gitea-app/CHANGELOG.md

65 KiB

[0.1.0]

  • Initial package (forked from Gogs app)

[0.1.1]

  • Removed reference to Gogs

[0.1.2]

  • Updated description

[0.1.3]

  • Updated to version 1.1.2

[1.0.0]

  • Update to version 1.1.3

[1.0.1]

[1.0.2]

  • Preserve SECRET_KEY across updates and restarts

[1.0.3]

  • Update to version 1.1.4

[1.1.0]

[1.1.1]

  • Update to version 1.2.1
  • Fix PR, milestone and label functionality if issue unit is disabled (#2710) (#2714)
  • Fix plain readme didn't render correctly on repo home page (#2705) (#2712)
  • Fix so that user can still fork his own repository to his organizations (#2699) (#2707)
  • Fix .netrc authentication (#2700) (#2708)
  • Fix slice out of bounds error in mailer (#2479) (#2696)

[1.1.2]

  • Update to version 1.2.2
  • Add checks for commits with missing author and time (#2771) (#2785)
  • Fix sending mail with a non-latin display name (#2559) (#2783)
  • Sync MaxGitDiffLineCharacters with conf/app.ini (#2779) (#2780)
  • Update vendor git (#2765) (#2772)
  • Fix emojify image URL (#2769) (#2773)

[1.1.3]

  • Update to version 1.2.3
  • Only require one email when validating GPG key (#2266, #2467, #2663) (#2788)
  • Fix order of comments (#2835) (#2839)

[1.2.0]

  • Update to version 1.3.0

[1.3.0]

  • Update to version 1.3.1
  • Add documentationUrl
  • Sanitize logs for mirror sync (#3057, #3082) (#3078)
  • Fix missing branch in release bug (#3108) (#3117)
  • Fix repo indexer and submodule bug (#3107) (#3110)
  • Fix legacy URL redirects (#3100) (#3106)
  • Fix redis session failed (#3086) (#3089)
  • Fix issue list branch link broken (#3061) (#3070)
  • Fix missing password length check when change password (#3039) (#3071)

[1.3.1]

  • Update Gitea to 1.3.2
  • Fix run web with -p push failed (#3154) (#3179)
  • Fix source download link when no code unit allowed (#3166) (#3169)
  • Allow adding collaborators with (fullname) (#3103) (#3168)
  • Fix repo links (#3093) (#3163)
  • Fix Uninitialized variable in ParsePatch (#3156) (#3162)
  • Fix migration order v1.3 (#3157)
  • Fix avatar URLs (#3069) (#3143)

[1.4.0]

  • Fix email sending (use SMTPS)

[1.4.1]

  • Update Gitea to 1.3.3
  • Security fixes
    • Fix escaping changed title in comments (#3530) (#3535)
    • Escape search query display (#3486) (#3489)
  • Bug fixes
    • Fix repo-transfer-and-team-repo-count bug (#3241) (#3244)
    • Open external tracker in blank window, consistently with wiki (#3227) (#3228)
    • Change SSL Mode from checkbox to string in admin page (#3208) (#3211)

[1.5.0]

  • Update Gitea to 1.4.0

[1.5.1]

  • Update Gitea to 1.4.1
  • Add “error” as reserved username (#3882) (#3886)
  • Do not allow inactive users to access repositories using private key (#3887) (#3889)
  • Fix path cleanup in file editor, when initilizing new repository and LFS oids (#3871) (#3873)
  • Remove unnecessary allowed safe HTML (#3778) (#3779)
  • Correctly check http git access rights for reverse proxy authorized users (#3721) (#3743)
  • Fix to use only needed columns from tables to get repository git paths (#3870) (#3883)
  • Fix GPG expire time display when time is zero (#3584) (#3884)
  • Fix to update only issue last update time when adding a comment (#3855) (#3860)
  • Fix repository star count after deleting user (#3781) (#3783)
  • Use the active branch for the code tab (#3720) (#3776)
  • Set default branch name on first push (#3715) (#3723)
  • Show clipboard button if disable HTTP of git protocol (#3773) (#3774)

[1.5.2]

  • Update Gitea to 1.4.2
  • Adjust z-index for floating labels (#3939) (#3950)
  • Add missing token validation on application settings page (#3976) #3978
  • Webhook and hook_task clean up (#4006)
  • Fix webhook bug of response info is not displayed in UI (#4023)
  • Fix writer cannot read bare repo guide (#4033) (#4039)
  • Don't force due date to current time (#3830) (#4057)
  • Fix wiki redirects (#3919) (#4065)
  • Fix attachment ENABLED (#4064) (#4066)
  • Added deletion of an empty line at the end of file (#4054) (#4074)
  • Use ResolveReference instead of path.Join (#4073)
  • Fix #4081 Check for leading / in base before removing it (#4083)
  • Respository's home page not updated after first push (#4075)

[1.5.2-1]

  • Rebuild Gitea package because of https://github.com/go-gitea/gitea/issues/4167
  • Adjust z-index for floating labels (#3939) (#3950)
  • Add missing token validation on application settings page (#3976) #3978
  • Webhook and hook_task clean up (#4006)
  • Fix webhook bug of response info is not displayed in UI (#4023)
  • Fix writer cannot read bare repo guide (#4033) (#4039)
  • Don't force due date to current time (#3830) (#4057)
  • Fix wiki redirects (#3919) (#4065)
  • Fix attachment ENABLED (#4064) (#4066)
  • Added deletion of an empty line at the end of file (#4054) (#4074)
  • Use ResolveReference instead of path.Join (#4073)
  • Fix #4081 Check for leading / in base before removing it (#4083)
  • Respository's home page not updated after first push (#4075)

[1.5.3]

  • Update Gitea to 1.4.3
  • SECURITY
    • HTML-escape plain-text READMEs (#4192) (#4214)
    • Fix open redirect vulnerability on login screen (#4312) (#4312)
  • BUGFIXES
    • Fix broken monitoring page when running processes are shown (#4203) (#4208)
    • Fix delete comment bug (#4216) (#4228)
    • Delete reactions added to issues and comments when deleting repository (#4232) (#4237)
    • Fix wiki URL encoding bug (#4091) (#4254)
    • Fix code tab link when viewing tags (#3908) (#4263)
    • Fix webhook type conflation (#4285) (#4285)

[1.5.4]

  • Allow customization using gitea's custom data directory

[1.6.0]

  • Update Gitea to 1.5.0
  • Security
    • Check that repositories can only be migrated to own user or organizations (#4366) (#4370)
    • Limit uploaded avatar image-size to 4096px x 3072px by default (#4353)
    • Do not allow to reuse TOTP passcode (#3878)
  • Features
    • Add cli commands to regen hooks & keys (#3979)
    • Add support for FIDO U2F (#3971)
    • Added user language setting (#3875)
    • Add topic support (#3711)
    • Multiple assignees (#3705)
    • Add protected branch whitelists for merging (#3689)
    • Global code search support (#3664)
    • Add label descriptions (#3662)
    • Add issue search via API (#3612)
    • Add repository setting to enable/disable health checks (#3607)
    • Emoji Autocomplete (#3433)
    • Implements generator cli for secrets (#3531)

[1.6.1]

  • Update Gitea to 1.5.1
  • Security
    • Don't disclose emails of all users when sending out emails (#4784)
    • Improve URL validation for external wiki and external issues (#4710) (#4740)
    • Make cookies HttpOnly and obey COOKIE_SECURE flag (#4706) (#4707)
  • Bugfixes
    • Fix missing release title in webhook (#4783) (#4800)
    • Make sure to reset commit count in the cache on mirror syncing (#4770)
    • Fixed bug where team with admin privelege type doesn't get any unit (#4759)
    • Fix failure on creating pull request with assignees (#4583) (#4727)
    • Hide org/create menu item in Dashboard if user has no rights (#4678) (#4686)

[1.7.0]

  • Update base image

[1.7.1]

  • Update Gitea to 1.5.2

[1.7.2]

  • Update Gitea to 1.5.3
  • Security
    • Fix remote command execution vulnerability in upstream library (#5177) (#5196)

[1.8.0]

  • Update Gitea to 1.6.0

[1.8.1]

  • Update Gitea to 1.6.1

[1.8.2]

  • Update Gitea to 1.6.2
  • SECURITY
    • Sanitize uploaded file names (#5571) (#5573)
    • HTMLEncode user added text (#5570) (#5575)
  • BUGFIXES
    • Fix indexer reindex bug when gitea restart (#5563) (#5564)
    • Fix bug when a read perm user to edit his issue (#5516) (#5534)
    • Detect force push failure on deletion of protected branches (#5522) (#5531)
    • Fix forgot deletion of notification when delete repository (#5506) (#5514)
    • Fix undeleted content when deleting user (#5429) (#5509)
    • Fix empty wiki (#5504) (#5508)

