- update to 1.21.10-0:
* CVE-2023-45288 which permits an attacker to cause an HTTP/2 endpoint to
read arbitrary amounts of header data
* Fix to not remove repository avatars when the doctor runs with --fix
on the repository archives.
* Detect protected branch on branch rename.
* Don't delete inactive emails explicitly.
* Fix user interface when a review is deleted without refreshing.
* Fix paths when finding files via the web interface that were not escaped.
* Respect DEFAULT_ORG_MEMBER_VISIBLE setting when adding creator to org.
* Fix duplicate migrated milestones.
* Fix inline math blocks can't be preceeded/followed by alphanumerical
characters.
OBS-URL: https://build.opensuse.org/request/show/1165705
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=9
- update to 1.21.8-0:
* Fix /api/v1/{owner}/{repo}/issue_templates which was always failing with a
500 error.
* Prevent error 500 on /user/settings/security when SignedUser has a linked
account from a deactivated authentication source.
* Fix error 500 when pushing release to an empty repo.
* Fix incorrect rendering csv file when file size is larger than UI.CSV.MaxFileSize.
* Fix error 500 when deleting account with incorrect password or unsupported login type.
* handle user-defined name anchors like [Link](#link) linking to <a name="link"></a>Link.
* Use correct head commit for CODEOWNER.
* Fix manual merge button.
* Make meilisearch do exact search for issues.
* Fix PR creation via api between branches of same repo with head field namespaced.
OBS-URL: https://build.opensuse.org/request/show/1160993
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=6