Gitea 1.22.1

Gitea is a painless self-hosted Git service. It is similar to GitHub, Bitbucket, and GitLab. Gitea is a fork of Gogs. See the Gitea Announcement blog post to read about the justification for a fork. Purpose The goal of this project is to provide the easiest, fastest, and most painless way of setting up a self-hosted Git service. With Go, this can be done with an independent binary distribution across all platforms and architectures that Go supports. This support includes Linux, macOS, and Windows, on architectures like amd64, i386, ARM, PowerPC, and others.

Tags git go
License MITL
State stable

Recent Releases

1.22.105 Jul 2024 13:45 minor feature: SECURITY. Add replacement module for `mholt/archiver`. API. Missing images in editor preview due to wrong links. Duplicate sub-path for avatars. Reduce memory usage for chunked artifact uploads to MinIO. Remove sub-path from container registry realm. NuGet Package API for filter with Id equality. Add an immutable tarball link to archive download headers for Nix. Add missed return after `ctx.ServerError`. . Avatar radius problem on the new page. Overflow menu flickering on mobile. Poor table column width due to breaking words. Support relative paths to videos from Wiki pages. New /pr avatar. Increase max length of org team names from 30 to 255 characters. Line number width in code preview. Optimize runner-tags layout to enhance visual experience. Overflow on push notification. Overflow on notifications. Overflow in card. Split sanitizer functions and fine-tune some tests. Use correct l10n string. Dropzone JS error when attachment is disabled. Web notification icon not updated once you read all notifications. Switch to "Write" tab when edit comment again. The link for.git-blame-ignore-revs bypass. The wrong line number in the diff view page when expanded twice.. Labels and projects menu overflow on page. Account Linking UpdateMigrationsByType. Markdown math brackets render problem. Rendered wiki page link. Natural sort. Allow downloading attachments of draft releases. Repo graph JS. Incorrect localization `explorer.go`. Hash render end with colon. Line number widths. Navbar `+` menu flashing on page load. Adopt repository has empty object name in database. Delete legacy cookie before setting new cookie. Some URLs whose sub-path is missing. Admin oauth2 custom URL settings. Make pasted "img" tag has the same behavior as markdown image. Agit checkout command line hint amp; ShowMergeInstructions checking. The possible migration failure on 286 with postgres 16. Branch order. Markup preview.
1.22.030 May 2024 23:45 minor feature: This release stands as a monumental milestone in our development jour ney with a record-breaking incorporation of 1528 pull requests. It marks the most extensive update in Gitea's history, showcasing a plethora of new features and infrastructure improvements. Noteworthy advancements in this release include the introduction of `HTMX` and `Tailwind`, signaling a strategic shift as we gradually phase out `jquery` and `Fomantic UI`. These changes reflect our commitment to embracing modern technologies and enhancing the user experience. Key highlights of this release encompass significant changes categorized under `BREAKING`, `FEATURES`, `ENHANCEMENTS`, and `PERFORMANCE`, each contributing to a more robust and efficient Gitea platform. BREAKING. Improve reverse proxy documents and clarify the AppURL guessing behavior. Remember log in for a month by default. Breaking summary for template refactoring. All custom templates need to follow these changes. Recommend/convert to use case-sensitive collation for MySQL/MSSQL. Make offline mode as default to not connect external avatar service by default. Include public repos in the doer's dashboard for search. Use restricted sanitizer for repository description. Support storage base path as pre. Enhanced auth token / remember me. Rename the default themes to `gitea-light`, `gitea-dark`, `gitea-auto`. If you didn't see the new themes, please remove the ` ui .THEMES` config option from `app.ini`. Require MySQL 8.0, PostgreSQL 12, MSSQL 2012. FEATURES. Allow everyone to read or write a wiki by a repo unit setting. Use raw Wiki links for non-renderable Wiki files. Render embedded code preview by permalink in markdown. Support repo code search without setting up an indexer. Support pasting URLs over markdown text. Allow to change primary email before account activation. Customizable "Open with" applications for repository clone. Allow options to disable user deletion from the interface on app.ini. Extend
1.23.0-dev26 May 2024 19:05 minor feature: Replace deprecated `math/rand` functions Suggested by logs in #30729. Remove `math/rand.Seed`. `rand.Seed is deprecated: As of Go 1.20 there is no reason to call Seed. with a random value.`. Replace `math/rand.Read`. `rand.Read is deprecated: For almost all use cases, crypto/rand.Read . is more appropriate.`. Replace `math/rand` with `math/rand/v2`, which is available since Go. 1.22.
1.21.1116 Apr 2024 19:25 minor feature: SECURITY. Use go1.21.9 to include Golang security. possible renderer security problem. . file in the Upload func. inline math blocks can't be preceeded/followed by alphanumerical characters. missing 0 preof GPG key id. Include encoding in signature payload. Move from `max( id )` to `max( index )` for latest commit statuses. Load attachments for code comments. gitea doctor will remove repo-avatar files when executing command storage-archives. possible data race on tests. Performance optimization for git push. duplicate migrated milestones. panic for BrokenRepoUnits16961. incorrect SVGs. create commit status. Performance optimization for git push. misuse of unsupported global variables. to delete the cookie when AppSubURL is non-empty. Avoid user does not exist error when detecting schedule actions when the commit author is an external user. Change the default maxPerPage for gitbucket. Check the token's owner and repository when registering a runner. Avoid losing token when updating mirror settings. commit status cache which missed target_url. rename branch 500 when the target branch is deleted but exist in database. mirror error when mirror repo is empty. Use db.ListOptions directly instead of Paginator interface to make it easier to use and performance of /pulls and /. code owners will not be mentioned when a pull request comes from a forked repository. DOCS. Update actions variables documents. MISC. Update katex to 0.16.10. Upgrade go-sqlite to v1.14.22.
1.21.1029 Mar 2024 09:25 minor feature: v1.21.10 . Add/Remove WIP on pull request title failure. misuse of `TxContext`. Respect DEFAULT_ORG_MEMBER_VISIBLE setting when adding creator to org. Escape paths for find file correctly. Remove duplicate option in admin screen and now-unused translation keys. manual merge form and 404 page templates.
1.21.924 Mar 2024 09:25 minor feature: PERFORMANCE. Only do counting when count_only=true for repo dashboard. Add cache for dashboard commit status. ENHANCEMENT. Make runs-on support variable expression. Show Actions post step when it's running. . PR creation via API between branches of the same repo with head field namespaced. And rewrite markup anchor processing. Notify reviewers added via CODEOWNERS. Template error when comment review doesn't exist. User id column case. Make meilisearch do exact search for. The `for` attribute not pointing to the ID of the color picker. Codeowner detected diff base branch to mergebase. Safari spinner rendering. Missing translation on milestones. User router possible panic. Possible NPE in ToPullReviewList. The wrong default value of ENABLE_OPENID_SIGNIN on docs. Solving the of UI disruption when the review is deleted without refreshing. LoadOneBranch panic. Invalid link of the commit status when ref is tagged. Editor error message misleading due to re-used key.. Double border and border-radius on empty action steps. Use `Temporal.PlainDate` for absolute dates. Incorrect package link method calls in templates. The that the user may log out if GetUserByID returns unknown error. Performance improvements for pull request list page. in rerunning jobs.
1.21.814 Mar 2024 07:25 minor feature: SECURITY. Only use supported sort orders for "/explore/users" page. ENHANCEMENTS. Wrong line number in code search result. . Use Get but not Post to get actions artifacts. Inconsistent rendering of block mathematical expressions. Rendering internal file links in org. Don't show AbortErrors on logout. User-defined markup links targets. Incorrect rendering csv file when file size is larger than UI.CSV.MaxFileSize. Hidden test's failure. Add empty repo check-in DetectAndHandleSchedules. When deleting an account with an incorrect password or unsupported login type. Use strict protocol check when redirect. Avoid info panic. Avoid unexpected panic in graceful manager. Make "/user/login" page redirect if the current user has signed in. Workflow trigger event ChangeXXX. Incorrect cookie path for AppSubURL. Queue worker incorrectly stopped when there are still more items in the queue. Incorrect redirection when creating a PR fails. Incorrect subpath in links. Link does not support quotes. amp; comment history. Set pre-step status to `skipped` if the job is skipped. /Improve `processWindowErrorEvent`. Counter display number incorrectly displayed on the page. Workflow trigger event. URL calculation in the clone input box. The job should always run when `if` is `always()`. Template. Not trigger all jobs anymore when re-running the first job. Ignore empty repo for CreateRepository in action notifier. Incorrect tree path value for patch editor. Add missing database transaction for new. When pushing release to an empty repo. Incorrect relative/absolute URL usages. Wrong test usage of `AppSubURL`. Missed return. Ing the when status checks per rule matches multiple actions. Improve contrast on blame timestamp, double border.