[1.8.3]

  • Update Gitea to 1.6.3
  • SECURITY: Prevent DeleteFilePost doing arbitrary deletion (#5631)
  • BUGFIX: Fix wrong text getting saved on editing second comment on an issue (#5608)

[1.8.4]

  • Update Gitea to 1.6.4
  • Fix SSH key now can be reused as public key after deleting as deploy key (#5671) (#5685)
  • When redirecting clean the path to avoid redirecting to external site (#5669) (#5703)
  • Fix to use correct value for "MSpan Structures Obtained" (#5706) (#5715)

[1.9.0]

  • Update Gitea to 1.7.0

[1.9.1]

  • Update Gitea to 1.7.1
  • Changelog
  • Disable redirect for i18n (#5910) (#5916)
  • Only allow local login if password is non-empty (#5906) (#5908)
  • Fix go-get URL generation (#5905) (#5907)
  • Fix TLS errors when using acme/autocert for local connections (#5820) (#5826)
  • Request for public keys only if LDAP attribute is set (#5816) (#5819)
  • Fix delete correct temp directory (#5840) (#5839)
  • Fix an error while adding a dependency via UI (#5862) (#5876)
  • Fix null pointer in attempt to Sudo if not logged in (#5872) (#5884)
  • When creating new repository fsck option should be enabled (#5817) (#5885)
  • Prevent nil dereference in mailIssueCommentToParticipants (#5891) (#5895) (#5894)
  • Fix bug when read public repo lfs file (#5913) (#5912)
  • Respect value of REQUIRE_SIGNIN_VIEW (#5901) (#5915)
  • Fix compare button on upstream repo leading to 404 (#5877) (#5914)

[1.9.2]

  • Update Gitea to 1.7.2
  • Remove all CommitStatus when a repo is deleted (#5940) (#5941)
  • Fix notifications on pushing with deploy keys by setting hook environment variables (#5935) (#5944)
  • Silence console logger in gitea serv (#5887) (#5943)
  • Handle milestone webhook events for issues and PR (#5947) (#5955)
  • Show user who created the repository instead of the organization in action feed (#5948) (#5956)
  • Fix ssh deploy and user key constraints (#1357) (#5939) (#5966)
  • Fix bug when deleting a linked account will removed all (#5989) (#5990)
  • Fix empty ssh key importing in ldap (#5984) (#6009)
  • Fix metrics auth token detection (#6006) (#6017)
  • Create repository on organisation by default on its dashboard (#6026) (#6048)
  • Make sure labels are actually returned in API (#6053) (#6059)
  • Switch to more recent build of xgo (#6070) (#6072)
  • In basic auth check for tokens before call UserSignIn (#5725) (#6083)

[1.9.3]

  • Update Gitea to 1.7.3
  • Fix server 500 when trying to migrate to an already existing repository (#6188) (#6197)
  • Load Issue attributes for API /repos/{owner}/{repo}/issues/{index} (#6122) (#6185)
  • Fix bug whereby user could change private repository to public when force private enabled. (#6156) (#6165)
  • Fix bug when update owner team then visit team's repo return 404 (#6119) (#6166)
  • Fix heatmap and repository menu display in Internet Explorer 9+ (#6117) (#6137)
  • Fix prohibit login check on authorization (#6106) (#6115)
  • Fix LDAP protocol error regression by moving to ldap.v3 (#6105) (#6107)
  • Fix deadlock in webhook PullRequest (#6102) (#6104)
  • Fix redirect loop when password change is required and Gitea is installed as a suburl (#5965) (#6101)
  • Fix compare button regression (#5929) (#6098)
  • Recover panic in orgmode.Render if bad orgfile (#4982) (#5903) (#6097)

[1.9.4]

  • Update Gitea to 1.7.4
  • Fix potential XSS vulnerability in repository description. (#6306) (#6308)
  • Fix wrong release commit id (#6224) (#6300)
  • Fix panic on empty signed commits (#6292) (#6300)
  • Fix organization dropdown not being scrollable when using mouse wheel (#5988) (#6246)
  • Fix displaying dashboard even if required to change password (#6214) (#6215)

[1.9.5]

  • Update Gitea to 1.7.5
  • unitTypeCode not being used in accessLevelUnit (#6419) (#6423)
  • ParsePatch function to work with quoted diff --git strings (#6323) (#6332)

[1.9.6]

  • Update Gitea to 1.7.6
  • Prevent remote code execution vulnerability with mirror repo URL settings (#6593) (#6595)
  • Allow resend of confirmation email when logged in (#6482) (#6487)

[1.10.0]

  • Update Gitea to 1.8.0
  • Full changelog
  • Prevent remote code execution vulnerability with mirror repo URL settings (#6593) (#6594)
  • Resolve 2FA bypass on API (#6676) (#6674)
  • Prevent the creation of empty sessions for non-logged in users (#6690) (#6677)
  • Expose issue stopwatch toggling via API (#5970)
  • Pull request conflict files detection (#5951)
  • Implement "conversation lock" for issue comments (#5073)
  • Feature: Archive repos (#5009)
  • Allow to set organization visibility (public, internal, private) (#1763)
  • Added URL mapping for Release attachments like on github.com (#1707)

[1.10.1]

  • Update Gitea to 1.8.1

[1.10.2]

  • Update Gitea to 1.8.2

[1.11.0]

  • better custom app.ini integration
  • optional sso support

[1.12.0]

  • Update Gitea to 1.8.3
  • Update manifest to v2

[1.13.0]

  • Update Gitea to 1.9.0

[1.13.1]

  • Update Gitea to 1.9.1

[1.13.2]

  • Make sessions persist restarts

[1.13.3]

  • Update Gitea to 1.9.2
  • Fix wrong sender when send slack webhook (#7918) (#7924)
  • Upload support text/plain; charset=utf8 (#7899)
  • Lfs/lock: round locked_at timestamp to second (#7872) (#7875)
  • Fix non existent milestone with 500 error (#7867) (#7873)
  • SECURITY
  • ENHANCEMENT
    • Fix pull creation with empty changes (#7920) (#7926)
  • BUILD
    • Drone/docker: prepare multi-arch release + provide arm64 image (#7571) (#7884)

[1.13.4]

  • Update Gitea to 1.9.3
  • Fix go get from a private repository with Go 1.13 (#8100)
  • Strict name matching for Repository.GetTagID() (#8082)
  • Avoid ambiguity of branch/directory names for the git-diff-tree command (#8070)
  • Add change title notification for issues (#8064)
  • Run CORS handler first for /api routes (#7967) (#8053)
  • Evaluate emojis in commit messages in list view (#8044)
  • Fix failed to synchronize tags to releases for repository (#7990) (#7994)
  • Fix adding default Telegram webhook (#7972) (#7992)
  • Abort synchronization from LDAP source if there is some error (#7965)
  • Fix deformed emoji in commit message (#8071)
  • Keep blame view buttons sequence consistent with normal view when viewing a file (#8007) (#8009)

[1.13.5]

  • Update Gitea to 1.9.4
  • Highlight issue references (#8101) (#8404)
  • Fix bug when migrating a private repository #7917 (#8403)
  • Change general form binding to gogs form (#8334) (#8402)
  • Fix editor commit to new branch if PR disabled (#8375) (#8401)
  • Fix milestone num_issues (#8221) (#8400)
  • Allow users with explicit read access to give approvals (#8398)
  • Fix commit status in PR #8316 and PR #8321 (#8339)
  • Fix API for edit and delete release attachment (#8290)
  • Fix assets on release webhook (#8283)
  • Fix release API URL generation (#8239)
  • Allow registration when button is hidden (#8238)
  • MS Teams webhook misses commit messages (backport v1.9) (#8225)

[1.13.6]

  • Update Gitea to 1.9.5
  • Full changelog
  • Hide some user information via API if user doesn't have enough permission (#8655) (#8658)
  • Fix milestone close timestamp (#8728) (#8731)
  • Fix deadline on update issue or PR via API (#8699)
  • Fix 'New Issue Missing Milestone Comment' (#8678) (#8682)
  • Fix 500 when getting user as unauthenticated user (#8653) (#8662)
  • Use AppSubUrl for more redirections (#8647) (#8652)
  • Add SubURL to redirect path (#8632) (#8634) (#8640)
  • Fix #8582 by handling empty repos (#8587) (#8593)
  • Fix bug on pull requests when transfer head repository (#8571)
  • Add missed close in ServeBlobLFS (#8527) (#8543)
  • Return false if provided branch name is empty for IsBranchExist (#8485) (#8492)
  • Create .ssh dir as necessary (#8369) (#8486) (#8489)
  • Restore functionality for early gits (#7775) (#8476)
  • Add check for empty set when dropping indexes during migration (#8475)
  • Ensure Request Body Readers are closed in LFS server (#8454) (#8459)
  • Ensure that LFS files are relative to the LFS content path (#8455) (#8458)
  • Ignore mentions for users with no access (#8395) (#8484)

