gitea-app/CHANGELOG.md

[0.1.0]

• Initial package (forked from Gogs app)

[0.1.1]

• Removed reference to Gogs

[0.1.2]

• Updated description

[0.1.3]

• Updated to version 1.1.2

[1.0.0]

• Update to version 1.1.3

[1.0.1]

• Update Git to v2.7.4-0ubuntu1.2
• Fixes critical security issue that allows remote command execution in git
• https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000117.html

[1.0.2]

• Preserve SECRET_KEY across updates and restarts

[1.0.3]

• Update to version 1.1.4

[1.1.0]

• Update to version 1.2.0
• New logo!
• SECURITY: Sanitation fix from Gogs (#1461)
• Status-API
• Implement GPG api
• https://github.com/go-gitea/gitea/releases/tag/v1.2.0

[1.1.1]

• Update to version 1.2.1
• Fix PR, milestone and label functionality if issue unit is disabled (#2710) (#2714)
• Fix plain readme didn't render correctly on repo home page (#2705) (#2712)
• Fix so that user can still fork his own repository to his organizations (#2699) (#2707)
• Fix .netrc authentication (#2700) (#2708)
• Fix slice out of bounds error in mailer (#2479) (#2696)

[1.1.2]

• Update to version 1.2.2
• Add checks for commits with missing author and time (#2771) (#2785)
• Fix sending mail with a non-latin display name (#2559) (#2783)
• Sync MaxGitDiffLineCharacters with conf/app.ini (#2779) (#2780)
• Update vendor git (#2765) (#2772)
• Fix emojify image URL (#2769) (#2773)

[1.1.3]

• Update to version 1.2.3
• Only require one email when validating GPG key (#2266, #2467, #2663) (#2788)
• Fix order of comments (#2835) (#2839)

[1.2.0]

• Update to version 1.3.0

[1.3.0]

• Update to version 1.3.1
• Add documentationUrl
• Sanitize logs for mirror sync (#3057, #3082) (#3078)
• Fix missing branch in release bug (#3108) (#3117)
• Fix repo indexer and submodule bug (#3107) (#3110)
• Fix legacy URL redirects (#3100) (#3106)
• Fix redis session failed (#3086) (#3089)
• Fix issue list branch link broken (#3061) (#3070)
• Fix missing password length check when change password (#3039) (#3071)

[1.3.1]

• Update Gitea to 1.3.2
• Fix run web with -p push failed (#3154) (#3179)
• Fix source download link when no code unit allowed (#3166) (#3169)
• Allow adding collaborators with (fullname) (#3103) (#3168)
• Fix repo links (#3093) (#3163)
• Fix Uninitialized variable in ParsePatch (#3156) (#3162)
• Fix migration order v1.3 (#3157)
• Fix avatar URLs (#3069) (#3143)

[1.4.0]

• Fix email sending (use SMTPS)

[1.4.1]

• Update Gitea to 1.3.3
• Security fixes
  • Fix escaping changed title in comments (#3530) (#3535)
  • Escape search query display (#3486) (#3489)
• Bug fixes
  • Fix repo-transfer-and-team-repo-count bug (#3241) (#3244)
  • Open external tracker in blank window, consistently with wiki (#3227) (#3228)
  • Change SSL Mode from checkbox to string in admin page (#3208) (#3211)

[1.5.0]

• Update Gitea to 1.4.0

[1.5.1]

• Update Gitea to 1.4.1
• Add “error” as reserved username (#3882) (#3886)
• Do not allow inactive users to access repositories using private key (#3887) (#3889)
• Fix path cleanup in file editor, when initilizing new repository and LFS oids (#3871) (#3873)
• Remove unnecessary allowed safe HTML (#3778) (#3779)
• Correctly check http git access rights for reverse proxy authorized users (#3721) (#3743)
• Fix to use only needed columns from tables to get repository git paths (#3870) (#3883)
• Fix GPG expire time display when time is zero (#3584) (#3884)
• Fix to update only issue last update time when adding a comment (#3855) (#3860)
• Fix repository star count after deleting user (#3781) (#3783)
• Use the active branch for the code tab (#3720) (#3776)
• Set default branch name on first push (#3715) (#3723)
• Show clipboard button if disable HTTP of git protocol (#3773) (#3774)

[1.5.2]

• Update Gitea to 1.4.2
• Adjust z-index for floating labels (#3939) (#3950)
• Add missing token validation on application settings page (#3976) #3978
• Webhook and hook_task clean up (#4006)
• Fix webhook bug of response info is not displayed in UI (#4023)
• Fix writer cannot read bare repo guide (#4033) (#4039)
• Don't force due date to current time (#3830) (#4057)
• Fix wiki redirects (#3919) (#4065)
• Fix attachment ENABLED (#4064) (#4066)
• Added deletion of an empty line at the end of file (#4054) (#4074)
• Use ResolveReference instead of path.Join (#4073)
• Fix #4081 Check for leading / in base before removing it (#4083)
• Respository's home page not updated after first push (#4075)

[1.5.2-1]

• Rebuild Gitea package because of https://github.com/go-gitea/gitea/issues/4167
• Adjust z-index for floating labels (#3939) (#3950)
• Add missing token validation on application settings page (#3976) #3978
• Webhook and hook_task clean up (#4006)
• Fix webhook bug of response info is not displayed in UI (#4023)
• Fix writer cannot read bare repo guide (#4033) (#4039)
• Don't force due date to current time (#3830) (#4057)
• Fix wiki redirects (#3919) (#4065)
• Fix attachment ENABLED (#4064) (#4066)
• Added deletion of an empty line at the end of file (#4054) (#4074)
• Use ResolveReference instead of path.Join (#4073)
• Fix #4081 Check for leading / in base before removing it (#4083)
• Respository's home page not updated after first push (#4075)

[1.5.3]

• Update Gitea to 1.4.3
• SECURITY
  • HTML-escape plain-text READMEs (#4192) (#4214)
  • Fix open redirect vulnerability on login screen (#4312) (#4312)
• BUGFIXES
  • Fix broken monitoring page when running processes are shown (#4203) (#4208)
  • Fix delete comment bug (#4216) (#4228)
  • Delete reactions added to issues and comments when deleting repository (#4232) (#4237)
  • Fix wiki URL encoding bug (#4091) (#4254)
  • Fix code tab link when viewing tags (#3908) (#4263)
  • Fix webhook type conflation (#4285) (#4285)

[1.5.4]

• Allow customization using gitea's custom data directory

[1.6.0]

