pool/forgejo
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity
Files
factory
forgejo/forgejo.changes
Richard Rahl da1403f5da - Update to version 13.0.3: 
* fix dependency repo perms in Create/RemoveIssueDependency
  * draft releases could be read before being published
  * misconfigured security checks on tag delete web form
  * incorrect logic in "Update PR" did not enforce head branch protection rules
    correctly
  * issue owner can delete another user's comment's edit history on same issue
  * tag protection rules can be bypassed during tag delete operation
  * fix: support git clone when /tmp has noexec
  * fix: get new session from enginegroup instead of masterengine
  * fix: endless redirection loop between /user/settings/change_password and
    /user/settings/security
  * fix(alt): handle package names with dots in ALT repository
  * fix: pull request review comment position
  * fix: less restrictive matrix room_id pattern
  * fix: add required headers to Pagure migration
  * fix: prevent orgs from being added as members of orgs
  * fix(api): set all hook event types
  * fix: don't show ConEmu OSC escape sequences
  * fix: set tag message on tag addition
  * fix: construct project links in timeline better
- remove patches fix-CVE-2025-47911.patch and fix-CVE-2025-58190.patch,
  fixed upstream

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=88
2025-12-06 21:46:05 +00:00

1644 lines
82 KiB
Plaintext
Raw Permalink Blame History

-------------------------------------------------------------------
Sat Dec 6 21:44:06 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- Update to version 13.0.3:
* fix dependency repo perms in Create/RemoveIssueDependency
* draft releases could be read before being published
* misconfigured security checks on tag delete web form
* incorrect logic in "Update PR" did not enforce head branch protection rules
correctly
* issue owner can delete another user's comment's edit history on same issue
* tag protection rules can be bypassed during tag delete operation
* fix: support git clone when /tmp has noexec
* fix: get new session from enginegroup instead of masterengine
* fix: endless redirection loop between /user/settings/change_password and
/user/settings/security
* fix(alt): handle package names with dots in ALT repository
* fix: pull request review comment position
* fix: less restrictive matrix room_id pattern
* fix: add required headers to Pagure migration
* fix: prevent orgs from being added as members of orgs
* fix(api): set all hook event types
* fix: don't show ConEmu OSC escape sequences
* fix: set tag message on tag addition
* fix: construct project links in timeline better
- remove patches fix-CVE-2025-47911.patch and fix-CVE-2025-58190.patch,
fixed upstream
-------------------------------------------------------------------
Mon Oct 27 12:48:55 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- Update to version 13.0.2:
* Vulnerability (Critical): prevent writing to out-of-repo symlink
destinations while evaluating template repos
* Vulnerability (Medium): prevent .forgejo/template from being out-of-repo
content
* Vulnerability (Medium): return on error if an LFS token cannot be parsed
* Vulnerability (Low): prevent commit API from leaking user's hidden email
address on valid GPG signed commits
-------------------------------------------------------------------
Sun Oct 19 06:12:24 UTC 2025 - Mia Herkt <mia@0x0.st>
- Update to version 13.0.1:
User Interface bug fixes:
* fix: Use scrollHeight for rendered iframe if offsetHeight is
unavailable
Bug fixes:
* fix: db.Iterate can miss records, can return records twice
which caused a data corruption of the secret table in v13.0.0
* fix: release email links
- Changes in 13.0.0:
Security features:
* Add configurable global 2FA enforcement
* migrate action secrets to keying to store them more securely
Breaking features:
* bump the minimum required Git version from 2.0.0 to 2.34.1
* Forgejo Actions workflows are verified with a YAML schema and
common errors such as using an incorrect context
(e.g. ${{ badcontext.FORGEJO_REPOSITORY }}) or a typo in a
required keyword (e.g. ruins-on: instead of runs-on:) will be
reported in the action page and the web page that displays the
file in the repository. It is recommended to verify existing
workflows are successfully verified prior to upgrading,
as explained in the Forgejo runner release notes.
Breaking bug fixes:
* The artifact-url ouput returned by the upload-artifact@v4
action can be used to download the artifact. It was previously
404. To implement this compatibility fix, the web UI URL to
download artifacts
(i.e. /{owner}/{repo}/actions/runs/{run_id}/artifacts/{artifact_name})
now relies on an identifier that is unique accross the
instance. URLs to download artifacts that were bookmarked or
copied prior to this change use an id relative to the
repository and will no longer work. It previously was
/{owner}/{repo}/actions/runs/{run_index}/artifacts/{artifact_name},
note the difference between {run_id} and {run_index}.
The new URL can be obtained again by visiting the parent page,
which still uses the relative id
(/{owner}/{repo}/actions/runs/{run_index}).
User Interface features:
* ability to view previous logs for Actions runs that have been
retried
* show CI status on force-pushes
* improve org header with new noJS dropdown and more
options
* improve multiline file preview and anchor detection
* render ordered checkbox lists with numbers
* Admin interface for abuse reports
* show timestamp on release attachments
* add tag label to commit list view
* support Markdown editor bold & italic keyboard shortcuts
* improve rendering commit links for PR commits,
external repos and diffs
* add links to assigners in issue comments
* use simplified visibility label in dashboard orgs
list
* improve custom emojis
* improve the global noJS notice
* improve display of repo topics
* add links to review request targets in issue comments
* improve subscriptions screen filters
* implement hover for switch
* Pretty-print commit counts and other numbers
User Interface bug fixes:
* add markup class to project descriptions
* make releases filtering responsive
* reworked file preview placement towards better HTML validity
* fix alignment of items in tag signature
* unescape file names in commit hash links
* visually distinguish the branch name in action description
* preserved 'Custom access' even after no permissions
* show participants in mention suggestions in pr review
* apply background color to wiki content
* improve signature box responsiveness
* ignore existence of commits for force pushes
* make unicode escape work in wiki
* prevent initial 'blank' display of action logs view,
remove unnecessary API calls
* don't allow comment boxes to stretch outside diff boundries
on small device UI
* hide edit button on tag releases, improve ghost user display,
fix tag signature banner
* resolved 500 error upon clicking 'Clear milestone' button when
there's no milestones available in Issue page
* compare branches even with pull requests disabled
Features:
* Uploaded avatar images can sometimes contain unexpected
metadata such as the location where the image was created,
or the device the image was created with, stored in a format
called EXIF. Forgejo now removes EXIF data when custom user and
repository images are uploaded in order to reduce the risk of
personally identifiable information being leaked unexpectedly.
A new CLI subcommand forgejo doctor avatar-strip-exif can be
used to strip EXIF information from all existing avatars; we
recommend that administrators run this command once after
upgrade in order to minimize this risk for existing stored
files.