1.21.728 Feb 2024 19:05 minor feature: ENHANCEMENTS. Users with `read` permission of pull requests can be assigned too. . Do not double reader. Display friendly error message. project counter in organization/individual profile. validity of the FROM email address not being checked. tarball/zipball download. DOCS. Docker Tag Information in Docs. MISC. Enforce maxlength in frontend.
1.21.624 Feb 2024 05:25 minor feature: v1.21.6 SECURITY. XSS vulnerabilities. Use general token signing secret. API. Refactor template parsing and API endpoint. swift packages not resolving. ENHANCEMENTS. Refactor git version functions and check compatibility. Improve user experience for outdated comments. Hide code links on release page if user cannot read code. Wrap contained tags and branches again. incorrect button CSS usages. Strip trailing newline in markdown code copy. . Remove SSH workaround. Only log error when tag sync fails. SSPI user creation. Improve the `_comment` workflow trigger event. Discard unread data of `git cat-file`. error display when merging PRs. Prevent double use of `git cat-file` session.. missing link on outgoing new release notifications. debian InRelease Acquire-By-Hash newline. Always write proc-receive hook for all git versions. Do not show delete button when time tracker is disabled. Workaround to clean up old reviews on creating a new one. when the linked account was disactived and list the linked accounts. Do not use lower tag names to find releases/tags. missed edit event for actions. Only delete scheduled workflows when needed. Make submit event code work with both jQuery event and native event. push to create with capitalize repo name. Use ghost user if user was not found. Dont load Review if Comment is CommentTypeReviewRequest. Refactor parseSignatureFromCommitLine. Avoid showing unnecessary JS errors when there are elements with different origin on the page. gitea-origin-url with default ports. orgmode link resolving. : Elasticsearch: Request Entity Too Large #28117. Do not render empty comments. Avoid sending update/delete release notice when it is draft. DOCS. Rm outdated docs from some languages. MISC. Implement some action notifier functions. gitea-action user avatar broken on edited menu. Disallow merge when required checked are missing. Convert visibility to number. Load outdated comments when (un)resolvin
1.21.503 Feb 2024 08:05 minor feature: SECURITY. Prevent anonymous container access if `RequireSignInView` is enabled. Update go dependencies and go-git. . Revert "Speed up loading the dashboard on mysql/mariadb ". an actions schedule. update enable_prune even if mirror_interval is not provided. uploaded artifacts should be overwritten backport v1.21. Preserve BOM in web editor. Strip `/` from relative links. Don't remove all mirror repository's releases when mirroring. Implement `MigrateRepository` for the actions notifier. Respect branch info for relative links. Don't reload timeline page when (un)resolving or replying conversation. Only migrate the first 255 chars of a Github title. sort on repository list. `DeleteCollaboration` transaction behaviour. schedule not trigger because matching full ref name with short ref name. migrate storage. archive creating LFS hooks and breaking pull requests. reverting a merge commit failing. Upgrade xorm to v1.3.7 to a resource leak problem caused by Iterate. incorrect PostgreSQL connection string for Unix sockets. ENHANCEMENTS. Make loading animation less aggressive. Avoid duplicate JS error messages on UI. Bump `@github/relative-time-element` to 4.3.1. MISC. Warn that `DISABLE_QUERY_AUTH_TOKEN` is false only if it's explicitly defined. Remove duplicated checkinit on git module.
1.21.417 Jan 2024 15:25 minor feature: SECURITY. Update github.com/cloudflare/circl. Require token for GET subscription endpoint. . Use refname:strip-2 instead of refname:short when syncing tags. links in card. nil pointer panic when exec some gitea cli command. Require token for GET subscription endpoint. button size in "attached header right". `convert.ToTeams` on empty input. Hide code related setting options in repository when code unit is disabled. incorrect URL for "Reference in New ". panic when parsing empty pgsql host. Upgrade xorm to new version which supported update join for all supported databases. alpine package files are not rebuilt. Avoid cycle-redirecting user/login page. empty ref for cron workflow runs. Remove unnecessary syncbranchToDB with tests. Use known IID to generate new PR index number when migrating from GitLab. flex container width. the scroll behavior for emoji/mention list. wrong due date rendering in list page. `status_check_contexts` matching. error of searching commits. Use information from previous blame parts. Update mermaid for 1.21. method not allowed CORS / OIDC. `GetCommitStatuses`. Forbid removing the last admin user. schedule tasks. dependencies. system webhooks API. when private user following user, private user will not be counted in his own view. Render code block in activity tab. ENHANCEMENTS. Rework markup link rendering. Modernize merge button. Speed up loading the dashboard on mysql/mariadb. Assign pull request to project during creation. Show description as tooltip instead of title for labels. Make template `DateTime` show proper tooltip. Switch destination directory for apt signing keys. Include heap pprof in diagnosis report to help deging memory leaks. DOCS. Suggest to use Type=simple for systemd service. Extend description for ARTIFACT_RETENTION_DAYS. MISC. Add -F to commit search to treat keywords as strings. Add download attribute to release attachments. Concatenate error in `checkIfPRContentChange
1.21.322 Dec 2023 14:25 minor feature: SECURITY. Update golang.org/x/crypto. API. merging artifact chunks error when minio storage basepath is set. chore(api): support ignore password if login source type is LDAP for creating user API. Add endpoint for not implemented Docker auth. ENHANCEMENTS. Add option to disable ambiguous unicode characters detection. Refactor SSH clone URL generation code. Polyfill SubmitEvent for PaleMoon. . the ref rendering for wiki. duplicate ID when deleting repo. Only check online runner when detecting matching runners in workflows. Initalize stroage for orphaned repository doctor. possible nil pointer access. Don't show unnecessary citation JS error on UI. DOCS. Update actions document about comparsion as Github Actions. documents for "custom/public/assets/". MISC. inperformant query on retrifing review from database.. Improve the prompt for "ssh-keygen sign". Update docs for DISABLE_QUERY_AUTH_TOKEN. Chinese translation of config cheat sheet API . Retry SSH key verification with additional CRLF if it failed.
1.21.213 Dec 2023 06:05 minor feature: SECURITY. Rebuild with recently released golang version. missing check. Do some missing checks. . margin in server signed signature verification view. object does not exist error when checking citation file. Use `filepath` instead of `path` to create SQLite3 database file. the runs will not be displayed when the main branch have no workflows but other branches have. Handle repository.size column being NULL in migration v263. Convert git commit summary to valid UTF8.. migration panic due to an empty review comment diff. Add `HEAD` support for rpm repo files. RPM/Debian signature key creation. Keep profile tab when clicking on Language. missing search index update when changing status. wrong link in `protect_branch_name_pattern_desc`. Read `previous` info from git blame. Ignore "non-existing" errors when getDirectorySize calculates the size. Use appSubUrl for OAuth2 callback URL tip. Meilisearch: require all query terms to be matched. required error for token name. will be detected as pull request when checking `First-time contributor`. Use full width for project boards. Increase "version" when update the setting value to a same value as before. Also sync DB branches on push if necessary. Make gogit Repository.GetBranchNames consistent. Recover from panic in cron task. Deprecate query string auth tokens. ENHANCEMENTS. Improve doctor cli behavior. margin in server signed signature verification view. Refactor template empty checks. Read `previous` info from git blame. Use full width for project boards. Enable system users search via the API.
