     rm -r /var/cache/apt /var/lib/apt/lists
+RUN pip3 install jupyter
 
 ADD supervisor/ /etc/supervisor/conf.d/
 
@@ -15,7 +16,10 @@ RUN passwd -d git
 RUN mkdir -p /home/git/gitea
 WORKDIR /home/git
 
-ARG VERSION=1.15.3
+# for autosign feature
+ENV GNUPGHOME="/app/data/gnupg"
+
+ARG VERSION=1.19.2
 
 RUN curl -L https://dl.gitea.io/gitea/${VERSION}/gitea-${VERSION}-linux-amd64 -o /home/git/gitea/gitea \
     && chmod +x /home/git/gitea/gitea

POSTINSTALL.md

@@ -1,8 +1,10 @@
-This app is pre-setup with an admin account (use the `Local` authentication source for logging in as admin).
-The initial credentials are:
+This app is pre-setup with an admin account. The initial credentials are:
 
 **Username**: root<br/>
 **Password**: changeme<br/>
 
 Please change the admin password immediately.
 
+<sso>
+Use the `Local` authentication source for logging in as admin.
+</sso>

app.ini.template

@@ -64,7 +64,8 @@ SKIP_VERIFY = true
 ; those settings are protected and can't be modified
 INSTALL_LOCK = true
 SECRET_KEY = ##SECRET_KEY
-
+REVERSE_PROXY_LIMIT = 1
+REVERSE_PROXY_TRUSTED_PROXIES = *
 
 [service]
 DISABLE_REGISTRATION = false
@@ -103,3 +104,24 @@ COOKIE_SECURE = true
 COOKIE_NAME = cloudron_gitea
 GC_INTERVAL_TIME = 2592000
 
+[markup.asciidoc]
+ENABLED = true
+FILE_EXTENSIONS = .adoc,.asciidoc
+RENDER_COMMAND = "asciidoctor -s -a showtitle --out-file=- -"
+; Input is not a standard input but a file
+IS_INPUT_FILE = false
+
+[markup.restructuredtext]
+ENABLED = true
+FILE_EXTENSIONS = .rst
+RENDER_COMMAND = "timeout 30s pandoc +RTS -M512M -RTS -f rst"
+IS_INPUT_FILE = false
+
+[markup.jupyter]
+ENABLED = true
+FILE_EXTENSIONS = .ipynb
+RENDER_COMMAND = "jupyter nbconvert --stdin --stdout --to html --template basic"
+IS_INPUT_FILE = false
+
+[markup.sanitizer.jupyter.img]
+ALLOW_DATA_URI_IMAGES = true

sshd_config

@@ -5,6 +5,7 @@
 Port 29418
 # Use these options to restrict which interfaces/protocols sshd will bind to
 ListenAddress 0.0.0.0
+ListenAddress ::
 Protocol 2
 # HostKeys for protocol version 2
 HostKey /app/data/sshd/ssh_host_rsa_key

start.sh

@@ -7,15 +7,17 @@ mkdir -p /run/gitea/tmp/uploads /run/sshd /run/gitea/sessions
 setup_ldap_source() {
     set -eu
 
+    echo "==> Setup LDAP source"
+
     # Get the existing LDAP source status. This allows the user to disable LDAP
     # Note that this method is deprecated since this app now supports optionalSso
-    ldap_status=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "select is_actived from login_source WHERE name='cloudron';")
+    ldap_status=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "select is_active from login_source WHERE name='cloudron';")
     [[ -z "${ldap_status}" ]] && ldap_status="1"
 
     now=$(date +%s)
 
     if mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" \
-        -e "REPLACE INTO login_source (id, type, name, is_actived, cfg, created_unix, updated_unix) VALUES (1,2,'cloudron',${ldap_status},'{\"Name\":\"cloudron\",\"Host\":\"${CLOUDRON_LDAP_SERVER}\",\"Port\":${CLOUDRON_LDAP_PORT},\"UseSSL\":false,\"SkipVerify\":true,\"BindDN\":\"${CLOUDRON_LDAP_BIND_DN}\",\"BindPassword\":\"${CLOUDRON_LDAP_BIND_PASSWORD}\",\"UserBase\":\"${CLOUDRON_LDAP_USERS_BASE_DN}\",\"AttributeUsername\":\"username\",\"AttributeName\":\"displayname\",\"AttributeSurname\":\"\",\"AttributeMail\":\"mail\",\"Filter\":\"(\\\\u007C(mail=%[1]s)(username=%[1]s))\"}','${now}','${now}');"; then
+        -e "REPLACE INTO login_source (id, type, name, is_active, cfg, created_unix, updated_unix) VALUES (1,2,'cloudron',${ldap_status},'{\"Name\":\"cloudron\",\"Host\":\"${CLOUDRON_LDAP_SERVER}\",\"Port\":${CLOUDRON_LDAP_PORT},\"UseSSL\":false,\"SkipVerify\":true,\"BindDN\":\"${CLOUDRON_LDAP_BIND_DN}\",\"BindPassword\":\"${CLOUDRON_LDAP_BIND_PASSWORD}\",\"UserBase\":\"${CLOUDRON_LDAP_USERS_BASE_DN}\",\"AttributeUsername\":\"username\",\"AttributeName\":\"displayname\",\"AttributeSurname\":\"\",\"AttributeMail\":\"mail\",\"Filter\":\"(\\\\u007C(mail=%[1]s)(username=%[1]s))\"}','${now}','${now}');"; then
         echo "==> LDAP Authentication was setup with activation status ${ldap_status}"
     else
         echo "==> Failed to setup LDAP authentication"
@@ -26,7 +28,7 @@ setup_ldap_source() {
 setup_root_user() {
     set -eu
 