* assorted ActivityPub code only refactors
* feat(logger): rename settings for consistency and remove
obsolete settings
* Bring "remove a label from issue" API in line with GitHub
equivalent
* reject password reset attempts for OAuth2 users without a
current password
* feat(log): better parseable and configurable ssh-logs
* add configurable timeout for automatically removing resolved
reports
* Add support for migrating from Pagure
* add _URI entries for mail config
* Improved signature handling & instance actor
* Sent user activities to distant federated server
* Add ActivityPub Person follow from distant
* chore: remove goroutine PID logging
* git/blob: GetContentBase64 with fewer allocations and no
goroutine
* make API pull and compare endpoint references to head more
robust
* git/commit: re-implement submodules file reader
* add EXCLUSION to logging mode
* add sort parameter for users/search api endpoint
* Allow converting mirror repos to normal through the API
* update broken git hook error
* avoid expensive SQL for org home
* make upload URL compatible with GitHub API
* allow more README formats for .profile
* AGit push options starting with {base64} are decoded
* search in the docs directory for issue and pull request
templates
* improve checking if diffs differ
* enable H2C for the HTTP server
* detect Interlisp sources as text
* add option to allow non-local users to change usernames
* chroma: 5d56970 Add uv.lock to TOML lexer
* chroma: a53c924 create Lexer for Nu
* chroma: abe0195 create lexer for lox
* chroma: f3be4c6 create lexer for Gemtext
* chroma: acd21c6 add aspect-ratio property to css.xml
* chroma: d0ad679 improve Go lexer
* Introduce global Merge Message Templates
* chroma: 970eacc add MoonScript lexer
* chroma: bc60826 add Core lexer
* push mirror to have option to only push selected branches
* if OAuth2 is disabled return 'Not found' for openid
configuration
* add --attribute-ssh-pubic-key to forgejo admin auth add-oauth
and update-oauth CLI
* feat(ui): add repository description to og:image:alt
Bug fixes:
* quota evaluation rules not working properly
* artifacts can be downloaded using their id instead of their
name
* fix: failure to parse on block results in unconditional
workflow execution
* Fix invisible iframes with RENDER_CONTENT_MODE=iframe
* fix: package cleaned rule fails if the keep count is too high
* prevent user-entered text with | characters from being
truncated in activity feed
* PR review dismissals were not appearing in activity feed
* comment starting with a mermaid block displays error in
activity feed
* Markdown: generate unique per comment HTML IDs for footnotes
and headers
* very long commit messages cause pushed commits to fail to
display on the action feed on MySQL
* parse extra weird tree mode value
* respect UI DEFAULT_SHOW_FULL_NAME setting in email
From: headers
* check target repo limit instead of user repo limit
* enable multi-line math equations in wiki
* Actions log view stops refreshing after the displayed job is
finished, even if other jobs are still running
* standardize truncation of user-entered comment text in
activity feed
* allow Actions tokens to access repos readable by signed in
users
* allow Forgejo Actions environment variables starting with CI
* chroma: 1ca24c9 correct lexing AS keyword for docker
* chroma: 1f48e65 markdown: don't delegate to HTML lexer
* chroma: dfb2819 Fixed ObjectPascal comment issue
* chroma: 2c20473 RPGLE: various lexer & style fixes
* chroma: c803d79 zig: detect zig object notation files as zig
* chroma: ffedbf4 kotlin: detect kotlin script files as kotlin
-------------------------------------------------------------------
Thu Oct 9 10:32:11 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- add fix-CVE-2025-58190.patch, fixing bsc#1251670
- add fix-CVE-2025-47911.patch, fixing bsc#1251474
-------------------------------------------------------------------
Sat Sep 20 11:26:24 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- update to version 12.0.4:
* Do not display the title of unsubscribed issues or pull requests in the
notification web page
* fix: package cleanup rules are not applied when there are more than 200
packages
* fix: [quota.default].TOTAL config setting supports unit suffixes
* fix: quotas double counting repo size when calculating size:all
* fix: LFS GC is never running because of a bug in the parsing of the INI file
* fix(api): set default pagination and Link header for repoListTags
* chore: build-release must close the cascading pull request
-------------------------------------------------------------------
Tue Sep 16 14:12:37 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- update to version 12.0.3:
* Update dependency mermaid to v11.10.0 [SECURITY]
* fix(ui): clear fields when canceling adding ssh key
* fix(api): deactivate issue api for disabled or external issue-tracker
* fix: migration failing when importing either issues or PRs but not the other
* fix: do better parsing of file modes
* Update module github.com/ulikunitz/xz to v0.5.15
- update to version 12.0.2:
* fix: email comments are removed from email addresses
* fix: validate CSRF on non-safe methods All PUT/DELETE
* fix: use credential helpers for git clones When performing a git clone that
requires credentials
* fix: consistently enforce 2FA on OpenID 2.0
* fix: delete old auth token upon replacing primary email When the primary
email is changed before it is validated
* fix: require password login for creation of new token
* fix: ensure GetUserByEmail only considers validated emails
* fix: don't allow credentials in migrate/push mirror URL
* fix: only redirect to a new owner (organization or user) if the user has
permissions to view the new owner
-------------------------------------------------------------------
Sat Jul 26 11:04:54 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- update to version 12.0.1:
* allow for tracked time to be removed again
* correct image source for quoted reply
* prevent render failure on faulty org settings post
* Revert "remove API authentication methods that uses the URL query"
* upgrade fails or hang at migration[31]: Migrate maven package
name concatenation
* make the action feed resilient to database inconsistencies
* make sure to use unaltered fields when saving a shadow copy
for updated profiles or comments
* follow symlinks for local assets
* use correct ACME default
- remove get-sources.sh, use obs tooling
- include apparmor in Leap 16
-------------------------------------------------------------------
Wed Jul 23 16:41:27 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- update to version 12.0.0:
* remove API authentication methods that uses the URL query
* relax email requirements
* consider WebAuthn & SSH for instance signing
* add SSH signing support for instances
* forgejo docs command is deprecated
* remove the legacy TEST_CONFLICTING_PATCHES_WITH_GIT_APPLY setting
* fail if sha is not provided to the POST
/repos/{owner}/{repo}/contents API endpoint
* transform fediverse handles
* add user visibility description in the settings page
* add model viewer for .glb (GLTF) model in file view
* show size constraints of custom avatar
* add links to milestones and projects in issue comments
* global styling for the kbd tag
* hints in empty usercards lists
* the user profile has been redesigned
* improve the description in the packages settings
* inline public ssh key in verification command
* use switch element for markdown editor modes
* make JS asset load error message translatable
* improve performances by using git switch -c instead
of git checkout -b
* clarify the desired autocompletion type
* improve the clarity of the migration description textarea
* automatically refresh workflows in the "Actions" list
* improve error pages
* improve the user experience to review individual commits
in a pull request
* use the available screen width when displaying
Forgejo Actions logs
* show if a commit is verified in the activity feed
* reimplemented editor Tab key handling with accessibility safeguards
* redesign the migration selection page
* multiple ComboMarkdownEditors on one page interfere with each other
* pasting images into the comment editor will now show that image
* add missing trust status to pull review commits
* add missing lazy load attribute to images
* retain sort type when viewing issue or pull requests
* include enough activity for the entire heatmap
* show warning in locked issue discussion
* ensure consistent switch position in the markdown editor
* display user-friendly message for range error
* make limits clearer in the create repository form
* don't put trailing slash in autogenerated name in the migration form
* allow user with actions write permission to run a workflow
* ensure usercards in grid have the same width
* new GET /repos/{owner}/{repo}/git/blobs API endpoint
* always publish the link to the commit status
* improve the performances of the generation of bundled assets
* support artifact uploads for OCI container packages
* add admin user reset-mfa CLI command
* update the list of ambigious characters
* make Forgejo Actions server logs less noisy
* allow searching issues by number, prioritize title matches
* configurable default units for mirrors
* a repository administrator has control over reindexing the issues
* auto cleanup of offline runners
* improved performances when checking for conflicts on pull requests
* allow access to publicly available /api/v1/packages/{username}
* implement the GET /repos/{owner}/{repo}/actions/runs and
GET /repos/{owner}/{repo}/actions/runs/{run_id} API endpoints
* use git-replay for rebasing for better performances
* send mail on failed or recovered Forgejo Actions run
* Forgejo Actions failure, success, recover webhooks
* add last_commit_when to API contents responses
* include a default robots.txt to reduce the impact of crawlers
* use XORM EngineGroup instead of single Engine connection
* sync forks
* pull requests were not blocked by review request for a whitelisted team
* several fixes of the ALT RPM package registry
* allow lowercase as well as uppercase token keyword in the auth header
* correctly mark reviews as stale for AGit pull requests
* user activation failed when an email address contained uppercase letters
* fix: load OldMilestone based on OldMilestoneID, not MilestoneID
* omit Content-Length on 307 redirects when serving direct
manifest for containers
* fix a bug causing the PASCAL-modifier to return camel-case
* remove the trailing slash from the issuer in OAuth claims
* return the correct AGit type in ssh_info
* fix url validation in the webhook add/edit API
* add error reporting to pull requests with invalid Forgejo
Actions workflow files
* allow instance API URLs in release assets
* improve the dashboard loading performances
* fix a border case where it was not possible to cancel a
pull request review
* fix acme renewal
* migrate Maven packages to "groupId:artifactId" name concatenation,
regenerate metadata and fix missing groupId
-------------------------------------------------------------------
Thu Jul 10 18:05:05 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- update to 11.0.3:
* fixing git security vulnerability
* add missing lazy load attribute to images
* backport of translation updates
* do not ignore automerge while a PR is checking for conflicts
* user activation with uppercase email address
* collaborator can edit wiki with write access
* fix: corrupted wiki unit default permission
* fix: skip empty tokens in SearchOptions.Tokens()
* fix: make API /repos/{owner}/{repo}/compare/{basehead} work with forks
* fix(ui): release: name is overridden with tag name on edit
* Revert "fix(api): document is_system_webhook field
-------------------------------------------------------------------
Thu Jun 19 11:16:20 UTC 2025 - Tuukka Pasanen <tuukka.pasanen@ilmi.fi>
- Update to 11.0.2:
* Features
- make Forgejo Actions server logs less noisy
* Bug fixes
- do not fail when release or wiki is set in /repos/migrate API
- ignore expired artifacts for quota calculation
- pull request cross references
- quote reply in Chromium
- fix: make hash pattern more strict
* Included for completeness but not worth a release note
- remove download attribute from external assets
- bleve to v2.5.2 with changes made in backport of 2.5.0
- show membership of limited orgs
- date dependency go to v1.24.3 (v11.0/forgejo)
- drop unused @typescript-eslint/parser package
- suppress non actionable XORM warnings
- aggregate deleted team as ghost team
- center footer links
- fix force-push compare line layout
- parse change-id in the git commit header
- Update module github.com/blevesearch/bleve/v2 to v2.5.1 (v11.0/forgejo) - abandoned
- improve force-push compare line layout
- Remove "create branch" button on mirrored repos
- Update module github.com/msteinert/pam/v2 to v2.1.0 (v11.0/forgejo)
- replace ß with ss in normalizeUserName
- document is_system_webhook field
- remove artificial delay for PR update
-------------------------------------------------------------------
Wed Jun 11 11:12:49 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- conflict all subpackages to forgejoi-longterm equivilent packages
-------------------------------------------------------------------
Sun Jun 1 17:36:52 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- apparmor: allow reading of new data files
-------------------------------------------------------------------
Sat May 31 11:58:12 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- conflict with forgejo-longterm
- require apparmor profile when apparmor is installed
- use forgejo name rather than macro, sharing as much as possible with
forgejo-longterm
-------------------------------------------------------------------
Mon May 5 20:23:37 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- update to 11.0.1:
* If LFS is enabled on a Forgejo instance with [server].LFS_START_SERVER =
true, it was possible for a registered user to upload LFS files to a
repository to which they only had read access.