[1.14.0]

[1.14.1]

  • Update Gitea to 1.10.1
  • Fix max length check and limit in multiple repo forms (#9148) (#9204)
  • Properly fix displaying virtual session provider in admin panel (#9137) (#9203)
  • Upgrade levelqueue to 0.1.0 (#9192) (#9199)
  • Fix panic when diff (#9187) (#9193)
  • Smtp logger configuration sendTos should be an array (#9154) (#9157)
  • Always Show Password Field on Link Account Sign-in Page (#9150)
  • Create PR on Current Repository by Default (#8670) (#9141)
  • Fix race on indexer (#9136) (#9139)
  • Fix reCAPTCHA URL (#9119)
  • Hide migrated credentials (#9098)
  • Update golang.org/x/crypto vendor to use acme v2 (#9056) (#9085)
  • Fix password checks on admin create/edit user (#9076) (#9081)
  • Fix add search as a reserved username (#9063) (#9065)
  • Fix permission checks for close/reopen from commit (#8875) (#9033)
  • Ensure Written is set in GZIP ProxyResponseWriter (#9018) (#9025)
  • Fix broken link to branch from issue list (#9003) (#9021)
  • Fix wrong system notice when repository is empty (#9020)
  • Shadow password correctly for session config (#8984) (#9002)

[1.14.2]

  • Update Gitea to 1.10.2
  • Allow only specific Columns to be updated on Issue via API (#9539) (#9580)
  • Add ErrReactionAlreadyExist error (#9550) (#9564)
  • Fix bug when migrate from API (#8631) (#9563)
  • Use default avatar for ghost user (#9536) (#9537)
  • Fix repository issues pagination bug when there are more than one label filter (#9512) (#9528)
  • Fix deleted branch not removed when push the branch again (#9516) (#9524)
  • Fix missing repository status when migrating repository via API (#9511)
  • Trigger webhook when deleting a branch after merging a PR (#9510)
  • Fix paging on /repos/{owner}/{repo}/git/trees/{sha} API endpoint (#9482)
  • Fix NewCommitStatus (#9434) (#9435)
  • Use OriginalURL instead of CloneAddr in migration logging (#9418) (#9420)
  • Fix Slack webhook payload title generation to work with Mattermost (#9404)
  • DefaultBranch needs to be prefixed by BranchPrefix (#9356) (#9359)
  • Fix issue indexer not triggered when migrating a repository (#9333)
  • Fix bug that release attachment files not deleted when deleting repository (#9322) (#9329)
  • Fix migration releases (#9319) (#9326) (#9328)
  • Fix File Edit: Author/Committer interchanged (#9297) (#9300)

[1.14.3]

  • Update Gitea to 1.10.3
  • Hide credentials when submitting migration (#9102) (#9704)
  • Never allow an empty password to validate (#9682) (#9684)
  • Prevent redirect to Host (#9678) (#9680)
  • Hide public repos owned by private orgs (#9609) (#9616)
  • Allow assignee on Pull Creation when Issue Unit is deactivated (#9836) (#9838)
  • Fix download file wrong content-type (#9825) (#9835)
  • Fix wrong identify poster on a migrated pull request when submit review (#9827) (#9831)
  • Fix dump non-exist log directory (#9818) (#9820)
  • Fix compare (#9808) (#9815)
  • Fix missing msteam webhook on organization (#9781) (#9795)
  • Fix add team on collaborator page when same name as organization (#9783)
  • Fix cache problem on dashboard (#9358) (#9703)
  • Send tag create and push webhook when release created on UI (#8671) (#9702)
  • Branches not at ref commit ID should not be listed as Merged (#9614) (#9639)

[1.15.0]

  • Update Gitea to 1.11.0

[1.15.1]

  • Update Gitea to 1.11.1
  • Repo name added to automatically generated commit message when merging (#9997) (#10285)
  • Fix Workerpool deadlock (#10283) (#10284)
  • Divide GetIssueStats query in smaller chunks (#10176) (#10282)
  • Fix reply on code review (#10257)
  • Stop hanging issue indexer initialisation from preventing shutdown (#10243) (#10249)
  • Fix filter label emoji width (#10241) (#10244)
  • Fix issue sidebar menus having an infinite height (#10239) (#10240)
  • Fix commit between two commits calculation if there is only last commit (#10225) (#10226)
  • Only check for conflicts/merging if the PR has not been merged in the interim (#10132) (#10206)
  • Blacklist manifest.json & milestones user (#10292) (#10293)

[1.15.2]

  • Update Gitea to 1.11.2

[1.15.3]

  • Update Gitea to 1.11.3

[1.15.4]

  • Update Gitea to 1.11.4

[1.16.0]

  • Update Gitea to 1.11.5
  • Update base image to 2.0.0

[1.16.1]

  • Update Gitea to 1.11.6
  • Full changelog
  • Fix missing authorization check on pull for public repos of private/limited org (#11656) (#11683)
  • Use session for retrieving org teams (#11438) (#11439)
  • Return json on 500 error from API (#11574) (#11660)
  • Fix wrong milestone in webhook message (#11596) (#11612)
  • Prevent (caught) panic on login (#11590) (#11598)
  • Fix commit page js error (#11527)

[1.17.0]

[1.18.0]

  • Add forumUrl and update tags and screenshots

[1.18.1]

[1.18.2]

  • Update Gitea to 1.12.3
  • Full changelog
  • Don't change creation date when updating Release (#12343) (#12351)
  • Show 404 page when release not found (#12328) (#12332)
  • Fix emoji detection in certain cases (#12320) (#12327)
  • Reduce emoji size (#12317) (#12327)
  • Fix double-indirection bug in logging IDs (#12294) (#12308)
  • Link to pull list page on sidebar when view pr (#12256) (#12263)
  • Extend Notifications API and return pinned notifications by default (#12164) (#12232)

[1.18.3]

  • Update Gitea to 1.12.4
  • Full changelog
  • Escape provider name in oauth2 provider redirect (#12648) (#12650)
  • Escape Email on password reset page (#12610) (#12612)
  • When reading expired sessions - expire them (#12686) (#12690)
  • StaticRootPath configurable at compile time (#12371) (#12652)
  • Fix to show an issue that is related to a deleted issue (#12651) (#12692)
  • Expire time acknowledged for cache (#12605) (#12611)
  • Fix diff path unquoting (#12554) (#12575)
  • Improve HTML escaping helper (#12562)
  • models: break out of loop (#12386) (#12561)
  • Default empty merger list to those with write permissions (#12535) (#12560)
  • Skip SSPI authentication attempts for /api/internal (#12556) (#12559)
  • Prevent NPE on commenting on lines with invalidated comments (#12549) (#12550)
  • Remove hardcoded ES indexername (#12521) (#12526)
  • Fix bug preventing transfer to private organization (#12497) (#12501)
  • Keys should not verify revoked email addresses (#12486) (#12495)
  • Do not add prefix on http/https submodule links (#12477) (#12479)
  • Fix ignored login on compare (#12476) (#12478)
  • Fix incorrect error logging in Stats indexer and OAuth2 (#12387) (#12422)
  • Upgrade google/go-github to v32.1.0 (#12361) (#12390)
  • Render emoji's of Commit message on feed-page (#12373)
  • Fix handling of diff on unrelated branches when Git 2.28 used (#12370)

[1.18.4]

  • Update Gitea to 1.12.5
  • Full changelog
  • Allow U2F with default settings for gitea in subpath (#12990) (#13001)
  • Prevent empty div when editing comment (#12404) (#12991)
  • On mirror update also update address in DB (#12964) (#12967)
  • Allow extended config on cron settings (#12939) (#12943)
  • Open transaction when adding Avatar email-hash pairs to the DB (#12577) (#12940)
  • Fix internal server error from ListUserOrgs API (#12910) (#12915)
  • Update only the repository columns that need updating (#12900) (#12912)
  • Fix panic when adding long comment (#12892) (#12894)
  • Add size limit for content of comment on action ui (#12881) (#12890)
  • Convert User expose ID each time (#12855) (#12883)
  • Support slashes in release tags (#12864) (#12882)
  • Add missing information to CreateRepo API endpoint (#12848) (#12867)
  • On Migration respect old DefaultBranch (#12843) (#12858)
  • Fix notifications page links (#12838) (#12853)
  • Stop cloning unnecessarily on PR update (#12839) (#12852)
  • Escape more things that are passed through str2html (#12622) (#12850)
  • Remove double escape on labels addition in comments (#12809) (#12810)
  • Fix "only mail on mention" bug (#12775) (#12789)
  • Fix yet another bug with diff file names (#12771) (#12776)
  • RepoInit Respect AlternateDefaultBranch (#12746) (#12751)
  • Fix Avatar Resize (resize algo NearestNeighbor -> Bilinear) (#12745) (#12750)