1.20.601 Dec 2023 16:25 minor feature: SECURITY. comment permissions. Dont leak private users via extensions. Unify two factor check. Support allowed hosts for webhook to work with proxy. . no ActionTaskOutput table waring. Restricted users only see repos in orgs which their team was assigned to. DownloadFunc when migrating releases. http protocol auth. Revert "orphan check for deleted branch ". label render containing invalid HTML. poster is not loaded in get default merge message. when deleting Docker package with an internal version. attachment download. When comparing with an non-exist repository, return 404 but 500. API. package webhook. org team endpoint. ENHANCEMENTS. Render email addresses as such if followed by punctuation. mermaid flowchart margin. panic in storageHandler. DOCS. Update agit-support.en-us.md. MISC. wrong xorm Delete usage(backport for 1.20). Remove duplicated button in Install web page. Avoid run change title process when the title is same.
1.21.127 Nov 2023 07:05 minor feature: SECURITY. comment permissions. . delete-orphaned-repos. Make CORS work for oauth2 handlers. missing buttons. no ActionTaskOutput table waring. empty action run title. Use "is-loading" to avoid duplicate form submit for code comment. Matrix and MSTeams nil dereference. incorrect pgsql conn builder behavior. system config cache expiration timing. Restricted users only see repos in orgs which their team was assigned to. API. permissions for Token DELETE endpoint to match GET and POST. ENHANCEMENTS. Do not display search box when there's no packages yet. Add missing `packages.cleanup.success`. DOCS. Docs: Replace deprecated IS_TLS_ENABLED mailer setting in email setup. the description about the default setting for action in quick start document. Add guide page to actions when there's no workflows. MISC. Use full width for PR comparison.
1.21.015 Nov 2023 07:45 minor feature: v1.21.0 BREAKING. Restrict certificate type for builtin SSH server. Refactor to use urfave/cli/v2. Move public asset files to the proper directory. Remove commit status running and warning to align GitHub (partially reverted: Restore warning commit status ). Remove "CHARSET" config option for MySQL, always use "utf8mb4". Set SSH_AUTHORIZED_KEYS_BACKUP to false. FEATURES. User details page. Chore(actions): support cron schedule task. Support rebuilding indexer manually. Allow to archive labels. Add disable workflow feature. Support `.git-blame-ignore-revs` file. Pre-register OAuth2 applications for git credential helpers. Add `Retry` button when creating a mirror-repo fails. Artifacts retention and auto clean up. Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known". Implement auto-cancellation of concurrent jobs if the event is push. Newly pushed branches hints on repository home page. Display branch commit status. Add direct serving of package content. Add commits dropdown in PR files view and allow commit by commit review. Allow package cleanup from admin page. Batch delete and improve tippy opts. Show branches and tags that contain a commit. Add actor and status dropdowns to run list. Allow Organisations to have a E-Mail. Add codeowners feature. Actions Artifacts support uploading multiple files and directories. Support configuration variables on Gitea Actions. Support downloading raw task logs. API. Unify two factor check. package webhook. /upload artifact error windows. bad method call when deleting user secrets via API. Do not force creation of _cargo-index repo on publish. Delete repos of org when purge delete user. org team endpoint. Api: GetPullRequestCommits: return file list. Don't let API add 2 exclusive labels from same scope. Redefine the meaning of column is_active to make Actions Registration Token generation easier. PushEvent NullPointerException jenkinsci/github-pl
1.21.0-rc220 Oct 2023 12:05 minor feature: BREAKING. Restrict certificate type for builtin SSH server. Refactor to use urfave/cli/v2. Move public asset files to the proper directory. Remove commit status running and warning to align GitHub. Remove "CHARSET" config option for MySQL, always use "utf8mb4". Set SSH_AUTHORIZED_KEYS_BACKUP to false. SECURITY. Support allowed hosts for webhook to work with proxy. Expanded minimum RSA Keylength to 3072. FEATURES. User details page. Chore(actions): support cron schedule task. Support rebuilding indexer manually. Allow to archive labels. Add disable workflow feature. Support `.git-blame-ignore-revs` file. Pre-register OAuth2 applications for git credential helpers. Add `Retry` button when creating a mirror-repo fails. Artifacts retention and auto clean up. Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known". Implement auto-cancellation of concurrent jobs if the event is push. Newly pushed branches hints on repository home page. Display branch commit status. Add direct serving of package content. Add commits dropdown in PR files view and allow commit by commit review. Allow package cleanup from admin page. Batch delete and improve tippy opts. Show branches and tags that contain a commit. Add actor and status dropdowns to run list. Allow Organisations to have a E-Mail. Add codeowners feature. Actions Artifacts support uploading multiple files and directories. Support configuration variables on Gitea Actions. Support downloading raw task logs. API. Api: GetPullRequestCommits: return file list. Don't let API add 2 exclusive labels from same scope. More `db.DefaultContext` refactor. Redefine the meaning of column is_active to make Actions Registration Token generation easier. Another round of `db.DefaultContext` refactor. PushEvent NullPointerException jenkinsci/github-plugin. organization field being null in POST /orgs/ orgid /teams. Allow empty Conan files. Next round of `db.DefaultCont
1.20.504 Oct 2023 10:45 minor feature: ENHANCEMENTS. z-index on markdown completion. Use secure cookie for HTTPS sites. . git 2.11 error when checking IsEmpty. Allow get release download files and lfs files with oauth2 token format. orphan check for deleted branch. Quote table `release` in sql queries. release URL in webhooks. successful return value for `SyncAndGetUserSpecificDiff`. pagination for followers and following. templates when blank isses are disabled. context cache amp; enable context cache for dashabord commits' authors. INI parsing for value with trailing slash. PushEvent NullPointerException jenkinsci/github-plugin. organization field being null in POST /orgs/ orgid /teams. of review request number. TESTING. services/wiki: () after error handling. DOCS. Improve actions docs related to `pull_request` event. MISC. Add logs for data broken of comment review. Load reviewer before sending notification.
1.20.409 Sep 2023 13:25 minor feature: SECURITY. Check blocklist for emails when adding them to account. ENHANCEMENTS. Add `branch_filter` to hooks API endpoints. incorrect "tabindex" attributes. Use line-height: normal by default. unable to display individual-level project. . wrong review requested number. Avoid double-unescaping of form value. Redirect from ` repo //new` to ` repo //new/choose` when blank are disabled. Sync tags when adopting repos. verifyCommits error when push a new branch. Include the GITHUB_TOKEN/GITEA_TOKEN secret for fork pull requests. some slice append usages. Add incorrect can_create_org_repo for org owner team. for ctx usage. Make template field template access correct template data. Use correct minio error. Ignore the trailing slashes when comparing oauth2 redirect_uri. Set errwriter for urfave/cli v1. reopen logic for agit flow pull request. context filter has no effect in dashboard. being unable to use a repo that prohibits accepting PRs as a PR source.. Page Not Found error.