• Update Gitea to 1.5.0
• Security
  • Check that repositories can only be migrated to own user or organizations (#4366) (#4370)
  • Limit uploaded avatar image-size to 4096px x 3072px by default (#4353)
  • Do not allow to reuse TOTP passcode (#3878)
• Features
  • Add cli commands to regen hooks & keys (#3979)
  • Add support for FIDO U2F (#3971)
  • Added user language setting (#3875)
  • Add topic support (#3711)
  • Multiple assignees (#3705)
  • Add protected branch whitelists for merging (#3689)
  • Global code search support (#3664)
  • Add label descriptions (#3662)
  • Add issue search via API (#3612)
  • Add repository setting to enable/disable health checks (#3607)
  • Emoji Autocomplete (#3433)
  • Implements generator cli for secrets (#3531)

[1.6.1]

• Update Gitea to 1.5.1
• Security
  • Don't disclose emails of all users when sending out emails (#4784)
  • Improve URL validation for external wiki and external issues (#4710) (#4740)
  • Make cookies HttpOnly and obey COOKIE_SECURE flag (#4706) (#4707)
• Bugfixes
  • Fix missing release title in webhook (#4783) (#4800)
  • Make sure to reset commit count in the cache on mirror syncing (#4770)
  • Fixed bug where team with admin privelege type doesn't get any unit (#4759)
  • Fix failure on creating pull request with assignees (#4583) (#4727)
  • Hide org/create menu item in Dashboard if user has no rights (#4678) (#4686)

[1.7.0]

• Update base image

[1.7.1]

• Update Gitea to 1.5.2

[1.7.2]

• Update Gitea to 1.5.3
• Security
  • Fix remote command execution vulnerability in upstream library (#5177) (#5196)

[1.8.0]

• Update Gitea to 1.6.0

[1.8.1]

• Update Gitea to 1.6.1

[1.8.2]

• Update Gitea to 1.6.2
• SECURITY
  • Sanitize uploaded file names (#5571) (#5573)
  • HTMLEncode user added text (#5570) (#5575)
• BUGFIXES
  • Fix indexer reindex bug when gitea restart (#5563) (#5564)
  • Fix bug when a read perm user to edit his issue (#5516) (#5534)
  • Detect force push failure on deletion of protected branches (#5522) (#5531)
  • Fix forgot deletion of notification when delete repository (#5506) (#5514)
  • Fix undeleted content when deleting user (#5429) (#5509)
  • Fix empty wiki (#5504) (#5508)

[1.8.3]

• Update Gitea to 1.6.3
• SECURITY: Prevent DeleteFilePost doing arbitrary deletion (#5631)
• BUGFIX: Fix wrong text getting saved on editing second comment on an issue (#5608)

[1.8.4]

• Update Gitea to 1.6.4
• Fix SSH key now can be reused as public key after deleting as deploy key (#5671) (#5685)
• When redirecting clean the path to avoid redirecting to external site (#5669) (#5703)
• Fix to use correct value for "MSpan Structures Obtained" (#5706) (#5715)

[1.9.0]

• Update Gitea to 1.7.0

[1.9.1]

• Update Gitea to 1.7.1
• Changelog
• Disable redirect for i18n (#5910) (#5916)
• Only allow local login if password is non-empty (#5906) (#5908)
• Fix go-get URL generation (#5905) (#5907)
• Fix TLS errors when using acme/autocert for local connections (#5820) (#5826)
• Request for public keys only if LDAP attribute is set (#5816) (#5819)
• Fix delete correct temp directory (#5840) (#5839)
• Fix an error while adding a dependency via UI (#5862) (#5876)
• Fix null pointer in attempt to Sudo if not logged in (#5872) (#5884)
• When creating new repository fsck option should be enabled (#5817) (#5885)
• Prevent nil dereference in mailIssueCommentToParticipants (#5891) (#5895) (#5894)
• Fix bug when read public repo lfs file (#5913) (#5912)
• Respect value of REQUIRE_SIGNIN_VIEW (#5901) (#5915)
• Fix compare button on upstream repo leading to 404 (#5877) (#5914)

[1.9.2]

• Update Gitea to 1.7.2
• Remove all CommitStatus when a repo is deleted (#5940) (#5941)
• Fix notifications on pushing with deploy keys by setting hook environment variables (#5935) (#5944)
• Silence console logger in gitea serv (#5887) (#5943)
• Handle milestone webhook events for issues and PR (#5947) (#5955)
• Show user who created the repository instead of the organization in action feed (#5948) (#5956)
• Fix ssh deploy and user key constraints (#1357) (#5939) (#5966)
• Fix bug when deleting a linked account will removed all (#5989) (#5990)
• Fix empty ssh key importing in ldap (#5984) (#6009)
• Fix metrics auth token detection (#6006) (#6017)
• Create repository on organisation by default on its dashboard (#6026) (#6048)
• Make sure labels are actually returned in API (#6053) (#6059)
• Switch to more recent build of xgo (#6070) (#6072)
• In basic auth check for tokens before call UserSignIn (#5725) (#6083)

[1.9.3]

• Update Gitea to 1.7.3
• Fix server 500 when trying to migrate to an already existing repository (#6188) (#6197)
• Load Issue attributes for API /repos/{owner}/{repo}/issues/{index} (#6122) (#6185)
• Fix bug whereby user could change private repository to public when force private enabled. (#6156) (#6165)
• Fix bug when update owner team then visit team's repo return 404 (#6119) (#6166)
• Fix heatmap and repository menu display in Internet Explorer 9+ (#6117) (#6137)
• Fix prohibit login check on authorization (#6106) (#6115)
• Fix LDAP protocol error regression by moving to ldap.v3 (#6105) (#6107)
• Fix deadlock in webhook PullRequest (#6102) (#6104)
• Fix redirect loop when password change is required and Gitea is installed as a suburl (#5965) (#6101)
• Fix compare button regression (#5929) (#6098)
• Recover panic in orgmode.Render if bad orgfile (#4982) (#5903) (#6097)

[1.9.4]

• Update Gitea to 1.7.4
• Fix potential XSS vulnerability in repository description. (#6306) (#6308)
• Fix wrong release commit id (#6224) (#6300)
• Fix panic on empty signed commits (#6292) (#6300)
• Fix organization dropdown not being scrollable when using mouse wheel (#5988) (#6246)
• Fix displaying dashboard even if required to change password (#6214) (#6215)

[1.9.5]

• Update Gitea to 1.7.5
• unitTypeCode not being used in accessLevelUnit (#6419) (#6423)
• ParsePatch function to work with quoted diff --git strings (#6323) (#6332)

[1.9.6]

• Update Gitea to 1.7.6
• Prevent remote code execution vulnerability with mirror repo URL settings (#6593) (#6595)
• Allow resend of confirmation email when logged in (#6482) (#6487)