[1.18.5]

  • Update Gitea to 1.12.6
  • Full changelog
  • Prevent git operations for inactive users (#13527) (#13537)
  • Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13525)
  • API should only return Json (#13511) (#13564)
  • Fix before and since query arguments at API (#13559) (#13560)
  • Prevent panic on git blame by limiting lines to 4096 bytes at most (#13470) (#13492)
  • Fix link detection in repository description with tailing '_' (#13407) (#13408)
  • Remove obsolete change of email on profile page (#13341) (#13348)
  • Fix permission check on get Reactions API endpoints (#13344) (#13346)
  • Add migrated pulls to pull request task queue (#13331) (#13335)
  • API deny wrong pull creation options (#13308) (#13327)
  • Fix initial commit page & binary munching problem (#13249) (#13259)
  • Fix diff parsing (#13157) (#13136) (#13139)
  • Return error 404 not 500 from API if team does not exist (#13118) (#13119)
  • Prohibit automatic downgrades (#13108) (#13111)
  • Fix GitLab Migration Option AuthToken (#13101)
  • GitLab Label Color Normalizer (#12793) (#13100)
  • Log the underlying panic in runMigrateTask (#13096) (#13098)
  • Fix attachments list in edit comment (#13036) (#13097)
  • Fix deadlock when deleting team user (#13093)
  • Fix error create comment on outdated file (#13041) (#13042)
  • Fix repository create/delete event webhooks (#13008) (#13027)
  • Fix internal server error on README in submodule (#13006) (#13016)

[1.19.0]

[1.19.1]

  • Update Gitea to 1.13.1
  • Full changelog
  • Security: Hide private participation in Orgs (#13994) (#14031)
  • Security: Fix escaping issue in diff (#14153) (#14154)

[1.19.2]

  • Update Gitea to 1.13.2
  • Prevent panic on fuzzer provided string (#14405) (#14409)
  • Add secure/httpOnly attributes to the lang cookie (#14279) (#14280)
  • If release publisher is deleted use ghost user (#14375)
  • Internal ssh server respect Ciphers, MACs and KeyExchanges settings (#14523) (#14530)
  • Set the name Mapper in migrations (#14526) (#14529)
  • Fix wiki preview (#14515)
  • Update code.gitea.io/sdk/gitea v0.13.1 -> v0.13.2 (#14497)
  • ChangeUserName: rename user files back on DB issue (#14447)
  • Fix lfs preview bug (#14428) (#14433)
  • Ensure timeout error is shown on u2f timeout (#14417) (#14431)
  • Fix Deadlock & Delete affected reactions on comment deletion (#14392) (#14425)
  • Use path not filepath in routers/editor (#14390) (#14396)
  • Check if label template exist first (#14384) (#14389)
  • Fix migration v141 (#14387) (#14388)
  • Use Request.URL.RequestURI() for fcgi (#14347)
  • Use ServerError provided by Context (#14333) (#14345)
  • Fix edit-label form init (#14337)
  • Fix mailIssueCommentBatch for pull request (#14252) (#14296)
  • Render links for commit hashes followed by comma (#14224) (#14227)
  • Send notifications for mentions in pulls, issues, (code-)comments (#14218) (#14221)
  • Fix avatar bugs (#14217) (#14220)
  • Ensure that schema search path is set with every connection on postgres (#14131) (#14216)
  • Fix dashboard issues labels filter bug (#14210) (#14214)
  • When visit /favicon.ico but the static file is not exist return 404 but not continue to handle the route (#14211) (#14213)
  • Fix branch selector on new issue page (#14194) (#14207)
  • Check for notExist on profile repository page (#14197) (#14203)

[1.20.0]

  • Use base image v3

[1.20.1]

  • Update Gitea to 1.13.3
  • Turn default hash password algorithm back to pbkdf2 from argon2 until we find a better one (#14673) (#14675)
  • Fix paging of file commit logs (#14831) (#14879)
  • Print useful error if SQLite is used in settings but not supported (#14476) (#14874)
  • Fix display since time round (#14226) (#14873)
  • When Deleting Repository only explicitly close PRs whose base is not this repository (#14823) (#14842)
  • Set HCaptchaSiteKey on Link Account pages (#14834) (#14839)
  • Fix a couple of CommentAsPatch issues. (#14804) (#14820)
  • Disable broken OAuth2 providers at startup (#14802) (#14811)
  • Repo Transfer permission checks (#14792) (#14794)
  • Fix double alert in oauth2 application edit view (#14764) (#14768)
  • Fix broken spans in diffs (#14678) (#14683)
  • Prevent race in PersistableChannelUniqueQueue.Has (#14651) (#14676)
  • HasPreviousCommit causes recursive load of commits unnecessarily (#14598) (#14649)
  • Do not assume all 40 char strings are SHA1s (#14624) (#14648)
  • Allow org labels to be set with issue templates (#14593) (#14647)
  • Accept multiple SSH keys in single LDAP SSHPublicKey attribute (#13989) (#14607)
  • Fix bug about ListOptions and stars/watchers pagnation (#14556) (#14573)
  • Fix GPG key deletion during account deletion (#14561) (#14569)

[1.20.2]

  • Update Gitea to 1.13.4
  • Fix issue popups (#14898) (#14899)
  • Fix race in LFS ContentStore.Put(...) (#14895) (#14913)
  • Fix a couple of issues with a feeds (#14897) (#14903)
  • When transfering repository and database transaction failed, rollback the renames (#14864) (#14902)
  • Fix race in local storage (#14888) (#14901)
  • Fix 500 on pull view page if user is not loged in (#14885) (#14886)

[1.20.3]

  • Update Gitea to 1.13.5
  • Update to goldmark 1.3.3 (#15059) (#15061)
  • Another clusterfuzz spotted issue (#15032) (#15034)
  • Fix set milestone on PR creation (#14981) (#15001)
  • Prevent panic when editing forked repos by API (#14960) (#14963)
  • Fix bug when upload on web (#15042) (#15055)
  • Delete Labels & IssueLabels on Repo Delete too (#15039) (#15051)
  • Fix postgres ID sequences broken by recreate-table (#15015) (#15029)
  • Fix several render issues (#14986) (#15013)
  • Make sure sibling images get a link too (#14979) (#14995)
  • Fix Anchor jumping with escaped query components (#14969) (#14977)
  • Fix release mail html template (#14976)
  • Fix excluding more than two labels on issues list (#14962) (#14973)
  • Don't mark each comment poster as OP (#14971) (#14972)
  • Add "captcha" to list of reserved usernames (#14930)
  • Re-enable import local paths after reversion from #13610 (#14925) (#14927)

[1.20.4]

  • Update Gitea to 1.13.6
  • Fix bug on avatar middleware (#15124) (#15125)
  • Fix another clusterfuzz identified issue (#15096) (#15114)
  • Fix nil exeption for get pull reviews API #15104 (#15106)
  • Fix markdown rendering in milestone content (#15056) (#15092)

[1.20.5]

  • Update Gitea to 1.13.7
  • Update to bluemonday-1.0.6 (#15294) (#15298)
  • Clusterfuzz found another way (#15160) (#15169)
  • Fix wrong user returned in API (#15139) (#15150)
  • Add 'fonts' into 'KnownPublicEntries' (#15188) (#15317)
  • Speed up enry.IsVendor (#15213) (#15246)
  • Response 404 for diff/patch of a commit that not exist (#15221) (#15238)
  • Prevent NPE in CommentMustAsDiff if no hunk header (#15199) (#15201)
  • Add size to Save function (#15264) (#15271)

[1.21.0]

[1.21.1]