1.20.321 Aug 2023 10:45 minor feature: BREAKING. the wrong derive path. SECURITY. API leaking Usermail if not logged in. FEATURES. Add ThreadID parameter for Telegram webhooks. ENHANCEMENTS. Add minimum polyfill to support "relative-time-element" in PaleMoon. dark theme highlight for "NameNamespace". Detect ogg mime-type as audio or video. Use `object-fit: contain` for oauth2 custom icons. Move dropzone progress bar to bottom to show filename when uploading. Remove last newline from config file. Minio: add missing region on client initialization. Add pull request review request webhook event. text truncate. incorrect color of selected assignees when create. Display human-readable text instead of cryptic filemodes. Hide `last indexed SHA` when a repo could not be indexed yet. the topic validation rule and suport dots. due date rendering the wrong date in. Don't autosize textarea in diff view. commit compare style. Warn instead of reporting an error when a webhook cannot be found. . Use "input" event instead of "keyup" event for migration form. Do not use deprecated log config options by default. "ReposQueryPattern does not match query". Sync repo's IsEmpty status correctly. project filter. Use `hidden` over `clip` for text truncation. Set "type=button" for editor's toolbar buttons. NuGet search endpoints. storage path logic especially for relative paths. stdout correctly for "git blame". Check first if minio bucket exists before trying to create it. Avoiding accessing undefined tributeValues #26461. Call git.InitSimple for runRepoSyncReleases. Add transaction when creating pull request created dirty data. wrong middleware sequence. admin queue page title and CI failures. Introduce ctx.PathParamRaw to avoid incorrect unescaping. Bypass MariaDB performance of the "IN" sub-query, incorrect Index. incorrect CLI exit code and duplicate error message. Prevent newline errors with Debian packages. with sqlite load read. Make git batch operations use parent context
1.20.230 Jul 2023 07:45 minor feature: ENHANCEMENTS. Calculate MAX_WORKERS default value by CPU number. Display deprecated warning in admin panel pages as well as in the log file. . allowed user types setting problem. handling of plenty Nuget package versions. UI regression of asciinema player. LFS object list style. allowed user types setting problem. Prevent primary key update on migration. when pushing to a pull request which enabled dismiss approval automatically. in LFS meta garbage collection. Update xorm version. Remove "misc" scope check from public API endpoints. CLI allowing creation of access tokens with existing name. incorrect router logger. Improve commit graph alignment and truncating. Avoid writing config file if not installed. escape problems in the branch selector. handling of Debian files with trailing slash. Missing 404 swagger response docs for /admin/users/ username . Use stderr as fallback if the log file can't be opened. Increase table cell horizontal padding. wrong workflow status when rerun a job in an already finished workflow. duplicated url preon context menu.
1.20.124 Jul 2023 00:25 minor feature: SECURITY. Disallow dangerous URL schemes. ENHANCEMENTS. Show the mismatched ROOT_URL warning on the sign-in page if OAuth2 is enabled. Make pending commit status yellow again. . version in rpm repodata/primary.xml.gz. env config parsing for "GITEA____APP_NAME". ParseScope with owner/repo always sets owner to zero. SSPI auth panic. Avoid creating directories when loading config. Make environment-to-ini work with INSTALL_LOCK=true. Ignore `runs-on` with expressions when warning no matched runners. Avoid opening/closing PRs which are already merged. DOCS. RPM Registry: Show zypper commands for SUSE based distros as well. Correctly refer to dev tags as nightly in the docker docs. Update path related documents. MISC. Adding remaining enum for migration repo model type.. the route for pull-request's authors. commit status color on dashboard repolist. Avoid hard-coding height in language dropdown menu. Add shutting down notice. incorrect milestone count when provide a keyword.
1.20.017 Jul 2023 12:45 minor feature: BREAKING. WORK_DIR for docker (root) image. Restrict ` actions .DEFAULT_ACTIONS_URL` to only `github` or `self`. Refactor path amp; config system. all possible setting error related storages and added some tests. Use a separate admin page to show global stats, remove `actions` stat. Remove the service worker. Remove meta tags `theme-color` and `default-theme`. Use ` git.config ` for reflog cleaning up. Allow all URL schemes in Markdown links by default. Redesign Scoped Access Tokens. team members API endpoint pagination. Rewrite logger system. Increase default LFS auth timeout from 20m to 24h. Rewrite queue. Remove unused setting `time.FORMAT`. Refactor `setting.Other` and remove unused `SHOW_FOOTER_BRANDING`. Correct the access log format. Reserve ".png" suffor user/org names. Prefer native parser for SSH public key parsing. Editor preview support for external renderers. Add Gitea Profile Readmes. Refactor `ctx` in templates. SECURITY. Test if container blob is accessible before mounting. Set type="password" on all auth_token fields. FEATURES. Add button on diff header to copy file name, misc diff header tweaks. API endpoint for changing/creating/deleting multiple files. Support changing git config through `app.ini`, use `diff.algorithm=histogram` by default. Add up and down arrows to selected lookup repositories. Add Go package registry. Add status indicator on main home screen for each repo. Support for status check pattern. Implement Cargo HTTP index. Add Debian package registry. Add the ability to pin. Add follow organization and the logic of following page. Allow `webp` images as avatars. Support upload `outputs` and use `needs` context on Actions. Allow adding new files to an empty repo. Make wiki title supports dashes and improve wiki name related features. Add monospace toggle button to textarea. Use auto-updating, natively hoverable, localized time elements. Add ntlm authentication support for mail. Add CLI c
1.19.405 Jul 2023 15:45 minor feature: v1.19.4 SECURITY. open redirect check for more cases. API. Return `404` in the API if the requested webhooks were not found. `organization` field being `null` in `GET /api/v1/teams/ id `. ENHANCEMENTS. Set `--font-weight-bold` to 600. Make mailer SMTP check have timed context. Do not select line numbers when selecting text from the action run logs. . when change user name. task list checkbox toggle to work with YAML front matter. Hide limited users if viewed by anonymous ghost. Add `WithPullRequest` for `actionsNotifier`. parallelly generating index failure with Mysql. GitLab migration: Sanitize response for reaction list. users cannot visit attachment. missing reference preof commits when sync mirror repository. Only validate changed columns when update user. Make Deleteuse correct context. topics deleted via API not being deleted in org page. Actions being enabled accidentally. missed table name on iterate lfs meta objects. safari cookie session. Respect original content when creating secrets. Pull Mirror out-of-sync. run list broken when trigger user deleted. list page multiple selection update milestones. : release page for empty or non-existing target. org projects. Refresh the refernce of the PR when reopening. the permission of team's `Actions` unit. Bump go.etcd.io/bbolt and blevesearch deps. new wiki page mirror. Match unqualified references when syncing pulls as well. DOCS. Change branch name from master to main in some documents' links. Remove unnecessary content on docs. Unify doc links to use paths relative to doc folder. docs documenting invalid `@every` for `OLDER_THAN` cron settings. MISC. Merge different languages for language stats. Hiding Secrets options when Actions feature is disabled. Improve decryption failure message. Makefile: Use portable !, not GNUish -not, with find(1)..
1.20.0-rc124 Jun 2023 07:25 minor feature: repo search broken because of profile page added Backport #25455 by @lunny. Caused by #23260. Co-authored-by: Lunny Xiao lt;xiaolunwen@gmail.com gt;.
1.21.0-dev08 Jun 2023 07:05 minor feature: Swagger documentation for multiple files API endpoint Some with the swagger documentation for the new multiple. Files API endpoint which were overlooked when submitting the. Original PR: 1. add some missing parameter descriptions. 2. set correct `required` option for required parameters. 3. change endpoint description to match it full functionality (every. Kind of file modification is supported, not just creating and updating).
1.19.304 May 2023 03:25 minor feature: SECURITY. Use golang 1.20.4 to CVE-2023-24539, CVE-2023-24540, and CVE-2023-29400. ENHANCEMENTS. Enable whitespace rendering on selection in Monaco. Improve milestone filter on page. . api error message if fork exists. user-cards format. incorrect CurrentUser check for docker rootless. Getting the tag list does not require being signed in.
1.19.228 Apr 2023 07:05 minor feature: SECURITY. Require repo scope for PATs for private repos and basic authentication. Only delete secrets belonging to its owner. API. typo in API route. access token on some public endpoints. ENHANCEMENTS. broken clone script on an empty archived repo. Monaco IOS keyboard button. Don't set meta `theme-color` by default. Wrap too long push mirror addresses. Add --font-weight-bold and set previous bold to 601. Unify nightly naming across binaries and docker images. footer display. label color, divider in dropdown. Vertical widths of containers removed. Use correct locale key for forks page. Sort repo topic labels by name. Highlight selected file in the PR file tree. . auth check. Add tags list for repos whose release setting is disabled. wrong error info in RepoRefForAPI. no edit//delete button in org repo project view page. Respect the REGISTER_MANUAL_CONFIRM setting when registering via OIDC. Remove org users who belong to no teams. when deleting wiki with no code write permission. Handle canceled workflow as a warning instead of a fail. Load reviewer for comments when dismissing a review. Show commit history for /merged PRs. owner team access mode value in team_unit table. attachment handling. incorrect CORS default values. template error in pull request with deleted head repo. Don't list root repository on compare page if pulls not allowed. calReleaseNumCommitsBehind. Org edit page : renaming detection, maxlength. Update redis library to support redis v7. Use 1.18's aria role for dropdown menus. dot direct compare to use the right base commit. incorrect server error content in RunnersList. mismatch between hook events and github event types. BUILD. Support converting varchar to nvarchar for mssql database.
