diff --git a/forgejo-src-7.0.3.tar.gz b/forgejo-src-7.0.3.tar.gz deleted file mode 100644 index 08f621c..0000000 --- a/forgejo-src-7.0.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c9e85222eb27508e74a284cb125df7c6d7cfc31f52c62f1e305d2aeb1bdb7abc -size 54895104 diff --git a/forgejo-src-7.0.3.tar.gz.asc b/forgejo-src-7.0.3.tar.gz.asc deleted file mode 100644 index 934fef4..0000000 --- a/forgejo-src-7.0.3.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYIAB0WIQTrEU9ebA3CvN0YNVCkthotxZI3EAUCZk4qfAAKCRCkthotxZI3 -EK/FAP9m98DUdSUB+5LZFmha2VGPm1BtfeC3IMctTI1mpH3ARAD/RovDuiALj+MO -XGkkM8twN732GTGN+QvpSStcbUJCyQk= -=YTAy ------END PGP SIGNATURE----- diff --git a/forgejo-src-7.0.4.tar.gz b/forgejo-src-7.0.4.tar.gz new file mode 100644 index 0000000..67a2e11 --- /dev/null +++ b/forgejo-src-7.0.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:881e55d92a4145238a8e7a39dd5c64d547c7629361005ded0393f33ec9e6bba4 +size 54935871 diff --git a/forgejo-src-7.0.4.tar.gz.asc b/forgejo-src-7.0.4.tar.gz.asc new file mode 100644 index 0000000..3a0de9c --- /dev/null +++ b/forgejo-src-7.0.4.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- + +iHUEABYIAB0WIQTrEU9ebA3CvN0YNVCkthotxZI3EAUCZmsYGwAKCRCkthotxZI3 +EFMLAP0QcaXg/PGEw6IlE2gh2OxTl/iNK3vGUm2Rhi465noIzQEA7iwMYolVpLUB +EAz/8Fi3AbdynB+hLEqGBMS8bWw3hQA= +=XeV6 +-----END PGP SIGNATURE----- diff --git a/forgejo.changes b/forgejo.changes index 04e37bb..939b0bb 100644 --- a/forgejo.changes +++ b/forgejo.changes @@ -1,3 +1,34 @@ +------------------------------------------------------------------- +Sun Jun 16 12:52:27 UTC 2024 - Richard Rahl + +- update to 7.0.4: + * Fixed: CVE-2024-24789: the archive/zip package's handling of certain types + of invalid zip files differs from the behavior of most zip implementations. + This misalignment could be exploited to create an zip file with contents that + vary depending on the implementation reading the file. + * the OAuth2 implementation does not always require authentication for public + clients, a requirement of RFC 6749 Section 10.2 + * forgejo migrate-storage --type actions-artifacts always fails because it picks the wrong path. + * avatar files can be found in storage while they do not exist in the database. + * repository admins are always denied the right to force merge and instance admins + are subject to restrictions to merge that must only apply to repository admins. + * non conformance with the Nix tarball fetcher immutable link protocol. + * migrated activities (such as reviews) are mapped to the user who initiated the + migration rather than the Ghost user, if the external user cannot be mapped to a + local one. This mapping mismatch leads to internal server errors in some cases. + * a v7.0.0 regression causes [admin].SEND_NOTIFICATION_EMAIL_ON_NEW_USER=true to always be ignored. + * using a subquery for user deletion is a performance bottleneck when using mariadb 10 + because only mariadb 11 takes advantage of the available index. + * a v7.0.3 regression causes the expanding diffs in pull requests to fail with a 404 error. + * SourceHut Builds webhook fail when the triggers field is used. + * the label list rendering in the issue and pull request timeline is displayed on + multiple lines instead of a single one. + * Git hooks of this repository seem to be broken." warning when pushing more than one branch at a time. + * automerge does not happen when the approval count reaches the required threshold. + * the FORCE_PRIVATE=true setting is not consistently enforced. + * CSRF validation errors when OAuth is not enabled. + * headlines in rendered org-mode do not have a margin on the top + ------------------------------------------------------------------- Wed May 22 20:41:58 UTC 2024 - Richard Rahl diff --git a/forgejo.spec b/forgejo.spec index f411a8b..50dca0a 100644 --- a/forgejo.spec +++ b/forgejo.spec @@ -30,7 +30,7 @@ %endif %endif Name: forgejo -Version: 7.0.3 +Version: 7.0.4 Release: 0 Summary: Self-hostable forge License: MIT