99 KiB
Release Notes
A Forgejo release is published shortly after a Gitea release is published and they have matching release numbers. Additional Forgejo releases may be published to address urgent security issues or bug fixes. Forgejo release notes include all Gitea release notes.
The Forgejo admin should carefully read the required manual actions before upgrading. A point release (e.g. v1.19.1 or v1.19.2) does not require manual actions but others might (e.g. v1.18.0, v1.19.0).
DRAFT 1.20.0-0
The complete list of commits included in the Forgejo v1.20.0-?
release can be reviewed from the command line with:
$ git clone https://codeberg.org/forgejo/forgejo/
$ git -C forgejo log --oneline --no-merges origin/v1.19/forgejo..origin/v1.20/forgejo
- [CI]
- Workflows are now available to run tests on
Forgejo
itself. It is not enabled yet on Codeberg but will work if the repository is mirrored on an instance where Forgejo Actions is enabled.
- Workflows are now available to run tests on
- [MODERATION]
- Blocking another user is desirable if they are acting maliciously or are spamming your repository. When you block a user, Forgejo does not explicitly notify them, but they may learn through an interaction with you that is blocked. Read more about blocking users.
- [PACKAGES]
- [PACKAGES SWIFT] commit
c709fa17a7
Add Swift package registry 22404 - [PACKAGE debian] commit
bf999e4069
Add Debian package registry 24426 - [PACKAGES RPM] commit
05209f0d1d
Add RPM registry 23380 - [PACKAGE alpine] commit
9173e079ae
Add Alpine package registry 23714 - [PACKAGE go] commit
5968c63a11
Add Go package registry 24687 - [PACKAGES CRAN] commit
cdb088cec2
Add CRAN package registry 22331 - [PACKAGES cargo]] commit
723598b803
Implement Cargo HTTP index 24452
- [PACKAGES SWIFT] commit
- [A11Y]
- [A11Y] commit
6c35454654
Improve accessibility for issue comments 22612 - [A11Y] commit
a78e0b7dad
Add accessibility to the menu on the navbar 23059 - [A11Y] commit
e8935606f5
Scoped labels: set aria-disabled on muted Exclusive option for a11y 23306 - [A11Y] commit
d4f35bd681
Use a general approch to improve a11y for all checkboxes and dropdowns. 23542 - [A11Y RTL] commit
32d9c47ec7
Add RTL rendering support to Markdown 24816 - [A11Y] commit
e95b42e187
Improve accessibility when (re-)viewing files 24817 - [A11Y] commit
87f0f7e670
Add aria attributes to interactive time tooltips. 23661
- [A11Y] commit
- [TIME]
- [TIME] commit
b7b5834831
Use auto-updating, natively hoverable, localized time elements 23988 - [TIME] commit
25faee3c5f
Fix date display bug 24047 - [TIME] commit
97176754be
Localize milestone related time strings 24051 - [TIME] commit
70bb4984cd
Allow using localized absolute date times within phrases with place holders and localize issue due date events 24275 - [TIME] commit
5bc9f7fcf9
Improve commit date in commit graph 24399 - [TIME] commit
62ca5825f7
Fix incorrect last online time in runner_edit.tmpl 24376 - [TIME] commit
dbb3736785
Fix incorrect webhook time and use relative-time to display it 24477 - [TIME] commit
3d266dd0f3
In TestViewRepo2, convert computed timezones to local time 24579
- [TIME] commit
- [WIKI]
- [WIKI] commit
c0246677a6
Fix markup background, improve wiki rendering 23750 - [WIKI] commit
2f46838120
Re-add initial wiki page text when editing the page 23984 - [WIKI] commit
1ab16e48cc
Improve Wiki TOC 24137 - [WIKI] commit
284b41f452
Fix bug when deleting wiki with no code write permission 24274 - [WIKI] commit
d347208114
Improve External Wiki in Repo Header 24304 - [WIKI] commit
db582d97ef
Improve wiki user title test 24559 - [WIKI] commit
60e7963141
Fix inconsistent wiki path converting. 24277 - [WIKI] commit
b39a5bbbd6
Make wiki title supports dashes and improve wiki name related features 24143
- [WIKI] commit
- [UI / UX]
- [BREAKING UX preview render] commit
84daddc2fa
Editor preview support for external renderers 23333 - [BREAKING branding] commit
d44e1565da
Refactorsetting.Other
and remove unusedSHOW_FOOTER_BRANDING
(#24270) - [BREAKING theme tags] commit
c7612d178c
Remove meta tagstheme-color
anddefault-theme
24960 - [BREAKING UI] commit
520eb57d76
Use a separate admin page to show global stats, removeactions
stat 25062 - [UI] commit
6e90a1459b
Add word-break to sidebar-item-link 23146 - [UI] commit
303b72c2d1
Fix Fomantic UI'stouchstart
fastclick, always useclick
for click events 23065 - [UI] commit
10cdcb9ea8
Add "Reviewed by you" filter for pull requests 22927 - [UI] commit
843f81113e
Projects: rename Board to Column in interface and improve consistency 22767 - [UI] commit
f4920c9c7f
Add pagination for dashboard and user activity feeds 22937 - [UI] commit
d20b29d7ce
Fix height for sticky head on large screen on PR page 23111 - [ACTIONS] commit
edf98a2dc3
Require approval to run actions for fork pull request 22803 - [UI] commit
0bc8bb3cc4
Make issue meta dropdown support Enter, confirm before reloading 23014 - [UI] commit
403f3e9208
Use the correct selector to hide the checkmark of selected labels on clear 23224 - [UI] commit
7a5af25592
Fix incorrect checkbox behaviors in the dashboard repolist's filter 23147 - [UI] commit
188c8c12c2
Make Ctrl+Enter submit a pending comment (starting review) instead of submitting a single comment 23245 - [UI BIG] commit
7f9d58fab8
Support paste treepath when creating a new file or updating the file name 23209 - [UI] commit
ea1d09718c
Fix commit retrieval by tag 21804 - [UI] commit
0945bf63d3
Fix missed.hide
class 23208 - [UI BIG] commit
de6c718b46
Allow<video>
in MarkDown 22892 - [UI BIG] commit
545495dcb0
Pull Requests: add button to compare force pushed commits 22857 - [UI] commit
ea7f0d6fcf
Change interactiveBorder to fix popup preview 23169 - [UI] commit
d949d8e074
add user visibility in dashboard navbar 22747 - [UX] commit
dad057b639
Handle OpenID discovery URL errors a little nicer when creating/editing sources 23397 - [UX] commit
d647e74502
Improve squash merge commit author and co-author with private emails 22977 - [UI] commit
17c8a0523a
Fix and move "Use this template" button 23398 - [UI] commit
a04eeb2a54
Show edit/close/delete button on organization wide repositories 23388 - [UI] commit
e72290fd9a
Sync the class change of Edit Column Button to JS code 23400 - [UI] commit
75022f8b1a
Refactor branch/tag selector dropdown (first step) 23394 - [UX] commit
3de9e63fd0
Hide target selector if tag exists when creating new release 23171 - [UI] commit
cf29ee6dd2
Add missing tabs to org projects page 22705 - [UI] commit
bf730528ca
Fix 'View File' button in code search 23478 - [UI] commit
aac07d010f
Add workflow error notification in ui 23404 - [UI] commit
6ff5400af9
Make branches list page operations remember current page 23420 - [UI] commit
e82f1b15c7
Refactor dashboard repo list to Vue SFC 23405 - [UI] commit
81fe5d6185
Convert<div class="button">
to<button class="button">
23337 - [UX] commit
5eea61dbc8
Fix missing commit status in PR which from forked repo 23351 - [UX UI search] commit
661e78bed5
Allow both fullname and username search whenDEFAULT_SHOW_FULL_NAME
is true 23463 - [UI] commit
39d3711f30
ChangeClose
to eitherClose issue
orClose pull request
23506 - [UX review] commit
a8c30a45fa
Publish Review
buttons should indicate why they are disabled 23598 - [UI] commit
529bac1950
Polyfill the window.customElements 23592 - [UI GPG] commit
12ddc48c5c
Use octicon-verified for gpg signatures 23529 - [UI stars] commit
06c067bb0f
Remove stars in dashboard repo list 23530 - [UI] commit
272cf6a2a9
Make time tooltips interactive 23526 - [UI] commit
389e83f7eb
Improve<SvgIcon>
to make it outputsvg
node and optimize performance 23570 - [UX issue config] commit
f384b13f1c
Implement Issue Config 20956 - [UI] commit
2c585d62a4
User/Org Feed render description as per web 23887 - [UI TAGS] commit
b78c955958
Fix tags view 23243 - [UI] commit
9cefb7be73
Fix new issue/pull request btn margin when it is next to sort 23647 - [UX preview] commit
ac64c82974
Allow new file and edit file preview if it has editable extension 23624 - [UI] commit
ca905b82df
Append(comment)
when a link points at a comment rather than the whole issue 23734 - [UX diff] commit
aa4d1d94f7
Diff improvements 23553 - [UX ONLY_SHOW_RELEVANT_REPOS] commit
e57e1144c5
Add ONLY_SHOW_RELEVANT_REPOS back, fix explore page bug, make code more strict 23766 - commit
ed5e7d03c6
Don't apply the group filter when listing LDAP group membership if it is empty 23745 - [UX allow . in name] commit
88033438aa
Support "." char as user name for User/Orgs in RSS/ATOM/GPG/KEYS path ... 23874 - [UI] commit
ca5722a0fa
Ensure RSS icon is present on all repo tabs 23904 - [UI] commit
6eb678374b
Refactor authors dropdown (send get request from frontend to avoid long wait time) 23890 - [UX RELEASE permalink] commit
42919ccb7c