1.19.113 Apr 2023 03:18 minor feature: BREAKING. Rename actions unit to `repo.actions` and add docs for it. ENHANCEMENTS. Add card type to org/user level project on creation, edit and view. Refactor commit status for Actions jobs. Show errors for KaTeX and mermaid on the preview tab. Show protected branch rule names again. Adjust sticky PR header to cover background. Discolor pull request tab labels. Treat PRs with agit flow as fork PRs when triggering actions.. Left-align review comments. image border-radius. Scroll collapsed file into view. code view (diff) broken layout. Org pages style. user profile description rendering. review box viewport overflow. Prefill input values in OAuth settings as intended. CSS color tweaks. incorrect visibility dropdown list in add/edit user page. Add CSS rules for basic colored labels. Add creation time in tag list page. br display for packages curls. due date edit toggle. Improve commit graph page UI alignment. Use GitHub Actions compatible globbing for `branches`, `tag`, `path` filter. Redirect to project again after editing it. Remove row clicking from notification table. Remove conflicting CSS rules on notifications, improve notifications table. diff tree height and adjust target file style. . Improve error logging for LFS. custom mailer template on Windows platform. Update the value of `diffEnd` when clicking the `Show More` button in the DiffFileTree. Make label templates have consistent behavior and priority. accidental overwriting of LDAP team memberships. branch protection priority. Use actions job link as commit status URL instead of run link. Add actions support to package auth verification. protected branch for API. Do not escape space between PyPI repository URL and package name . redirect when creating from a project. Set `ref` to fully-formed of the tag when trigger event is `release`. Use Get/Set instead of Rename when regeneratin
1.19.021 Mar 2023 18:25 minor feature: BREAKING. Add loading yaml label template files. Make and code search support camel case for Bleve. Repositories: by default disable all units except code and pulls on forks. Support template for merge message description. Remove ONLY_SHOW_RELEVANT_REPOS setting. Implement actions. Remove deprecated DSA host key from Docker Container. Improve valid user name check. SECURITY. Return 404 instead of 403 if user can not access the repo. Support scoped access tokens. FEATURES. Add support for commit cross references. Scoped labels. Add Chef package registry. Support asciicast files as new markup. cgo cross-compile for freebsd. Add cron method to gc LFS MetaObjects. Add new captcha: cloudflare turnstile. Enable `@ lt;user gt;`- completion popup on the release description textarea. make / username .png redirect to user/org avatar. Add Conda package registry. Support org/user level projects. Add Mermaid copy button. Add user secrets. Secrets storage with SecretKey encrypted. Preview images for cards in Project Board view. Add support for incoming emails. Add Cargo package registry. Add option to prohibit fork if user reached maximum limit of repositories. Add attention blocks within quote blocks for `Note` and `Warning`. Add Feed for Releases and Tags. Add package registry cleanup rules. Add "Copy" button to file view of raw text. Allow disable sitemap. Add package registry quota limits. Map OIDC groups to Orgs/Teams. Keep languages defined in.gitattributes. Add Webhook authorization header. Supports wildcard protected branch. Copy citation file content, in APA and BibTex format, on repo home page. API. Match api migration behavior to web behavior. Purge API comment. User creation API: allow custom "created" timestamps. Add `updated_at` field to PullReview API object. Add API management for /pull and comment attachments. Add API endpoint to get latest release. Support system hook API. ENHANCEMENTS. Add `.patch` to `atta
1.18.420 Feb 2023 11:05 minor feature: SECURITY. Provide the ability to set password hash algorithm parameters. Add command to bulk set must-change-password. ENHANCEMENTS. Use import of OCI structs. color of tertiary button on dark theme. Link and pull requests status change in UI notifications directly to their event in the timelined view.. . Notify on container image create. blame view missing lines. incorrect role labels for migrated and comments. PR file tree folders no longer collapsing. Escape filename when assemble URL. isAllowed of escapeStreamer. Load before accessing index in merge message. Improve trace logging for pulls and processes. restore repo, clarify the problem of ForeignIndex. Add default user visibility to cli command "admin user create". Escape path for the file list. with WebAuthn preventing sign in and registration.. Add missing bracket in imagediff. Move code comments to a standalone file and the when adding a reply to an outdated review appears to not post. line spacing for plaintext previews. wrong hint when deleting a branch successfully from pull request UI. README TOC links. missing message in git hook when pull requests disabled on fork. Improve checkIfPRContentChanged. Prevent duplicate labels when importing more than 99. Don't return duplicated users who can create org repo. BUILD. Upgrade golangcilint to v1.51.0. MISC. Use proxy for pull mirror. Use `--index-url` in PyPi description.
1.18.327 Jan 2023 13:05 minor feature: SECURITY. Prevent multiple `To` recipients. . Truncate commit summary on repo files table.. Mute all links in timeline.
1.18.223 Jan 2023 07:05 minor feature: . When updating by rebase we need to set the environment for head repo. Not auto-closing when it includes a reference to a branch. Invalid branch reference if not specified in template. Error viewing pull request when fork has pull requests disabled. Reliable selection of admin user. Set disable_gravatar/enable_federated_avatar when offline mode is true. BUILD. Cgo cross-compile for freebsd.
1.18.120 Jan 2023 00:05 minor feature: API. Add `sync_on_commit` option for push mirrors api. . Update `github.com/zeripath/zapx/v15`. pull request API field `_at` always being `null`. container blob mount. error when calculating repository size. Operator does not exist on explore page with ONLY_SHOW_RELEVANT_REPOS. environments for KaTeX and error reporting. Remove the netgo tag for Windows build. migration from GitBucket. Prevent panic on looking at api "git" endpoints for empty repos. PR status layout on mobile. wechatwork webhook sends empty content in PR review. Remove duplicate "Actions" label in mobile view. leaving organization on user settings - gt; orgs. colour transparency regex matching in project board sorting. Correctly handle select on multiple channels in Queues. Prepend refs/heads/ to template refs. Restore function to "Show more" buttons. Continue GCing other repos on error in one repo. Allow HOST has no port. omit avatar_url in discord payload when empty. Don't display stop watch top bar icon when disabled and hidden when click other place. Don't lookup mail server when using sendmail. gravatar disable. update settings table on install. sitemap. code search title translation. due date rendering the wrong date in. get system setting when enabled redis cache. of DisableGravatar default value. key signature error page. TESTING. Remove test session cache to reduce possible concurrent problem. MISC. Restore previous official review when an official review is deleted. Log STDERR of external renderer when it fails.