-    if sudo -H -u git /home/git/gitea/gitea admin user create --name root --password changeme --email test@cloudron.io --admin -c /run/gitea/app.ini; then
+    if sudo -H -u git /home/git/gitea/gitea admin user create --username root --password changeme --email admin@cloudron.local --admin -c /run/gitea/app.ini; then
         echo "==> root user added"
     else
         echo "==> Failed to add root user"
@@ -112,19 +114,20 @@ crudini --set "/run/gitea/app.ini" repository.upload TEMP_PATH "/run/gitea/tmp/u
 crudini --set "/run/gitea/app.ini" mailer HOST "${CLOUDRON_MAIL_SMTP_SERVER}:${CLOUDRON_MAIL_SMTPS_PORT}"
 crudini --set "/run/gitea/app.ini" mailer USER "${CLOUDRON_MAIL_SMTP_USERNAME}"
 crudini --set "/run/gitea/app.ini" mailer PASSWD "${CLOUDRON_MAIL_SMTP_PASSWORD}"
-crudini --set "/run/gitea/app.ini" mailer FROM "${CLOUDRON_MAIL_FROM}"
+crudini --set "/run/gitea/app.ini" mailer FROM "${CLOUDRON_MAIL_FROM_DISPLAY_NAME:-Gitea} <${CLOUDRON_MAIL_FROM}>"
 crudini --set "/run/gitea/app.ini" mailer SKIP_VERIFY "true"
 crudini --set "/run/gitea/app.ini" security INSTALL_LOCK "true"
+crudini --set "/run/gitea/app.ini" security REVERSE_PROXY_LIMIT 1
+crudini --set "/run/gitea/app.ini" security REVERSE_PROXY_TRUSTED_PROXIES "*"
 crudini --set "/run/gitea/app.ini" log MODE "console"
 crudini --set "/run/gitea/app.ini" log ROOT_PATH "/run/gitea"
 crudini --set "/run/gitea/app.ini" indexer ISSUE_INDEXER_PATH "/app/data/appdata/indexers/issues.bleve"
 
 echo "==> Creating dirs and changing permissions"
-mkdir -p /app/data/repository /app/data/ssh /app/data/custom
+mkdir -p /app/data/repository /app/data/ssh /app/data/custom /app/data/gnupg
 chown -R git:git /app/data /run/gitea
 
 # this expects app.ini to be available
 ( setup_auth ) &
 
 exec /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon -i Gitea
-

supervisor/sshd.conf

@@ -8,4 +8,3 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-

test/package.json

@@ -9,11 +9,10 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "chromedriver": "^93.0.1",
+    "chromedriver": "^112.0.0",
     "expect.js": "^0.3.1",
-    "mocha": "^9.1.1",
-    "rimraf": "^3.0.2",
-    "selenium-webdriver": "^3.6.0",
-    "superagent": "^6.1.0"
+    "mocha": "^10.2.0",
+    "selenium-webdriver": "^4.9.0",
+    "superagent": "^8.0.9"
   }
 }

test/test.js

@@ -11,11 +11,10 @@
 
 require('chromedriver');
 
-var execSync = require('child_process').execSync,
+const execSync = require('child_process').execSync,
     expect = require('expect.js'),
     fs = require('fs'),
     path = require('path'),
-    rimraf = require('rimraf'),
     superagent = require('superagent'),
     { Builder, By, until } = require('selenium-webdriver'),
     { Options } = require('selenium-webdriver/chrome');
@@ -49,7 +48,7 @@ describe('Application life cycle test', function () {
 
     after(function () {
         browser.quit();
-        rimraf.sync(repodir);
+        fs.rmSync(repodir, { recursive: true, force: true });
     });
 
     function getAppInfo() {
@@ -76,10 +75,10 @@ describe('Application life cycle test', function () {
     async function checkAvatar() {
         await browser.get(`https://${app.fqdn}/${username}`);
 