  • Update Gitea to 1.14.1
  • Fix bug clone wiki (#15499) (#15502)
  • Github Migration ignore rate limit, if not enabled (#15490) (#15495)
  • Use subdir for URL (#15446) (#15493)
  • Query the DB for the hash before inserting in to email_hash (#15457) (#15491)
  • Ensure review dismissal only dismisses the correct review (#15477) (#15489)
  • Use index of the supported tags to choose user lang (#15452) (#15488)
  • Fix wrong file link in code search page (#15466) (#15486)
  • Quick template fix for built-in SSH server in admin config (#15464) (#15481)
  • Prevent superfluous response.WriteHeader (#15456) (#15476)
  • Fix ambiguous argument error on tags (#15432) (#15474)
  • Add created_unix instead of expiry to migration (#15458) (#15463)
  • Fix repository search (#15428) (#15442)
  • Prevent NPE on avatar direct rendering if federated avatars disabled (#15434) (#15439)
  • Fix wiki clone urls (#15430) (#15431)
  • Fix dingtalk icon url at webhook (#15417) (#15426)
  • Standardise icon on projects PR page (#15387) (#15408)
  • Add option to skip LFS/attachment files for dump (#15407) (#15492)
  • Clone panel fixes (#15436)
  • Use semantic dropdown for code search query type (#15276) (#15364)

[1.21.2]

  • Update Gitea to 1.14.2
  • Full changelog
  • Display conflict-free merge messages for pull requests (#15773) (#15796)
  • Exponential Backoff for ByteFIFO (#15724) (#15793)
  • Issue list alignment tweaks (#15483) (#15766)
  • Implement delete release attachments and update release attachments' name (#14130) (#15666)
  • Add placeholder text to deploy key textarea (#15575) (#15576)
  • Project board improvements (#15429) (#15560)
  • Repo branch page: label size, PR ref, new PR button alignment (#15363) (#15365)

[1.21.3]

  • Update Gitea to 1.14.3
  • Full changelog
  • Encrypt migration credentials at rest (#15895) (#16187)
  • Only check access tokens if they are likely to be tokens (#16164) (#16171)
  • Add missing SameSite settings for the i_like_gitea cookie (#16037) (#16039)
  • Fix setting of SameSite on cookies (#15989) (#15991)

[1.21.4]

  • Update Gitea to 1.14.4
  • Full changelog
  • Fix relative links in postprocessed images (#16334) (#16340)
  • Fix list_options GetStartEnd (#16303) (#16305)
  • Fix API to use author for commits instead of committer (#16276) (#16277)
  • Handle misencoding of login_source cfg in mssql (#16268) (#16275)
  • Fixed issues not updated by commits (#16254) (#16261)
  • Improve efficiency in FindRenderizableReferenceNumeric and getReference (#16251) (#16255)
  • Use html.Parse rather than html.ParseFragment (#16223) (#16225)
  • Fix milestone counters on new issue (#16183) (#16224)
  • reqOrgMembership calls need to be preceded by reqToken (#16198) (#16219)

[1.21.5]

  • Update Gitea to 1.14.5
  • Full changelog
  • Hide mirror passwords on repo settings page (#16022) (#16355)
  • Update bluemonday to v1.0.15 (#16379) (#16380)
  • Retry rename on lock induced failures (#16435) (#16439)
  • Validate issue index before querying DB (#16406) (#16410)
  • Fix crash following ldap authentication update (#16447) (#16449)
  • Redirect on bad CSRF instead of presenting bad page (#14937) (#16378)

[1.21.6]

  • Update Gitea to 1.14.6
  • Full changelog
  • SECURITY
    • Bump github.com/markbates/goth from v1.67.1 to v1.68.0 (#16538) (#16540)
    • Switch to maintained JWT lib (#16532) (#16535)
    • Upgrade to latest version of golang-jwt (as forked for 1.14) (#16590) (#16607)

[1.22.0]

[1.22.1]

[1.22.2]

  • Update Gitea to 1.15.2
  • Add unique constraint back into issue_index (#16938)
  • Close storage objects before cleaning (#16934) (#16942)

[1.22.3]

  • Update Gitea to 1.15.3
  • Full changelog
  • Add fluid to ui container class to remove margin (#16396) (#16976)
  • Add caller to cat-file batch calls (#17082) (#17089)
  • Many bug fixes

[1.22.4]

  • Update Gitea to 1.15.4
  • Full changelog
  • Raw file API: don't try to interpret 40char filenames as commit SHA (#17185) (#17272)
  • Don't allow merged PRs to be reopened (#17192) (#17271)
  • Fix incorrect repository count on organization tab of dashboard (#17256) (#17266)
  • Fix unwanted team review request deletion (#17257) (#17264)
  • Fix broken Activities link in team dashboard (#17255) (#17258)
  • API pull's head/base have correct permission(#17214) (#17245)
  • Fix stange behavior of DownloadPullDiffOrPatch in incorect index (#17223) (#17227)
  • Upgrade xorm to v1.2.5 (#17177) (#17188)
  • Fix missing repo link in issue/pull assigned emails (#17183) (#17184)
  • Fix bug of get context user (#17169) (#17172)
  • Nicely handle missing user in collaborations (#17049) (#17166)
  • Add Horizontal scrollbar to inner menu on Chrome (#17086) (#17164)
  • Fix wrong i18n keys (#17150) (#17153)
  • Fix Archive Creation: correct transaction ending (#17151)
  • Prevent panic in Org mode HighlightCodeBlock (#17140) (#17141)
  • Create doctor command to fix repo_units broken by dumps from 1.14.3-1.14.6 (#17136) (#17137)

[1.22.5]

  • Update Gitea to 1.15.5
  • Full changelog
  • Upgrade Bluemonday to v1.0.16 (#17372) (#17374)
  • Ensure correct SSH permissions check for private and restricted users (#17370) (#17373)
  • Prevent NPE in CSV diff rendering when column removed (#17018) (#17377)
  • Offer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH (#17281) (#17376)
  • Don't panic if we fail to parse U2FRegistration data (#17304) (#17371)
  • Ensure popup text is aligned left (backport for 1.15) (#17343)
  • Ensure that git daemon export ok is created for mirrors (#17243) (#17306)
  • Disable core.protectNTFS (#17300) (#17302)
  • Use pointer for wrappedConn methods (#17295) (#17296)
  • AutoRegistration is supposed to be working with disabled registration (backport) (#17292)
  • Handle duplicate keys on GPG key ring (#17242) (#17284)
  • Fix SVG side by side comparison link (#17375) (#17391)

[1.22.6]

  • Update Gitea to 1.15.6
  • Full changelog
  • Prevent panic in serv.go with Deploy Keys (#17434) (#17435)
  • Fix CSV render error (#17406) (#17431)
  • Read expected buffer size (#17409) (#17430)
  • Ensure that restricted users can access repos for which they are members (#17460) (#17464)
  • Make commit-statuses popup show correctly (#17447) (#17466)

[1.23.0]

  • Update Gitea to 1.15.7
  • Full changelog
  • Enable rendering of jupyter notebooks, rst, asciidoc by default
  • Only allow webhook to send requests to allowed hosts (#17482) (#17510)
  • Fix login redirection links (#17451) (#17473)

[1.23.1]

  • Update Gitea to 1.15.8
  • Full changelog
  • Move POST /{username}/action/{action} to simply POST /{username} (#18045) (#18046)
  • Fix delete u2f keys bug (#18040) (#18042)
  • Reset Session ID on login (#18018) (#18041)
  • Prevent off-by-one error on comments on newly appended lines (#18029) (#18035)
  • Stop printing 03d after escaped characters in logs (#18030) (#18034)

[1.23.2]

  • Update Gitea to 1.15.9
  • Full changelog
  • Fix wrong redirect on org labels (#18128) (#18134)
  • Fix: unstable sort skips/duplicates issues across pages (#18094) (#18095)
  • Revert "Fix delete u2f keys bug (#18042)" (#18107)
  • Migrating wiki don't require token, so we should move it out of the require form (#17645) (#18104)
  • Prevent NPE if gitea uploader fails to open url (#18080) (#18101)
  • Reset locale on login (#17734) (#18100)
  • Correctly handle failed migrations (#17575) (#18099)
  • Instead of using routerCtx just escape the url before routing (#18086) (#18098)
  • Quote references to the user table in consistency checks (#18072) (#18073)
  • Add NotFound handler (#18062) (#18067)
  • Ensure that git repository is closed before transfer (#18049) (#18057)
  • Use common sessioner for API and web routes (#18114)

[1.23.3]

  • Update Gitea to 1.15.10
  • Full changelog
  • Fix inconsistent PR comment counts (#18260) (#18261)
  • Fix release link broken (#18252) (#18253)
  • Fix update user from site administration page bug (#18250) (#18251)
  • Set HeadCommit when creating tags (#18116) (#18173)
  • Use correct translation key for error messages due to max repo limits (#18135 & #18153) (#18152)
  • Fix purple color in suggested label colors (#18241) (#18242)
  • Bump mermaid from 8.10.1 to 8.13.8 (#18198) (#18206)

