- update to 7.0.3:
* CVE-2024-24788: a malformed DNS message in response to a query can
cause the lookup functions to get stuck in an infinite loop
* backticks in mermaid block diagram labels are not sanitized properly
* migration of a repository from gogs fails when it is hosted at a subpath.
* when creating an OAuth2 application the redirect URLs are not enforced to
be mandatory
* the API incorrectly excludes repositories where code is not enabled
* "Allow edits from maintainers" cannot be modified via the pull request web UI
* repository activity feeds (including RSS and Atom feeds) contain
repeated activities
* uploading maven packages with metadata being uploaded separately will fail
* the mail notification sent about commits pushed to pull requests are empty
* inline emails attachments are not properly handled when commenting on an
issue via email
* the links to .zip and tar.gz on the tag list web UI fail
* expanding code diff while previewing a pull request before it is created fails
* the CLI is not able to migrate Forgejo Actions artifacts
* when adopting a repository, the default branch is not taken into account
* when using reverse proxy authentication, logout will not be taken into
account when immediately trying to login afterwards
* pushing to the master branch of a sha256 repository fails
* a very long project column name will make the action menu inaccessible
* a useless error is displayed when the title of a merged pull request is
modified
* workflow badges are not working for workflows that are not running on push
(such as scheduled workflows, and ones that run on tags and pull requests)
OBS-URL: https://build.opensuse.org/request/show/1175961
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=19
- update to 7.0.0:
This is only an excerpt from the full changelog, which you can find
in your RELEASE-NOTES.md or at
https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#7-0-0
* MySQL 8.0 or PostgreSQL 12 are the minimum supported versions.
The database must be migrated before upgrading.
The requirements regarding SQLite did not change.
* The per_page parameter is no longer a synonym for limit in the
/repos/{owner}/{repo}/releases API endpoint.
* The date format of the created and last_update fields of the
/repos/{owner}/{repo}/push_mirrors and /repos/{owner}/{repo}/push_mirrors
API endpoint changed to be timestamps instead of numbers.
* Labels used by pprof endpoint have been changed
* The fogejo admin user create CLI command requires a password change
by default when creating the first user
OBS-URL: https://build.opensuse.org/request/show/1170087
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=13
- update to 1.21.10-0:
* CVE-2023-45288 which permits an attacker to cause an HTTP/2 endpoint to
read arbitrary amounts of header data
* Fix to not remove repository avatars when the doctor runs with --fix
on the repository archives.
* Detect protected branch on branch rename.
* Don't delete inactive emails explicitly.
* Fix user interface when a review is deleted without refreshing.
* Fix paths when finding files via the web interface that were not escaped.
* Respect DEFAULT_ORG_MEMBER_VISIBLE setting when adding creator to org.
* Fix duplicate migrated milestones.
* Fix inline math blocks can't be preceeded/followed by alphanumerical
characters.
OBS-URL: https://build.opensuse.org/request/show/1165705
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=9
