c086cbb5af- update to 10.0.1: * Verify the ID of Forgejo Actions web endpoints belongs to the repository to prevent the deletion of runners or variables or the modification of variables * Enforce permissions on publicly available user or organizations projects to not leak information from issues and pull requests that belong to private repositories * fix(ui): display verified icon for default gpg key * fix: load settings for valid user and email check * Teach the doctor to remove orphaned two_factor with forgejo doctor check --run check-db-consistency --fix * fix: listing tokens must not require basic auth
devel
Richard Rahl
2025-02-08 21:51:52 +00:00
515f3dfd8cAccepting request 1238299 from devel:tools:scm
Ana Guerrero
2025-01-16 19:24:12 +00:00
0fe230fb85- update to 10.0.0: full changelog at https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/10.0.0.md * Fix and refactor markdown rendering * migrate TOTP secrets to keying * Ensure source_id parameter is not skipped when set to 0 and correctly filter users in /api/v1/admin/users endpoint * Rework user profile settings * Rework new repository dialog * Show repository size on mobile * Add links to commit lists in contributors graph page * Add copy path button to file view * Put issue actions in a single row on mobile * Don't display email in profile settings when hidden * Highlight user mention in comments and commit messages * When bleve is used for issue search, a fuzzy search now applies to each word instead of all of them, as if they were a phrase * Add search to releases page * Combine review requests comments * If you select a portion of a comment and use the 'Quote reply' feature in the context menu, only that portion will be quoted * Set "your repositories" as the default filter for org dashboards * Add button to create a Markdown table in a comment * Add a bullet symbol between author and committer * Added link to show all Issues/PullRequests * Fix Action log UI race condition that occasionally prevents logs from loading * Fix wiki search overflowing on wide screens * Move "forgot_password"-link to fix login tab order * Update help links on page with no workflows * Add Low German to list of default languages * i18n: Add dummy language for checking translation keys
Richard Rahl
2025-01-16 16:20:09 +00:00
387a439d8fAccepting request 1230941 from devel:tools:scm
Ana Guerrero
2024-12-15 11:37:19 +00:00
e5d80c70f5Accepting request 1230940 from home:rrahl0
Richard Rahl
2024-12-13 22:55:16 +00:00
700f71c09fAccepting request 1224537 from devel:tools:scm
Ana Guerrero
2024-11-17 15:41:40 +00:00
b2b5be77cc- update to 9.0.2: * it was possible to use a token sent via email for secondary email validation to reset the password instead. In other words, a token sent for a given action (registration, password reset or secondary email validation) could be used to perform a different action. * a fork of a public repository would show in the list of forks, even if its owner was not a public user or organization. * the members of an organization team with read access to a repository (e.g. to read issues) but no read access to the code could read the RSS or atom feeds which include the commit activity. Reading the RSS or atom feeds is now denied unless the team has read permissions on the code. * the tokens used when replying by email to issues or pull requests were weaker than the rfc2104 recommendations. * a registered user could modify the update frequency of any push mirror. * it was possible to use basic authorization (i.e. user:password) for requests to the API even when security keys were enrolled for a user. * some markup sanitation rules were not as strong as they could be. * when Forgejo is configured to enable instance wide search (e.g. with bleve), results found in the repositories of private or limited users were displayed to anonymous visitors. * fix: handle renamed dependency for cargo registry. * support www.github.com for migrations. * move forgot_password-link to fix login tab order. * code owners will not be mentioned when a pull request comes from a forked repository. * labels are missing in the pull request payload removing a label. * in a Forgejo Actions workflow, the unlabeled event type for pull requests was incorrectly mapped to the labeled event type. * when a Forgejo Actions issue or pull request workflow is triggered by an labeled or unlabeled event type, it misses information about the label added
Richard Rahl
2024-11-16 03:41:20 +00:00
24f0157146Accepting request 1218913 from devel:tools:scm
Ana Guerrero
2024-10-29 13:35:58 +00:00