Make Release Download URLs predictable 23891 - [UX project] commit
6a4be2cb6a
Add cardtype to org/user level project on creation, edit and view 24043 - [UX] commit
52b17bfa07
Add repository counter badge to repository tab 24205 - [UX dump] commit
cb1536471b
Add --quiet option to gitea dump 22969 - [UI] commit
774d1a0fbd
Tweak pull request branch delete ui 23951 - [UI] commit
9c33cbd344
Fix no edit/close/delete button in org repo project view page 24301 - [UX] commit
c41bc4f127
Display when a repo was archived 22664 - [UI] commit
83022013c8
Fix layouts of admin table / adapt repo / email test 24370 - [UX] commit
e9b39250b2
Improve pull request merge box when pull request merged and branch deleted. [24397](https:// - [UI] commit94d6b5b09d
Add "Updated" column for admin repositories list 24429 github.com/go-gitea/gitea/pull/24397) - [UI] commit
72e956b79a
Improve protected branch setting page 24379 - [UX goto issue] commit
1144b1d129
Add goto issue id function 24479 - [UI] commit
97b70a0cd4
Add org visibility label to non-organization's dashboard 24558 - [UX] commit
4daf40505a
Sort users and orgs on explore by recency by default 24279 - [UX graceful restart] commit
7565e5c3de
Implement systemd-notify protocol 21151 - [UX] commit
4810fe55e3
Add status indicator on main home screen for each repo 24638 - [UX] commit
b5c26fa825
Add markdown preview to Submit Review Textarea 24672 - [UX issue template] commit
c4303efc23
Support markdown editor for issue template 24400 - [UI] commit
4aec1f87a4
Remove highlight in repo list 24675 - [UI] commit
8251b317f7
Improve empty notifications display 24668 - [UX] commit
f6e029e6c7
Make repo migration cancelable and fix various bugs 24605 - [UI] commit
b3af7484bc
Fix missing badges in org settings page 24654 - [UI RSS] commit
67db6b6976
RSS icon fixes 24476 - [UX notification list] commit
f7ede92f82
Notification list enhancements, fix striped tables on dark theme 24639 - [UI] commit
ea7954f069
Modify luminance calculation and extract related functions into single files 24586 - [UX review] commit
ae0fa64ef6
Review fixes and enhancements 24526 - [UI] commit
df00ccacc9
Fix invite display 24447 - [UX] commit
e8173c2c33
MoveRename branch
from repo settings page to the page of branches list 24380 - [UX] commit
3f0651d4d6
Improve milestone filter on issues page 22423 - [UI] commit
8f4dafcd4e
Rework header bar on issue, pull requests and milestone 24420 - [UI] commit
8bbbf7e6b8
Remove fluid on compare diff page 24627 - [UI avatar] commit
82224c54e0
Improve avatar uploading / resizing / compressing, remove Fomantic card module 24653 - [UI] commit
b9fad73e9f
Unification of registration fields order 24737 - [UI] commit
6a3a54cf48
Remove background on user dashboard filter bar 24779 - [UX] commit
b807d2f620
Support no label/assignee filter and batch clearing labels/assignees 24707 - [UI] commit
5c0745c034
Add validations.required check to dropdown field 24849 - [UX notifications list] commit
27c221aa5d
Rework notifications list 24812 - [UI] commit
35ce7ca25b
Hide 'Mirror Settings' when unneeded, improve hints 24433 - [UX] commit
a70d853d06
Consolidate the two review boxes into one 24738 - [UI] commit
e3897148f9
Minor UI improvements: logo alignment, auth map editor, auth name display 25043 - [UX tree view] commit
72eedfb915
Show file tree by default 25052 - [UX diff copy] commit
c5ede35124
Add button on diff header to copy file name, misc diff header tweaks 24986 - [UI] commit
58536093b3
Add details summary for vertical menus in settings to allow toggling 25098 - [UI] commit
7d192cb674
Add Progressbar to Milestone Page 25050 - [UI] commit
7abe958f5b
Fix color for transfer related buttons when having no permission to act 24510 - [UI] commit
4a722c9a45
Make Issue/PR/projects more compact, misc CSS tweaks 24459
- [BREAKING UX preview render] commit
- [PERF]
- [PERF] commit
1319ba6742
Use minio/sha256-simd for accelerated SHA256 23052 - [PERF] commit
ef4fc30246
Speed up HasUserStopwatch & GetActiveStopwatch 23051 - [PERF] commit
0268ee5c37
Do not create commit graph for temporary repos 23219 - [PERF] commit
75ea0d5dba
Faster git.GetDivergingCommits 24482 - [PERF] commit
df48af2229
Order pull request conflict checking by recently updated, for each push 23220
- [PERF] commit
- [AUTH]
- [MAIL smtp auth] commit
8be6da3e2f
Add ntlm authentication support for mail 23811 - [AUTH LDAP] commit
b8c19e7a11
Update LDAP filters to include both username and email address 24547 - [AUTH PKCE] commit
7d855efb1f
Allow for PKCE flow without client secret + add docs 25033 - [AUTH OAuth redirect] commit
ca35dec18b
Add ability to set multiple redirect URIs in OAuth application UI 25072
- [MAIL smtp auth] commit
- [REFACTOR]
- [BREAKING REFACTOR logger] commit
4647660776
Rewrite logger system 24726 - [BREAKING REFACTOR queue] commit
6f9c278559
Rewrite queue 24505 - [REFACTOR pull mirror] commit
99283415bc
Refactor Pull Mirror and fix out-of-sync bugs 24732 - [REFACTOR git] commit
f4538791f5
Refactor internal API for git commands, use meaningful messages instead of "Internal Server Error" 23687 - [REFACTOR route] commit
92fd3fc4fd
Refactor "route" related code, fix Safari cookie bug 24330 - [REFACTOR] commit
8598356df1
Refactor and tidy-up the merge/update branch code 22568 - [REFACTOR] commit
542cec98f8
Refactor merge/update git command calls 23366 - [REFACTOR] commit
ec261b63e1
Refactor repo commit list 23690 - [REFACTOR cookie] commit
5b9557aef5
Refactor cookie 24107 - [REFACTOR web route] commit
b9a97ccd0e
Refactor web route 24080 - [REFACTOR issue stats] commit
38cf43d060
Some refactors for issues stats 24793 - [REFACTOR] commit
c59a057297
Refactor rename user and rename organization 24052 - [REWORK logger] commit
0d54395fb5
Improve logger Pause handling 24946 - [REWORK queue / logger] commit
18f26cfbf7
Improve queue and logger context 24924 - [REFACTOR scoped token] commit
18de83b2a3
Redesign Scoped Access Tokens 24767 - [REFACTOR ini] commit
de4a21fcb4
Refactor INI package (first step) 25024 - [REFACTOR diffFileInfo] commit
ee99cf6313
Refactor diffFileInfo / DiffTreeStore 24998
- [BREAKING REFACTOR logger] commit
- [TEMPLATES]
- [TEMPLATES expressions] commit
5b89670a31
Use a general Eval function for expressions in templates. 23927 - [CMD reload templates] commit
3588edbb08
Add gitea manager reload-templates command 24843
- [TEMPLATES expressions] commit
- [RSS]
- [RSS feed] commit
59d060622d
Improve RSS 24335 - [RSS feed] commit
56d4893b2a
Add RSS Feeds for branches and files 22719
- [RSS feed] commit
- [API]
- [API EMAIL] commit
d56bb74201
add admin API email endpoints 22792 - [API USER RENAME] commit
03591f0f95
add user rename endpoint to admin api 22789 - [API admin search] commit
6f9cc617fc
Add login name and source id for admin user searching API 23376 - [API] commit
574d8fe6d6
Add absent repounits to create/edit repo API 23500 - [API issue dependencies] commit
3cab9c6b0c
Add API to manage issue dependencies 17935 - [API activity feeds] commit
6b0df6d8da
Add activity feeds API 23494 - [API license] commit
fb37eefa28
Add API for License templates 23009 - [API gitignore] commit
36a5d4c2f3
Add API for gitignore templates 22783 - [API upload empty repo] commit
cf465b4721
Support uploading file to empty repo by API 24357 - [API COMMIT --not] commit
f766b00293
Add ability to specify '--not' from GetAllCommits 24409 - [API GetAllCommits] commit
1dd83dbb91
Filters for GetAllCommits 24568 - [API get single commit] commit
5930ab5fdf
Filter get single commit 24613 - [API create branch] commit
cd9a13ebb4
Create a branch directly from commit on the create branch API 22956 - [BREAKING API team] commit
0a3c4d4a59
Fix team members API endpoint pagination 24754 - [API label templates] commit
25dc1556cd
Add API for Label templates 24602 - [API changing/creating/deleting multiple files] commit
275d4b7e3f
API endpoint for changing/creating/deleting multiple files 24887
- [API EMAIL] commit
- [FEATURES]
- [BREAKING] (maybe) commit
f5987c24e2
Makegitea serv
respect git binary home 23138 - [README] commit
52e24167e5
Test renderReadmeFile 23185 - [REFLOGS] commit
757b4c17e9
Support reflogs 22451 - [DOCTOR] commit
df411819eb
Check LFS/Packages settings in dump and doctor command 23631 - [MINIO] commit
0e7bec1849
Add InsecureSkipVerify to Minio Client for Storage 23166 - [MINIO MD5 checksum] commit
5727056ea1
Make minio package support legacy MD5 checksum 23768 - [PRIVACY email display] commit
6706ac2a0f
Fix profile page email display, respect settings 23747 - [INDEX meilisearch] commit
92c160d8e7
Add meilisearch support 23136 - [PRIVACY email] commit
5e1bd8af5f
Show visibility status of email in own profile 23900 - [BREAKING SSH key parsing] commit
7a8a4f5432
Prefer native parser for SSH public key parsing 23798 - [REDIS] commit