* A user account with 2fa (two factor authentication) enrolled with a
security key was not enforced when using an external account
* fix: display the list of tasks in the runner edit page
* fix(ui): use gap in switch items
* fix(ui/pr): use eye icon for reviews
* fix(ui): rescope menu height patch to overflow menu
* fix(ui): show commit icon in branch dropdown button when viewing a commit
* i18n: backport of translation updates
* fix(i18n): prevent incorrect logging on strings missing in JSON locales
* chore: replace github.com/go-testfixtures/testfixtures
* fix: use linguist-generated for language stats
* chore: tune down remote user promotion debug message shown as error
* fix: set default restricted for OAuth2 user
* chore: merge tests.AddFixtures and unittest.OverrideFixtures
* fix(ui): make pagination labels always visible to screenreader
* fix: delay-write trace.dat for forgejo diagnosis
* Update module github.com/mattn/go-sqlite3 to v1.14.28 (v11.0/forgejo)
-------------------------------------------------------------------
Thu Apr 17 16:00:14 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- update to 11.0.0:
* add ability to regenerate access tokens
* drop SSPI auth support and more Windows files
* localize theme names
* improve incorrect ROOT_URL warning
* admin user view
* welcome screen for user dashboard
* improve "URL" handling in markdown editor
* display to maintainers in pull request when it is editable
* simplify pronouns in user settings
* split Forgejo landing page template to allow patching or removing Forgejo
introduction section
* set default release title to tag name
* add quota overview
* allow opening a single-file diff from file history view
* reduce noise in the timeline of issues and pull requests. If certain
timeline events are performed within a certain timeframe of each other with
no other events in between, they will be combined into a single timeline
event, and any contradictory actions will be canceled and not displayed.
The older the events, the wider the timeframe will become.
* i18n: make Danish available in UI
* Updates from Codeberg Translate
* Features
* return run_number in workflow dispatch
* add more sorting to own repository list
* add sort parameter to list issues API
* make it possible to track the progress of manually triggered workflows
* interpret Precedence: auto_reply as an auto reply
* parse multipart/related parts as attachments & guess filename
* added missing nuget V2 properties to API
* order the user's organization list alphabetically
* in code search, add query string for boolean operators and phrase search
* in code search, replace fuzzy search with union search for indexer
* set default value of UseCompatSSHURI to true
* add pronoun privacy option
* commit API endpoint to rename an organization
* fill website field when migrating from external
* commit use Project-URL metadata field to get a PyPI package's homepage URL
* improve Forgejo diagnostics
* sourcehut webhook: submit SSH URL for private repository or when pre-filled
* add configurable cooldown to claim usernames
* don't allow blocking the doer
* Alt Linux Apt-Rpm repository support for Forgejo packages
* add search action jobs for API routes, repo, org and global level
* add summary card for repos and releases
* add synchronization for SSH keys for OpenID Connect
* initial support for localization and pluralization with go-i18n-JSON-v2 format
* permit to download patch and diff file between tags and branches
* remove SHA1 for support for ssh rsa signing
* show link to download directory
* validate input for default_{merge,update}_style
* include platform information on rubygems compact index API
* listening on abstract domain sockets
* forbid blocked users from reopening issues
* allow collaborators to read their own permissions
* more permissive markup commit hash detection
* don't give system users roles on comments
* fix(ui): make tag dropdown clickable again
* fix: match PackageBlob.HashBlake2b definition and migration
* fix(UI): i18n: improve naming
* fix: package_blob.has_blake2b may be null
* fix: redirect to submodule instead of throwing 500 error when viewing submodule entry
* fix(migrations): transfer PR flow information
* : fix(i18n): fix several usages of i18n
* Update module golang.org/x/net to v0.38.0 (v11.0/forgejo)
* 4108-empty-slice-encoded-to-null
* chore: branding import path
* fix(ui): Do not check for vertical-align
* Update module code.forgejo.org/forgejo/act to v1.25.1 (forgejo)
* fix ci dashboard e2e test
* build: require node v20
* Update Node.js to v22 (forgejo)
* chore(renovate): update settings for latest version
* Update module github.com/buildkite/terminal-to-html/v3 to v3.16.8 (forgejo)
* Update module github.com/caddyserver/certmagic to v0.22.2 (forgejo)
* Lock file maintenance (forgejo)
* Update renovate to v39.212.0 (forgejo)
* remove an extraneous } in issue dependencies template
* chore(release-notes): Forgejo v10.0.3
* Update module github.com/golang-jwt/jwt/v5 to v5.2.2 [SECURITY] (forgejo)
* Update module github.com/go-sql-driver/mysql to v1.9.1 (forgejo)
* Update mcr.microsoft.com/devcontainers/go Docker tag to v1.24 (forgejo)
* chore(release-notes): Forgejo v10.0.2
* Update module github.com/redis/go-redis/v9 to v9.7.3 (forgejo)
* consider issues in repository accessible via access table
* chore(release-notes): Forgejo v7.0.14
* chore(renovate): add yamllint to automerge
* Update module gitlab.com/gitlab-org/api/client-go to v0.126.0 (forgejo)
* Update dependency yamllint to v1.36.2 (forgejo)
* chore(dependency): upgrade gof3 v3.10.6
* Update dependency eslint-import-resolver-typescript to v4 (forgejo)
* chore: add @vitejs/plugin-vue to renovate automerge
* Update dependency @vitejs/plugin-vue to v5.2.3 (forgejo)
* Lock file maintenance (forgejo)
* Update renovate to v39.205.0 (forgejo)
* branding: update API descriptions
* Update module
* github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker
to v3.2.1 (forgejo)
* Update dependency yamllint to v1.36.1 (forgejo)
* Update data.forgejo.org/oci/bitnami/postgresql Docker tag to v16 (forgejo)
* Update dependency @playwright/test to v1.51.0 (forgejo)
* Update vitest monorepo to v3.0.8 (forgejo)
* Update linters (forgejo)
* Update dependency happy-dom to v17.4.4 (forgejo)
* Update dependency @stoplight/spectral-cli to v6.14.3 (forgejo)
* perf: avoid sorting team names for ComposeMetas
* chore(runner): return errors created by connect
* perf: optimize converting releases to feed items
* [gitea] week 2025-12 cherry pick (gitea/main -> forgejo)
* Update dependency mermaid to v11.5.0 (forgejo)
* Update module github.com/editorconfig/editorconfig-core-go/v2 to v2.6.3 (forgejo)
* chore(ui): remove unused template "shared/user/blocked_users"
* handle deleted user modifying event state in gitlab migration
* Update dependency yamllint to v1.36.0 (forgejo)
* i18n: ensure consistent indent style for next locales
* fix(api): miss-spelled description, corrected to public
* Update module github.com/go-webauthn/webauthn to v0.12.2 (forgejo)
* Update module github.com/minio/minio-go/v7 to v7.0.88 (forgejo)
* Lock file maintenance (forgejo)
* Update renovate to v39.195.1 (forgejo)
* ui: improve branch/tag dropdown selector consistency
* Update module github.com/msteinert/pam to v2 (forgejo)
* Update linters (forgejo)
* Update dependency happy-dom to v17.4.3 (forgejo)
* Update dependency globals to v16 (forgejo)
* Update dependency eslint-plugin-vue to v10 (forgejo)
* Update dependency eslint-plugin-unicorn to v57 (forgejo)
* Update dependency @stylistic/eslint-plugin-js to v4 (forgejo)
* Update Node.js to v22 (forgejo)
* [gitea] week 2025-11 cherry pick (gitea/main -> forgejo)
* fix(ui): use usual and consistent size for project icons of 16
* fix(ui): improve milestone/project header consistency
* chore(ui): improve svg icon margin consistency
* revert issue rendering for <a> element
* chore: modernize import
* fix(i18n): make HasKey aware of newStyleMessages
* feat(ui themes): better place for theme list ctx, testing
* chore(ui): always use primary button color inside modals
* fix(ui): 2fa verify alignment
* Update module google.golang.org/grpc to v1.71.0 (forgejo)
* i18n: use ellipsis character
* Update module golang.org/x/tools/cmd/deadcode to v0.31.0 (forgejo)
* Update module golang.org/x/oauth2 to v0.28.0 (forgejo)
* Update module github.com/caddyserver/certmagic to v0.22.0 (forgejo)
* Update module golang.org/x/image to v0.25.0 (forgejo)
* Update module golang.org/x/crypto to v0.36.0 (forgejo)
* Update module github.com/urfave/cli/v2 to v2.27.6 (forgejo)
* improve error handling of commit rendering
* Update module golang.org/x/net to v0.36.0 (forgejo)
* Update module github.com/prometheus/client_golang to v1.21.1 (forgejo)
* correct logging if caller has generics
* Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.64.6 (forgejo)
* Update dependency go to v1.24.1 (forgejo)
* introduce distant federation server mock
* fix the modularity for migration v18
* Update module github.com/opencontainers/image-spec to v1.1.1 (forgejo)
* [gitea] week 2025-10 cherry pick (gitea/main -> forgejo)
* feat(build): linter for missing msgid definitions
* Fix: Force all repo tab buttons to be the same height
* Lock file maintenance (forgejo)
* Update renovate to v39.185.0 (forgejo)
* fix(ui): add header to org settings /blocked users page
* fix(ui): use discussions icon in issue list entries
* Update module github.com/jhillyerd/enmime/v2 to v2.1.0 (forgejo)
* i18n(en): a few source fixes
* Update module github.com/PuerkitoBio/goquery to v1.10.2 (forgejo)
* Update dependency happy-dom to v17.1.8 (forgejo)
* Update dependency @stylistic/stylelint-plugin to v3.1.2 (forgejo)
* Update module code.forgejo.org/f3/gof3/v3 to v3.10.4 (forgejo)
* chore(ci): ensure the manually cached Go can be run
* chore(upgrade): switch to code.forgejo.org/forgejo/levelqueue
* Update module github.com/ProtonMail/go-crypto to v1.1.6 (forgejo)
* Update module golang.org/x/oauth2 to v0.27.0 (forgejo)
* Update module golang.org/x/crypto to v0.35.0 (forgejo)
* Update module golang.org/x/tools/gopls to v0.18.1 (forgejo)
* job list response to avoid wrapped body.