ce6404f852- update to 9.0.1: * Forgejo generates a token which is used to authenticate web endpoints that are only meant to be used internally, for instance when the SSH daemon is used to push a commit with Git. The verification of this token was not done in constant time and was susceptible to timing attacks. * Because of a missing permission check, the branch used to propose a pull request to a repository can always be deleted by the user performing the merge. * Fix boolean inputs in workflow_dispatch * package arch database not updating when uploading "any" architecture * correct SQL query for active issues * specify default value for EXPLORE_DEFAULT_SORT. * fix: Add recentupdated as recognized sort option * Update dependency mermaid to v11.3.0 (v9.0/forgejo) * Always update expiration time when creating an artifact * Update scheduled tasks even if changes are pushed by "ActionsUser" * Fix disable 2fa bug * i18n: update of translations from Codeberg Translate * fix: make branch protection work for new branches * link to security policy in security.txt * fix: don't show truncated comments in RSS/Atom feeds * fix: typo on releases for source code downloads * Revert "add gap between branch dropdown and PR button" * fix: Don't double escape delete branch text * fix: Add server logging for OAuth server errors * forgejo-cli is now a symlink and cannot be used for sanity checks * fix: correct documentation for non 200 responses in swagger - forgejo is since 9.0.0 GPL-3.0-or-later
Richard Rahl
2024-10-29 05:44:32 +00:00
f38a5bd8a9Accepting request 1208671 from devel:tools:scm
Ana Guerrero
2024-10-18 13:55:25 +00:00
08961a0cfc- update to 9.0.0: * OIDC integrations that POST to /login/oauth/introspect without sending HTTP basic authentication will now fail * The public scope of an application token does not filter out private repositories, organizations or packages in some cases * Drop support to build Forgejo with the optional go-git Git backend * Set created_by as the default filter for /issues and /pulls * Set fuzzy as default for issue search. * Improve commit graph layout. * Add support for iconify icons. * Allow multi-line relationship labels. * Adds architecture diagrams which allows users to show relations between services. * Improve diffs generated by Forgejo. * Add rel="nofollow" to in-list labels. * Distinguish between new tags, releases and pre-releases on activity page. * Highlighted code search results. * Refactor repo migration items. * Add package counter to repo/user/org overview pages. * Replace vue-bar-graph with chart.js. * Add more emoji and code block rendering in issues. * Bad spacing on new release page. * Milestone assignment in new issue. * git-grep: ensure bounded default for MatchesPerFile. * Incorrect go to citation button. * Incorrect HTMX support for profile card. * Accessibility keyboard support for test actions. * Update pull request icons. * "Assign to me" button on PR and Issues. * Add architecture-specific removal support for arch package. * Add bin to Composer Metadata.
Richard Rahl
2024-10-17 15:53:44 +00:00
5643d3ff6dAccepting request 1206564 from devel:tools:scm
Ana Guerrero
2024-10-10 20:10:58 +00:00
d5738d2684- add dont-strip.patch for not stripping the main binary (so we can create debuginfo package)
Richard Rahl
2024-10-09 15:38:00 +00:00
7d16792097Add package environment-to-ini for OCI containers. Reasoning behing this is I've got little bit frustrated with official docker rootless image and tried to remake it for testing, profit and fun with kiwi (https://build.opensuse.org/package/show/home:illuusio:images/container-forgejo-kiwi) before submitting fixes upstream. I noticed that environment-to-ini is missing. It's useless for most of the human kind but if you like to test official script and mimic original then it's crucial.
Richard Rahl
2024-10-09 05:56:04 +00:00
d04fb1c3c3Accepting request 1199856 from devel:tools:scm
Ana Guerrero
2024-09-10 19:14:19 +00:00
bec8f74dc0- update to 8.0.3: * replace v-html with v-text in branch search inputbox for XSS protection * mitigate CVE-2024-43788 (upgrade webpack) * Translation updates
Richard Rahl
2024-09-10 09:34:24 +00:00
52adfa3933Accepting request 1197495 from devel:tools:scm
Dominique Leuenberger
2024-08-30 11:32:11 +00:00
ccfa715678- update to 8.0.2: * Overflow for images on project cards. * Allow unreacting from comment popover. * The scope of application tokens is not verified when writing containers or Conan packages. * When a Forgejo Actions workflow includes a workflow_dispatch with inputs and other events (for instance push), it is silently ignored because of a parsing error. * Automerge on AGit pull requests is ignored. * Show lock owner instead of repo owner on LFS setting page. * Render plain text file if the LFS object doesn't exist. * Panic of ssh public key page after deletion of an auth source. * Add missing repository type filter parameters to pager. * Reverted a change from Gitea which prevented allow/reject reviews on merged or closed PRs. This change was not considered by the Forgejo UI team and there is a consensus that it feels like a regression, since it interferes with workflows known to be used by Forgejo users without providing a tangible benefit. * Run full PR checks on AGit push. * Updated translations