985f76dc4b
Update redis library to support redis v7 24114 - [RESERVED users] commit
1819c4b59b
Add new user typesreserved
,bot
, andremote
24026 - [NEW files to empty repo] commit
e422342eeb
Allow adding new files to an empty repo 24164 - [WEBP avatars] commit
65fe0fb22c
Allowwebp
images as avatars 24248 - [MARKDOWN livemd] commit
58caf422e6
Add .livemd as a markdown extension 22730 - [FOLLOW org] commit
cc64a92560
Add follow organization and fix the logic of following page 24345 - [PROFILE README] commit
c090f87a8d
Add Gitea Profile Readmes 23260 - [HTTP RANGE] commit
023a048f52
Make repository response support HTTP range request 24592 - [status check pattern] commit
e7c2231dee
Support for status check pattern 24633 - [EMAIL allow/block] commit
2cb66fff60
Support wildcard in email domain allow/block list 24831 - [INSTALL page] commit
abcf5a7b5e
Fix install page context, make the install page tests really test 24858 - [environment-to-ini FILE] commit
c21605951b
Make environment-to-ini support loading key value from file 24832 - [APP ini git config] commit
8080ace6fc
Support changing git config throughapp.ini
, usediff.algorithm=histogram
by default 24860 - [PIN issues] commit
aaa1094663
Add the ability to pin Issues 24406 - [BREAKING reflog / config] commit
2f149c5c9d
Use[git.config]
for reflog cleaning up 24958 - [SEARCH skip forks mirrors] commit
033d92997f
Allow skipping forks and mirrors from being indexed 23187
- [BREAKING] (maybe) commit
- [WEBHOOK]
- [WEBHOOKS] commit
2173f14708
Add user webhooks 21563 - [WEBHOOK] commit
9e04627aca
Fix incorrectHookEventType
of pull request review comments 23650 - [WEBHOOK review request] commit
309354c70e
New webhook trigger for receiving Pull Request review requests 24481
- [WEBHOOKS] commit
- [DISCARDED]
- [GITEA only BREAKING service worker] commit
50bd7d0b24
Remove the service worker 25010
- [GITEA only BREAKING service worker] commit
-
Container images upgraded to Alpine 3.18
The Forgejo container images are now based on Alpine 3.18 instead of Alpine 3.1.17 It includes an upgrade from git ...
1.19.3-0
The complete list of commits included in the Forgejo v1.19.3-0
release can be reviewed from the command line with:
$ git clone https://codeberg.org/forgejo/forgejo/
$ git -C forgejo log --oneline --no-merges v1.19.2-0..v1.19.3-0
This stable release contains security fixes.
-
Recommended Action
We recommend that all Forgejo installations are upgraded to the latest version.
-
The semantic version was updated from
4.2.0+0-gitea-1.19.2
to4.2.1+0-gitea-1.19.3
because of the rebuild with Go version 1.20.4. -
Security fixes
- Forgejo was recompiled with Go version v1.20.4 published 2 May 2023. It fixes three vulnerabilities (CVE-2023-29400, CVE-2023-24540, CVE-2023-24539) related to the html/template package. The Forgejo security team analyzed the security fixes it contains and concluded that Forgejo is not affected but recommended a rebuild as a precaution.
-
Bug fixes
The most prominent one is described here, others can be found in the list of commits included in the release as described above.
- Allow users that are not signed in to browse the tag list. Requiring users to be signed in to view the tag list was a regression introduced in Forgejo v1.19.2-0.
1.19.2-0
The complete list of commits included in the Forgejo v1.19.2-0
release can be reviewed from the command line with:
$ git clone https://codeberg.org/forgejo/forgejo/
$ git -C forgejo log --oneline --no-merges v1.19.1-0..v1.19.2-0
This stable release contains important security fixes.
-
Recommended Action
We strongly recommend that all Forgejo installations are upgraded to the latest version as soon as possible.
-
The semantic version was updated from
4.1.0+0-gitea-1.19.1
to4.2.0+0-gitea-1.19.2
because of the changes introduced in the internal CI. -
Security fixes
- Token scopes were not enforced in some cases (patch 1 and patch 2). The scoped token were introduced in Forgejo v1.19 allow for the creation of application tokens that only have limited permissions, such as creating packages or accessing repositories. Prior to Forgejo v1.19 tokens could be used to perform any operation the user issuing the token could.
- Permissions to delete secrets was not enforced. The experimental internal CI relies on secrets managed via the web interface, for instance to communicate credentials to a job. Secrets are only used in the context of the experimental internal CI.
-
Bug fixes
The most prominent ones are described here, others can be found in the list of commits included in the release as described above.
- Restore public access to some API endpoints. When scoped token introduced in Forgejo v1.19, some API endpoints that were previously accessible anonymously became restricted:
/orgs
,/orgs/{org}
,/orgs/{org}/repos
,/orgs/{org}/public_members
,/orgs/{org}/public_members/{username}
,/orgs/{org}/labels
. - Fix 2-dot direct compare to use the right base commit. For 2-dot direct compare, the base commit should be used in the title and templates, as is used elsewhere, not the common ancestor which is used for 3-dot compare.
- Make CORS work. No CORS headers were set, even if CORS was enabled in the configuration.
- Fix issue attachment removal. When an attachment was removed from an issue or review comment, all of the image/attachment links were broken.
- Fix wiki write permissions for users who do not have repository write permissions. When a team member had write access to the wiki but not to the code repository, some operations (deleting a page for instance) were denied.
- Respect the REGISTER_MANUAL_CONFIRM setting when registering via OAuth. Contrary to the local registration, the OAuth registration flow activated a newly registered user regardless of the value of
REGISTER_MANUAL_CONFIRM
. - Fix tags list for repos whose release setting is disabled. When releases was disabled the "tags" button led to a
Not Found
page, even when tags existed.
- Restore public access to some API endpoints. When scoped token introduced in Forgejo v1.19, some API endpoints that were previously accessible anonymously became restricted:
-
Container image upgrades
In the Forgejo container images the Git version was upgraded to 2.38.5 as a precaution. The Forgejo security team analyzed the security fixes it contains and concluded that Forgejo is not affected.
1.19.1-0
The complete list of commits included in the Forgejo v1.19.1-0
release can be reviewed from the command line with:
$ git clone https://codeberg.org/forgejo/forgejo/
$ git -C forgejo log --oneline --no-merges v1.19.0-3..v1.19.1-0
This stable release includes bug fixes. Functional changes related to the experimental CI have also been backported.
-
Recommended Action
We recommend that all installations are upgraded to the latest version.
-
The semantic version was updated from
4.0.0+0-gitea-1.19.0
to4.1.0+0-gitea-1.19.1
because of the changes introduced in the internal CI. -
Bug fixes
The most prominent ones are described here, others can be found in the list of commits included in the release as described above.
- Fix RSS/ATOM/GPG/KEYS path for users (or orgs) with a dot in their name. It is allowed for a user (or an organization) to have a dot in their name, for instance
user.name
. Because of a bug in Chi it was not possible to access/user.name.png
,/user.name.gpg
, etc. A workaround was implemented while a proper fix is being discussed. - Creating a tag via the web interface no longer requires a title.
- Use fully qualified URLs in Dockerfile. The Dockerfile to create the Forgejo container image now uses the fully qualified image
docker.io/library/golang:1.20-alpine3.17
instead ofgolang:1.20-alpine3.17
. This allows for building on platforms that don't have docker hub as the default container registry. - Redis use Get/Set instead of Rename when Regenerate session id. The old sid and new sid may be in different redis cluster slot.
- Do not escape space between PyPI repository url and package name. It also adds a trailing slash to the PyPI repository URL in accordance to Python PEP-503.
- Fix failure when using the API and an empty rule_name to protect a branch. The
rule_name
parameter for the /repos/{owner}/{repo}/branch_protections API now defaults to the branch name instead of being empty. - Fix branch protection priority. Contrary to the documentation it was possible for a glob rule to take precedence over a non-glob rule.
- Fix deleting an issue when the git repo does not exist. If a project had an issue tracker (such as the Forgejo discussion) but no git repository, trying to delete an issue would fail.
- Fix accidental overwriting of LDAP team memberships. If an LDAP user is a member of two groups, the LDAP group sync only matched the last group.