1.18.030 Dec 2022 07:05 minor feature: SECURITY. Remove ReverseProxy authentication from the API. Support Go Vulnerability Management. Forbid HTML string tooltips. BREAKING. Rework mailer settings. Remove U2F support. Refactor `i18n` to `locale`. Enable contenthash in filename for dynamic assets. FEATURES. Add color previews in markdown. Allow package version sorting. Add support for Chocolatey/NuGet v2 API. Add API endpoint to get changed files of a PR. Add filetree on left of diff view. Support forms and PR forms. Add support for Vagrant packages. Add support for `npm unpublish`. Add badge capabilities to users. Add filter for Author. Add KaTeX rendering to Markdown.. Add support for Pub packages. Support localized README. Add support mCaptcha as captcha provider. Add team member invite by email. Added email notification option to receive all own messages. Switch Unicode Escaping to a VSCode-like system. Add user/organization code search. Only show relevant repositories on explore page. User keypairs and HTTP signatures for ActivityPub federation using go-ap. Add sitemap support. Allow creation of OAuth2 applications for orgs. Add system setting table with cache and also add cache supports for user setting. Add pages to view watched repos and subscribed /PRs. Support Proxy protocol. Implement sync push mirror on commit. API. Allow empty assignees on pull request edit. Make external tracker regexp configurable via API. Add name field for org api. Show teams with no members if user is admin. Add latest commit's SHA to content response. Add allow_rebase_update, default_delete_branch_after_merge to repository api response. Add new endpoints for push mirrors management. ENHANCEMENTS. Add setting to disable the git apply step in test patch. Multiple improvements for comment edit diff. button in branch list, avoid unexpected page jump before restore branch actually done. flex layout for repo list icons. vertical align of committer avatar rendered by email a
1.17.422 Dec 2022 15:25 minor feature: SECURITY. Do not allow Ghost access to limited visible user/org. package access for admins and inactive users. ENHANCEMENTS. button in branch list, avoid unexpected page jump before restore branch actually done. vertical align of committer avatar rendered by email address. setting HTTP headers after write. Ignore line anchor links with leading zeroes. Enable Monaco automaticLayout. . Do not list active repositories as unadopted. Correctly handle moved files in apply patch. condition for is_internal. permission check on /pull lock. sorting admin user list by last login. Workaround for container registry push/pull errors. /PR numbers. Handle empty author names. ListBranches to handle empty case. enabling partial clones on 1.17. Prevent panic in doctor command when running default checks. Upgrade golang.org/x/crypto. Init git module before database migration. Set last login when activating account. Add HEAD to gitea doctor. UI language switching. Remove semver compatible flag and change pypi to an array of test cases. Allow local package identifiers for PyPI packages. repository adoption on Windows. Sync git hooks when config file path changed. Added check for disabled Packages. `Timestamp.IsZero`. count. Support binary deploy in npm packages. Update milestone counters when is deleted. SessionUser protection against nil pointer dereference. Case-insensitive NuGet symbol file GUID. Suppress `ExternalLoginUserNotExist` error. Prevent Authorization header for presigned LFS urls. Update binding to. generating compare link. Ignore error when retrieving changed PR review files. incorrect notification commit url. Display total commit count in hook message. Enforce grouped NuGet search results. Return 404 when user is not found on avatar. Normalize NuGet package version on upload. MISC. Check for zero time instant in TimeStamp.IsZero(). warn in database structs sync. Allow for resolution of NPM registry paths that match upstr
1.18.0-rc125 Nov 2022 15:25 minor feature: BREAKING. Remove U2F support. FEATURES. Add color previews in markdown. Allow package version sorting. Add support for Chocolatey/NuGet v2 API. Add API endpoint to get changed files of a PR. Add filetree on left of diff view. Support forms and PR forms. Add support for Vagrant packages. Add support for `npm unpublish`. Add badge capabilities to users. Add filter for Author. Add KaTeX rendering to Markdown.. Add support for Pub packages. Support localized README. Add support mCaptcha as captcha provider. Add team member invite by email. Added email notification option to receive all own messages. Switch Unicode Escaping to a VSCode-like system. Add user/organization code search. Only show relevant repositories on explore page. User keypairs and HTTP signatures for ActivityPub federation using go-ap. Add sitemap support. Allow creation of OAuth2 applications for orgs. Add system setting table with cache and also add cache supports for user setting. Add pages to view watched repos and subscribed /PRs. Support Proxy protocol. Implement sync push mirror on commit. API. Make external tracker regexp configurable via API. Add name field for org api. Show teams with no members if user is admin. Add latest commit's SHA to content response. Add allow_rebase_update, default_delete_branch_after_merge to repository api response. Add new endpoints for push mirrors management. ENHANCEMENTS. Use CSS color-scheme instead of invert. Respect user's locale when rendering the date range in the repo activity page. Change `commits-table` column width. Refactor git command arguments and make all arguments to be safe to be used. CSS color enhancements. Add link to user profile in markdown mention only if user exists. Add option to skip index dirs. Diff file tree tweaks. Localize all timestamps. Add `code` highlighting in titles. Use Name instead of DisplayName in LFS Lock. Consolidate more CSS colors into variables. Redirect to new reposito
1.17.316 Oct 2022 07:45 minor feature: Changelog SECURITY. Sanitize and Escape refs in git backend. Bump `golang.org/x/text`. Update bluemonday. ENHANCEMENTS. empty container layer history and UI. Use en-US as fallback when using other default language. Make the vscode clone link respect transport protocol. . Do DB update after merge in hammer context. Add Num ,Pulls stats checks. Stop logging CheckPath returns error: context canceled. Parse OAuth Authorization header when request omits client secret. Ignore port for loopback redirect URIs. Set SemverCompatible to false for Conan packages. Tag list should include draft releases with existing tags. linked account translation. Make NuGet service index publicly accessible. Foreign ID conflicts if ID is 0 for each item. Use absolute links in feeds. Prevent invalid behavior for file reviewing when loading more files. Respect `REQUIRE_SIGNIN_VIEW` for packages. Treat git object mode 40755 as directory. Allow uppercase ASCII alphabet in PyPI package names. limited user cannot view himself's profile. template of admin monitor. reaction of. CSV diff for added/deleted files. pagination limit parameter problem. TESTING. missing m.Run() in TestMain. BUILD. Use Go 1.19 fmt for Gitea 1.17, sync emoji data.
1.17.208 Sep 2022 03:05 minor feature: SECURITY. Double check CloneURL is acceptable. Add more checks in migration code. ENHANCEMENTS. hard-coded timeout and error panic in API archive download endpoint. Improve arc-green code theme. Enable contenthash in filename for dynamic assets. Don't open new page for ext wiki on same repository. Disable doctor logging on panic. Remove calls to load Mirrors in user.Dashboard. Update codemirror to 5.65.8. Rework repo buttons. . Ensure delete user deletes all comments. Delete unreferenced packages when deleting a package version. Redirect if user does not exist on admin pages. Set uploadpack.allowFilter etc on gitea serv to enable partial clones with ssh. on time in timeline API. Fill the specified ref in webhook test payload. Add another index for Action table on postgres. broken insecureskipverify handling in redis connection uris. Add Dev, Peer and Optional dependencies to npm PackageMetadataVersion. Do not add links to Posters or Assignees with ID lt; 0. modified due date message. missed sort. input.value attr for RequiredClaimName/Value. Change review buttons to icons to make space for text. download archiver of a commit. Return 404 NotFound if requested attachment does not exist. Set no-tags in git fetch on compare. Allow multiple metadata files for Maven packages. Increase Content field size of gpg_key and public_key to MEDIUMTEXT. mirror address setting not working. push mirror address backend get error Address cause setting page display error. panic when an invalid oauth2 name is passed. In PushMirrorsIterate and MirrorsIterate if limit is negative do not set it. Ensure that graceful start-up is informed of unused SSH listener. Pad GPG Key ID with preceding zeroes. SQL Query for `SearchTeam`. the mode of custom dir to 0700 in docker-rootless. UI mis-align for PR commit history.
1.17.119 Aug 2022 03:25 minor feature: SECURITY. Correctly escape within tribute.js. ENHANCEMENTS. Add support for NuGet API keys. Display project in list. Add disable download source configuration. Add username check to doctor. Enable Wire 2 for Internal SSH Server. . Use the total count for UI. Add proxy host into allow list. Add missing translation for queue flush workers. Improve comment header for mobile. git.Init for doctor sub-command. Check webhooks slice length before calling xorm. Remove manual rollback for failed generated repositories. Use correct field name in npm template. Keep download count on Container tag overwrite. v220 migration to be compatible for MSSQL 2008 r2. Use request timeout for git service rpc. Send correct NuGet status codes. Use correct context to get package content. the JS error "EventSource is not defined" caused by some non-standard browsers. Add default commit messages to PR for squash merge. package upload for files gt;32mb. the new-line copy-paste for rendered code. Clean up and clone button script. default merge style. Add repository condition for count. Make branch icon stand out more. loading button with invalid form. SecToTime edge-cases. Executable check always returns true for windows. Check labels slice length before calling xorm Insert. owners cannot create organization repos. Prevent 500 is head repo does not have PullRequest unit in IsUserAllowedToUpdate.