[1.23.4]

[1.23.5]

  • Update Gitea to 1.16.1
  • Full changelog
  • Update JS dependencies, fix lint (#18389) (#18540)
  • Add dropdown icon to label set template dropdown (#18564) (#18571)
  • Comments on migrated issues/prs must link to the comment ID (#18630) (#18637)
  • Stop logging an error when notes are not found (#18626) (#18635)
  • Ensure that blob-excerpt links work for wiki (#18587) (#18624)
  • Only attempt to flush queue if the underlying worker pool is not finished (#18593) (#18620)

[1.23.6]

  • Update Gitea to 1.16.2
  • Full changelog
  • Show fullname on issue edits and gpg/ssh signing info (#18828)
  • Immediately Hammer if second kill is sent (#18823) (#18826)
  • Allow mermaid render error to wrap (#18791)

[1.23.7]

[1.23.8]

  • Update Gitea to 1.16.4
  • Full changelog
  • Restrict email address validation (#17688) (#19085)
  • Fix lfs bug (#19072) (#19080)

[1.23.9]

  • Update Gitea to 1.16.5
  • Full changelog
  • Prevent redirect to Host (2) (#19175) (#19186)
  • Try to prevent autolinking of displaynames by email readers (#19169) (#19183)
  • Clean paths when looking in Storage (#19124) (#19179)
  • Do not send notification emails to inactive users (#19131) (#19139)
  • Do not send activation email if manual confirm is set (#19119) (#19122)

[1.23.10]

[1.23.11]

  • Update Gitea to 1.16.7
  • Full changelog
  • Escape git fetch remote (#19487) (#19490)
  • On Migrations, only write commit-graph if wiki clone was successful (#19563) (#19568)
  • Respect DefaultUserIsRestricted system default when creating new user (#19310) (#19560)
  • Don't error when branch's commit doesn't exist (#19547) (#19548)
  • Support hostname:port to pass host matcher's check (#19543) (#19544)
  • Prevent dangling archiver goroutine (#19516) (#19526)
  • Fix migrate release from github (#19510) (#19523)
  • When view _Siderbar or _Footer, just display once (#19501) (#19522)
  • Fix blame page select range error and some typos (#19503)
  • Fix name of doctor fix "authorized-keys" in hints (#19464) (#19484)
  • User specific repoID or xorm builder conditions for issue search (#19475) (#19476)
  • Prevent dangling cat-file calls (goroutine alternative) (#19454) (#19466)
  • RepoAssignment ensure to close before overwrite (#19449) (#19460)
  • Set correct PR status on 3way on conflict checking (#19457) (#19458)
  • Mark TemplateLoading error as "UnprocessableEntity" (#19445) (#19446)

[1.23.12]

  • Update Gitea to 1.16.8
  • Full changelog
  • Add doctor check/fix for bogus action rows (#19656) (#19669)
  • Make .cs highlighting legible on dark themes (#19604) (#19605)
  • Delete user related oauth stuff on user deletion too (#19677) (#19680)
  • Fix new release from tags list UI (#19670) (#19673)
  • Prevent NPE when checking repo units if the user is nil (#19625) (#19630)

[1.24.0]

  • Update Gitea to 1.17.0
  • Full changelog
  • Automatically render wiki TOC (#19873)
  • Adding button to link accounts from user settings (#19792)
  • Allow set default merge style while creating repo (#19751)
  • Auto merge pull requests when all checks succeeded (#9307 & #19648)
  • Improve reviewing PR UX (#19612)
  • Add support for rendering console output with colors (#19497)

[1.24.1]

  • Update Gitea to 1.17.1
  • Full changelog
  • Correctly escape within tribute.js (#20831) (#20832)
  • Add support for NuGet API keys (#20721) (#20734)
  • Display project in issue list (#20583)
  • Add disable download source configuration (#20548) (#20579)
  • Add username check to doctor (#20140) (#20671)
  • Enable Wire 2 for Internal SSH Server (#20616) (#20617)
  • Use the total issue count for UI (#20785) (#20827)
  • Add proxy host into allow list (#20798) (#20819)
  • Add missing translation for queue flush workers (#20791) (#20792)
  • Improve comment header for mobile (#20781) (#20789)
  • Fix git.Init for doctor sub-command (#20782) (#20783)
  • Check webhooks slice length before calling xorm (#20642) (#20768)
  • Remove manual rollback for failed generated repositories (#20639) (#20762)
  • Use correct field name in npm template (#20675) (#20760)
  • Keep download count on Container tag overwrite (#20728) (#20735)
  • Fix v220 migration to be compatible for MSSQL 2008 r2 (#20702) (#20707)
  • Use request timeout for git service rpc (#20689) (#20693)
  • Send correct NuGet status codes (#20647) (#20677)
  • Use correct context to get package content (#20673) (#20676)
  • Fix the JS error "EventSource is not defined" caused by some non-standard browsers (#20584) (#20663)
  • Add default commit messages to PR for squash merge (#20618) (#20645)
  • Fix package upload for files >32mb (#20622) (#20635)
  • Fix the new-line copy-paste for rendered code (#20612)
  • Clean up and fix clone button script (#20415 & #20600) (#20599)
  • Fix default merge style (#20564) (#20565)
  • Add repository condition for issue count (#20454) (#20496)
  • Make branch icon stand out more (#20726) (#20774)
  • Fix loading button with invalid form (#20754) (#20759)
  • Fix SecToTime edge-cases (#20610) (#20611)
  • Executable check always returns true for windows (#20637) (#20835)
  • Check issue labels slice length before calling xorm Insert (#20655) (#20836)
  • Fix owners cannot create organization repos bug (#20841) (#20854)
  • Prevent 500 is head repo does not have PullRequest unit in IsUserAllowedToUpdate (#20839) (#20848)

[1.24.2]

  • Update Gitea to 1.17.2
  • Full changelog
  • Double check CloneURL is acceptable (#20869) (#20892)
  • Add more checks in migration code (#21011) (#21050)
  • Fix hard-coded timeout and error panic in API archive download endpoint (#20925) (#21051)
  • Improve arc-green code theme (#21039) (#21042)
  • Enable contenthash in filename for dynamic assets (#20813) (#20932)
  • Don't open new page for ext wiki on same repository (#20725) (#20910)
  • Disable doctor logging on panic (#20847) (#20898)
  • Remove calls to load Mirrors in user.Dashboard (#20855) (#20897)
  • Update codemirror to 5.65.8 (#20875)
  • Rework repo buttons (#20602, #20718) (#20719)
  • Ensure delete user deletes all comments (#21067) (#21068)
  • Delete unreferenced packages when deleting a package version (#20977) (#21060)
  • Redirect if user does not exist on admin pages (#20981) (#21059)
  • Set uploadpack.allowFilter etc on gitea serv to enable partial clones with ssh (#20902) (#21058)
  • Fix 500 on time in timeline API (#21052) (#21057)
  • Fill the specified ref in webhook test payload (#20961) (#21055)
  • Add another index for Action table on postgres (#21033) (#21054)
  • Fix broken insecureskipverify handling in redis connection uris (#20967) (#21053)
  • Add Dev, Peer and Optional dependencies to npm PackageMetadataVersion (#21017) (#21044)
  • Do not add links to Posters or Assignees with ID < 0 (#20577) (#21037)
  • Fix modified due date message (#20388) (#21032)
  • Fix missed sort bug (#21006)
  • Fix input.value attr for RequiredClaimName/Value (#20946) (#21001)
  • Change review buttons to icons to make space for text (#20934) (#20978)
  • Fix download archiver of a commit (#20962) (#20971)
  • Return 404 NotFound if requested attachment does not exist (#20886) (#20941)
  • Set no-tags in git fetch on compare (#20893) (#20936)
  • Allow multiple metadata files for Maven packages (#20674) (#20916)
  • Increase Content field size of gpg_key and public_key to MEDIUMTEXT (#20896) (#20911)
  • Fix mirror address setting not working (#20850) (#20904)
  • Fix push mirror address backend get error Address cause setting page display error (#20593) (#20901)
  • Fix panic when an invalid oauth2 name is passed (#20820) (#20900)
  • In PushMirrorsIterate and MirrorsIterate if limit is negative do not set it (#20837) (#20899)
  • Ensure that graceful start-up is informed of unused SSH listener (#20877) (#20888)
  • Pad GPG Key ID with preceding zeroes (#20878) (#20885)
  • Fix SQL Query for SearchTeam (#20844) (#20872)
  • Fix the mode of custom dir to 0700 in docker-rootless (#20861) (#20867)
  • Fix UI mis-align for PR commit history (#20845) (#20859)