* Update https://data.forgejo.org/forgejo/forgejo-build-publish action to v5.3.4 (forgejo)
* Update https://data.forgejo.org/forgejo/forgejo-build-publish action to v5.3.3 (forgejo)
* Update renovate to v39.178.1 (forgejo)
* chore: add empty secret table fixtures
* Update data.forgejo.org/oci/golang Docker tag to v1.24 (forgejo)
* feat(ui): include MIME type for archive links in folder download
* fix(ui): improvements around folder download
* i18n(en): shorten banner text for archived repos
* [gitea] week 2025-09 cherry pick (gitea/main -> forgejo)
* fix(repo): return code 400 instead of 500 for invalid archive type
* Update module golang.org/x/crypto to v0.34.0 (forgejo)
* Fix invalid swagger syntax of $ref with sibling
* Update x/tools (forgejo)
* Update module github.com/prometheus/client_golang to v1.21.0 (forgejo)
* Update module github.com/meilisearch/meilisearch-go to v0.31.0 (forgejo)
* fix(example conf): add .webp to ALLOWED_TYPES
* linting: fix typos, add toml validation
* Update Zig gitignore
* return 404 for empty repositories
* Update module github.com/buildkite/terminal-to-html/v3 to v3.16.6 (forgejo)
* Lock file maintenance (forgejo)
* Update renovate to v39.171.2 (forgejo)
* chore: add a make option to disable stripping binaries for debug builds
* Revert "Update module github.com/minio/minio-go/v7 to v7.0.86 (forgejo) (#6945)"
* feat(ui): add MIME types for generated archives
* i18n: translation updates from Gitea
* forgejo migrations numbering in comments and rename latest migration file
* native parsing of ssh certificate key
* Update dependency happy-dom to v17 (forgejo)
* Update golang packages to v1.24 (forgejo) (minor)
* Update module github.com/minio/minio-go/v7 to v7.0.86 (forgejo)
* Also substitute COPYRIGHT HOLDER and the organization in BSD 4-Clause license
* delay deleting authorization token
* i18n: reword archive.title and archive.title.date in english locale
* Update dependency webpack to v5.98.0 (forgejo)
* feat(ui): always show restart button for Actions jobs
* Update dependency globals to v15.15.0 (forgejo)
* Update module github.com/buildkite/terminal-to-html/v3 to v3.16.5 (forgejo)
* Add possibility of removed content to 404 page
* Reduce links in chat notifications to avoid multiple previews
* Update dependency esbuild-loader to v4.3.0 (forgejo)
* fix(ui): hide extra PR property labels on title edit
* Update module golang.org/x/net to v0.35.0 (forgejo)
* Update dependency postcss to v8.5.2 (forgejo)
* Fix api returns internal server error when not found should be returned
* fix(ui): release: set default release title to tag name
* fix(ui): use "organization name" in coldown messages for orgs
* Lock file maintenance (forgejo)
* Update module github.com/minio/minio-go/v7 to v7.0.85 (forgejo)
* Update renovate to v39.164.1 (forgejo)
* always set stripped slashes on http request
* [gitea] week 2025-07 cherry pick (gitea/main -> forgejo)
* chore(api): Improve description for repoCheckCollaborator
* chore(release-notes): fix Forgejo v10.0.1 & v7.0.13 blog post URL (again) [skip ci]
* chore(release-notes): fix Forgejo v10.0.1 & v7.0.13 blog post URL
* fix(ui): hide 'New migration' button on org pages with migrations disabled (#6850)
* chore(release-notes): Forgejo v7.0.13
* chore(release-notes): Forgejo v10.0.1
* fix(sec): Forgejo Actions web routes
* fix(sec): permission check for project issue
* Update module golang.org/x/crypto to v0.33.0 (forgejo)
* [skip ci] Fix flaky clipboard test
* Update module github.com/go-enry/go-enry/v2 to v2.9.2 (forgejo)
* fix(ui): make Finish review button work again
* avoid y-axis clipping for branch name
* ui: update styling of comment headers and role labels
* Fix comment form e2e test
* chore(i18n): lint errors
* Update module golang.org/x/sys to v0.30.0 (forgejo)
* chore: teach lint-locale about locale_next
* add commit limit for webhook payload
* ui: remove divider in code search
* fix(ui): remove code search git grep warning
* Update dependency go to v1.23.6 (forgejo)
* make author search case insenstive
* chore(renovate): override platform version
* Update renovate to v39.158.2 (forgejo)
* Update vitest monorepo to v3 (forgejo) (major)
* Pin dependency codespell to 2.4.1 (forgejo)
* FromAsCasting warning from Dockerfile
* Lock file maintenance (forgejo)
* Update renovate to v39.156.1 (forgejo)
* Update dependency markdownlint-cli to v0.44.0 (forgejo)
* Update dependency happy-dom to v16.8.1 (forgejo)
* Update dependency @playwright/test to v1.50.1 (forgejo)
* Update dependency @vitest/eslint-plugin to v1.1.25 (forgejo)
* use correct default branch for migrated wiki
* consider HEAD requests to be pulls
* chore: remove deadcode
* chore: Remove ChangeMilestoneStatus
* Transient model for federated unstar
* chore: fix ci failure
* Disable autofocus on the dashboard repository search box
* fix(ui): disable PR review button in archived repos
* chore: remove deadcode in models/user
* chore: load 2fa status for user search when needed
* check for webauthn in 2fa user search
* disallow blame on directories
* render issue titles consistently
* Set explore pages to configurable default sort
* chore: consistent docker image and action references
* fix(i18n): use translate key as fallback
* fix(i18n): add forgotten translatable string
* ui: update language stats layout and click behavior
* Update module
* github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker
to v3.2.0 (forgejo)
* Update renovate to v39.136.1 (forgejo)
* chore: Update renovate to v39.136.0
* chore: remove usages of sort.Sort
* [gitea] week 2025-05 cherry pick (gitea/main -> forgejo)
* nit(i18n): update password update instruction
* add non allowed domain translation
* chore: teach set module about iter.Seq
* [skip ci] chore: adjust i18n entries in CODEOWNERS
* chore: fix typos, decap a few i18n strings
* code review alt repository
* Update module github.com/go-git/go-git/v5 to v5.13.2 (forgejo)
* Release-note and file rename for Alt Linux Apt-RPM support
* chore(security): update security.txt with new expiration date
* Update dependency codespell to v2.4.0 (forgejo)
* fix(tests): prevent frontend test dependency on system locale
* ci: fix go version check
* Lock file maintenance (forgejo)
* Update module github.com/minio/minio-go/v7 to v7.0.84 (forgejo)
* [gitea] week 2025-04 cherry pick (gitea/main -> forgejo)
* fix(ui): add triangle down octicon to code search options dropdown
* enh(ui): Remove DiffFileList component
* fix(ui): prevent overflow of branch selector in commit graph
* Hide git note add button for commit, if commit already has a note
* chore(renovate): fix self-update config [skip ci]
* fix(i18n): flatten next locales
* Update renovate Docker tag to v39.115.4 (forgejo)
* Update dependency katex to v0.16.21 (forgejo)
* Fix mention and emoji expansion & Improve leaving list completion
* Reset content of comment edit field on cancel
* reduce noise for the v303 migration
* Update dependency go to v1.23.5 (forgejo)
* Update module google.golang.org/protobuf to v1.36.3 (forgejo)
* avoid Gitea migration warnings (take 2)
* fix(ui): correct switch ordering
* chore(ci): upgrade forgejo-build-publish/build@v5.3.1
* Fix inline file preview for rendered files
* Update renovate Docker tag to v39.111.0 (forgejo)
* tests(e2e): Various fixes to visual testing
* Update https://data.forgejo.org/infrastructure/issue-action action to v1.3.0 (forgejo)
* Update postcss (forgejo)
* Update module google.golang.org/grpc to v1.70.0 (forgejo)
* Update dependency @github/relative-time-element to v4.4.5 (forgejo)
* add a buffer writer to the logger, for internal use
* Update renovate Docker tag to v39.106.0 (forgejo)
* Update dependency katex to v0.16.20 (forgejo)
* Update data.forgejo.org/renovate/renovate Docker tag to v39.106.0 (forgejo)
* Make switch larger on touchscreen devices
* Use redesigned switch on commit graph page
* Use flex for switch items
* Prevent vertical stretching of the switch
* Apply switch redesign to more areas
* Fix minor misalignment
* Do not report warning when git shows new reference
* [gitea] week 2025-03 cherry pick (gitea/main -> forgejo)
* Update x/tools (forgejo)