- Fix RSS/ATOM/GPG/KEYS path for users (or orgs) with a dot in their name. It is allowed for a user (or an organization) to have a dot in their name, for instance
1.19.0-3
The complete list of commits included in the Forgejo v1.19.0-3
release can be reviewed from the command line with:
$ git clone https://codeberg.org/forgejo/forgejo/
$ git -C forgejo log --oneline --no-merges v1.19.0-2..v1.19.0-3
This stable release includes security updates and bug fixes.
-
Recommended Action
We recommend that all installations are upgraded to the latest version.
-
Security
The Forgejo security team analyzed the vulnerabilities fixed in the latest Go 1.20.3 packages and Alpine 3.17.3 and concluded that Forgejo is not affected.
As a precaution the Forgejo v1.19.0-3 binaries were compiled with Go 1.20.3 packages as published on 4 April 2023 and the container images were built with Alpine 3.17.3 as published on 29 March 2023.
-
The semantic version was updated from
3.0.0+0-gitea-1.19.0
to4.0.0+0-gitea-1.19.0
because of the breaking changes described below. -
Breaking changes
They should not have a significant impact because they are related to experimental features (federation and CI).
-
Use User.ID instead of User.Name in ActivityPub API for Person IRI
The ActivityPub id is an HTTPS URI that should remain constant, even if the user changes their name.
-
Actions unit is repo.actions instead of actions.actions
All instances of
actions.actions
in theDISABLED_REPO_UNITS
orDEFAULT_REPO_UNITS
configuration variables must be replaced withrepo.actions
.
-
-
Bug fixes
They are for the most part about user interface and actions. The most prominent ones are:
- Do not filter repositories by default on the explore page. The behavior of the explore page is back to what it was in Forgejo v1.18. Changing it was confusing.
- Skip LFS when disabled in dump and doctor.
- Do not display own email on the profile.
- Make minio package support legacy MD5 checksum.
- Do not triggers Webhooks and actions on closed PR.
1.19.0-2
The complete list of commits included in the Forgejo v1.19.0-2
release can be reviewed from the command line with:
$ git clone https://codeberg.org/forgejo/forgejo/
$ git -C forgejo log --oneline --no-merges origin/v1.18/forgejo..origin/v1.19/forgejo
-
Breaking changes
-
Forgejo access token, used with the API can now have a "scope" that limits what it can access. Existing tokens stored in the database and created before Forgejo v1.19 had unlimited access. For backward compatibility, their access will remain the same and they will continue to work as before. However, newly created token that do not specify a scope will now only have read-only access to public user profile and public repositories.
For instance, the
/users/{username}/tokens
API endpoint will require thescopes: ['all', 'sudo']
parameter and theforgejo admin user generate-access-token
will require the--scopes all,sudo
argument obtain tokens with ulimited access as before for admin users. -
Disable all units except code and pulls on forks
When forking a repository, the fork will now have issues, projects, releases, packages and wiki disabled. These can be enabled in the repository settings afterwards. To change back to the previous default behavior, configure
DEFAULT_FORK_REPO_UNITS
to be the same value asDEFAULT_REPO_UNITS
. -
Filter repositories by default on the explore page
The explore page now always filters out repositories that are considered not relevant because they are either forks or have no topic and not description and no icon. A link is shown to display all repositories, unfiltered.
-
Remove deprecated DSA host key from Docker Container Since OpenSSH 7.0 and greater similarly disable the ssh-dss (DSA) public key algorithm, and recommend against its use. http://www.openssh.com/legacy.html
-
Additional restrictions on valid user names
The algorithm for validating user names was modified and some users may have invalid names. The command
forgejo doctor --run check-user-names
will list all of them so they can be renamed.If a Forgejo instance has users or organizations named
forgejo-actions
andgitea-actions
, they will also need to be renamed before the upgrade. They are now reserved names for the experimental internal CI/CD namedActions
. -
Since v1.18.5, in addition to the Forgejo release number, a semantic version number (e.g.
v3.0.0
) can be obtained from thenumber
key of a new/api/forgejo/v1/version
endpoint.Now, it reflects the Gitea version that Forgejo depends on, is no longer prefixed with
v
(e.g.3.0.0+0-gitea-1.19.0
), and can be obtained from theversion
key of the same endpoint.
-
-
Features
-
Documentation The first version of the Forgejo documentation is available and covers the administration of Forgejo, from installation to troubleshooting.
-
Webhook authorization header Forgejo webhooks can be configured to send an authorization header to the target.
-
Incoming emails You can now set up Forgejo to receive incoming email. When enabled, it is now possible to reply to an email notification from Forgejo and:
- Add a comment to an issue or a pull request
- Unsubscribe to the notifications
-
Packages registries
- Support for Cargo, Conda and Chef
- Cleanup rules
- Quota limits
-
Option to prohibit fork if user reached maximum limit of repositories It is possible for a user to create as many fork as they want, even when a quota on the number of repositories is imposed. The new
ALLOW_FORK_WITHOUT_MAXIMUM_LIMIT
setting can now be set tofalse
so forks are prohibited if that means exceeding the quota. -
Scoped labels Labels that contain a forward slash (/) separator are displayed with a slightly different color before and after the separator, as a visual aid. The first part of the label defines its "scope".
-
Support org/user level projects It is now possible to create projects (kanban boards) for an organization or a user, in the same way it was possible for an individual repository.
-
Map OIDC groups to Orgs/Teams When a user logs in Forgejo using an provider such as Keycloak, they can now automatically be part of a Forgejo team, depending on the OIDC group they belong to. For instance:
{"Developer": {"MyForgejoOrganization": ["MyForgejoTeam1", "MyForgejoTeam2"]}}
Means that the user who is in the OIDC group
Developer
will automatically be a member of theMyForgejoTeam1
andMyForgejoTeam2
teams in theMyForgejoOrganization
organization. This mapping is set when adding a newAuthentication Source
in theSite Administration
panel....
-
RSS feed for releases and tags
A RSS feed is now available for releases at
/{owner}/{repo}/releases.rss
and tags at/{owner}/{repo}/tags.rss
. -
Supports wildcard protected branch
Instead of selecting a branch to be protected, the name of the branch must be specified and can be a pattern such as
precious*
. -
Garbage collect LFS Add a doctor command for full garbage collection of LFS:
forgejo doctor --run gc-lfs
. -
Additions to the API
-
Option to disable releases on a repository
It is now possible to disable releases on a repository, in the same way it is possible to disable issues or packages.
-
Git reflog support The git reflog are now active by default on all repositories and kept around for 90 days. It allows the Forgejo admin to recover the previous tip of a branch after an accidental force push.
-
Actions: an experimental CI/CD
It appears for the first time in this Forgejo release but is not yet fit for production. It is not fully implemented and may be insecure. However, as long as it is not enabled, it presents no risk to existing Forgejo instances.
If a repository has a file such as
.forgejo/workflows/test.yml
, it will be interpreted, for instance to run tests and verify the code in the repository works as expected (Continuous Integration). It can also be used to create HTML pages for a website and publish them (Continous Deployment). The syntax is similar to GitHub Actions and the jobs can be controled from the Forgejo web interface.
-
-
User Interface improvements
-
Review box on small screens The rendering of the review box is improved on small screens.
-
Video element enabled in markdown The
<video>
HTML tag can now be used in MarkDown, with thesrc
,autoplay
, andcontrols
attributes. -
Copy citation file content in APA and BibTex format If a BibTeX file named
CITATION.bib
is at the root of the repository, it can be conveniently copied and converted in APA by following theCite this repository
link.It will open a dialog box with the available formats and a preview of the content.
The CFF format is also supported when a
CITATION.cff
file used instead. -
Files with the
.cast
extension are displayed in the Forgejo web interface as asciicast v2 using asciinema-player. -
Attention blocks Note and Warning
For each quote block, the first
**Note**
or**Warning**
gets an icon prepended to it and its text is colored accordingly. -
Support for commit cross references
A commit hash can now be prefixed by the repository to be referenced from a comment in another repository:
owner/repo@commit
. -
Preview images for Issue cards in Project Board view
If the card preview in the project is set to Images and Text, it displays images found in the corresponding issue. The most recent is displayed first, up to five images.
-
Add "Copy" button to file view of raw text
If a raw text file is displayed, a copy button of the text is enabled.
Before
After
-
Setting to allow edits on PRs by maintainers
Add setting to allow edits by maintainers by default, to avoid having to often ask contributors to enable this.
-
-
Container images upgraded to Alpine 3.17
The Forgejo container images are now based on Alpine 3.17 instead of Alpine 3.16. It includes an upgrade from git 2.36.5 to git 2.38.4 and from openssh 9.0p1 to openssh 9.1p1.
1.18.5-0
This stable release contains an important security fix for Forgejo to raise the protection against brute force attack on hashed passwords stored in the database to match industry standards, as described in detail in a companion blog post.
Recommended Action
We strongly recommend that all Forgejo installations are upgraded to the latest version as soon as possible.
If PASSWORD_HASH_ALGO
is explicitly set in app.ini
, comment it out so that the stronger algorithm is used instead.
All password hashes stored with another algorithm will be updated to the new algorithm on the next usage of this password (e.g. a user provides the password to the Forgejo server when they login). It does not require manual intervention.