[1.10.0]

• Update Gitea to 1.8.0
• Full changelog
• Prevent remote code execution vulnerability with mirror repo URL settings (#6593) (#6594)
• Resolve 2FA bypass on API (#6676) (#6674)
• Prevent the creation of empty sessions for non-logged in users (#6690) (#6677)
• Expose issue stopwatch toggling via API (#5970)
• Pull request conflict files detection (#5951)
• Implement "conversation lock" for issue comments (#5073)
• Feature: Archive repos (#5009)
• Allow to set organization visibility (public, internal, private) (#1763)
• Added URL mapping for Release attachments like on github.com (#1707)

[1.10.1]

• Update Gitea to 1.8.1

[1.10.2]

• Update Gitea to 1.8.2

[1.11.0]

• better custom app.ini integration
• optional sso support

[1.12.0]

• Update Gitea to 1.8.3
• Update manifest to v2

[1.13.0]

• Update Gitea to 1.9.0

[1.13.1]

• Update Gitea to 1.9.1

[1.13.2]

• Make sessions persist restarts

[1.13.3]

• Update Gitea to 1.9.2
• Fix wrong sender when send slack webhook (#7918) (#7924)
• Upload support text/plain; charset=utf8 (#7899)
• Lfs/lock: round locked_at timestamp to second (#7872) (#7875)
• Fix non existent milestone with 500 error (#7867) (#7873)
• SECURITY
  • Fix No PGP signature on 1.9.1 tag (#7874)
  • Release built with go 1.12.9 to fix security fixes in golang std lib, ref: https://groups.google.com/forum/#!msg/golang-announce/oeMaeUnkvVE/a49yvTLqAAAJ
• ENHANCEMENT
  • Fix pull creation with empty changes (#7920) (#7926)
• BUILD
  • Drone/docker: prepare multi-arch release + provide arm64 image (#7571) (#7884)

[1.13.4]

• Update Gitea to 1.9.3
• Fix go get from a private repository with Go 1.13 (#8100)
• Strict name matching for Repository.GetTagID() (#8082)
• Avoid ambiguity of branch/directory names for the git-diff-tree command (#8070)
• Add change title notification for issues (#8064)
• Run CORS handler first for /api routes (#7967) (#8053)
• Evaluate emojis in commit messages in list view (#8044)
• Fix failed to synchronize tags to releases for repository (#7990) (#7994)
• Fix adding default Telegram webhook (#7972) (#7992)
• Abort synchronization from LDAP source if there is some error (#7965)
• Fix deformed emoji in commit message (#8071)
• Keep blame view buttons sequence consistent with normal view when viewing a file (#8007) (#8009)

[1.13.5]

• Update Gitea to 1.9.4
• Highlight issue references (#8101) (#8404)
• Fix bug when migrating a private repository #7917 (#8403)
• Change general form binding to gogs form (#8334) (#8402)
• Fix editor commit to new branch if PR disabled (#8375) (#8401)
• Fix milestone num_issues (#8221) (#8400)
• Allow users with explicit read access to give approvals (#8398)
• Fix commit status in PR #8316 and PR #8321 (#8339)
• Fix API for edit and delete release attachment (#8290)
• Fix assets on release webhook (#8283)
• Fix release API URL generation (#8239)
• Allow registration when button is hidden (#8238)
• MS Teams webhook misses commit messages (backport v1.9) (#8225)

[1.13.6]

• Update Gitea to 1.9.5
• Full changelog
• Hide some user information via API if user doesn't have enough permission (#8655) (#8658)
• Fix milestone close timestamp (#8728) (#8731)
• Fix deadline on update issue or PR via API (#8699)
• Fix 'New Issue Missing Milestone Comment' (#8678) (#8682)
• Fix 500 when getting user as unauthenticated user (#8653) (#8662)
• Use AppSubUrl for more redirections (#8647) (#8652)
• Add SubURL to redirect path (#8632) (#8634) (#8640)
• Fix #8582 by handling empty repos (#8587) (#8593)
• Fix bug on pull requests when transfer head repository (#8571)
• Add missed close in ServeBlobLFS (#8527) (#8543)
• Return false if provided branch name is empty for IsBranchExist (#8485) (#8492)
• Create .ssh dir as necessary (#8369) (#8486) (#8489)
• Restore functionality for early gits (#7775) (#8476)
• Add check for empty set when dropping indexes during migration (#8475)
• Ensure Request Body Readers are closed in LFS server (#8454) (#8459)
• Ensure that LFS files are relative to the LFS content path (#8455) (#8458)
• Ignore mentions for users with no access (#8395) (#8484)

[1.14.0]

• Update Gitea to 1.10.0
• Full changelog

[1.14.1]

• Update Gitea to 1.10.1
• Fix max length check and limit in multiple repo forms (#9148) (#9204)
• Properly fix displaying virtual session provider in admin panel (#9137) (#9203)
• Upgrade levelqueue to 0.1.0 (#9192) (#9199)
• Fix panic when diff (#9187) (#9193)
• Smtp logger configuration sendTos should be an array (#9154) (#9157)
• Always Show Password Field on Link Account Sign-in Page (#9150)
• Create PR on Current Repository by Default (#8670) (#9141)
• Fix race on indexer (#9136) (#9139)
• Fix reCAPTCHA URL (#9119)
• Hide migrated credentials (#9098)
• Update golang.org/x/crypto vendor to use acme v2 (#9056) (#9085)
• Fix password checks on admin create/edit user (#9076) (#9081)
• Fix add search as a reserved username (#9063) (#9065)
• Fix permission checks for close/reopen from commit (#8875) (#9033)
• Ensure Written is set in GZIP ProxyResponseWriter (#9018) (#9025)
• Fix broken link to branch from issue list (#9003) (#9021)
• Fix wrong system notice when repository is empty (#9020)
• Shadow password correctly for session config (#8984) (#9002)

[1.14.2]

• Update Gitea to 1.10.2
• Allow only specific Columns to be updated on Issue via API (#9539) (#9580)
• Add ErrReactionAlreadyExist error (#9550) (#9564)
• Fix bug when migrate from API (#8631) (#9563)
• Use default avatar for ghost user (#9536) (#9537)
• Fix repository issues pagination bug when there are more than one label filter (#9512) (#9528)
• Fix deleted branch not removed when push the branch again (#9516) (#9524)
• Fix missing repository status when migrating repository via API (#9511)
• Trigger webhook when deleting a branch after merging a PR (#9510)
• Fix paging on /repos/{owner}/{repo}/git/trees/{sha} API endpoint (#9482)
• Fix NewCommitStatus (#9434) (#9435)
• Use OriginalURL instead of CloneAddr in migration logging (#9418) (#9420)
• Fix Slack webhook payload title generation to work with Mattermost (#9404)
• DefaultBranch needs to be prefixed by BranchPrefix (#9356) (#9359)
• Fix issue indexer not triggered when migrating a repository (#9333)
• Fix bug that release attachment files not deleted when deleting repository (#9322) (#9329)
• Fix migration releases (#9319) (#9326) (#9328)
• Fix File Edit: Author/Committer interchanged (#9297) (#9300)