* Update module code.forgejo.org/forgejo/act to v1.23.1 (forgejo)
* Update renovate Docker tag to v39.103.0 (forgejo)
* Update module code.gitea.io/sdk/gitea to v0.20.0 (forgejo)
* fix inline file preview for files with encoded URL, fix #5069
* Remove source branch from pr list, fix #5009, #6080
* Update module gitlab.com/gitlab-org/api/client-go to v0.119.0 (forgejo)
* Update module github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker to v3.1.1 (forgejo)
* Update dependency asciinema-player to v3.8.2 (forgejo)
* port(gitea#31954): Add lock for parallel maven upload
* Update dependency monaco-editor to v0.52.2 (forgejo)
* Update module github.com/caddyserver/certmagic to v0.21.6 (forgejo)
* Update dependency typescript to v5.7.3 (forgejo)
* Added alt's to <img>
* chore(renovate): manual name replacement
* Update data.forgejo.org/renovate/renovate Docker tag to v39.93.0 (forgejo)
* Update data.forgejo.org/oci/alpine Docker tag to v3.21 (forgejo)
* Update module google.golang.org/protobuf to v1.36.2 (forgejo)
* Update module github.com/ProtonMail/go-crypto to v1.1.4 (forgejo)
* Update module github.com/go-git/go-git/v5 to v5.13.1 (forgejo)
* upgrade gof3 package and driver
* Replace data.forgejo.org/forgejo-contrib/renovate Docker tag with data.forgejo.org/renovate/renovate (forgejo)
* chore: remove illegal git usage
* chore(deps): Update gitlab api to updated library
* Update module golang.org/x/net to v0.34.0 (forgejo)
* Update forgejo/forgejo-build-publish action to v5.3.0 (forgejo)
* Update module github.com/minio/minio-go/v7 to v7.0.83 (forgejo)
* Lock file maintenance (forgejo)
* Update module github.com/alecthomas/chroma/v2 to v2.15.0 (forgejo)
* Update dependency fast-glob to v3.3.3 (forgejo)
* Update renovate to v39.91.0 (forgejo)
* fix(ui): show oauth divider on signup page
* chore: update ignores
* add files to compare
* UI switch redesign
* chore(ci): use mirror for obtaining go-xsd-duration
* Update dependency happy-dom to v16 (forgejo)
* chore: bump renovate to v39.90.0
* Rewrite OpenGraph Header
* fix(code search): empty mode dropdown when keyword is empty
* i18n(en): consistency improvements
* Update module github.com/PuerkitoBio/goquery to v1.10.1 (forgejo)
* Update dependency @vitest/eslint-plugin to v1.1.22 (forgejo)
* Fix editing pr review
* Make new table modal work when editing a issue
* fix(ui): use primary color for button in table modal
* Update module github.com/caddyserver/certmagic to v0.21.5 (forgejo)
* Fix edit cancel button
* Fix issue/comment menus
* Update renovate Docker tag to v39.86.0 (forgejo)
* use DateUtils for blocked users list
* chore(release-notes): Forgejo v10.0.0
* Rework user profile settings
* xorm needs to be lowercase otherwise it is ignored
* Update code.forgejo.org/oci/alpine Docker tag to v3.21 (forgejo)
* chore(branding): strip metadata information from the footer
* Cosmetic changes and fixes around repo homepage
* Refactor e2e tests to simplify authentication setup
* [gitea] week 2024-53 cherry pick (gitea/main -> forgejo)
* Fix overflow in git notes
* cmd/dump: add option flag to skip repository archives
* Rework new repo dialog
* chore(i18n): user/label translations in danish/latvian
* Revert "Update dependency idiomorph to v0.4.0"
* chore(release): v10.0 is cut, v9.0 is soon to be EOL
* When comparing in repos, mention that pull request creation requires sign-in
* enable releases and/or wiki if user set the options in repo migration
* federation with allow lists
- remove patch fix-CVE-2025-3445.patch and fix-CVE-2025-22869.patch,
as upstream updated the dependencies
- remove patch dont-strip.patch, as upstream implemented a variable way of
achieving the same goal
-------------------------------------------------------------------
Wed Apr 16 07:17:25 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- add patch fix-CVE-2025-3445.patch, for fixing bsc#1241245, bsc#2024-0406
-------------------------------------------------------------------
Sun Mar 23 17:10:56 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- update to 10.0.3:
* fix a regression which caused unnecessary escaping of URLs
* update dependencies
- fix url for the keyring
-------------------------------------------------------------------
Fri Mar 21 16:23:17 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- update to 10.0.2:
* update of translations
* When migrating from a Forgejo version lower than v10, the TOTP secrets
found to be corrupted are now transparently removed
* replies to pending review comments no longer generate a notification
* consider public issues for project boards
* the rootless Forgejo image version label is not set
* do not allow SSH url for migration
* setting.Service.EnableInternalSignIn = false is disabling forgotten password
* show internal login prompt for account linking
* enable ssh mirrors in rootless Forgejo images
* render link in heading correctly in wiki TOC
* Update module github.com/redis/go-redis/v9
* fix: consider issues in repository accessible via access table
* fix(api): miss-spelled description, corrected to public
* fix: revert issue rendering for <a> element
* chore(ci): ensure the manually cached Go can be run
* chore(ci): Get Go binary from GOROOT instead of hardcoded path
* fix: return 404 for empty repositories
* fix: delay deleting authorization token
* fix: native parsing of ssh certificate key
* fix(ui): hide extra PR property labels on title edit
* fix: always set stripped slashes on http request
* fix(ui): hide 'New migration' button on org pages with migrations disabled
* ui: update language stats layout and click behavior
* Update dependency go to v1.23.6
- add patch fix-CVE-2025-22869.patch, fixing bsc#1239488, bsc#1239276, bsc#1234574
-------------------------------------------------------------------
Sat Mar 15 00:27:19 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- add README.SUSE to explain SUSE specific things
-------------------------------------------------------------------
Sat Mar 15 00:14:26 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- apparmor: /var/lib/forgejo/data/home/.gitconfig needs to be
writable for initial setup
-------------------------------------------------------------------
Fri Mar 14 22:10:31 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- apparmor: forgot to rename the profile in the %post scriptlet
-------------------------------------------------------------------
Thu Mar 13 23:03:14 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- apparmor: fix wiki editing
-------------------------------------------------------------------
Tue Mar 11 13:38:40 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- use --legacy-peer-deps to make the node modules handling work
again
-------------------------------------------------------------------
Mon Mar 10 23:10:15 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- move permissions of the log dir and the data dir
from forgejo:forgejo u=rwX,g=rwX,o=
to forgejo:forgejo u=rwX,g=rX,o=
-------------------------------------------------------------------
Mon Mar 10 22:51:57 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- update apparmor profile to a profile that is less broad.
-------------------------------------------------------------------
Mon Mar 10 21:58:05 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- create all directories before actually installing files
-------------------------------------------------------------------
Mon Mar 10 21:56:00 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- make the HOME dir in the service file the same as the user
- migrate existing authorized keys files
from %{_datadir}/%{name}/.ssh/authorized_keys
to %{_sharedstatedir}/%{name}/data/home/.ssh/authorized_keys
-------------------------------------------------------------------
Mon Mar 10 14:52:02 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- fix file list to lock down permissions more
-------------------------------------------------------------------
Mon Mar 10 03:16:51 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- don't require the apparmor subpackage when apparmor is installed
the current profile is rather bad and it should be possible to
keep it out.