-        var avatarSrc = await browser.findElement(By.xpath('//a[@id="profile-avatar"]/img')).getAttribute('src');
+        const avatarSrc = await browser.findElement(By.xpath('//div[@id="profile-avatar"]/a/img')).getAttribute('src');
 
-        var avatar = await superagent.get(avatarSrc);
-        expect(avatar.statusCode).to.equal(200);
+        const response = await superagent.get(avatarSrc);
+        expect(response.statusCode).to.equal(200);
     }
 
     async function login(username, password) {
@@ -87,8 +86,8 @@ describe('Application life cycle test', function () {
 
         await browser.findElement(By.id('user_name')).sendKeys(username);
         await browser.findElement(By.id('password')).sendKeys(password);
-        await browser.findElement(By.tagName('form')).submit();
-        await browser.wait(until.elementLocated(By.linkText('Dashboard')), TIMEOUT);
+        await browser.findElement(By.xpath('//form[@action="/user/login"]//button')).click();
+        await browser.wait(until.elementLocated(By.xpath('//img[contains(@class, "avatar")]')), TIMEOUT);
     }
 
     async function adminLogin() {
@@ -111,7 +110,8 @@ describe('Application life cycle test', function () {
 
         await browser.get(sshPage);
 
-        await browser.findElement(By.xpath('//div[text()="Add Key"]')).click();
+        await browser.wait(until.elementLocated(By.id('add-ssh-button')), TIMEOUT);
+        await browser.findElement(By.id('add-ssh-button')).click();
         await browser.findElement(By.id('ssh-key-title')).sendKeys('testkey');
         await browser.findElement(By.id('ssh-key-content')).sendKeys(publicKey.trim()); // #3480
         var button = browser.findElement(By.xpath('//button[contains(text(), "Add Key")]'));
@@ -146,18 +146,18 @@ describe('Application life cycle test', function () {
     }
 
     function cloneRepo() {
-        rimraf.sync(repodir);
+        fs.rmSync(repodir, { recursive: true, force: true });
         var env = Object.create(process.env);
         env.GIT_SSH = __dirname + '/git_ssh_wrapper.sh';
         execSync(`git clone ssh://git@${app.fqdn}:${SSH_PORT}/${username}/${reponame}.git ${repodir}`, { env: env });
     }
 
     function pushFile() {
-        var env = Object.create(process.env);
+        const env = Object.create(process.env);
         env.GIT_SSH = __dirname + '/git_ssh_wrapper.sh';
-        execSync(`touch newfile && git add newfile && git commit -a -mx && git push ssh://git@${app.fqdn}:${SSH_PORT}/${username}/${reponame} master`,
+        execSync(`touch newfile && git add newfile && git commit -a -mx && git push ssh://git@${app.fqdn}:${SSH_PORT}/${username}/${reponame} main`,
                  { env: env, cwd: repodir });
-        rimraf.sync('/tmp/testrepo');
+        fs.rmSync(repodir, { recursive: true, force: true });
     }
 
     function fileExists() {
@@ -233,18 +233,6 @@ describe('Application life cycle test', function () {
         execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS);
     });
 
-    // check if the _first_ login via email succeeds
-    it('can login via email', async function () { execSync(`cloudron install --location ${LOCATION} -p SSH_PORT=${SSH_PORT}`, EXEC_ARGS); });
-
-    it('can get app information', getAppInfo);
-    it('can login', login.bind(null, email, password));
-
-    it('uninstall app', async function () {
-        // ensure we don't hit NXDOMAIN in the mean time
-        await browser.get('about:blank');
-        execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS);
-    });
-
     // No SSO
     it('install app (no sso)', function () { execSync(`cloudron install --no-sso --location ${LOCATION} -p SSH_PORT=${SSH_PORT}`, EXEC_ARGS); });
 
@@ -270,10 +258,11 @@ describe('Application life cycle test', function () {
     it('can add and push a file', pushFile);
 
     it('can update', function () { execSync('cloudron update --app ' + app.id, EXEC_ARGS); });
+    it('can get app information', getAppInfo);
 
-    xit('can admin login', adminLogin);
-    xit('can send mail', sendMail);
-    xit('can logout', logout);
+    it('can admin login', adminLogin);
+    it('can send mail', sendMail);
+    it('can logout', logout);
 
     it('can login', login.bind(null, username, password));
     it('can get avatar', checkAvatar);