1.17.031 Jul 2022 03:19 minor feature: v1.17.0 BREAKING. Require go1.18 for Gitea 1.17. Make AppDataPath absolute against the AppWorkPath if it is not. Nuke the incorrect permission report on /api/v1/notifications. Refactor git module, make Gitea use internal git config. Remove `RequireHighlightJS` field, update plantuml example.. Increase minimal required git version to 2.0. Add a directory pre`gitea-src-VERSION` to release-tar-file. Use "main" as default branch name. Make cron task no notice on success. Add pam account authorization check. Show messages for users if the ROOT_URL is wrong, show JavaScript errors. Refactor mirror code amp; StartToMirror. Remove deprecated SSH ciphers from default. Add the possibility to allow the user to have a favicon which differs from the main logo. Update reserved usernames list. Support custom ACME provider. Change initial TrustModel to committer. Update HTTP status codes. Upgrade Alpine from 3.13 to 3.15. Restrict email address validation. Refactor Router Logger. SECURITY. Use git.HOME_PATH for Git HOME directory. Add write check for creating Commit Statuses. Remove deprecated SSH ciphers from default. FEDERATION. Return statistic information for nodeinfo. Add Webfinger endpoint. Store the foreign ID of during migration. FEATURES. Automatically render wiki TOC. Adding button to link accounts from user settings. Allow set default merge style while creating repo. Auto merge pull requests when all checks succeeded. Improve reviewing PR UX. Add support for rendering console output with colors. Add Helm Chart registry. Add Goroutine stack inspector to admin/monitor. RSS/Atom support for Orgs amp; Repos. Add button for deletion. Allow to mark files in a PR as viewed. Add Index to comment for migrations and mirroring. Add health check endpoint. Add packagist webhook. Add "Allow edits from maintainer" feature. Add apply-patch, basic reve
1.17.0-rc220 Jul 2022 08:05 minor feature: SECURITY. Use git.HOME_PATH for Git HOME directory. Add write check for creating Commit Statuses. ENHANCEMENTS. Make notification bell more prominent on mobile. Adjust max-widths for the repository file table. Display full name. . Allow RSA 2047 bit keys. Add missing return for when topic isn't found. commit status icon when in subdirectory. Initialize cron last. Set target on create release with existing tag. Update xorm.io/xorm to a interpreting db column sizes on 32bit systems. Make sure `repo_dir` is an empty directory or doesn't exist before 'dump-repo'. Prevent context deadline error propagation in GetCommitsInfo. Correctly handle draft releases without a tag. Prevent "empty" scrollbars on Firefox. Refactor SSH init code, directory creation for TrustedUserCAKeys file. Bump goldmark to v1.4.13. Do not create empty ".ssh" directory when loading config. NPE when using non-numeric. Store read access in access for team repositories. EscapeFilter the group dn membership. Only show Followers that current user can access. Update Bluemonday to v1.0.19. Reindices on actions table. Check if project has the same repository id with when assign project to. remove file on initial comment. Catch the error before the response is processed by goth. Dashboard feed respect setting.UI.FeedPagingNum again. Alter hook_task TEXT fields to LONGTEXT. Respond with a 401 on git push when password isn't changed yet. Return 404 when tag is broken.
1.16.913 Jul 2022 14:05 minor feature: v1.16.9 SECURITY. Add write check for creating Commit status. Check for permission when fetching user controlled. . Hide notify mail setting ui if not enabled. Add write check for creating Commit status. Only show Followers that current user can access. Release page show all tags in compare dropdown. permission check for delete tag. Only log non ErrNotExist errors in git.GetNote. Use exact search instead of fuzzy search for branch filter dropdown. Set Setpgid on child git processes. Import git from alpine 3.16 repository as 2.30.4 is needed for `safe.directory = '*'` to work but alpine 3.13 has 2.30.3. Ensure responses are context.ResponseWriters. incorrect usage of `Count` function. raw endpoint PDF file headers. Make WIP precase insensitive, e.g. allow `Draft` as a WIP pre. Don't return 500 on NotificationUnreadCount. Prevent NPE when cache service is disabled. Detect truncated utf-8 characters at the end of content as still representing utf-8. doctor pq: syntax error at or near "." quote user table name. with assigneees.
1.17.0-rc121 Jun 2022 03:15 minor feature: v1.17.0-rc1 BREAKING. Require go1.18 for Gitea 1.17. Make AppDataPath absolute against the AppWorkPath if it is not. Nuke the incorrect permission report on /api/v1/notifications. Refactor git module, make Gitea use internal git config. Remove `RequireHighlightJS` field, update plantuml example.. Increase minimal required git version to 2.0. Add a directory pre`gitea-src-VERSION` to release-tar-file. Use "main" as default branch name. Make cron task no notice on success. Add pam account authorization check. Show messages for users if the ROOT_URL is wrong, show JavaScript errors. Refactor mirror code amp; StartToMirror. Remove deprecated SSH ciphers from default. Add the possibility to allow the user to have a favicon which differs from the main logo. Update reserved usernames list. Support custom ACME provider. Change initial TrustModel to committer. Update HTTP status codes. Upgrade Alpine from 3.13 to 3.15. Restrict email address validation. Refactor Router Logger. SECURITY. Remove deprecated SSH ciphers from default. FEDERATION. Return statistic information for nodeinfo. Add Webfinger endpoint. Store the foreign ID of during migration. FEATURES. Automatically render wiki TOC. Adding button to link accounts from user settings. Allow set default merge style while creating repo. Auto merge pull requests when all checks succeeded. Improve reviewing PR UX. Add support for rendering console output with colors. Add Helm Chart registry. Add Goroutine stack inspector to admin/monitor. RSS/Atom support for Orgs amp; Repos. Add button for deletion. Allow to mark files in a PR as viewed. Add Index to comment for migrations and mirroring. Add health check endpoint. Add packagist webhook. Add "Allow edits from maintainer" feature. Add apply-patch, basic revert and cherry-pick functionality. Add Package Registry. Add LDAP group sync to Teams
1.16.817 May 2022 10:25 minor feature: ENHANCEMENTS. Add doctor check/for bogus action rows. Make.cs highlighting legible on dark themes.. . oauth setting list. Delete user related oauth stuff on user deletion too. new release from tags list UI. Prevent NPE when checking repo units if the user is nil. GetFeeds must always discard actions with dangling repo_id. Call MultipartForm.RemoveAll when request finishes. Avoid MoreThanOne error when creating a branch whose name conflicts with other ref names. sending empty notifications. Ignore DNS error when doing migration allow/block check. overview for teams.
1.16.703 May 2022 10:45 minor feature: SECURITY. Escape git fetch remote. . Don't overwrite err with nil. On Migrations, only write commit-graph if wiki clone was successful. Respect DefaultUserIsRestricted system default when creating new user. Don't error when branch's commit doesn't exist. Support `hostname:port` to pass host matcher's check. Prevent intermittent race in attribute reader. bit atomic operations on 32-bit machines. Prevent dangling archiver goroutine. migrate release from github. When view _Siderbar or _Footer, just display once. blame page select range error and some typos. name of doctor "authorized-keys" in hints. User specific repoID or xorm builder conditions for search. Prevent dangling cat-file calls (goroutine alternative). RepoAssignment ensure to before overwrite. Set correct PR status on 3way on conflict checking. Mark TemplateLoading error as "UnprocessableEntity".
1.16.621 Apr 2022 08:05 minor feature: v1.16.6 ENHANCEMENTS. Only request write when necessary. Disable service worker by default. . When dumping trim the standard suffices instead of a random suf. DELETE request for non-existent public key. Don't panic on ErrEmailInvalid. Add uploadpack.allowAnySHA1InWant to allow --filter=blob:none with older git clients. Warn on SSH connection for incorrect configuration. Search via API, dont show 500 if filter result in empty list. When updating mirror repo intervals by API reschedule next update too. nil error when some pages are rendered outside request context. double blob-hunk on diff page. Don't allow merging PR's which are being conflict checked. middleware function's placements. invalid CSRF token, make sure CSRF tokens can be up-to-date. Restore user autoregistration with email addresses. Move checks for pulls before merge into own function. Granular webhook events in editHook. Only send webhook events to active system webhooks and only deliver to active hooks. Use full output of git show-ref --tags to get tags for PushUpdateAddTag. Touch mirrors on even on fail to update. Hide sensitive content on admin panel progress monitor. clone url JS error for the empty repo page. Bump goldmark to v1.4.11. TESTING. Prevent intermittent failures in RepoIndexerTest. BUILD. Revert the minimal golang version requirement from 1.17 to 1.16 and add a warning in Makefile. MISC. Performance improvement for add team user when org has more than 1000 repositories. Check go and nodejs version by go.mod and package.json.