-------------------------------------------------------------------
Mon Mar 10 03:15:51 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- user should actually use /var/lib/forgejo/data/home
-------------------------------------------------------------------
Sat Feb 8 19:51:39 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- update to 10.0.1:
* Verify the ID of Forgejo Actions web endpoints belongs to the repository to
prevent the deletion of runners or variables or the modification of
variables
* Enforce permissions on publicly available user or organizations projects to
not leak information from issues and pull requests that belong to private
repositories
* fix(ui): display verified icon for default gpg key
* fix: load settings for valid user and email check
* Teach the doctor to remove orphaned two_factor with forgejo doctor check --run check-db-consistency --fix
* fix: listing tokens must not require basic auth
-------------------------------------------------------------------
Thu Jan 16 15:16:58 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- update to 10.0.0:
full changelog at https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/10.0.0.md
* Fix and refactor markdown rendering
* migrate TOTP secrets to keying
* Ensure source_id parameter is not skipped when set to 0 and correctly
filter users in /api/v1/admin/users endpoint
* Rework user profile settings
* Rework new repository dialog
* Show repository size on mobile
* Add links to commit lists in contributors graph page
* Add copy path button to file view
* Put issue actions in a single row on mobile
* Don't display email in profile settings when hidden
* Highlight user mention in comments and commit messages
* When bleve is used for issue search, a fuzzy search now applies to each
word instead of all of them, as if they were a phrase
* Add search to releases page
* Combine review requests comments
* If you select a portion of a comment and use the 'Quote reply' feature in
the context menu, only that portion will be quoted
* Set "your repositories" as the default filter for org dashboards
* Add button to create a Markdown table in a comment
* Add a bullet symbol between author and committer
* Added link to show all Issues/PullRequests
* Fix Action log UI race condition that occasionally prevents logs from loading
* Fix wiki search overflowing on wide screens
* Move "forgot_password"-link to fix login tab order
* Update help links on page with no workflows
* Add Low German to list of default languages
* i18n: Add dummy language for checking translation keys
* Updates for translations
* Add summary card for repos and releases
* Implement update branch API
* Allow changing default branch update style
* Add sorting functionality to /api/v1/admin/users endpoint
* Add Swift login endpoint
* Make LFS http_client parallel within a batch
* Improve performance of notifications page for MySQL
* Filepath filter for code search
* Add option to disable builtin authentication
* Add github compatible tarball download API endpoints
* Improve performance of allowed org repo creation query
* Allow the actions user to login via the jwt token
* Add a "summary card" to issues & PRs for consumption by OpenGraph clients
* Add a doctor check to disable the "Actions" unit for mirrors
* Make AVIF Images work with Forgejo
* Trim spaces from repo names on form submission
* Add new [lfs_client].BATCH_SIZE and [server].LFS_MAX_BATCH_SIZE config settings.
* Add setting to block disposable emails
* mermaid: Add the Kanban board diagram type.
* mermaid: Class diagram includes a new "classBox" shape, classDef statement,
support for styling the default class and lollipop interfaces.
* Add DISABLE_ORGANIZATIONS_PAGE and DISABLE_CODE_PAGE settings for explore pages
* Add branch deletion for scheduled PRs
* The requested_reviewers data is included in more webhook events.
* Support migrating GitHub/GitLab PR draft status.
* Language detection in the repository learned about the following languages:
- Java Template Engine, Noir, Cylc, iCalendar, vCard (aka. VCF: Virtual
Contact File) and Variant Call Format (VCF), B4X, Carbon, LiveCode
Script, Dune (OCaml build system)
* Allow filtering pull requests by poster in the API.
* Add support for searching users by email.
* New mermaid flowchart shapes.
* Code search results when using the bleve indexer are sorted by relevance.
* Add bin to Composer Metadata.
* Support regexp in git-grep search
* Git notes can be modified via the API or the UI
-------------------------------------------------------------------
Fri Dec 13 05:19:57 UTC 2024 - Richard Rahl <rrahl0@opensuse.org>
- update to 9.0.3:
* When Forgejo is configured to run the internal ssh server with
[server].START_SSH_SERVER=true, it was possible for a registered user to
impersonate another user
* Revert "allow synchronizing user status from OAuth2 login providers" Fix
* wiki search overflowing on wide screens Do not rewrite ssh keys files when
* deleting a user without one fix: doctor fails with pq: syntax error at or
* near "." whilst counting
Authorization token without existing User
* fix: Do not delete global Oauth2 applications Strict matching of allowed
* content for sanitizer for asciicast
and csv rendering
* fix: remove softbreak from github legacy callout fix: correct permission
* loading for limited organisation fix: clean up log files that no longer
* exist fix: return correct type in GetSubModule Improve Swagger documentation
* for user endpoints fix: normalize guessed languages from enry Show page
* titles in wiki search results fix(test): TestGitAttributeCheckerError must
* allow broken pipe fix: check read permissions for code owner review requests
* fix: use better code to group UID and stopwatches fix: api repo compare with
* commit hashes bug: correctly generate oauth2 jwt signing key
- disable gpg verification for this release
-------------------------------------------------------------------
Sat Nov 16 03:16:51 UTC 2024 - Richard Rahl <rrahl0@opensuse.org>
- update to 9.0.2:
* it was possible to use a token sent via email for secondary email validation
to reset the password instead. In other words, a token sent for a given
action (registration, password reset or secondary email validation) could
be used to perform a different action.
* a fork of a public repository would show in the list of forks, even if its
owner was not a public user or organization.
* the members of an organization team with read access to a repository (e.g.
to read issues) but no read access to the code could read the RSS or atom
feeds which include the commit activity. Reading the RSS or atom feeds is
now denied unless the team has read permissions on the code.
* the tokens used when replying by email to issues or pull requests were
weaker than the rfc2104 recommendations.
* a registered user could modify the update frequency of any push mirror.
* it was possible to use basic authorization (i.e. user:password) for requests
to the API even when security keys were enrolled for a user.
* some markup sanitation rules were not as strong as they could be.
* when Forgejo is configured to enable instance wide search (e.g. with bleve),
results found in the repositories of private or limited users were displayed
to anonymous visitors.
* fix: handle renamed dependency for cargo registry.
* support www.github.com for migrations.
* move forgot_password-link to fix login tab order.
* code owners will not be mentioned when a pull request comes from a forked
repository.
* labels are missing in the pull request payload removing a label.
* in a Forgejo Actions workflow, the unlabeled event type for pull requests
was incorrectly mapped to the labeled event type.
* when a Forgejo Actions issue or pull request workflow is triggered by an
labeled or unlabeled event type, it misses information about the label added
or removed. It is now available in the label data member of the event payload.
* pull request workflow must always update the head SHA commit status.
* fix git-grep for code search when git version is below 2.38.
-------------------------------------------------------------------
Mon Oct 28 17:09:05 UTC 2024 - Richard Rahl <rrahl0@opensuse.org>
- update to 9.0.1:
* Forgejo generates a token which is used to authenticate web endpoints that
are only meant to be used internally, for instance when the SSH daemon is
used to push a commit with Git. The verification of this token was not done
in constant time and was susceptible to timing attacks.
* Because of a missing permission check, the branch used to propose a pull
request to a repository can always be deleted by the user performing the merge.
* Fix boolean inputs in workflow_dispatch
* package arch database not updating when uploading "any" architecture
* correct SQL query for active issues
* specify default value for EXPLORE_DEFAULT_SORT.
* fix: Add recentupdated as recognized sort option
* Update dependency mermaid to v11.3.0 (v9.0/forgejo)
* Always update expiration time when creating an artifact
* Update scheduled tasks even if changes are pushed by "ActionsUser"
* Fix disable 2fa bug
* i18n: update of translations from Codeberg Translate
* fix: make branch protection work for new branches
* link to security policy in security.txt
* fix: don't show truncated comments in RSS/Atom feeds
* fix: typo on releases for source code downloads
* Revert "add gap between branch dropdown and PR button"
* fix: Don't double escape delete branch text
* fix: Add server logging for OAuth server errors
* forgejo-cli is now a symlink and cannot be used for sanity checks
* fix: correct documentation for non 200 responses in swagger
- forgejo is since 9.0.0 GPL-3.0-or-later
-------------------------------------------------------------------
Thu Oct 17 14:52:33 UTC 2024 - Richard Rahl <rrahl0@opensuse.org>
- update to 9.0.0:
* OIDC integrations that POST to /login/oauth/introspect without sending HTTP
basic authentication will now fail
* The public scope of an application token does not filter out private repositories,
organizations or packages in some cases
* Drop support to build Forgejo with the optional go-git Git backend
* Set created_by as the default filter for /issues and /pulls
* Set fuzzy as default for issue search.
* Improve commit graph layout.
* Add support for iconify icons.
* Allow multi-line relationship labels.
* Adds architecture diagrams which allows users to show relations between services.
* Improve diffs generated by Forgejo.
* Add rel="nofollow" to in-list labels.
* Distinguish between new tags, releases and pre-releases on activity page.
* Highlighted code search results.
* Refactor repo migration items.
* Add package counter to repo/user/org overview pages.
* Replace vue-bar-graph with chart.js.
* Add more emoji and code block rendering in issues.
* Bad spacing on new release page.
* Milestone assignment in new issue.
* git-grep: ensure bounded default for MatchesPerFile.
* Incorrect go to citation button.
* Incorrect HTMX support for profile card.
* Accessibility keyboard support for test actions.
* Update pull request icons.
* "Assign to me" button on PR and Issues.
* Add architecture-specific removal support for arch package.
* Add bin to Composer Metadata.
* Internationalization user experience improvements on team permissions and issue closing.
* Support allowed hosts for migrations to work with proxy.
* Trivial default quota configuration.
* Language detection in the repository learned about the following languages:
Luau, BQN, Cron table, NMODL, Pkl, templ, FIRRTL, Julia REPL, Caddyfile.
* The following extensions or filenames in a repository are associated with the matching language:
.sublime-color-scheme, MODULE.bazel.lock, Cargo.toml.orig, tsx, justfile, .zig.zon, .envrc.
* Remove support for Couchbase as a session provider; it instead will now fallback to the file provider.
* git-grep: allow searching for words with initial dashes.
* git-grep: skip binary files.
* Forgejo Actions logs are compressed by default.
* Support grouping by any path for arch package.
* Remove expensive nearest branch calculatations ($.BranchName) from commit diff view
* Allow push mirrors to use a SSH key as the authentication method for the mirroring action
instead of using user:password authentication.
* Use UTC as a timezone when running scheduled actions tasks.