Forgejo
- SECURITY
- Upgrade the default password hash algorithm to pbkdf2 with 320,000 iterations (https://codeberg.org/forgejo/forgejo/pulls/407)
- BUGFIXES
- Return the Forgejo semantic version instead of "development" (https://codeberg.org/forgejo/forgejo/pulls/381)
Gitea
- SECURITY
- Provide the ability to set password hash algorithm parameters (https://github.com/go-gitea/gitea/pull/22942) (https://github.com/go-gitea/gitea/pull/22943)
- BUGFIXES
- Use
--message=%s
for git commit message (https://github.com/go-gitea/gitea/pull/23028) (https://github.com/go-gitea/gitea/pull/23029) - Render access log template as text instead of HTML (https://github.com/go-gitea/gitea/pull/23013) (https://github.com/go-gitea/gitea/pull/23025)
- Fix the Manually Merged form (https://github.com/go-gitea/gitea/pull/23015) (https://github.com/go-gitea/gitea/pull/23017)
- Use beforeCommit instead of baseCommit (https://github.com/go-gitea/gitea/pull/22949) (https://github.com/go-gitea/gitea/pull/22996)
- Display attachments of review comment when comment content is blank (https://github.com/go-gitea/gitea/pull/23035) (https://github.com/go-gitea/gitea/pull/23046)
- Return empty url for submodule tree entries (https://github.com/go-gitea/gitea/pull/23043) (https://github.com/go-gitea/gitea/pull/23048)
- Notify on container image create (https://github.com/go-gitea/gitea/pull/22806) (https://github.com/go-gitea/gitea/pull/22965)
- Some refactor about code comments(https://github.com/go-gitea/gitea/pull/20821) (https://github.com/go-gitea/gitea/pull/22707)
- Use
Note that there is no Forgejo v1.18.4-N because Gitea v1.18.4 was replaced by Gitea v1.18.5 a few days after its release because of a regression. Forgejo was not affected.
1.18.3-2
This stable release includes a security fix for git
and bug fixes.
Git
Git recently announced new versions to address two CVEs (CVE-2023-22490, CVE-2023-23946). On 14 Februrary 2023, Git published the maintenance release v2.39.2, together with releases for older maintenance tracks v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. All major GNU/Linux distributions also provide updated packages via their security update channels.
We recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible.
- When using a Forgejo binary: upgrade the
git
package to a version greater or equal to v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7 or v2.30.8 - When using a Forgejo container image:
docker pull codeberg.org/forgejo/forgejo:1.18.3-2
Forgejo
- BUGFIXES
- Use proxy for pull mirror (https://github.com/go-gitea/gitea/pull/22771) (https://github.com/go-gitea/gitea/pull/22772)
- Revert "Fixes accessibility of empty repository commit status" (https://github.com/go-gitea/gitea/pull/22632)
- A regression introduced in 1.18.3-1 prevented the CI status from displaying for commits with more than one pipeline
- FORGEJO RELEASE PROCESS BUGFIXES
- The tag SHA in the uploaded repository must match (https://codeberg.org/forgejo/forgejo/pulls/345) Read more about the consequences of this on the Forgejo blog
Gitea
- BUGFIXES
- Load issue before accessing index in merge message (https://github.com/go-gitea/gitea/pull/22822) (https://github.com/go-gitea/gitea/pull/22830)
- Fix isAllowed of escapeStreamer (https://github.com/go-gitea/gitea/pull/22814) (https://github.com/go-gitea/gitea/pull/22837)
- Escape filename when assemble URL (https://github.com/go-gitea/gitea/pull/22850) (https://github.com/go-gitea/gitea/pull/22871)
- Fix PR file tree folders no longer collapsing (https://github.com/go-gitea/gitea/pull/22864) (https://github.com/go-gitea/gitea/pull/22872)
- Fix incorrect role labels for migrated issues and comments (https://github.com/go-gitea/gitea/pull/22914) (https://github.com/go-gitea/gitea/pull/22923)
- Fix blame view missing lines (https://github.com/go-gitea/gitea/pull/22826) (https://github.com/go-gitea/gitea/pull/22929)
- Fix 404 error viewing the LFS file (https://github.com/go-gitea/gitea/pull/22945) (https://github.com/go-gitea/gitea/pull/22948)
- FEATURES
- Add command to bulk set must-change-password (https://github.com/go-gitea/gitea/pull/22823) (https://github.com/go-gitea/gitea/pull/22928)
1.18.3-1
This stable release includes bug fixes.
Forgejo
- ACCESSIBILITY
- Add ARIA support for Fomantic UI checkboxes (https://github.com/go-gitea/gitea/pull/22599)
- Fixes accessibility behavior of Watching, Staring and Fork buttons (https://github.com/go-gitea/gitea/pull/22634)
- Add main landmark to templates and adjust titles (https://github.com/go-gitea/gitea/pull/22670)
- Improve checkbox accessibility a bit by adding the title attribute (https://github.com/go-gitea/gitea/pull/22593)
- Improve accessibility of navigation bar and footer (https://github.com/go-gitea/gitea/pull/22635)
- PRIVACY
- Use DNS queries to figure out the latest Forgejo version (https://codeberg.org/forgejo/forgejo/pulls/278)
- BRANDING
- Change the values for the nodeinfo API to correctly identify the software as Forgejo (https://codeberg.org/forgejo/forgejo/pulls/313)
- CI
- Use tagged test environment for stable branches (https://codeberg.org/forgejo/forgejo/pulls/318)
Gitea
- BUGFIXES
- Fix missing message in git hook when pull requests disabled on fork (https://github.com/go-gitea/gitea/pull/22625) (https://github.com/go-gitea/gitea/pull/22658)
- add default user visibility to cli command "admin user create" (https://github.com/go-gitea/gitea/pull/22750) (https://github.com/go-gitea/gitea/pull/22760)
- Fix color of tertiary button on dark theme (https://github.com/go-gitea/gitea/pull/22739) (https://github.com/go-gitea/gitea/pull/22744)
- Fix restore repo bug, clarify the problem of ForeignIndex (https://github.com/go-gitea/gitea/pull/22776) (https://github.com/go-gitea/gitea/pull/22794)
- Escape path for the file list (https://github.com/go-gitea/gitea/pull/22741) (https://github.com/go-gitea/gitea/pull/22757)
- Fix bugs with WebAuthn preventing sign in and registration. (https://github.com/go-gitea/gitea/pull/22651) (https://github.com/go-gitea/gitea/pull/22721)
- PERFORMANCES
- Improve checkIfPRContentChanged (https://github.com/go-gitea/gitea/pull/22611) (https://github.com/go-gitea/gitea/pull/22644)
1.18.3-0
This stable release includes bug fixes.
Forgejo
- BUGFIXES
- Fix line spacing for plaintext previews (https://github.com/go-gitea/gitea/pull/22699) (https://github.com/go-gitea/gitea/pull/22701)
- Fix README TOC links (https://github.com/go-gitea/gitea/pull/22577) (https://github.com/go-gitea/gitea/pull/22677)
- Don't return duplicated users who can create org repo (https://github.com/go-gitea/gitea/pull/22560) (https://github.com/go-gitea/gitea/pull/22562)
- Link issue and pull requests status change in UI notifications directly to their event in the timelined view. (https://github.com/go-gitea/gitea/pull/22627) (https://github.com/go-gitea/gitea/pull/22642)
Gitea
- BUGFIXES
- Add missing close bracket in imagediff (https://github.com/go-gitea/gitea/pull/22710) (https://github.com/go-gitea/gitea/pull/22712)
- Fix wrong hint when deleting a branch successfully from pull request UI (https://github.com/go-gitea/gitea/pull/22673) (https://github.com/go-gitea/gitea/pull/22698)
- Fix missing message in git hook when pull requests disabled on fork (https://github.com/go-gitea/gitea/pull/22625) (https://github.com/go-gitea/gitea/pull/22658)
1.18.2-1
This stable release includes a security fix. It was possible to reveal a user's email address, which is problematic because users can choose to hide their email address from everyone. This was possible because the notification email for a repository transfer request to an organization included every user's email address in the owner team. This has been fixed by sending individual emails instead and the code was refactored to prevent it from happening again.
We strongly recommend that all installations are upgraded to the latest version as soon as possible.
Gitea
- BUGFIXES
- When updating by rebase we need to set the environment for head repo (https://github.com/go-gitea/gitea/pull/22535) (https://github.com/go-gitea/gitea/pull/22536)
- Mute all links in issue timeline (https://github.com/go-gitea/gitea/pull/22534)
- Truncate commit summary on repo files table. (https://github.com/go-gitea/gitea/pull/22551) (https://github.com/go-gitea/gitea/pull/22552)
- Prevent multiple
To
recipients (https://github.com/go-gitea/gitea/pull/22566) (https://github.com/go-gitea/gitea/pull/22569)
1.18.2-0
This stable release includes bug fixes.
Gitea
- BUGFIXES
- Fix issue not auto-closing when it includes a reference to a branch (https://github.com/go-gitea/gitea/pull/22514) (https://github.com/go-gitea/gitea/pull/22521)
- Fix invalid issue branch reference if not specified in template (https://github.com/go-gitea/gitea/pull/22513) (https://github.com/go-gitea/gitea/pull/22520)
- Fix 500 error viewing pull request when fork has pull requests disabled (https://github.com/go-gitea/gitea/pull/22512) (https://github.com/go-gitea/gitea/pull/22515)
- Reliable selection of admin user (https://github.com/go-gitea/gitea/pull/22509) (https://github.com/go-gitea/gitea/pull/22511)
1.18.1-0
This is the first Forgejo stable point release.
