b2b5be77cc
* it was possible to use a token sent via email for secondary email validation to reset the password instead. In other words, a token sent for a given action (registration, password reset or secondary email validation) could be used to perform a different action. * a fork of a public repository would show in the list of forks, even if its owner was not a public user or organization. * the members of an organization team with read access to a repository (e.g. to read issues) but no read access to the code could read the RSS or atom feeds which include the commit activity. Reading the RSS or atom feeds is now denied unless the team has read permissions on the code. * the tokens used when replying by email to issues or pull requests were weaker than the rfc2104 recommendations. * a registered user could modify the update frequency of any push mirror. * it was possible to use basic authorization (i.e. user:password) for requests to the API even when security keys were enrolled for a user. * some markup sanitation rules were not as strong as they could be. * when Forgejo is configured to enable instance wide search (e.g. with bleve), results found in the repositories of private or limited users were displayed to anonymous visitors. * fix: handle renamed dependency for cargo registry. * support www.github.com for migrations. * move forgot_password-link to fix login tab order. * code owners will not be mentioned when a pull request comes from a forked repository. * labels are missing in the pull request payload removing a label. * in a Forgejo Actions workflow, the unlabeled event type for pull requests was incorrectly mapped to the labeled event type. * when a Forgejo Actions issue or pull request workflow is triggered by an labeled or unlabeled event type, it misses information about the label added OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=45
8 lines
228 B
Plaintext
8 lines
228 B
Plaintext
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iHUEABYIAB0WIQTrEU9ebA3CvN0YNVCkthotxZI3EAUCZoWjbAAKCRCkthotxZI3
|
|
EOPsAQDia3FAbVWnztj3h+SqLvI+7faAzVy2IMGsQpOrPuHleAEAsf+PqLn3rzz2
|
|
CWqTPCo4MWRuYUi6ELY3SS4Xug/DgAM=
|
|
=DqT0
|
|
-----END PGP SIGNATURE-----
|