[1.14.3]

• Update Gitea to 1.10.3
• Hide credentials when submitting migration (#9102) (#9704)
• Never allow an empty password to validate (#9682) (#9684)
• Prevent redirect to Host (#9678) (#9680)
• Hide public repos owned by private orgs (#9609) (#9616)
• Allow assignee on Pull Creation when Issue Unit is deactivated (#9836) (#9838)
• Fix download file wrong content-type (#9825) (#9835)
• Fix wrong identify poster on a migrated pull request when submit review (#9827) (#9831)
• Fix dump non-exist log directory (#9818) (#9820)
• Fix compare (#9808) (#9815)
• Fix missing msteam webhook on organization (#9781) (#9795)
• Fix add team on collaborator page when same name as organization (#9783)
• Fix cache problem on dashboard (#9358) (#9703)
• Send tag create and push webhook when release created on UI (#8671) (#9702)
• Branches not at ref commit ID should not be listed as Merged (#9614) (#9639)

[1.15.0]

• Update Gitea to 1.11.0

[1.15.1]

• Update Gitea to 1.11.1
• Repo name added to automatically generated commit message when merging (#9997) (#10285)
• Fix Workerpool deadlock (#10283) (#10284)
• Divide GetIssueStats query in smaller chunks (#10176) (#10282)
• Fix reply on code review (#10257)
• Stop hanging issue indexer initialisation from preventing shutdown (#10243) (#10249)
• Fix filter label emoji width (#10241) (#10244)
• Fix issue sidebar menus having an infinite height (#10239) (#10240)
• Fix commit between two commits calculation if there is only last commit (#10225) (#10226)
• Only check for conflicts/merging if the PR has not been merged in the interim (#10132) (#10206)
• Blacklist manifest.json & milestones user (#10292) (#10293)

[1.15.2]

• Update Gitea to 1.11.2

[1.15.3]

• Update Gitea to 1.11.3

[1.15.4]

• Update Gitea to 1.11.4

[1.16.0]

• Update Gitea to 1.11.5
• Update base image to 2.0.0

[1.16.1]

• Update Gitea to 1.11.6
• Full changelog
• Fix missing authorization check on pull for public repos of private/limited org (#11656) (#11683)
• Use session for retrieving org teams (#11438) (#11439)
• Return json on 500 error from API (#11574) (#11660)
• Fix wrong milestone in webhook message (#11596) (#11612)
• Prevent (caught) panic on login (#11590) (#11598)
• Fix commit page js error (#11527)

[1.17.0]

• Update Gitea to 1.12.1
• Full changelog

[1.18.0]

• Add forumUrl and update tags and screenshots

[1.18.1]

• Update Gitea to 1.12.2
• Full changelog

[1.18.2]

• Update Gitea to 1.12.3
• Full changelog
• Don't change creation date when updating Release (#12343) (#12351)
• Show 404 page when release not found (#12328) (#12332)
• Fix emoji detection in certain cases (#12320) (#12327)
• Reduce emoji size (#12317) (#12327)
• Fix double-indirection bug in logging IDs (#12294) (#12308)
• Link to pull list page on sidebar when view pr (#12256) (#12263)
• Extend Notifications API and return pinned notifications by default (#12164) (#12232)

[1.18.3]

• Update Gitea to 1.12.4
• Full changelog
• Escape provider name in oauth2 provider redirect (#12648) (#12650)
• Escape Email on password reset page (#12610) (#12612)
• When reading expired sessions - expire them (#12686) (#12690)
• StaticRootPath configurable at compile time (#12371) (#12652)
• Fix to show an issue that is related to a deleted issue (#12651) (#12692)
• Expire time acknowledged for cache (#12605) (#12611)
• Fix diff path unquoting (#12554) (#12575)
• Improve HTML escaping helper (#12562)
• models: break out of loop (#12386) (#12561)
• Default empty merger list to those with write permissions (#12535) (#12560)
• Skip SSPI authentication attempts for /api/internal (#12556) (#12559)
• Prevent NPE on commenting on lines with invalidated comments (#12549) (#12550)
• Remove hardcoded ES indexername (#12521) (#12526)
• Fix bug preventing transfer to private organization (#12497) (#12501)
• Keys should not verify revoked email addresses (#12486) (#12495)
• Do not add prefix on http/https submodule links (#12477) (#12479)
• Fix ignored login on compare (#12476) (#12478)
• Fix incorrect error logging in Stats indexer and OAuth2 (#12387) (#12422)
• Upgrade google/go-github to v32.1.0 (#12361) (#12390)
• Render emoji's of Commit message on feed-page (#12373)
• Fix handling of diff on unrelated branches when Git 2.28 used (#12370)

[1.18.4]

• Update Gitea to 1.12.5
• Full changelog
• Allow U2F with default settings for gitea in subpath (#12990) (#13001)
• Prevent empty div when editing comment (#12404) (#12991)
• On mirror update also update address in DB (#12964) (#12967)
• Allow extended config on cron settings (#12939) (#12943)
• Open transaction when adding Avatar email-hash pairs to the DB (#12577) (#12940)
• Fix internal server error from ListUserOrgs API (#12910) (#12915)
• Update only the repository columns that need updating (#12900) (#12912)
• Fix panic when adding long comment (#12892) (#12894)
• Add size limit for content of comment on action ui (#12881) (#12890)
• Convert User expose ID each time (#12855) (#12883)
• Support slashes in release tags (#12864) (#12882)
• Add missing information to CreateRepo API endpoint (#12848) (#12867)
• On Migration respect old DefaultBranch (#12843) (#12858)
• Fix notifications page links (#12838) (#12853)
• Stop cloning unnecessarily on PR update (#12839) (#12852)
• Escape more things that are passed through str2html (#12622) (#12850)
• Remove double escape on labels addition in comments (#12809) (#12810)
• Fix "only mail on mention" bug (#12775) (#12789)
• Fix yet another bug with diff file names (#12771) (#12776)
• RepoInit Respect AlternateDefaultBranch (#12746) (#12751)
• Fix Avatar Resize (resize algo NearestNeighbor -> Bilinear) (#12745) (#12750)