Forgejo
Critical security update for Git
Git recently announced new versions to address two CVEs (CVE-2022-23521, CVE-2022-41903). On 17 January 2023, Git published the maintenance release v2.39.1, together with releases for older maintenance tracks v2.38.3, v2.37.5, v2.36.4, v2.35.6, v2.34.6, v2.33.6, v2.32.5, v2.31.6, and v2.30.7. All major GNU/Linux distributions also provide updated packages via their security update channels.
We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible.
- When using a Forgejo binary: upgrade the
git
package to a version greater or equal to v2.39.1, v2.38.3, v2.37.5, v2.36.4, v2.35.6, v2.34.6, v2.33.6, v2.32.5, v2.31.6, or v2.30.7 - When using a Forgejo container image:
docker pull codeberg.org/forgejo/forgejo:1.18.1-0
Read more in the Forgejo blog.
Release process stability
The release process based on Woodpecker CI was entirely reworked to be more resilient to transient errors. A new release is first uploaded into the new Forgejo experimental organization for testing purposes.
Automated end to end testing of releases was implemented with a full development cycle including the creation of a new repository and a run of CI. It relieves the user and developer from the burden of tedious manual testing.
Container environment variables
When running a container, all environment variables starting with FORGEJO__
can be used instead of GITEA__
. For backward compatibility with existing scripts, it is still possible to use GITEA__
instead of FORGEJO__
. For instance:
docker run --name forgejo -e FORGEJO__security__INSTALL_LOCK=true codeberg.org/forgejo/forgejo:1.18.1-0
Forgejo hook types
A new forgejo
hook type is available and behaves exactly the same as the existing gitea
hook type. It will be used to implement additional features specific to Forgejo in a way that will be backward compatible with Gitea.
X-Forgejo headers
Wherever a X-Gitea
header is received or sent, an identical X-Forgejo
is added. For instance when a notification mail is sent, the X-Forgejo-Reason
header is set to explain why. Or when a webhook is sent, the X-Forgejo-Event
header is set with push
, tag
, etc. for Woodpecker CI to decide on an action.
Look and feel fixes
The Forgejo theme was modified to take into account user feedback.
Gitea
- API
- Add
sync_on_commit
option for push mirrors api (https://github.com/go-gitea/gitea/pull/22271) (https://github.com/go-gitea/gitea/pull/22292)
- Add
- BUGFIXES
- Update
github.com/zeripath/zapx/v15
(https://github.com/go-gitea/gitea/pull/22485) - Fix pull request API field
closed_at
always beingnull
(https://github.com/go-gitea/gitea/pull/22482) (https://github.com/go-gitea/gitea/pull/22483) - Fix container blob mount (https://github.com/go-gitea/gitea/pull/22226) (https://github.com/go-gitea/gitea/pull/22476)
- Fix error when calculating repository size (https://github.com/go-gitea/gitea/pull/22392) (https://github.com/go-gitea/gitea/pull/22474)
- Fix Operator does not exist bug on explore page with ONLY_SHOW_RELEVANT_REPOS (https://github.com/go-gitea/gitea/pull/22454) (https://github.com/go-gitea/gitea/pull/22472)
- Fix environments for KaTeX and error reporting (https://github.com/go-gitea/gitea/pull/22453) (https://github.com/go-gitea/gitea/pull/22473)
- Remove the netgo tag for Windows build (https://github.com/go-gitea/gitea/pull/22467) (https://github.com/go-gitea/gitea/pull/22468)
- Fix migration from GitBucket (https://github.com/go-gitea/gitea/pull/22477) (https://github.com/go-gitea/gitea/pull/22465)
- Prevent panic on looking at api "git" endpoints for empty repos (https://github.com/go-gitea/gitea/pull/22457) (https://github.com/go-gitea/gitea/pull/22458)
- Fix PR status layout on mobile (https://github.com/go-gitea/gitea/pull/21547) (https://github.com/go-gitea/gitea/pull/22441)
- Fix wechatwork webhook sends empty content in PR review (https://github.com/go-gitea/gitea/pull/21762) (https://github.com/go-gitea/gitea/pull/22440)
- Remove duplicate "Actions" label in mobile view (https://github.com/go-gitea/gitea/pull/21974) (https://github.com/go-gitea/gitea/pull/22439)
- Fix leaving organization bug on user settings -> orgs (https://github.com/go-gitea/gitea/pull/21983) (https://github.com/go-gitea/gitea/pull/22438)
- Fixed colour transparency regex matching in project board sorting (https://github.com/go-gitea/gitea/pull/22092) (https://github.com/go-gitea/gitea/pull/22437)
- Correctly handle select on multiple channels in Queues (https://github.com/go-gitea/gitea/pull/22146) (https://github.com/go-gitea/gitea/pull/22428)
- Prepend refs/heads/ to issue template refs (https://github.com/go-gitea/gitea/pull/20461) (https://github.com/go-gitea/gitea/pull/22427)
- Restore function to "Show more" buttons (https://github.com/go-gitea/gitea/pull/22399) (https://github.com/go-gitea/gitea/pull/22426)
- Continue GCing other repos on error in one repo (https://github.com/go-gitea/gitea/pull/22422) (https://github.com/go-gitea/gitea/pull/22425)
- Allow HOST has no port (https://github.com/go-gitea/gitea/pull/22280) (https://github.com/go-gitea/gitea/pull/22409)
- Fix omit avatar_url in discord payload when empty (https://github.com/go-gitea/gitea/pull/22393) (https://github.com/go-gitea/gitea/pull/22394)
- Don't display stop watch top bar icon when disabled and hidden when click other place (https://github.com/go-gitea/gitea/pull/22374) (https://github.com/go-gitea/gitea/pull/22387)
- Don't lookup mail server when using sendmail (https://github.com/go-gitea/gitea/pull/22300) (https://github.com/go-gitea/gitea/pull/22383)
- Fix gravatar disable bug (https://github.com/go-gitea/gitea/pull/22337)
- Fix update settings table on install (https://github.com/go-gitea/gitea/pull/22326) (https://github.com/go-gitea/gitea/pull/22327)
- Fix sitemap (https://github.com/go-gitea/gitea/pull/22272) (https://github.com/go-gitea/gitea/pull/22320)
- Fix code search title translation (https://github.com/go-gitea/gitea/pull/22285) (https://github.com/go-gitea/gitea/pull/22316)
- Fix due date rendering the wrong date in issue (https://github.com/go-gitea/gitea/pull/22302) (https://github.com/go-gitea/gitea/pull/22306)
- Fix get system setting bug when enabled redis cache (https://github.com/go-gitea/gitea/pull/22298)
- Fix bug of DisableGravatar default value (https://github.com/go-gitea/gitea/pull/22297)
- Fix key signature error page (https://github.com/go-gitea/gitea/pull/22229) (https://github.com/go-gitea/gitea/pull/22230)
- Update
- TESTING
- Remove test session cache to reduce possible concurrent problem (https://github.com/go-gitea/gitea/pull/22199) (https://github.com/go-gitea/gitea/pull/22429)
- MISC
- Restore previous official review when an official review is deleted (https://github.com/go-gitea/gitea/pull/22449) (https://github.com/go-gitea/gitea/pull/22460)
- Log STDERR of external renderer when it fails (https://github.com/go-gitea/gitea/pull/22442) (https://github.com/go-gitea/gitea/pull/22444)
1.18.0-1
This is the first Forgejo release.
Forgejo improvements
Woodpecker CI
A new CI configuration based on Woodpecker CI was created. It is used to:
- run tests on every Forgejo pull request (compliance, unit tests and integration tests)
- publish the Forgejo v1.18.0-1 release, as binary packages for amd64, arm64 and armv6 and container images for amd64 and arm64, root and rootless
Look and feel
The default themes were replaced by Forgejo themes and the landing page was modified to display the Forgejo logo and names but the look and feel remains otherwise identical to Gitea.
Privacy
Gitea instances fetch https://dl.gitea.io/gitea/version.json weekly by default, which raises privacy concerns. In Forgejo this feature needs to be explicitly activated at installation time or by modifying the configuration file. Forgejo also provides an alternative RSS feed to be informed when a new release is published.