Richard Rahl
2024-08-29 16:30:48 +00:00
fe1055e9bcAccepting request 1193293 from devel:tools:scm
Dominique Leuenberger
2024-08-12 10:31:30 +00:00
817c8031f2- update to 8.0.1: * A change introduced in Forgejo v1.21 allows a Forgejo user with write permission on a repository description to inject a client-side script into the web page viewed by the visitor. This XSS allows for href in anchor elements to be set to a javascript: URI in the repository description, which will execute the specified script upon clicking (and not upon loading). AllowStandardURLs is now called for the repository description policy, which ensures that URIs in anchor elements are mailto:, http:// or https:// and thereby disallowing the javascript: URI. * Do not include trailing EOL character when counting lines * Add background to reactions on hover * Prevent uppercase in header of dashboard context selector * Fix page layout in admin settings * Ensure all filters are persistent in issue filters * Allow 4 charachter SHA in /src/commit - update to 8.0.0: full changelog at https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#8-0-0 Highlights: * remove Microsoft SQL Server support * introduce a branch/tag dropdown in the code search page * added support for fuzzy searching in /user/repo/issues and /user/repo/pulls * API endpoints for managing tag protection. * add Reviewed-on and Reviewed-by variables to the merge template * display an error when an issue comment is edited simultaneously by two users instead of silently overriding one of them * when installing Forgejo through the built-in installer, open (self-) registration is now disabled by default * add support for the reddit and Hubspot OAuth providers. * CERT management was improved when ENABLE_ACME=true * language detection in the repository got additional languages
Richard Rahl
2024-08-11 22:22:28 +00:00
ffec6c3cf3Accepting request 1193061 from devel:tools:scm
Dominique Leuenberger
2024-08-10 17:07:58 +00:00
3ee08f8470update to 7.0.7
Richard Rahl
2024-08-09 21:10:26 +00:00
011ebefb7fAccepting request 1191022 from devel:tools:scm
Dominique Leuenberger
2024-08-01 20:06:10 +00:00
3b35cb0d92Accepting request 1190962 from home:ojkastl_buildservice:Branch_devel_tools_scm
Richard Rahl
2024-08-01 16:34:02 +00:00
8991b556a6Accepting request 1187532 from devel:tools:scm
Dominique Leuenberger
2024-07-24 13:29:43 +00:00
66d7ac17a7Accepting request 1187469 from home:ojkastl_buildservice:Branch_devel_tools_scm
Richard Rahl
2024-07-15 09:29:16 +00:00
62a5b41381Accepting request 1185732 from devel:tools:scm
Ana Guerrero
2024-07-05 17:50:37 +00:00
bdd8956398Accepting request 1185730 from home:rrahl0:upgrades
Richard Rahl
2024-07-05 07:49:29 +00:00
235842a651Accepting request 1181170 from devel:tools:scm
Ana Guerrero
2024-06-17 17:29:50 +00:00
3982bdbf67Accepting request 1181169 from home:rrahl0:upgrades
Richard Rahl
2024-06-16 13:05:45 +00:00
9f1f8a62cbAccepting request 1175962 from devel:tools:scm
Ana Guerrero
2024-05-23 13:35:17 +00:00
7288b74937Accepting request 1175961 from home:rrahl0:upgrades
Richard Rahl
2024-05-22 20:56:36 +00:00
0dd0c110edAccepting request 1171483 from devel:tools:scm
Ana Guerrero
2024-05-03 17:45:42 +00:00
15a49f0606Accepting request 1171482 from home:rrahl0:upgrades
Richard Rahl
2024-05-03 00:56:40 +00:00
85025834d3Accepting request 1170483 from devel:tools:scm
Ana Guerrero
2024-04-28 19:50:09 +00:00
19088581eaAccepting request 1170482 from home:rrahl0:upgrades
Richard Rahl
2024-04-27 15:04:13 +00:00
1fcb4fe7c3Accepting request 1170088 from devel:tools:scm
Ana Guerrero
2024-04-25 18:49:37 +00:00
6ca9eae56aAccepting request 1170087 from home:rrahl0:upgrades
Richard Rahl
2024-04-25 02:47:42 +00:00
f26bea8e46Accepting request 1169377 from devel:tools:scm
Ana Guerrero
2024-04-21 18:27:41 +00:00
7a35a0dddcAccepting request 1169375 from home:rrahl0:upgrades
Richard Rahl
2024-04-20 14:15:17 +00:00
c4b3083495Accepting request 1165706 from devel:tools:scm
Ana Guerrero
2024-04-08 15:38:33 +00:00
fb22e5ed3dAccepting request 1165705 from home:rrahl0:branches:devel:tools:scm
Richard Rahl
2024-04-05 19:02:52 +00:00
b909a1ba9aAccepting request 1164515 from devel:tools:scm
Ana Guerrero
2024-04-04 20:26:31 +00:00
22388ccb98Accepting request 1164510 from home:rrahl0:branches:devel:tools:scm
Richard Rahl
2024-04-04 08:14:51 +00:00
35e84d159aAccepting request 1160993 from home:rrahl0:branches:devel:tools:scm
Richard Rahl
2024-03-23 21:36:41 +00:00
b2c8cd471aAccepting request 1160096 from home:rrahl0:branches:devel:tools:scm
Richard Rahl
2024-03-21 12:27:58 +00:00
e5096b53ecAccepting request 1156263 from home:rrahl0:upgrades
Richard Rahl
2024-03-08 07:39:42 +00:00