[1.18.5]

• Update Gitea to 1.12.6
• Full changelog
• Prevent git operations for inactive users (#13527) (#13537)
• Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13525)
• API should only return Json (#13511) (#13564)
• Fix before and since query arguments at API (#13559) (#13560)
• Prevent panic on git blame by limiting lines to 4096 bytes at most (#13470) (#13492)
• Fix link detection in repository description with tailing '_' (#13407) (#13408)
• Remove obsolete change of email on profile page (#13341) (#13348)
• Fix permission check on get Reactions API endpoints (#13344) (#13346)
• Add migrated pulls to pull request task queue (#13331) (#13335)
• API deny wrong pull creation options (#13308) (#13327)
• Fix initial commit page & binary munching problem (#13249) (#13259)
• Fix diff parsing (#13157) (#13136) (#13139)
• Return error 404 not 500 from API if team does not exist (#13118) (#13119)
• Prohibit automatic downgrades (#13108) (#13111)
• Fix GitLab Migration Option AuthToken (#13101)
• GitLab Label Color Normalizer (#12793) (#13100)
• Log the underlying panic in runMigrateTask (#13096) (#13098)
• Fix attachments list in edit comment (#13036) (#13097)
• Fix deadlock when deleting team user (#13093)
• Fix error create comment on outdated file (#13041) (#13042)
• Fix repository create/delete event webhooks (#13008) (#13027)
• Fix internal server error on README in submodule (#13006) (#13016)

[1.19.0]

• Update Gitea to 1.13.0
• Full changelog

[1.19.1]

• Update Gitea to 1.13.1
• Full changelog
• Security: Hide private participation in Orgs (#13994) (#14031)
• Security: Fix escaping issue in diff (#14153) (#14154)

[1.19.2]

• Update Gitea to 1.13.2
• Prevent panic on fuzzer provided string (#14405) (#14409)
• Add secure/httpOnly attributes to the lang cookie (#14279) (#14280)
• If release publisher is deleted use ghost user (#14375)
• Internal ssh server respect Ciphers, MACs and KeyExchanges settings (#14523) (#14530)
• Set the name Mapper in migrations (#14526) (#14529)
• Fix wiki preview (#14515)
• Update code.gitea.io/sdk/gitea v0.13.1 -> v0.13.2 (#14497)
• ChangeUserName: rename user files back on DB issue (#14447)
• Fix lfs preview bug (#14428) (#14433)
• Ensure timeout error is shown on u2f timeout (#14417) (#14431)
• Fix Deadlock & Delete affected reactions on comment deletion (#14392) (#14425)
• Use path not filepath in routers/editor (#14390) (#14396)
• Check if label template exist first (#14384) (#14389)
• Fix migration v141 (#14387) (#14388)
• Use Request.URL.RequestURI() for fcgi (#14347)
• Use ServerError provided by Context (#14333) (#14345)
• Fix edit-label form init (#14337)
• Fix mailIssueCommentBatch for pull request (#14252) (#14296)
• Render links for commit hashes followed by comma (#14224) (#14227)
• Send notifications for mentions in pulls, issues, (code-)comments (#14218) (#14221)
• Fix avatar bugs (#14217) (#14220)
• Ensure that schema search path is set with every connection on postgres (#14131) (#14216)
• Fix dashboard issues labels filter bug (#14210) (#14214)
• When visit /favicon.ico but the static file is not exist return 404 but not continue to handle the route (#14211) (#14213)
• Fix branch selector on new issue page (#14194) (#14207)
• Check for notExist on profile repository page (#14197) (#14203)

[1.20.0]

• Use base image v3

[1.20.1]

• Update Gitea to 1.13.3
• Turn default hash password algorithm back to pbkdf2 from argon2 until we find a better one (#14673) (#14675)
• Fix paging of file commit logs (#14831) (#14879)
• Print useful error if SQLite is used in settings but not supported (#14476) (#14874)
• Fix display since time round (#14226) (#14873)
• When Deleting Repository only explicitly close PRs whose base is not this repository (#14823) (#14842)
• Set HCaptchaSiteKey on Link Account pages (#14834) (#14839)
• Fix a couple of CommentAsPatch issues. (#14804) (#14820)
• Disable broken OAuth2 providers at startup (#14802) (#14811)
• Repo Transfer permission checks (#14792) (#14794)
• Fix double alert in oauth2 application edit view (#14764) (#14768)
• Fix broken spans in diffs (#14678) (#14683)
• Prevent race in PersistableChannelUniqueQueue.Has (#14651) (#14676)
• HasPreviousCommit causes recursive load of commits unnecessarily (#14598) (#14649)
• Do not assume all 40 char strings are SHA1s (#14624) (#14648)
• Allow org labels to be set with issue templates (#14593) (#14647)
• Accept multiple SSH keys in single LDAP SSHPublicKey attribute (#13989) (#14607)
• Fix bug about ListOptions and stars/watchers pagnation (#14556) (#14573)
• Fix GPG key deletion during account deletion (#14561) (#14569)

[1.20.2]

• Update Gitea to 1.13.4
• Fix issue popups (#14898) (#14899)
• Fix race in LFS ContentStore.Put(...) (#14895) (#14913)
• Fix a couple of issues with a feeds (#14897) (#14903)
• When transfering repository and database transaction failed, rollback the renames (#14864) (#14902)
• Fix race in local storage (#14888) (#14901)
• Fix 500 on pull view page if user is not loged in (#14885) (#14886)

[1.20.3]

• Update Gitea to 1.13.5
• Update to goldmark 1.3.3 (#15059) (#15061)
• Another clusterfuzz spotted issue (#15032) (#15034)
• Fix set milestone on PR creation (#14981) (#15001)
• Prevent panic when editing forked repos by API (#14960) (#14963)
• Fix bug when upload on web (#15042) (#15055)
• Delete Labels & IssueLabels on Repo Delete too (#15039) (#15051)
• Fix postgres ID sequences broken by recreate-table (#15015) (#15029)
• Fix several render issues (#14986) (#15013)
• Make sure sibling images get a link too (#14979) (#14995)
• Fix Anchor jumping with escaped query components (#14969) (#14977)
• Fix release mail html template (#14976)
• Fix excluding more than two labels on issues list (#14962) (#14973)
• Don't mark each comment poster as OP (#14971) (#14972)
• Add "captcha" to list of reserved usernames (#14930)
• Re-enable import local paths after reversion from #13610 (#14925) (#14927)

[1.20.4]

• Update Gitea to 1.13.6
• Fix bug on avatar middleware (#15124) (#15125)
• Fix another clusterfuzz identified issue (#15096) (#15114)
• Fix nil exeption for get pull reviews API #15104 (#15106)
• Fix markdown rendering in milestone content (#15056) (#15092)