Gitea
- SECURITY
- Remove ReverseProxy authentication from the API (https://github.com/go-gitea/gitea/pull/22219) (https://github.com/go-gitea/gitea/pull/22251)
- Support Go Vulnerability Management (https://github.com/go-gitea/gitea/pull/21139)
- Forbid HTML string tooltips (https://github.com/go-gitea/gitea/pull/20935)
- BREAKING
- Rework mailer settings (https://github.com/go-gitea/gitea/pull/18982)
- Remove U2F support (https://github.com/go-gitea/gitea/pull/20141)
- Refactor
i18n
tolocale
(https://github.com/go-gitea/gitea/pull/20153) - Enable contenthash in filename for dynamic assets (https://github.com/go-gitea/gitea/pull/20813)
- FEATURES
- Add color previews in markdown (https://github.com/go-gitea/gitea/pull/21474)
- Allow package version sorting (https://github.com/go-gitea/gitea/pull/21453)
- Add support for Chocolatey/NuGet v2 API (https://github.com/go-gitea/gitea/pull/21393)
- Add API endpoint to get changed files of a PR (https://github.com/go-gitea/gitea/pull/21177)
- Add filetree on left of diff view (https://github.com/go-gitea/gitea/pull/21012)
- Support Issue forms and PR forms (https://github.com/go-gitea/gitea/pull/20987)
- Add support for Vagrant packages (https://github.com/go-gitea/gitea/pull/20930)
- Add support for
npm unpublish
(https://github.com/go-gitea/gitea/pull/20688) - Add badge capabilities to users (https://github.com/go-gitea/gitea/pull/20607)
- Add issue filter for Author (https://github.com/go-gitea/gitea/pull/20578)
- Add KaTeX rendering to Markdown. (https://github.com/go-gitea/gitea/pull/20571)
- Add support for Pub packages (https://github.com/go-gitea/gitea/pull/20560)
- Support localized README (https://github.com/go-gitea/gitea/pull/20508)
- Add support mCaptcha as captcha provider (https://github.com/go-gitea/gitea/pull/20458)
- Add team member invite by email (https://github.com/go-gitea/gitea/pull/20307)
- Added email notification option to receive all own messages (https://github.com/go-gitea/gitea/pull/20179)
- Switch Unicode Escaping to a VSCode-like system (https://github.com/go-gitea/gitea/pull/19990)
- Add user/organization code search (https://github.com/go-gitea/gitea/pull/19977)
- Only show relevant repositories on explore page (https://github.com/go-gitea/gitea/pull/19361)
- User keypairs and HTTP signatures for ActivityPub federation using go-ap (https://github.com/go-gitea/gitea/pull/19133)
- Add sitemap support (https://github.com/go-gitea/gitea/pull/18407)
- Allow creation of OAuth2 applications for orgs (https://github.com/go-gitea/gitea/pull/18084)
- Add system setting table with cache and also add cache supports for user setting (https://github.com/go-gitea/gitea/pull/18058)
- Add pages to view watched repos and subscribed issues/PRs (https://github.com/go-gitea/gitea/pull/17156)
- Support Proxy protocol (https://github.com/go-gitea/gitea/pull/12527)
- Implement sync push mirror on commit (https://github.com/go-gitea/gitea/pull/19411)
- API
- Allow empty assignees on pull request edit (https://github.com/go-gitea/gitea/pull/22150) (https://github.com/go-gitea/gitea/pull/22214)
- Make external issue tracker regexp configurable via API (https://github.com/go-gitea/gitea/pull/21338)
- Add name field for org api (https://github.com/go-gitea/gitea/pull/21270)
- Show teams with no members if user is admin (https://github.com/go-gitea/gitea/pull/21204)
- Add latest commit's SHA to content response (https://github.com/go-gitea/gitea/pull/20398)
- Add allow_rebase_update, default_delete_branch_after_merge to repository api response (https://github.com/go-gitea/gitea/pull/20079)
- Add new endpoints for push mirrors management (https://github.com/go-gitea/gitea/pull/19841)
- ENHANCEMENTS
- Add setting to disable the git apply step in test patch (https://github.com/go-gitea/gitea/pull/22130) (https://github.com/go-gitea/gitea/pull/22170)
- Multiple improvements for comment edit diff (https://github.com/go-gitea/gitea/pull/21990) (https://github.com/go-gitea/gitea/pull/22007)
- Fix button in branch list, avoid unexpected page jump before restore branch actually done (https://github.com/go-gitea/gitea/pull/21562) (https://github.com/go-gitea/gitea/pull/21928)
- Fix flex layout for repo list icons (https://github.com/go-gitea/gitea/pull/21896) (https://github.com/go-gitea/gitea/pull/21920)
- Fix vertical align of committer avatar rendered by email address (https://github.com/go-gitea/gitea/pull/21884) (https://github.com/go-gitea/gitea/pull/21918)
- Fix setting HTTP headers after write (https://github.com/go-gitea/gitea/pull/21833) (https://github.com/go-gitea/gitea/pull/21877)
- Color and Style enhancements (https://github.com/go-gitea/gitea/pull/21784, #21799) (https://github.com/go-gitea/gitea/pull/21868)
- Ignore line anchor links with leading zeroes (https://github.com/go-gitea/gitea/pull/21728) (https://github.com/go-gitea/gitea/pull/21776)
- Quick fixes monaco-editor error: "vs.editor.nullLanguage" (https://github.com/go-gitea/gitea/pull/21734) (https://github.com/go-gitea/gitea/pull/21738)
- Use CSS color-scheme instead of invert (https://github.com/go-gitea/gitea/pull/21616) (https://github.com/go-gitea/gitea/pull/21623)
- Respect user's locale when rendering the date range in the repo activity page (https://github.com/go-gitea/gitea/pull/21410)
- Change
commits-table
column width (https://github.com/go-gitea/gitea/pull/21564) - Refactor git command arguments and make all arguments to be safe to be used (https://github.com/go-gitea/gitea/pull/21535)
- CSS color enhancements (https://github.com/go-gitea/gitea/pull/21534)
- Add link to user profile in markdown mention only if user exists (https://github.com/go-gitea/gitea/pull/21533, #21554)
- Add option to skip index dirs (https://github.com/go-gitea/gitea/pull/21501)
- Diff file tree tweaks (https://github.com/go-gitea/gitea/pull/21446)
- Localize all timestamps (https://github.com/go-gitea/gitea/pull/21440)
- Add
code
highlighting in issue titles (https://github.com/go-gitea/gitea/pull/21432) - Use Name instead of DisplayName in LFS Lock (https://github.com/go-gitea/gitea/pull/21415)
- Consolidate more CSS colors into variables (https://github.com/go-gitea/gitea/pull/21402)
- Redirect to new repository owner (https://github.com/go-gitea/gitea/pull/21398)
- Use ISO date format instead of hard-coded English date format for date range in repo activity page (https://github.com/go-gitea/gitea/pull/21396)
- Use weighted algorithm for string matching when finding files in repo (https://github.com/go-gitea/gitea/pull/21370)
- Show private data in feeds (https://github.com/go-gitea/gitea/pull/21369)
- Refactor parseTreeEntries, speed up tree list (https://github.com/go-gitea/gitea/pull/21368)
- Add GET and DELETE endpoints for Docker blob uploads (https://github.com/go-gitea/gitea/pull/21367)
- Add nicer error handling on template compile errors (https://github.com/go-gitea/gitea/pull/21350)
- Add
stat
toToCommit
function for speed (https://github.com/go-gitea/gitea/pull/21337) - Support instance-wide OAuth2 applications (https://github.com/go-gitea/gitea/pull/21335)
- Record OAuth client type at registration (https://github.com/go-gitea/gitea/pull/21316)
- Add new CSS variables --color-accent and --color-small-accent (https://github.com/go-gitea/gitea/pull/21305)
- Improve error descriptions for unauthorized_client (https://github.com/go-gitea/gitea/pull/21292)
- Case-insensitive "find files in repo" (https://github.com/go-gitea/gitea/pull/21269)
- Consolidate more CSS rules, fix inline code on arc-green (https://github.com/go-gitea/gitea/pull/21260)
- Log real ip of requests from ssh (https://github.com/go-gitea/gitea/pull/21216)
- Save files in local storage as group readable (https://github.com/go-gitea/gitea/pull/21198)
- Enable fluid page layout on medium size viewports (https://github.com/go-gitea/gitea/pull/21178)
- File header tweaks (https://github.com/go-gitea/gitea/pull/21175)
- Added missing headers on user packages page (https://github.com/go-gitea/gitea/pull/21172)
- Display image digest for container packages (https://github.com/go-gitea/gitea/pull/21170)
- Skip dirty check for team forms (https://github.com/go-gitea/gitea/pull/21154)
- Keep path when creating a new branch (https://github.com/go-gitea/gitea/pull/21153)
- Remove fomantic image module (https://github.com/go-gitea/gitea/pull/21145)
- Make labels clickable in the comments section. (https://github.com/go-gitea/gitea/pull/21137)
- Sort branches and tags by date descending (https://github.com/go-gitea/gitea/pull/21136)
- Better repo API unit checks (https://github.com/go-gitea/gitea/pull/21130)
- Improve commit status icons (https://github.com/go-gitea/gitea/pull/21124)
- Limit length of repo description and repo url input fields (https://github.com/go-gitea/gitea/pull/21119)
- Show .editorconfig errors in frontend (https://github.com/go-gitea/gitea/pull/21088)
- Allow poster to choose reviewers (https://github.com/go-gitea/gitea/pull/21084)
- Remove black labels and CSS cleanup (https://github.com/go-gitea/gitea/pull/21003)
- Make e-mail sanity check more precise (https://github.com/go-gitea/gitea/pull/20991)
- Use native inputs in whitespace dropdown (https://github.com/go-gitea/gitea/pull/20980)