[1.24.3]

  • Update Gitea to 1.17.3
  • Full changelog
  • SECURITY
    • Sanitize and Escape refs in git backend (#21464) (#21463)
    • Bump golang.org/x/text (#21412) (#21413)
    • Update bluemonday (#21281) (#21287)
  • ENHANCEMENTS
    • Fix empty container layer history and UI (#21251) (#21278)
    • Use en-US as fallback when using other default language (#21200) (#21256)
    • Make the vscode clone link respect transport protocol (#20557) (#21128)

[1.24.4]

  • Make email display name configurable

[1.24.5]

  • Support autosigning via gnupg

[1.25.0]

  • Update Gitea to 1.17.4
  • Full changelog
  • Do not allow Ghost access to limited visible user/org (#21849) (#21875)
  • Fix package access for admins and inactive users (#21580) (#21592)
  • Fix button in branch list, avoid unexpected page jump before restore branch actually done (#21562) (#21927)
  • Fix vertical align of committer avatar rendered by email address (#21884) (#21919)
  • Fix setting HTTP headers after write (#21833) (#21874)
  • Ignore line anchor links with leading zeroes (#21728) (#21777)
  • Enable Monaco automaticLayout (#21516)

[1.25.1]

  • Trust reverse proxy IP

[1.26.0]

  • Update Gitea to 1.18.0
  • Full changelog
  • Remove ReverseProxy authentication from the API (#22219) (#22251)
  • Support Go Vulnerability Management (#21139)
  • Forbid HTML string tooltips (#20935)
  • Rework mailer settings (#18982)
  • Remove U2F support (#20141)
  • Refactor i18n to locale (#20153)
  • Enable contenthash in filename for dynamic assets (#20813)
  • And a lot more enhancements

[1.26.1]

  • Update Gitea to 1.18.1
  • Full changelog
  • Update github.com/zeripath/zapx/v15 (#22485)
  • Fix pull request API field closed_at always being null (#22482) (#22483)
  • Fix container blob mount (#22226) (#22476)
  • Fix error when calculating repository size (#22392) (#22474)
  • Fix Operator does not exist bug on explore page with ONLY_SHOW_RELEVANT_REPOS (#22454) (#22472)
  • Fix environments for KaTeX and error reporting (#22453) (#22473)
  • Remove the netgo tag for Windows build (#22467) (#22468)
  • Fix migration from GitBucket (#22477) (#22465)
  • Prevent panic on looking at api "git" endpoints for empty repos (#22457) (#22458)
  • Fix PR status layout on mobile (#21547) (#22441)
  • Fix wechatwork webhook sends empty content in PR review (#21762) (#22440)
  • Remove duplicate "Actions" label in mobile view (#21974) (#22439)
  • Fix leaving organization bug on user settings -> orgs (#21983) (#22438)
  • Fixed colour transparency regex matching in project board sorting (#22092) (#22437)
  • Correctly handle select on multiple channels in Queues (#22146) (#22428)
  • Prepend refs/heads/ to issue template refs (#20461) (#22427)
  • Restore function to "Show more" buttons (#22399) (#22426)
  • Continue GCing other repos on error in one repo (#22422) (#22425)
  • Allow HOST has no port (#22280) (#22409)
  • Fix omit avatar_url in discord payload when empty (#22393) (#22394)
  • Don't display stop watch top bar icon when disabled and hidden when click other place (#22374) (#22387)
  • Don't lookup mail server when using sendmail (#22300) (#22383)
  • Fix gravatar disable bug (#22337)
  • Fix update settings table on install (#22326) (#22327)
  • Fix sitemap (#22272) (#22320)
  • Fix code search title translation (#22285) (#22316)
  • Fix due date rendering the wrong date in issue (#22302) (#22306)
  • Fix get system setting bug when enabled redis cache (#22298)
  • Fix bug of DisableGravatar default value (#22297)
  • Fix key signature error page (#22229) (#22230)

[1.26.2]

  • Update Gitea to 1.18.2
  • Full changelog
  • When updating by rebase we need to set the environment for head repo (#22535) (#22536)
  • Fix issue not auto-closing when it includes a reference to a branch (#22514) (#22521)
  • Fix invalid issue branch reference if not specified in template (#22513) (#22520)
  • Fix 500 error viewing pull request when fork has pull requests disabled (#22512) (#22515)
  • Reliable selection of admin user (#22509) (#22511)
  • Set disable_gravatar/enable_federated_avatar when offline mode is true (#22479) (#22496)

[1.26.3]

  • Update Gitea to 1.18.3
  • Full changelog
  • Prevent multiple To recipients (#22566) (#22569)
  • Truncate commit summary on repo files table. (#22551) (#22552)
  • Mute all links in issue timeline (#22534)

[1.26.4]

  • Update Gitea to 1.18.4
  • Full changelog
  • SECURITY
    • Provide the ability to set password hash algorithm parameters (#22942) (#22943)
    • Add command to bulk set must-change-password (#22823) (#22928)
  • ENHANCEMENTS
    • Use import of OCI structs (#22765) (#22805)
    • Fix color of tertiary button on dark theme (#22739) (#22744)
    • Link issue and pull requests status change in UI notifications directly to their event in the timelined view. (#22627) (#22642)
  • BUGFIXES
    • Notify on container image create (#22806) (#22965)
    • Fix blame view missing lines (#22826) (#22929)
    • Fix incorrect role labels for migrated issues and comments (#22914) (#22923)
    • Fix PR file tree folders no longer collapsing (#22864) (#22872)
    • Escape filename when assemble URL (#22850) (#22871)

[1.27.0]

  • Email display name support

[1.27.1]

  • Update Gitea to 1.18.5
  • Full changelog
  • Hide 2FA status from other members in organization members list (#22999) (#23023)
  • Add force_merge to merge request and fix checking mergable (#23010) (#23032)
  • Use --message=%s for git commit message (#23028) (#23029)
  • Render access log template as text instead of HTML (#23013) (#23025)
  • Fix the Manually Merged form (#23015) (#23017)

[1.28.0]

[1.28.1]

  • Update Gitea to 1.19.1
  • Full changelog
  • Breaking: Rename actions unit to repo.actions and add docs for it (#23733) (#23881)
  • Add card type to org/user level project on creation, edit and view (#24043) (#24066)
  • Refactor commit status for Actions jobs (#23786) (#24060)
  • Show errors for KaTeX and mermaid on the preview tab (#24009) (#24019)
  • Show protected branch rule names again (#23907) (#24018)
  • Adjust sticky PR header to cover background (#23956) (#23999)
  • Discolor pull request tab labels (#23950) (#23987)
  • Treat PRs with agit flow as fork PRs when triggering actions. (#23884) (#23967)
  • Left-align review comments (#23937)

[1.28.2]

  • Update Gitea to 1.19.2
  • Full changelog
  • Require repo scope for PATs for private repos and basic authentication (#24362) (#24364)
  • Only delete secrets belonging to its owner (#24284) (#24286)
  • Fix typo in API route (#24310) (#24332)
  • Fix access token issue on some public endpoints (#24194) (#24259)
  • Fix broken clone script on an empty archived repo (#24339) (#24348)
  • Fix Monaco IOS keyboard button (#24341) (#24347)
  • Don't set meta theme-color by default (#24340) (#24346)

[1.28.3]

  • Update Gitea to 1.19.3
  • Full changelog
  • Use golang 1.20.4 to fix CVE-2023-24539, CVE-2023-24540, and CVE-2023-29400
  • Enable whitespace rendering on selection in Monaco (#24444) (#24485)
  • Improve milestone filter on issues page (#22423) (#24440)
  • Fix api error message if fork exists (#24487) (#24493)
  • Fix user-cards format (#24428) (#24431)

[1.28.4]

  • Update Gitea to 1.19.4
  • Full changelog
  • Fix open redirect check for more cases (#25143) (#25155)
  • Return 404 in the API if the requested webhooks were not found (#24823) (#24830)
  • Fix organization field being null in GET /api/v1/teams/{id} (#24694) (#24696)
  • Set --font-weight-bold to 600 (#24840)
  • Make mailer SMTP check have timed context (#24751) (#24759)
  • Do not select line numbers when selecting text from the action run logs (#24594) (#24596)

[1.29.0]

  • Update Gitea to 1.20.0
  • Full changelog
  • Blog
  • Add button on diff header to copy file name, misc diff header tweaks (#24986)
  • API endpoint for changing/creating/deleting multiple files (#24887)
  • Support changing git config through app.ini, use diff.algorithm=histogram by default (#24860)
  • Add up and down arrows to selected lookup repositories (#24727)
  • Add Go package registry (#24687)
  • Add status indicator on main home screen for each repo (#24638)
  • Support for status check pattern (#24633)

