pool/forgejo
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
forgejo/forgejo.changes
Richard Rahl 7288b74937 Accepting request 1175961 from home:rrahl0:upgrades 
- update to 7.0.3:
  * CVE-2024-24788: a malformed DNS message in response to a query can
    cause the lookup functions to get stuck in an infinite loop
  * backticks in mermaid block diagram labels are not sanitized properly
  * migration of a repository from gogs fails when it is hosted at a subpath.
  * when creating an OAuth2 application the redirect URLs are not enforced to
    be mandatory
  * the API incorrectly excludes repositories where code is not enabled
  * "Allow edits from maintainers" cannot be modified via the pull request web UI
  * repository activity feeds (including RSS and Atom feeds) contain
    repeated activities
  * uploading maven packages with metadata being uploaded separately will fail
  * the mail notification sent about commits pushed to pull requests are empty
  * inline emails attachments are not properly handled when commenting on an
    issue via email
  * the links to .zip and tar.gz on the tag list web UI fail
  * expanding code diff while previewing a pull request before it is created fails
  * the CLI is not able to migrate Forgejo Actions artifacts
  * when adopting a repository, the default branch is not taken into account
  * when using reverse proxy authentication, logout will not be taken into
    account when immediately trying to login afterwards
  * pushing to the master branch of a sha256 repository fails
  * a very long project column name will make the action menu inaccessible
  * a useless error is displayed when the title of a merged pull request is
    modified
  * workflow badges are not working for workflows that are not running on push
    (such as scheduled workflows, and ones that run on tags and pull requests)

OBS-URL: https://build.opensuse.org/request/show/1175961
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=19
2024-05-22 20:56:36 +00:00