* The actions logs older than [actions].LOG_RETENTION_DAYS days are removed (the default is 365).
* Add signature support for the RPM module.
* Allow color and background-color style properties for table cells.
* support pull_request_target event for commit status.
* support delete user email in admin panel.
* Notify owner about TOTP enrollment.
* Email notifications are now sent when account security changes are made: password changed
* Enable INVALIDATE_REFRESH_TOKENS.
* Sort milestones by name by default instead of the due date.
* allow synchronizing user status from OAuth2 login providers.
* add option to change mail from user display name.
* issue Templates: add option to have dropdown printed list.
* the default setting attachment.ALLOWED_TYPES was adjusted to allow .webp attachments in issues
* Convert milestone to HTMX.
* Use the full user name in emails to address the recipient, when available.
* Enhancing OAuth2 Provider with Granular Scopes for Resource Access.
* Display URLs in .sh-session files.
* The caching of contributor stats was improved
* Add support for LFS server implementations which have batch API responses in an older/deprecated schema.
* Forgejo Actions artifacts support range requests to resume a download.
* Added the foundations of a flexible, configurable quota system.
* Logs journald integration.
* A release asset can be a URL instead of a file.
* Don't allow owner team with incorrect unit access (includes doctor fix).
* Schedule workflows are canceled when pushing to the default branch.
* Incorrect Discord webhook JSON for issue events.
* wrong last modify time.
* Repo Activity: count new issues that were closed.
* incorrect /tokens API.
* Do not escape relative path in RPM primary index.
* Handle invalid target when creating releases using API.
* /repos/{owner}/{repo}/pulls/{index}/files endpoint not populating previous_filename.
* Improve textarea paste.
* Handle "close" actionable references for manual merges.
* Team admins are allowed to search team members via the API.
* Don't return 500 if mirror url contains special chars.
* Agit automerge is not working properly.
* Improve the display of PR & issue short links.
* Migrate scoped GitLab labels as scoped Forgejo labels.
* /repos/{owner}/{repo}/pulls/{index} requested_reviewers contains null for teams.
* Validate title length when updating an issue.
* Hide the "Details" link of commit status when the user cannot access actions.
* Runner registration token via API is broken for repo level runners.
* Deleted projects causes bad popover text on issues.
* Distinguish LFS object errors to ignore missing objects during migration.
* When viewing the revision history of wiki pages, the pagination links are broken
* Also rename the head branch of open pull requests when renaming a branch.
* add return type to GetRawFileOrLFS and GetRawFile.
* properly filter issue list given no assignees filter.
* Cron task to cleanup dangling container images with version sha256:*.
* Allow updates to runners' secrets.
* Do not fire webhook notifications for updates and deletions of comments that are part of an ongoing review
* Fixed social media previews for links to wiki pages.
* Updated translations
* Improve the clarity of confirmation in email messages.
* Fine tune language for units.
* Improve translation strings for webhook events.
* Allow different translations of creation links and titles.
* English strings improvements for internationalization.
-------------------------------------------------------------------
Wed Oct 9 13:22:28 UTC 2024 - Richard Rahl <rrahl0@opensuse.org>
- add dont-strip.patch for not stripping the main binary (so we can
create debuginfo package)
-------------------------------------------------------------------
Wed Oct 9 05:46:17 UTC 2024 - Tuukka Pasanen <tuukka.pasanen@ilmi.fi>
- Add package environment-to-ini for OCI containers
-------------------------------------------------------------------
Tue Sep 10 07:49:29 UTC 2024 - Richard Rahl <rrahl0@opensuse.org>
- update to 8.0.3:
* replace v-html with v-text in branch search inputbox for XSS protection
* mitigate CVE-2024-43788 (upgrade webpack)
* Translation updates
-------------------------------------------------------------------
Thu Aug 29 16:06:05 UTC 2024 - Richard Rahl <rrahl0@opensuse.org>
- update to 8.0.2:
* Overflow for images on project cards.
* Allow unreacting from comment popover.
* The scope of application tokens is not verified when writing
containers or Conan packages.
* When a Forgejo Actions workflow includes a workflow_dispatch with
inputs and other events (for instance push), it is silently ignored
because of a parsing error.
* Automerge on AGit pull requests is ignored.
* Show lock owner instead of repo owner on LFS setting page.
* Render plain text file if the LFS object doesn't exist.
* Panic of ssh public key page after deletion of an auth source.
* Add missing repository type filter parameters to pager.
* Reverted a change from Gitea which prevented allow/reject reviews on
merged or closed PRs. This change was not considered by the Forgejo
UI team and there is a consensus that it feels like a regression,
since it interferes with workflows known to be used by Forgejo users
without providing a tangible benefit.
* Run full PR checks on AGit push.
* Updated translations
-------------------------------------------------------------------
Fri Aug 9 21:25:45 UTC 2024 - Richard Rahl <rrahl0@opensuse.org>
- update to 8.0.1:
* A change introduced in Forgejo v1.21 allows a Forgejo user with write
permission on a repository description to inject a client-side script into
the web page viewed by the visitor. This XSS allows for href in anchor
elements to be set to a javascript: URI in the repository description,
which will execute the specified script upon clicking (and not upon
loading). AllowStandardURLs is now called for the repository description
policy, which ensures that URIs in anchor elements are mailto:, http://
or https:// and thereby disallowing the javascript: URI.
* Do not include trailing EOL character when counting lines
* Add background to reactions on hover
* Prevent uppercase in header of dashboard context selector
* Fix page layout in admin settings
* Ensure all filters are persistent in issue filters
* Allow 4 charachter SHA in /src/commit
- update to 8.0.0:
full changelog at https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#8-0-0
Highlights:
* remove Microsoft SQL Server support
* introduce a branch/tag dropdown in the code search page
* added support for fuzzy searching in /user/repo/issues and /user/repo/pulls
* API endpoints for managing tag protection.
* add Reviewed-on and Reviewed-by variables to the merge template
* display an error when an issue comment is edited simultaneously by
two users instead of silently overriding one of them
* when installing Forgejo through the built-in installer, open
(self-) registration is now disabled by default
* add support for the reddit and Hubspot OAuth providers.
* CERT management was improved when ENABLE_ACME=true
* language detection in the repository got additional languages
* add an immutable tarball link to archive download headers for Nix
* Show the AGit label on merged pull requests
- fix apparmor profile
- set sqlite3 as the default installation database
- add a rule for firewalld
-------------------------------------------------------------------
Fri Aug 9 18:13:59 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- update to 7.0.7:
This is a security release. See the documentation for more
information on the upgrade procedure.
* Security
- A change introduced in Forgejo v1.21 allows a Forgejo user
with write permission on a repository description to inject a
client-side script into the web page viewed by the visitor.
This XSS allows for href in anchor elements to be set to a
javascript: URI in the repository description, which will
execute the specified script upon clicking (and not upon
loading). AllowStandardURLs is now called for the repository
description policy, which ensures that URIs in anchor
elements are mailto:, http:// or https:// and thereby
disallowing the javascript: URI.
* Bug fixes
- PR (backported): disallow javascript: URI in the repository
description
* Localization
- PR (backported): i18n: backport of #4568 #4668 and #4783 to
v7
-------------------------------------------------------------------
Thu Aug 1 10:50:53 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- update to 7.0.6:
* Two frontend features were removed because a license
incompatibility was discovered. Read more in the companion blog
post.
- PR (backported from): Mermaid rendering: %%{init:
{"flowchart": {"defaultRenderer": "elk"}} }%% will now fail
because ELK is no longer included.
- PR (backported from): Repository citation: Removed the
ability to export citations in APA format.
* User Interface bug fixes
- PR (backported from): Replace vue-bar-graph with chart.js
- PR (backported from): Show AGit label on merged PR
- PR (backported from): Fix mobile UI for organisation creation
* Bug fixes
- PR (backported from): fix(api): issue state change is not
idempotent
- PR (backported from): Reserve the devtest username
- PR (backported from): fix(actions): no edited event triggered
when a title is changed
- PR (backported from): Load attachments for
/issues/comments/{id}
- PR (backported from): When searching for users, page the
results by default, and respect the default paging limits
- PR (backported from): the "View command line instructions"
link in pull requests and the "Copy content" button in file
editor are not accessible
- PR (backported from): Use correct SHA in GetCommitPullRequest
* Localization
- PR (backported from): Update of translations from Weblate
- PR: Update of translations from Weblate
- PR (backported from): 3 translation updates from Weblate - PR
1, PR 2, PR 3
-------------------------------------------------------------------
Mon Jul 15 06:28:18 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- fix typo Environemnt in forgejo.service
-------------------------------------------------------------------
Fri Jul 5 07:13:38 UTC 2024 - Richard Rahl <rrahl0@opensuse.org>
- update to 7.0.5:
* Fixed: CVE-2024-24791 - GO-2024-2963 Denial of service due to improper
100-continue handling in net/http
* Fixed: authentication Source Administration page wrongfully handles the "Custom URLs Instead
of Default URLs" checkbox (missing checkbox, irrelevant fields).
* Fixed: git push to an adopted repository fails.
* Fixed: markdown doesn't render math within brackets
* Fixed: selecting the "No Project" filter in the issue/pull request list has no effect
* Fixed: error 500 when processing crafted TIFF files.