- Enhance package date display (https://github.com/go-gitea/gitea/pull/20928)
- Display total blob size of a package version (https://github.com/go-gitea/gitea/pull/20927)
- Show language name on hover (https://github.com/go-gitea/gitea/pull/20923)
- Show instructions for all generic package files (https://github.com/go-gitea/gitea/pull/20917)
- Refactor AssertExistsAndLoadBean to use generics (https://github.com/go-gitea/gitea/pull/20797)
- Move the official website link at the footer of gitea (https://github.com/go-gitea/gitea/pull/20777)
- Add support for full name in reverse proxy auth (https://github.com/go-gitea/gitea/pull/20776)
- Remove useless JS operation for relative time tooltips (https://github.com/go-gitea/gitea/pull/20756)
- Replace some icons with SVG (https://github.com/go-gitea/gitea/pull/20741)
- Change commit status icons to SVG (https://github.com/go-gitea/gitea/pull/20736)
- Improve single repo action for issue and pull requests (https://github.com/go-gitea/gitea/pull/20730)
- Allow multiple files in generic packages (https://github.com/go-gitea/gitea/pull/20661)
- Add option to create new issue from /issues page (https://github.com/go-gitea/gitea/pull/20650)
- Background color of private list-items updated (https://github.com/go-gitea/gitea/pull/20630)
- Added search input field to issue filter (https://github.com/go-gitea/gitea/pull/20623)
- Increase default item listing size
ISSUE_PAGING_NUM
to 20 (https://github.com/go-gitea/gitea/pull/20547) - Modify milestone search keywords to be case insensitive again (https://github.com/go-gitea/gitea/pull/20513)
- Show hint to link package to repo when viewing empty repo package list (https://github.com/go-gitea/gitea/pull/20504)
- Add Tar ZSTD support (https://github.com/go-gitea/gitea/pull/20493)
- Make code review checkboxes clickable (https://github.com/go-gitea/gitea/pull/20481)
- Add "X-Gitea-Object-Type" header for GET
/raw/
&/media/
API (https://github.com/go-gitea/gitea/pull/20438) - Display project in issue list (https://github.com/go-gitea/gitea/pull/20434)
- Prepend commit message to template content when opening a new PR (https://github.com/go-gitea/gitea/pull/20429)
- Replace fomantic popup module with tippy.js (https://github.com/go-gitea/gitea/pull/20428)
- Allow to specify colors for text in markup (https://github.com/go-gitea/gitea/pull/20363)
- Allow access to the Public Organization Member lists with minimal permissions (https://github.com/go-gitea/gitea/pull/20330)
- Use default values when provided values are empty (https://github.com/go-gitea/gitea/pull/20318)
- Vertical align navbar avatar at middle (https://github.com/go-gitea/gitea/pull/20302)
- Delete cancel button in repo creation page (https://github.com/go-gitea/gitea/pull/21381)
- Include login_name in adminCreateUser response (https://github.com/go-gitea/gitea/pull/20283)
- fix: icon margin in user/settings/repos (https://github.com/go-gitea/gitea/pull/20281)
- Remove blue text on migrate page (https://github.com/go-gitea/gitea/pull/20273)
- Modify milestone search keywords to be case insensitive (https://github.com/go-gitea/gitea/pull/20266)
- Move some files into models' sub packages (https://github.com/go-gitea/gitea/pull/20262)
- Add tooltip to repo icons in explore page (https://github.com/go-gitea/gitea/pull/20241)
- Remove deprecated licenses (https://github.com/go-gitea/gitea/pull/20222)
- Webhook for Wiki changes (https://github.com/go-gitea/gitea/pull/20219)
- Share HTML template renderers and create a watcher framework (https://github.com/go-gitea/gitea/pull/20218)
- Allow enable LDAP source and disable user sync via CLI (https://github.com/go-gitea/gitea/pull/20206)
- Adds a checkbox to select all issues/PRs (https://github.com/go-gitea/gitea/pull/20177)
- Refactor
i18n
tolocale
(https://github.com/go-gitea/gitea/pull/20153) - Disable status checks in template if none found (https://github.com/go-gitea/gitea/pull/20088)
- Allow manager logging to set SQL (https://github.com/go-gitea/gitea/pull/20064)
- Add order by for assignee no sort issue (https://github.com/go-gitea/gitea/pull/20053)
- Take a stab at porting existing components to Vue3 (https://github.com/go-gitea/gitea/pull/20044)
- Add doctor command to write commit-graphs (https://github.com/go-gitea/gitea/pull/20007)
- Add support for authentication based on reverse proxy email (https://github.com/go-gitea/gitea/pull/19949)
- Enable spellcheck for EasyMDE, use contenteditable mode (https://github.com/go-gitea/gitea/pull/19776)
- Allow specifying SECRET_KEY_URI, similar to INTERNAL_TOKEN_URI (https://github.com/go-gitea/gitea/pull/19663)
- Rework mailer settings (https://github.com/go-gitea/gitea/pull/18982)
- Add option to purge users (https://github.com/go-gitea/gitea/pull/18064)
- Add author search input (https://github.com/go-gitea/gitea/pull/21246)
- Make rss/atom identifier globally unique (https://github.com/go-gitea/gitea/pull/21550)
- BUGFIXES
- Auth interface return error when verify failure (https://github.com/go-gitea/gitea/pull/22119) (https://github.com/go-gitea/gitea/pull/22259)
- Use complete SHA to create and query commit status (https://github.com/go-gitea/gitea/pull/22244) (https://github.com/go-gitea/gitea/pull/22257)
- Update bleve and zapx to fix unaligned atomic (https://github.com/go-gitea/gitea/pull/22031) (https://github.com/go-gitea/gitea/pull/22218)
- Prevent panic in doctor command when running default checks (https://github.com/go-gitea/gitea/pull/21791) (https://github.com/go-gitea/gitea/pull/21807)
- Load GitRepo in API before deleting issue (https://github.com/go-gitea/gitea/pull/21720) (https://github.com/go-gitea/gitea/pull/21796)
- Ignore line anchor links with leading zeroes (https://github.com/go-gitea/gitea/pull/21728) (https://github.com/go-gitea/gitea/pull/21776)
- Set last login when activating account (https://github.com/go-gitea/gitea/pull/21731) (https://github.com/go-gitea/gitea/pull/21755)
- Fix UI language switching bug (https://github.com/go-gitea/gitea/pull/21597) (https://github.com/go-gitea/gitea/pull/21749)
- Quick fixes monaco-editor error: "vs.editor.nullLanguage" (https://github.com/go-gitea/gitea/pull/21734) (https://github.com/go-gitea/gitea/pull/21738)
- Allow local package identifiers for PyPI packages (https://github.com/go-gitea/gitea/pull/21690) (https://github.com/go-gitea/gitea/pull/21727)
- Deal with markdown template without metadata (https://github.com/go-gitea/gitea/pull/21639) (https://github.com/go-gitea/gitea/pull/21654)
- Fix opaque background on mermaid diagrams (https://github.com/go-gitea/gitea/pull/21642) (https://github.com/go-gitea/gitea/pull/21652)
- Fix repository adoption on Windows (https://github.com/go-gitea/gitea/pull/21646) (https://github.com/go-gitea/gitea/pull/21650)
- Sync git hooks when config file path changed (https://github.com/go-gitea/gitea/pull/21619) (https://github.com/go-gitea/gitea/pull/21626)
- Fix 500 on PR files API (https://github.com/go-gitea/gitea/pull/21602) (https://github.com/go-gitea/gitea/pull/21607)
- Fix
Timestamp.IsZero
(https://github.com/go-gitea/gitea/pull/21593) (https://github.com/go-gitea/gitea/pull/21603) - Fix viewing user subscriptions (https://github.com/go-gitea/gitea/pull/21482)
- Fix mermaid-related bugs (https://github.com/go-gitea/gitea/pull/21431)
- Fix branch dropdown shifting on page load (https://github.com/go-gitea/gitea/pull/21428)
- Fix default theme-auto selector when nologin (https://github.com/go-gitea/gitea/pull/21346)
- Fix and improve incorrect error messages (https://github.com/go-gitea/gitea/pull/21342)
- Fix formatted link for PR review notifications to matrix (https://github.com/go-gitea/gitea/pull/21319)
- Center-aligning content of WebAuthN page (https://github.com/go-gitea/gitea/pull/21127)
- Remove follow from commits by file (https://github.com/go-gitea/gitea/pull/20765)
- Fix commit status popup (https://github.com/go-gitea/gitea/pull/20737)
- Fix init mail render logic (https://github.com/go-gitea/gitea/pull/20704)
- Use correct page size for link header pagination (https://github.com/go-gitea/gitea/pull/20546)
- Preserve unix socket file (https://github.com/go-gitea/gitea/pull/20499)
- Use tippy.js for context popup (https://github.com/go-gitea/gitea/pull/20393)
- Add missing parameter for error in log message (https://github.com/go-gitea/gitea/pull/20144)
- Do not allow organisation owners add themselves as collaborator (https://github.com/go-gitea/gitea/pull/20043)
- Rework file highlight rendering and fix yaml copy-paste (https://github.com/go-gitea/gitea/pull/19967)
- Improve code diff highlight, fix incorrect rendered diff result (https://github.com/go-gitea/gitea/pull/19958)
- TESTING
- Improve OAuth integration tests (https://github.com/go-gitea/gitea/pull/21390)
- Add playwright tests (https://github.com/go-gitea/gitea/pull/20123)
- BUILD
- Switch to building with go1.19 (https://github.com/go-gitea/gitea/pull/20695)
- Update JS dependencies, adjust eslint (https://github.com/go-gitea/gitea/pull/20659)
- Add more linters to improve code readability (https://github.com/go-gitea/gitea/pull/19989)
1.18.0-0
This release was replaced by 1.18.0-1 a few hours after being published because the release process was interrupted.
1.18.0-rc1-2
This is the first Forgejo release candidate.