166 lines
8.2 KiB
Plaintext
Raw Blame History

-------------------------------------------------------------------
Wed May 22 20:41:58 UTC 2024 - Richard Rahl <rrahl0@disroot.org>
- update to 7.0.3:
* CVE-2024-24788: a malformed DNS message in response to a query can
cause the lookup functions to get stuck in an infinite loop
* backticks in mermaid block diagram labels are not sanitized properly
* migration of a repository from gogs fails when it is hosted at a subpath.
* when creating an OAuth2 application the redirect URLs are not enforced to
be mandatory
* the API incorrectly excludes repositories where code is not enabled
* "Allow edits from maintainers" cannot be modified via the pull request web UI
* repository activity feeds (including RSS and Atom feeds) contain
repeated activities
* uploading maven packages with metadata being uploaded separately will fail
* the mail notification sent about commits pushed to pull requests are empty
* inline emails attachments are not properly handled when commenting on an
issue via email
* the links to .zip and tar.gz on the tag list web UI fail
* expanding code diff while previewing a pull request before it is created fails
* the CLI is not able to migrate Forgejo Actions artifacts
* when adopting a repository, the default branch is not taken into account
* when using reverse proxy authentication, logout will not be taken into
account when immediately trying to login afterwards
* pushing to the master branch of a sha256 repository fails
* a very long project column name will make the action menu inaccessible
* a useless error is displayed when the title of a merged pull request is
modified
* workflow badges are not working for workflows that are not running on push
(such as scheduled workflows, and ones that run on tags and pull requests)
-------------------------------------------------------------------
Fri May 3 00:35:37 UTC 2024 - Richard Rahl <rrahl0@disroot.org>
- update to 7.0.2:
* regression where subscribing to or unsubscribing from an issue in a
repository with no code produced an internal server error.
* regression makes all the refs sent in Gitea webhooks to be full refs and
might break Woodpecker CI pipelines triggered on tag (CI_COMMIT_TAG
contained the full ref). This issue has been fixed in the main branch of
Woodpecker CI as well.
* the webhook branch filter wrongly applied the match on the full ref for
branch creation and deletion (wrongly skipping events).
* toggling the WIP state of a pull request is possible from the sidebar,
but not from the footer.
* when mentioning a user, the markup post-processor does not handle the case
where the mentioned user does not exist: it tries to skip to the next node,
which in turn, ended up skipping the rest of the line.
* excessive and unnecessary database queries when a user with no repositories
is viewing their dashboard.
* duplicate status check contexts show in the branch protection settings.
* profile info fails to render german singular translation.
* inline attachments of incoming emails (as they occur for example with Apple
Mail) are not attached to comments.
-------------------------------------------------------------------
Sat Apr 27 14:53:09 UTC 2024 - Richard Rahl <rrahl0@disroot.org>
- update to 7.0.1:
* LFS data corruption when running the forgejo doctor check --fix CLI command
or setting [cron.gc_lfs].ENABLED=true (the default is false)
* non backward compatible change in the forgejo admin user create CLI command
* error 500 because of an incorrect evaluation of the template when visiting
the LFS settings of a repository
* GET /repos/{owner}/{name} API endpoint always returns an empty string for
the object_format_name field
* fuzzy search may fail with bleve
-------------------------------------------------------------------
Thu Apr 25 02:27:22 UTC 2024 - Richard Rahl <rrahl0@disroot.org>
- update to 7.0.0:
This is only an excerpt from the full changelog, which you can find
in your RELEASE-NOTES.md or at
https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#7-0-0
* MySQL 8.0 or PostgreSQL 12 are the minimum supported versions.
The database must be migrated before upgrading.
The requirements regarding SQLite did not change.
* The per_page parameter is no longer a synonym for limit in the
/repos/{owner}/{repo}/releases API endpoint.
* The date format of the created and last_update fields of the
/repos/{owner}/{repo}/push_mirrors and /repos/{owner}/{repo}/push_mirrors
API endpoint changed to be timestamps instead of numbers.
* Labels used by pprof endpoint have been changed
* The fogejo admin user create CLI command requires a password change
by default when creating the first user
-------------------------------------------------------------------
Sat Apr 20 12:39:56 UTC 2024 - Richard Rahl <rrahl0@disroot.org>
- update to 1.21.11-1:
* error 500 on tag creation when a workflow exists
- update to 1.21.11-0:
* Fixed a privilege escalation through git push options that
allows any user to change the visibility of any repository they can see,
regardless of their level of access.
* Fixed a bug that allows user-supplied, non-sandboxed JavaScript to be run
from the same domain as the forge, via
/{owner}/{repo}/render/branch/{branch}/{filename} URLs.
* Close file in upload function
* Prevent registering runners for deleted repositories.
Prevents 500 Internal Server Error in admin interface.
* More reliable pagination support when migrating from gitbucket
* Fix automerge when used with actions
- fix apparmor profile
-------------------------------------------------------------------
Fri Apr 5 18:39:07 UTC 2024 - Richard Rahl <rrahl0@proton.me>
- update to 1.21.10-0:
* CVE-2023-45288 which permits an attacker to cause an HTTP/2 endpoint to
read arbitrary amounts of header data
* Fix to not remove repository avatars when the doctor runs with --fix
on the repository archives.
* Detect protected branch on branch rename.
* Don't delete inactive emails explicitly.
* Fix user interface when a review is deleted without refreshing.
* Fix paths when finding files via the web interface that were not escaped.
* Respect DEFAULT_ORG_MEMBER_VISIBLE setting when adding creator to org.
* Fix duplicate migrated milestones.
* Fix inline math blocks can't be preceeded/followed by alphanumerical
characters.
-------------------------------------------------------------------
Thu Mar 28 06:58:20 UTC 2024 - Richard Rahl <rrahl0@proton.me>
- increase golang dep to 1.22, to imitate the CI/CD of forgejo
- revise how the apparmor package gets build + add selinux
-------------------------------------------------------------------
Sat Mar 23 21:21:28 UTC 2024 - Richard Rahl <user@localhost>
- update to 1.21.8-0:
* Fix /api/v1/{owner}/{repo}/issue_templates which was always failing with a
500 error.
* Prevent error 500 on /user/settings/security when SignedUser has a linked
account from a deactivated authentication source.
* Fix error 500 when pushing release to an empty repo.
* Fix incorrect rendering csv file when file size is larger than UI.CSV.MaxFileSize.
* Fix error 500 when deleting account with incorrect password or unsupported login type.
* handle user-defined name anchors like [Link](#link) linking to <a name="link"></a>Link.
* Use correct head commit for CODEOWNER.
* Fix manual merge button.
* Make meilisearch do exact search for issues.
* Fix PR creation via api between branches of same repo with head field namespaced.
-------------------------------------------------------------------
Fri Mar 8 07:35:29 UTC 2024 - Richard Rahl <rrahl0@proton.me>
- add apparmor profile leeched off of the gitea packaging
- update to 1.21.7-0:
* Fix tarball/zipball download bug.
* Ensure HasIssueContentHistory takes into account comment_id.
* The google.golang.org/protobuf module was bumped to version v1.33.0 to fix
a bug in the google.golang.org/protobuf/encoding/protojson package which
could cause the Unmarshal function to enter an infinite loop when handling
some invalid inputs
-------------------------------------------------------------------
Fri Feb 9 10:07:58 UTC 2024 - Richard Rahl <rrahl0@proton.me>
- initial packaging
Reference in New Issue View Git Blame Copy Permalink