* Fixed: wrong placeholder text in the form for adding repository collaborator.
-------------------------------------------------------------------
Sun Jun 16 12:52:27 UTC 2024 - Richard Rahl <rrahl0@disroot.org>
- update to 7.0.4:
* Fixed: CVE-2024-24789: the archive/zip package's handling of certain types
of invalid zip files differs from the behavior of most zip implementations.
This misalignment could be exploited to create an zip file with contents that
vary depending on the implementation reading the file.
* the OAuth2 implementation does not always require authentication for public
clients, a requirement of RFC 6749 Section 10.2
* forgejo migrate-storage --type actions-artifacts always fails because it picks the wrong path.
* avatar files can be found in storage while they do not exist in the database.
* repository admins are always denied the right to force merge and instance admins
are subject to restrictions to merge that must only apply to repository admins.
* non conformance with the Nix tarball fetcher immutable link protocol.
* migrated activities (such as reviews) are mapped to the user who initiated the
migration rather than the Ghost user, if the external user cannot be mapped to a
local one. This mapping mismatch leads to internal server errors in some cases.
* a v7.0.0 regression causes [admin].SEND_NOTIFICATION_EMAIL_ON_NEW_USER=true to always be ignored.
* using a subquery for user deletion is a performance bottleneck when using mariadb 10
because only mariadb 11 takes advantage of the available index.
* a v7.0.3 regression causes the expanding diffs in pull requests to fail with a 404 error.
* SourceHut Builds webhook fail when the triggers field is used.
* the label list rendering in the issue and pull request timeline is displayed on
multiple lines instead of a single one.
* Git hooks of this repository seem to be broken." warning when pushing more than one branch at a time.
* automerge does not happen when the approval count reaches the required threshold.
* the FORCE_PRIVATE=true setting is not consistently enforced.
* CSRF validation errors when OAuth is not enabled.
* headlines in rendered org-mode do not have a margin on the top
-------------------------------------------------------------------
Wed May 22 20:41:58 UTC 2024 - Richard Rahl <rrahl0@disroot.org>
- update to 7.0.3:
* CVE-2024-24788: a malformed DNS message in response to a query can
cause the lookup functions to get stuck in an infinite loop
* backticks in mermaid block diagram labels are not sanitized properly
* migration of a repository from gogs fails when it is hosted at a subpath.
* when creating an OAuth2 application the redirect URLs are not enforced to
be mandatory
* the API incorrectly excludes repositories where code is not enabled
* "Allow edits from maintainers" cannot be modified via the pull request web UI
* repository activity feeds (including RSS and Atom feeds) contain
repeated activities
* uploading maven packages with metadata being uploaded separately will fail
* the mail notification sent about commits pushed to pull requests are empty
* inline emails attachments are not properly handled when commenting on an
issue via email
* the links to .zip and tar.gz on the tag list web UI fail
* expanding code diff while previewing a pull request before it is created fails
* the CLI is not able to migrate Forgejo Actions artifacts
* when adopting a repository, the default branch is not taken into account
* when using reverse proxy authentication, logout will not be taken into
account when immediately trying to login afterwards
* pushing to the master branch of a sha256 repository fails
* a very long project column name will make the action menu inaccessible
* a useless error is displayed when the title of a merged pull request is
modified
* workflow badges are not working for workflows that are not running on push
(such as scheduled workflows, and ones that run on tags and pull requests)
-------------------------------------------------------------------
Fri May 3 00:35:37 UTC 2024 - Richard Rahl <rrahl0@disroot.org>
- update to 7.0.2:
* regression where subscribing to or unsubscribing from an issue in a
repository with no code produced an internal server error.
* regression makes all the refs sent in Gitea webhooks to be full refs and
might break Woodpecker CI pipelines triggered on tag (CI_COMMIT_TAG
contained the full ref). This issue has been fixed in the main branch of
Woodpecker CI as well.
* the webhook branch filter wrongly applied the match on the full ref for
branch creation and deletion (wrongly skipping events).
* toggling the WIP state of a pull request is possible from the sidebar,
but not from the footer.
* when mentioning a user, the markup post-processor does not handle the case
where the mentioned user does not exist: it tries to skip to the next node,
which in turn, ended up skipping the rest of the line.
* excessive and unnecessary database queries when a user with no repositories
is viewing their dashboard.
* duplicate status check contexts show in the branch protection settings.
* profile info fails to render german singular translation.
* inline attachments of incoming emails (as they occur for example with Apple
Mail) are not attached to comments.
-------------------------------------------------------------------
Sat Apr 27 14:53:09 UTC 2024 - Richard Rahl <rrahl0@disroot.org>
- update to 7.0.1:
* LFS data corruption when running the forgejo doctor check --fix CLI command
or setting [cron.gc_lfs].ENABLED=true (the default is false)
* non backward compatible change in the forgejo admin user create CLI command
* error 500 because of an incorrect evaluation of the template when visiting
the LFS settings of a repository
* GET /repos/{owner}/{name} API endpoint always returns an empty string for
the object_format_name field
* fuzzy search may fail with bleve
-------------------------------------------------------------------
Thu Apr 25 02:27:22 UTC 2024 - Richard Rahl <rrahl0@disroot.org>
- update to 7.0.0:
This is only an excerpt from the full changelog, which you can find
in your RELEASE-NOTES.md or at
https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#7-0-0
* MySQL 8.0 or PostgreSQL 12 are the minimum supported versions.
The database must be migrated before upgrading.
The requirements regarding SQLite did not change.
* The per_page parameter is no longer a synonym for limit in the
/repos/{owner}/{repo}/releases API endpoint.
* The date format of the created and last_update fields of the
/repos/{owner}/{repo}/push_mirrors and /repos/{owner}/{repo}/push_mirrors
API endpoint changed to be timestamps instead of numbers.
* Labels used by pprof endpoint have been changed
* The fogejo admin user create CLI command requires a password change
by default when creating the first user
-------------------------------------------------------------------
Sat Apr 20 12:39:56 UTC 2024 - Richard Rahl <rrahl0@disroot.org>
- update to 1.21.11-1:
* error 500 on tag creation when a workflow exists
- update to 1.21.11-0:
* Fixed a privilege escalation through git push options that
allows any user to change the visibility of any repository they can see,
regardless of their level of access.
* Fixed a bug that allows user-supplied, non-sandboxed JavaScript to be run
from the same domain as the forge, via
/{owner}/{repo}/render/branch/{branch}/{filename} URLs.
* Close file in upload function
* Prevent registering runners for deleted repositories.
Prevents 500 Internal Server Error in admin interface.
* More reliable pagination support when migrating from gitbucket
* Fix automerge when used with actions
- fix apparmor profile
-------------------------------------------------------------------
Fri Apr 5 18:39:07 UTC 2024 - Richard Rahl <rrahl0@proton.me>
- update to 1.21.10-0:
* CVE-2023-45288 which permits an attacker to cause an HTTP/2 endpoint to
read arbitrary amounts of header data
* Fix to not remove repository avatars when the doctor runs with --fix
on the repository archives.
* Detect protected branch on branch rename.
* Don't delete inactive emails explicitly.
* Fix user interface when a review is deleted without refreshing.
* Fix paths when finding files via the web interface that were not escaped.
* Respect DEFAULT_ORG_MEMBER_VISIBLE setting when adding creator to org.
* Fix duplicate migrated milestones.
* Fix inline math blocks can't be preceeded/followed by alphanumerical
characters.
-------------------------------------------------------------------
Thu Mar 28 06:58:20 UTC 2024 - Richard Rahl <rrahl0@proton.me>
- increase golang dep to 1.22, to imitate the CI/CD of forgejo
- revise how the apparmor package gets build + add selinux
-------------------------------------------------------------------
Sat Mar 23 21:21:28 UTC 2024 - Richard Rahl <user@localhost>
- update to 1.21.8-0:
* Fix /api/v1/{owner}/{repo}/issue_templates which was always failing with a
500 error.
* Prevent error 500 on /user/settings/security when SignedUser has a linked
account from a deactivated authentication source.
* Fix error 500 when pushing release to an empty repo.
* Fix incorrect rendering csv file when file size is larger than UI.CSV.MaxFileSize.
* Fix error 500 when deleting account with incorrect password or unsupported login type.
* handle user-defined name anchors like [Link](#link) linking to <a name="link"></a>Link.
* Use correct head commit for CODEOWNER.
* Fix manual merge button.
* Make meilisearch do exact search for issues.
* Fix PR creation via api between branches of same repo with head field namespaced.
-------------------------------------------------------------------
Fri Mar 8 07:35:29 UTC 2024 - Richard Rahl <rrahl0@proton.me>
- add apparmor profile leeched off of the gitea packaging
- update to 1.21.7-0:
* Fix tarball/zipball download bug.
* Ensure HasIssueContentHistory takes into account comment_id.
* The google.golang.org/protobuf module was bumped to version v1.33.0 to fix
a bug in the google.golang.org/protobuf/encoding/protojson package which
could cause the Unmarshal function to enter an infinite loop when handling
some invalid inputs
-------------------------------------------------------------------
Fri Feb 9 10:07:58 UTC 2024 - Richard Rahl <rrahl0@proton.me>
- initial packaging
Reference in New Issue View Git Blame Copy Permalink