[1.29.1]

  • Update Gitea to 1.20.1
  • Full changelog
  • Disallow dangerous URL schemes (#25960) (#25964)
  • Show the mismatched ROOT_URL warning on the sign-in page if OAuth2 is enabled (#25947) (#25972)
  • Make pending commit status yellow again (#25935) (#25968)
  • Fix version in rpm repodata/primary.xml.gz (#26009) (#26048)
  • Fix env config parsing for "GITEA____APP_NAME" (#26001) (#26013)
  • ParseScope with owner/repo always sets owner to zero (#25987) (#25989)
  • Fix SSPI auth panic (#25955) (#25969)
  • Avoid creating directories when loading config (#25944) (#25957)
  • Make environment-to-ini work with INSTALL_LOCK=true (#25926) (#25937)
  • Ignore runs-on with expressions when warning no matched runners (#25917) (#25933)
  • Avoid opening/closing PRs which are already merged (#25883) (#25903)
  • RPM Registry: Show zypper commands for SUSE based distros as well (#25981) (#26020)
  • Correctly refer to dev tags as nightly in the docker docs (#26004) (#26019)
  • Update path related documents (#25417) (#25982)
  • Adding remaining enum for migration repo model type. (#26021) (#26034)
  • Fix the route for pull-request's authors (#26016) (#26018)
  • Fix commit status color on dashboard repolist (#25993) (#25998)
  • Avoid hard-coding height in language dropdown menu (#25986) (#25997)
  • Add shutting down notice (#25920) (#25922)
  • Fix incorrect milestone count when provide a keyword (#25880) (#25904)

[1.29.2]

  • Update Gitea to 1.20.2
  • Full changelog
  • Calculate MAX_WORKERS default value by CPU number (#26177) (#26183)
  • Display deprecated warning in admin panel pages as well as in the log file (#26094) (#26154)

[1.29.3]

  • Update Gitea to 1.20.3
  • Full changelog
  • Fix the wrong derive path (#26271) (#26318)
  • Fix API leaking Usermail if not logged in (#25097) (#26350)
  • Add ThreadID parameter for Telegram webhooks (#25996) (#26480)
  • Add minimum polyfill to support "relative-time-element" in PaleMoon (#26575) (#26578)
  • Fix dark theme highlight for "NameNamespace" (#26519) (#26527)
  • Detect ogg mime-type as audio or video (#26494) (#26505)
  • Use object-fit: contain for oauth2 custom icons (#26493) (#26498)
  • Move dropzone progress bar to bottom to show filename when uploading (#26492) (#26497)
  • Remove last newline from config file (#26468) (#26471)
  • Minio: add missing region on client initialization (#26412) (#26438)
  • Add pull request review request webhook event (#26401) (#26407)
  • Fix text truncate (#26354) (#26384)
  • Fix incorrect color of selected assignees when create issue (#26324) (#26372)
  • Display human-readable text instead of cryptic filemodes (#26352) (#26358)
  • Hide last indexed SHA when a repo could not be indexed yet (#26340) (#26345)
  • Fix the topic validation rule and suport dots (#26286) (#26303)
  • Fix due date rendering the wrong date in issue (#26268) (#26274)
  • Don't autosize textarea in diff view (#26233) (#26244)
  • Fix commit compare style (#26209) (#26226)
  • Warn instead of reporting an error when a webhook cannot be found (#26039) (#26211)
  • Use "input" event instead of "keyup" event for migration form (#26602) (#26605)
  • Do not use deprecated log config options by default (#26592) (#26600)
  • Fix "issueReposQueryPattern does not match query" (#26556) (#26564)
  • Sync repo's IsEmpty status correctly (#26517) (#26560)
  • Fix project filter bugs (#26490) (#26558)
  • Use hidden over clip for text truncation (#26520) (#26522)
  • Set "type=button" for editor's toolbar buttons (#26510) (#26518)
  • Fix NuGet search endpoints (#25613) (#26499)
  • Fix storage path logic especially for relative paths (#26441) (#26481)
  • Close stdout correctly for "git blame" (#26470) (#26473)
  • Check first if minio bucket exists before trying to create it (#26420) (#26465)
  • Avoiding accessing undefined tributeValues #26461 (#26462)
  • Call git.InitSimple for runRepoSyncReleases (#26396) (#26450)
  • Add transaction when creating pull request created dirty data (#26259) (#26437)
  • Fix wrong middleware sequence (#26428) (#26436)
  • Fix admin queue page title and fix CI failures (#26409) (#26421)
  • Introduce ctx.PathParamRaw to avoid incorrect unescaping (#26392) (#26405)
  • Bypass MariaDB performance bug of the "IN" sub-query, fix incorrect IssueIndex (#26279) (#26368)
  • Fix incorrect CLI exit code and duplicate error message (#26346) (#26347)
  • Prevent newline errors with Debian packages (#26332) (#26342)
  • Fix bug with sqlite load read (#26305) (#26339)
  • Make git batch operations use parent context timeout instead of default timeout (#26325) (#26330)
  • Support getting changed files when commit ID is EmptySHA (#26290) (#26316)
  • Clarify the logger's MODE config option (#26267) (#26281)
  • Use shared template for webhook icons (#26242) (#26246)
  • Fix pull request check list is limited (#26179) (#26245)
  • Fix attachment clipboard copy on insecure origin (#26224) (#26231)
  • Fix access check for org-level project (#26182) (#26223)
  • Improve profile readme rendering (#25988) (#26453)
  • [docs] Add missing backtick in quickstart.zh-cn.md (#26349) (#26357)
  • Upgrade x/net to 0.13.0 (#26301)

[1.29.4]

  • Update Gitea to 1.20.4
  • Full changelog
  • Check blocklist for emails when adding them to account (#26812) (#26831)
  • Add branch_filter to hooks API endpoints (#26599) (#26632)
  • Fix incorrect "tabindex" attributes (#26733) (#26734)
  • Use line-height: normal by default (#26635) (#26708)
  • Fix unable to display individual-level project (#26198) (#26636)
  • Fix wrong review requested number (#26784) (#26880)
  • Avoid double-unescaping of form value (#26853) (#26863)
  • Redirect from {repo}/issues/new to {repo}/issues/new/choose when blank issues are disabled (#26813) (#26847)
  • Sync tags when adopting repos (#26816) (#26834)
  • Fix verifyCommits error when push a new branch (#26664) (#26810)
  • Include the GITHUB_TOKEN/GITEA_TOKEN secret for fork pull requests (#26759) (#26806)
  • Fix some slice append usages (#26778) (#26798)
  • Add fix incorrect can_create_org_repo for org owner team (#26683) (#26791)
  • Fix bug for ctx usage (#26763)
  • Make issue template field template access correct template data (#26698) (#26709)
  • Use correct minio error (#26634) (#26639)
  • Ignore the trailing slashes when comparing oauth2 redirect_uri (#26597) (#26618)
  • Set errwriter for urfave/cli v1 (#26616)
  • Fix reopen logic for agit flow pull request (#26399) (#26613)
  • Fix context filter has no effect in dashboard (#26695) (#26811)
  • Fix being unable to use a repo that prohibits accepting PRs as a PR source. (#26785) (#26790)
  • Fix Page Not Found error (#26768)

[1.30.0]

  • Implement OIDC auth

[1.30.1]

  • Update Gitea to 1.20.5
  • Full changelog
  • Fix z-index on markdown completion (#27237) (#27242 & #27238)
  • Use secure cookie for HTTPS sites (#26999) (#27013)
  • Fix git 2.11 error when checking IsEmpty (#27393) (#27396)
  • Allow get release download files and lfs files with oauth2 token format (#26430) (#27378)
  • Fix orphan check for deleted branch (#27310) (#27320)
  • Quote table release in sql queries (#27205) (#27219)
  • Fix release URL in webhooks (#27182) (#27184)
  • Fix successful return value for SyncAndGetUserSpecificDiff (#27152) (#27156)
  • fix pagination for followers and following (#27127) (#27138)
  • Fix issue templates when blank isses are disabled (#27061) (#27082)
  • Fix context cache bug & enable context cache for dashabord commits' authors(#26991) (#27017)
  • Fix INI parsing for value with trailing slash (#26995) (#27001)
  • Fix PushEvent NullPointerException jenkinsci/github-plugin (#27203) (#27249)
  • Fix organization field being null in POST /orgs/{orgid}/teams (#27150) (#27167 & #27162)
  • Fix bug of review request number (#27406) (#27104)