[1.20.5]

• Update Gitea to 1.13.7
• Update to bluemonday-1.0.6 (#15294) (#15298)
• Clusterfuzz found another way (#15160) (#15169)
• Fix wrong user returned in API (#15139) (#15150)
• Add 'fonts' into 'KnownPublicEntries' (#15188) (#15317)
• Speed up enry.IsVendor (#15213) (#15246)
• Response 404 for diff/patch of a commit that not exist (#15221) (#15238)
• Prevent NPE in CommentMustAsDiff if no hunk header (#15199) (#15201)
• Add size to Save function (#15264) (#15271)

[1.21.0]

• Update Gitea to 1.14.0
• Full changelog

[1.21.1]

• Update Gitea to 1.14.1
• Fix bug clone wiki (#15499) (#15502)
• Github Migration ignore rate limit, if not enabled (#15490) (#15495)
• Use subdir for URL (#15446) (#15493)
• Query the DB for the hash before inserting in to email_hash (#15457) (#15491)
• Ensure review dismissal only dismisses the correct review (#15477) (#15489)
• Use index of the supported tags to choose user lang (#15452) (#15488)
• Fix wrong file link in code search page (#15466) (#15486)
• Quick template fix for built-in SSH server in admin config (#15464) (#15481)
• Prevent superfluous response.WriteHeader (#15456) (#15476)
• Fix ambiguous argument error on tags (#15432) (#15474)
• Add created_unix instead of expiry to migration (#15458) (#15463)
• Fix repository search (#15428) (#15442)
• Prevent NPE on avatar direct rendering if federated avatars disabled (#15434) (#15439)
• Fix wiki clone urls (#15430) (#15431)
• Fix dingtalk icon url at webhook (#15417) (#15426)
• Standardise icon on projects PR page (#15387) (#15408)
• Add option to skip LFS/attachment files for dump (#15407) (#15492)
• Clone panel fixes (#15436)
• Use semantic dropdown for code search query type (#15276) (#15364)

[1.21.2]

• Update Gitea to 1.14.2
• Full changelog
• Display conflict-free merge messages for pull requests (#15773) (#15796)
• Exponential Backoff for ByteFIFO (#15724) (#15793)
• Issue list alignment tweaks (#15483) (#15766)
• Implement delete release attachments and update release attachments' name (#14130) (#15666)
• Add placeholder text to deploy key textarea (#15575) (#15576)
• Project board improvements (#15429) (#15560)
• Repo branch page: label size, PR ref, new PR button alignment (#15363) (#15365)

[1.21.3]

• Update Gitea to 1.14.3
• Full changelog
• Encrypt migration credentials at rest (#15895) (#16187)
• Only check access tokens if they are likely to be tokens (#16164) (#16171)
• Add missing SameSite settings for the i_like_gitea cookie (#16037) (#16039)
• Fix setting of SameSite on cookies (#15989) (#15991)

[1.21.4]

• Update Gitea to 1.14.4
• Full changelog
• Fix relative links in postprocessed images (#16334) (#16340)
• Fix list_options GetStartEnd (#16303) (#16305)
• Fix API to use author for commits instead of committer (#16276) (#16277)
• Handle misencoding of login_source cfg in mssql (#16268) (#16275)
• Fixed issues not updated by commits (#16254) (#16261)
• Improve efficiency in FindRenderizableReferenceNumeric and getReference (#16251) (#16255)
• Use html.Parse rather than html.ParseFragment (#16223) (#16225)
• Fix milestone counters on new issue (#16183) (#16224)
• reqOrgMembership calls need to be preceded by reqToken (#16198) (#16219)

[1.21.5]

• Update Gitea to 1.14.5
• Full changelog
• Hide mirror passwords on repo settings page (#16022) (#16355)
• Update bluemonday to v1.0.15 (#16379) (#16380)
• Retry rename on lock induced failures (#16435) (#16439)
• Validate issue index before querying DB (#16406) (#16410)
• Fix crash following ldap authentication update (#16447) (#16449)
• Redirect on bad CSRF instead of presenting bad page (#14937) (#16378)

[1.21.6]

• Update Gitea to 1.14.6
• Full changelog
• SECURITY
  • Bump github.com/markbates/goth from v1.67.1 to v1.68.0 (#16538) (#16540)
  • Switch to maintained JWT lib (#16532) (#16535)
  • Upgrade to latest version of golang-jwt (as forked for 1.14) (#16590) (#16607)

[1.22.0]

• Update Gitea to 1.15.0
• Full changelog

[1.22.1]

• Update Gitea to 1.15.1
• Full changelog

[1.22.2]

• Update Gitea to 1.15.2
• Add unique constraint back into issue_index (#16938)
• Close storage objects before cleaning (#16934) (#16942)

[1.22.3]

• Update Gitea to 1.15.3
• Full changelog
• Add fluid to ui container class to remove margin (#16396) (#16976)
• Add caller to cat-file batch calls (#17082) (#17089)
• Many bug fixes

[1.22.4]

• Update Gitea to 1.15.4
• Full changelog
• Raw file API: don't try to interpret 40char filenames as commit SHA (#17185) (#17272)
• Don't allow merged PRs to be reopened (#17192) (#17271)
• Fix incorrect repository count on organization tab of dashboard (#17256) (#17266)
• Fix unwanted team review request deletion (#17257) (#17264)
• Fix broken Activities link in team dashboard (#17255) (#17258)
• API pull's head/base have correct permission(#17214) (#17245)
• Fix stange behavior of DownloadPullDiffOrPatch in incorect index (#17223) (#17227)
• Upgrade xorm to v1.2.5 (#17177) (#17188)
• Fix missing repo link in issue/pull assigned emails (#17183) (#17184)
• Fix bug of get context user (#17169) (#17172)
• Nicely handle missing user in collaborations (#17049) (#17166)
• Add Horizontal scrollbar to inner menu on Chrome (#17086) (#17164)
• Fix wrong i18n keys (#17150) (#17153)
• Fix Archive Creation: correct transaction ending (#17151)
• Prevent panic in Org mode HighlightCodeBlock (#17140) (#17141)
• Create doctor command to fix repo_units broken by dumps from 1.14.3-1.14.6 (#17136) (#17137)

[1.22.5]

