Ana Guerrero
753a60ace6
- Update to version 14.0.3:
* fix: PKCE challenges to Forgejo's OAuth identity provider were not
validated when using the S256 algorithm
* fix: Forgejo supports using an OAuth Bearer token with HTTP basic
authentication, rather than Bearer token authentication, but did not
properly apply the limited scopes of the OAuth grant
* fix: missing permission checks in attachment-related web endpoints allowed
modifying attachments that a user did not own
* fix: email notifications for new releases could be sent to users that no
longer access to the repository, or to inactive users
* fix: missing permission checks in user/org-owned projects would allow
modifications of the open/closed state to be made to projects via insecure
direct object references
* fix: missing permission checks in a web endpoint allowed cancellation of
the automerge of a PR
* fix: prevent additional path-traversals in post-login redirect parameters
that allowed for arbitrary redirects
* fix(ui): hardcode sort options in search syntax hint, improve look
* fix: modals on small viewport height
* fix(ui/mde): inputs in table/link insertion modals
* fix(ui): prevent label overflow in PR CI checks on mobile
* fix: extend basic auth to /v2, always include WWW-Authenticate header
* prevent panic when importing issues from GitLab
* prevent panic when importing releases with more than 4 release assets from Gitlab
* correct re-mapping of merge-request numbers mentioned in GitLab comments
* fix: when expanding a dynamic matrix, original 'needs' access was lost
* fix: improve SQLite "database is locked" errors by increasing default SQLITE_TIMEOUT
* fix: use an absolute URL for compare links in atom feed (forwarded request 1342405 from rrahl0)
OBS-URL: https://build.opensuse.org/request/show/1342406
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=41
SUSE Specific Notes --------------------- By default the package does not allow writing to `/etc/forgejo/conf/app.ini`. This is not a problem during normal runtime. But during the initial setup forgejo wants to write to this file. We can temporarily allow it with: ``` chown -R forgejo: /etc/forgejo/conf/ ``` If apparmor is enabled as well, we need to temporarily allow writing there as well. You can check this with: ``` ps aufxZ | grep '^forgejo' forgejo (enforce) ... ``` If it is running in apparmor use this to allow the temporary permissions: ``` echo "/etc/forgejo/conf/app.ini rwlk," >> /etc/apparmor.d/local/forgejo apparmor_parser -r /etc/apparmor.d/forgejo ``` Once the initial installation is done you can use this to restore the permissions: ``` rpm --setugids --setperms forgejo ``` And remove the line from the `/etc/apparmor.d/local/forgejo` file again and reload the profile with ``` apparmor_parser -r /etc/apparmor.d/forgejo ```