• Update Gitea to 1.15.5
• Full changelog
• Upgrade Bluemonday to v1.0.16 (#17372) (#17374)
• Ensure correct SSH permissions check for private and restricted users (#17370) (#17373)
• Prevent NPE in CSV diff rendering when column removed (#17018) (#17377)
• Offer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH (#17281) (#17376)
• Don't panic if we fail to parse U2FRegistration data (#17304) (#17371)
• Ensure popup text is aligned left (backport for 1.15) (#17343)
• Ensure that git daemon export ok is created for mirrors (#17243) (#17306)
• Disable core.protectNTFS (#17300) (#17302)
• Use pointer for wrappedConn methods (#17295) (#17296)
• AutoRegistration is supposed to be working with disabled registration (backport) (#17292)
• Handle duplicate keys on GPG key ring (#17242) (#17284)
• Fix SVG side by side comparison link (#17375) (#17391)

[1.22.6]

• Update Gitea to 1.15.6
• Full changelog
• Prevent panic in serv.go with Deploy Keys (#17434) (#17435)
• Fix CSV render error (#17406) (#17431)
• Read expected buffer size (#17409) (#17430)
• Ensure that restricted users can access repos for which they are members (#17460) (#17464)
• Make commit-statuses popup show correctly (#17447) (#17466)

[1.23.0]

• Update Gitea to 1.15.7
• Full changelog
• Enable rendering of jupyter notebooks, rst, asciidoc by default
• Only allow webhook to send requests to allowed hosts (#17482) (#17510)
• Fix login redirection links (#17451) (#17473)

[1.23.1]

• Update Gitea to 1.15.8
• Full changelog
• Move POST /{username}/action/{action} to simply POST /{username} (#18045) (#18046)
• Fix delete u2f keys bug (#18040) (#18042)
• Reset Session ID on login (#18018) (#18041)
• Prevent off-by-one error on comments on newly appended lines (#18029) (#18035)
• Stop printing 03d after escaped characters in logs (#18030) (#18034)

[1.23.2]

• Update Gitea to 1.15.9
• Full changelog
• Fix wrong redirect on org labels (#18128) (#18134)
• Fix: unstable sort skips/duplicates issues across pages (#18094) (#18095)
• Revert "Fix delete u2f keys bug (#18042)" (#18107)
• Migrating wiki don't require token, so we should move it out of the require form (#17645) (#18104)
• Prevent NPE if gitea uploader fails to open url (#18080) (#18101)
• Reset locale on login (#17734) (#18100)
• Correctly handle failed migrations (#17575) (#18099)
• Instead of using routerCtx just escape the url before routing (#18086) (#18098)
• Quote references to the user table in consistency checks (#18072) (#18073)
• Add NotFound handler (#18062) (#18067)
• Ensure that git repository is closed before transfer (#18049) (#18057)
• Use common sessioner for API and web routes (#18114)

[1.23.3]

• Update Gitea to 1.15.10
• Full changelog
• Fix inconsistent PR comment counts (#18260) (#18261)
• Fix release link broken (#18252) (#18253)
• Fix update user from site administration page bug (#18250) (#18251)
• Set HeadCommit when creating tags (#18116) (#18173)
• Use correct translation key for error messages due to max repo limits (#18135 & #18153) (#18152)
• Fix purple color in suggested label colors (#18241) (#18242)
• Bump mermaid from 8.10.1 to 8.13.8 (#18198) (#18206)

[1.23.4]

• Update Gitea to 1.16.0
• Full changelog

[1.23.5]

• Update Gitea to 1.16.1
• Full changelog
• Update JS dependencies, fix lint (#18389) (#18540)
• Add dropdown icon to label set template dropdown (#18564) (#18571)
• Comments on migrated issues/prs must link to the comment ID (#18630) (#18637)
• Stop logging an error when notes are not found (#18626) (#18635)
• Ensure that blob-excerpt links work for wiki (#18587) (#18624)
• Only attempt to flush queue if the underlying worker pool is not finished (#18593) (#18620)

[1.23.6]

• Update Gitea to 1.16.2
• Full changelog
• Show fullname on issue edits and gpg/ssh signing info (#18828)
• Immediately Hammer if second kill is sent (#18823) (#18826)
• Allow mermaid render error to wrap (#18791)

[1.23.7]

• Update Gitea to 1.16.3
• Full changelog

[1.23.8]

• Update Gitea to 1.16.4
• Full changelog
• Restrict email address validation (#17688) (#19085)
• Fix lfs bug (#19072) (#19080)

[1.23.9]

• Update Gitea to 1.16.5
• Full changelog
• Prevent redirect to Host (2) (#19175) (#19186)
• Try to prevent autolinking of displaynames by email readers (#19169) (#19183)
• Clean paths when looking in Storage (#19124) (#19179)
• Do not send notification emails to inactive users (#19131) (#19139)
• Do not send activation email if manual confirm is set (#19119) (#19122)

[1.23.10]

• Update Gitea to 1.16.6
• Full changelog

[1.23.11]

• Update Gitea to 1.16.7
• Full changelog
• Escape git fetch remote (#19487) (#19490)
• On Migrations, only write commit-graph if wiki clone was successful (#19563) (#19568)
• Respect DefaultUserIsRestricted system default when creating new user (#19310) (#19560)
• Don't error when branch's commit doesn't exist (#19547) (#19548)
• Support hostname:port to pass host matcher's check (#19543) (#19544)
• Prevent dangling archiver goroutine (#19516) (#19526)
• Fix migrate release from github (#19510) (#19523)
• When view _Siderbar or _Footer, just display once (#19501) (#19522)
• Fix blame page select range error and some typos (#19503)
• Fix name of doctor fix "authorized-keys" in hints (#19464) (#19484)
• User specific repoID or xorm builder conditions for issue search (#19475) (#19476)
• Prevent dangling cat-file calls (goroutine alternative) (#19454) (#19466)
• RepoAssignment ensure to close before overwrite (#19449) (#19460)
• Set correct PR status on 3way on conflict checking (#19457) (#19458)
• Mark TemplateLoading error as "UnprocessableEntity" (#19445) (#19446)

[1.23.12]

• Update Gitea to 1.16.8
• Full changelog
• Add doctor check/fix for bogus action rows (#19656) (#19669)
• Make .cs highlighting legible on dark themes (#19604) (#19605)
• Delete user related oauth stuff on user deletion too (#19677) (#19680)
• Fix new release from tags list UI (#19670) (#19673)
• Prevent NPE when checking repo units if the user is nil (#19625) (#19630)

[1.24.0]

• Update Gitea to 1.17.0
• Full changelog
• Automatically render wiki TOC (#19873)
• Adding button to link accounts from user settings (#19792)
• Allow set default merge style while creating repo (#19751)
• Auto merge pull requests when all checks succeeded (#9307 & #19648)
• Improve reviewing PR UX (#19612)
• Add support for rendering console output with colors (#19497)

[1.24.1]

• Update Gitea to 1.17.1
• Full changelog
• Correctly escape within tribute.js (#20831) (#20832)
• Add support for NuGet API keys (#20721) (#20734)
• Display project in issue list (#20583)
• Add disable download source configuration (#20548) (#20579)
• Add username check to doctor (#20140) (#20671)
• Enable Wire 2 for Internal SSH Server (#20616) (#20617)
• Use the total issue count for UI (#20785) (#20827)
• Add proxy host into allow list (#20798) (#20819)
• Add missing translation for queue flush workers (#20791) (#20792)
• Improve comment header for mobile (#20781) (#20789)
• Fix git.Init for doctor sub-command (#20782) (#20783)
• Check webhooks slice length before calling xorm (#20642) (#20768)
• Remove manual rollback for failed generated repositories (#20639) (#20762)
• Use correct field name in npm template (#20675) (#20760)
• Keep download count on Container tag overwrite (#20728) (#20735)
• Fix v220 migration to be compatible for MSSQL 2008 r2 (#20702) (#20707)
• Use request timeout for git service rpc (#20689) (#20693)
• Send correct NuGet status codes (#20647) (#20677)
• Use correct context to get package content (#20673) (#20676)
• Fix the JS error "EventSource is not defined" caused by some non-standard browsers (#20584) (#20663)
• Add default commit messages to PR for squash merge (#20618) (#20645)
• Fix package upload for files >32mb (#20622) (#20635)
• Fix the new-line copy-paste for rendered code (#20612)
• Clean up and fix clone button script (#20415 & #20600) (#20599)
• Fix default merge style (#20564) (#20565)
• Add repository condition for issue count (#20454) (#20496)
• Make branch icon stand out more (#20726) (#20774)
• Fix loading button with invalid form (#20754) (#20759)
• Fix SecToTime edge-cases (#20610) (#20611)
• Executable check always returns true for windows (#20637) (#20835)
• Check issue labels slice length before calling xorm Insert (#20655) (#20836)
• Fix owners cannot create organization repos bug (#20841) (#20854)
• Prevent 500 is head repo does not have PullRequest unit in IsUserAllowedToUpdate (#20839) (#20848)

[1.24.2]

• Update Gitea to 1.17.2
• Full changelog
• Double check CloneURL is acceptable (#20869) (#20892)
• Add more checks in migration code (#21011) (#21050)
• Fix hard-coded timeout and error panic in API archive download endpoint (#20925) (#21051)
• Improve arc-green code theme (#21039) (#21042)
• Enable contenthash in filename for dynamic assets (#20813) (#20932)
• Don't open new page for ext wiki on same repository (#20725) (#20910)
• Disable doctor logging on panic (#20847) (#20898)
• Remove calls to load Mirrors in user.Dashboard (#20855) (#20897)
• Update codemirror to 5.65.8 (#20875)
• Rework repo buttons (#20602, #20718) (#20719)
• Ensure delete user deletes all comments (#21067) (#21068)
• Delete unreferenced packages when deleting a package version (#20977) (#21060)
• Redirect if user does not exist on admin pages (#20981) (#21059)
• Set uploadpack.allowFilter etc on gitea serv to enable partial clones with ssh (#20902) (#21058)
• Fix 500 on time in timeline API (#21052) (#21057)
• Fill the specified ref in webhook test payload (#20961) (#21055)
• Add another index for Action table on postgres (#21033) (#21054)
• Fix broken insecureskipverify handling in redis connection uris (#20967) (#21053)
• Add Dev, Peer and Optional dependencies to npm PackageMetadataVersion (#21017) (#21044)
• Do not add links to Posters or Assignees with ID < 0 (#20577) (#21037)
• Fix modified due date message (#20388) (#21032)
• Fix missed sort bug (#21006)
• Fix input.value attr for RequiredClaimName/Value (#20946) (#21001)
• Change review buttons to icons to make space for text (#20934) (#20978)
• Fix download archiver of a commit (#20962) (#20971)
• Return 404 NotFound if requested attachment does not exist (#20886) (#20941)
• Set no-tags in git fetch on compare (#20893) (#20936)
• Allow multiple metadata files for Maven packages (#20674) (#20916)
• Increase Content field size of gpg_key and public_key to MEDIUMTEXT (#20896) (#20911)
• Fix mirror address setting not working (#20850) (#20904)
• Fix push mirror address backend get error Address cause setting page display error (#20593) (#20901)
• Fix panic when an invalid oauth2 name is passed (#20820) (#20900)
• In PushMirrorsIterate and MirrorsIterate if limit is negative do not set it (#20837) (#20899)
• Ensure that graceful start-up is informed of unused SSH listener (#20877) (#20888)
• Pad GPG Key ID with preceding zeroes (#20878) (#20885)
• Fix SQL Query for SearchTeam (#20844) (#20872)
• Fix the mode of custom dir to 0700 in docker-rootless (#20861) (#20867)
• Fix UI mis-align for PR commit history (#20845) (#20859)

[1.24.3]

• Update Gitea to 1.17.3
• Full changelog
• SECURITY
  • Sanitize and Escape refs in git backend (#21464) (#21463)
  • Bump golang.org/x/text (#21412) (#21413)
  • Update bluemonday (#21281) (#21287)
• ENHANCEMENTS
  • Fix empty container layer history and UI (#21251) (#21278)
  • Use en-US as fallback when using other default language (#21200) (#21256)
  • Make the vscode clone link respect transport protocol (#20557) (#21128)

[1.24.4]

• Make email display name configurable

[1.24.5]

• Support autosigning via gnupg

[1.25.0]

• Update Gitea to 1.17.4
• Full changelog
• Do not allow Ghost access to limited visible user/org (#21849) (#21875)
• Fix package access for admins and inactive users (#21580) (#21592)
• Fix button in branch list, avoid unexpected page jump before restore branch actually done (#21562) (#21927)
• Fix vertical align of committer avatar rendered by email address (#21884) (#21919)
• Fix setting HTTP headers after write (#21833) (#21874)
• Ignore line anchor links with leading zeroes (#21728) (#21777)
• Enable Monaco automaticLayout (#21516)

[1.25.1]

• Trust reverse proxy IP

[1.26.0]

• Update Gitea to 1.18.0
• Full changelog
• Remove ReverseProxy authentication from the API (#22219) (#22251)
• Support Go Vulnerability Management (#21139)
• Forbid HTML string tooltips (#20935)
• Rework mailer settings (#18982)
• Remove U2F support (#20141)
• Refactor i18n to locale (#20153)
• Enable contenthash in filename for dynamic assets (#20813)
• And a lot more enhancements