1.16.524 Mar 2022 10:25 minor feature: BREAKING. Bump to build with go1.18. SECURITY. Prevent redirect to Host (2). Try to prevent autolinking of displaynames by email readers. Clean paths when looking in Storage. Do not send notification emails to inactive users. Do not send activation email if manual confirm is set. ENHANCEMENTS. Use the new/choose link for New on project page. . showing in your repositories. compare link in active feeds for new branch. Redirect.wiki/ ui link to /wiki. Ensure deploy keys with write access can push. Ensure that setting.LocalURL always has a trailing slash. Cleanup protected branches when deleting users amp; teams. Use IterateBufferSize whilst querying repositories during adoption check. NPE /repos//search when not signed in. Use custom favicon when viewing static files if it exists. the editor height in review box. Ensure isSSH is set whenever DISABLE_HTTP_GIT is set. wrong scopes caused by empty scope input. Make migrations SKIP_TLS_VERIFY apply to git too. Handle email address not exist. MISC. Update json-iterator to allow compilation with go1.18. Update golang.org/x/crypto.
1.16.415 Mar 2022 16:45 minor feature: v1.16.4 SECURITY. Restrict email address validation. lfs. ENHANCEMENTS. Improve SyncMirrors logging. . Refactor mirror code amp; `StartToMirror`. Update the webauthn_credential_id_sequence in Postgres. Prevent 500 when there is an error during new auth source post. If rendering has failed due to a net.OpError stop rendering (attempt 2). flag validation. Add pam account authorization check. Ignore missing comment for user notifications. Set `rel="nofollow noindex"` on new links. Upgrading binding package. Don't show context cancelled errors in attribute reader. update hint. MISC. potential assignee query for repo.
1.16.304 Mar 2022 11:25 minor feature: SECURITY. Git backend ignore replace objects. ENHANCEMENTS. Adjust error for already locked db and prevent level db lock on malformed connstr. . Set max text height to prevent overflow. newAttachmentPaths deletion for DeleteRepository(). Accounts with WebAuthn only (no TOTP) now exist... code to handle that case. Send 404 on `/ org .gpg`. admin user list pagination. lfs management setting. login with email panic when email is not exist. Update go-org to v1.6.1. ` lt;strong gt;` html in translation. page and missing return on unadopted repos API. Allow adminstrator teams members to see other teams. Don't treat BOM escape sequence as hidden character.. Correctly link URLs to users/repos with dashes, dots or underscores ( . redirect when using lowercase repo name. migration v210. team management UI (18886). BeforeSourcePath should point to base commit. TRANSLATION. Backport locales from master. MISC. Don't update email for organisation.
1.16.225 Feb 2022 06:45 minor feature: v1.16.2 ENHANCEMENTS. Show fullname on edits and gpg/ssh signing info. Immediately Hammer if second kill is sent. Allow mermaid render error to wrap. . ldap user sync missed email in email_address table. Update assignees check to include any writing team and change org sidebar. Don't report signal: killed errors in serviceRPC. where certain LDAP settings were reverted. Update go-org to 1.6.0. login with email for ldap users. for get user by email. panic in EscapeReader. ldap loginname. Remove redundant call to UpdateRepoStats during migration. In disk_channel queues synchronously push to disk on shutdown. template of LFS lock. Attempt to the webauthn migration again - part 3. Send mail to /pr assignee/reviewer also when OnMention is set. a broken link in commits_list_small.tmpl. Increase the size of the webauthn_credential credential_id field. Prevent dangling GetAttribute calls. isempty detection of git repository. source code line highlighting on external tracker. Prevent double encoding of branch names in delete branch. Always set PullRequestWorkInProgressPrein PrepareViewPullInfo. forked repositories missed tags. release typo. Separate the details links of commit-statuses in headers. Update object repo with the migrated repository. for version update hint. with docker-rootless shimming script. Let `MinUnitAccessMode` return correct perm. Prevent security failure due to bad APP_ID. Restart zero worker if there is still work to do. If rendering has failed due to a net.OpError stop rendering. TESTING. Ensure git tag tests and others create test repos in tmpdir. BUILD. Reduce CI go module downloads, add make targets. MISC. Put buttons back in org dashboard. Various Mermaid improvements. C preprocessor colors improvement. the missing i18n key for update checker.
1.16.107 Feb 2022 10:05 minor feature: ## 1.16.1 . - 2022-02-06. SECURITY. Update JS dependencies, lint. ENHANCEMENTS. Add dropdown icon to label set template dropdown. . Comments on migrated /prs must link to the comment ID. Stop logging an error when notes are not found. Ensure that blob-excerpt links work for wiki. Only attempt to flush queue if the underlying worker pool is not finished. Ensure commit-statuses box is sized correctly in headers. Prevent merge messages from being sorted to the top of email chains. Prevent panic on prohibited user login with oauth2. Collaborator trust model should trust collaborators. Detect conflicts with 3way merge. In docker rootless use GITEA_APP_INI if provided. Add `GetUserTeams`. review excerpt. for AvatarURL database type. Use `ImagedProvider` for gplus oauth2 provider. OAuth Source Edit Page. Use "read" value for General Access. Prevent NPE on partial match of compare URL and allow short SHA1 compare URLs. BUILD. Make docker gitea/gitea:v1.16-dev etc refer to the latest build on that branch. DOCS. Update 1.16.0 changelog to set #17846 as breaking.
1.16.003 Feb 2022 07:45 minor feature: BREAKING. Remove golang vendored directory. Paginate releases page amp; set default page size to 10. Only allow webhook to send requests to allowed hosts. SECURITY. Disable content sniffing on `PlainTextBytes`. Only view milestones from current repo. Sanitize user-input on file name. Use `hostmatcher` to replace `matchlist` to improve blocking of bad hosts in Webhooks. FEATURES. Add/update SMTP auth providers via cli. Support webauthn. Team permission allow different unit has different permission. Implement Well-Known URL for password change. Add support for ssh commit signing. Allow Loading of Diffs that are too large. Add copy button to markdown code blocks. Add.gitattribute assisted language detection to blame, diff and render. Add `PULL_LIMIT` and `PUSH_LIMIT` to cron.update_mirror task. Add Reindex buttons to repository settings page. Make SSL cipher suite configurable. Add groups scope/claim to OIDC/OAuth2 Provider. Add simple update checker to Gitea. Migrated Repository will show modifications when possible. Create pub/priv keypair for federation. Make LDAP be able to skip local 2FA. Add nodeinfo endpoint for federation purposes. Save and view /comment content history. Use git attributes to determine generated and vendored status for language stats and diffs. Add migrate from Codebase. Add migration from GitBucket. Add OAuth2 introspection endpoint. Add proxy settings and support for migration and webhook. Add microsoft oauth2 providers. Send registration email on user autoregistration. Defer Last Commit Info. Support unprotected file patterns. Add migrate from OneDev. Add option to update pull request by `rebase`. Add RSS/Atom feed support for user actions. Add support for corporate WeChat webhooks. Add a simple way to rename branch like gh. Add bundle download for repository. Add agit flow support in gitea. API. Add MirrorUpdated field to Repository API type. Adjust Fork API to allow setting a custom reposit
1.15.1130 Jan 2022 04:05 minor feature: v1.15.11 SECURITY. Only view milestones from current repo. . broken when no commits and default branch is not master. commit's time. restore without topic failure. mermaid import in 1.15 (it uses ESModule now). Update to go/text 0.3.7. MISC. Upgrade EasyMDE to 2.16.1.
1.15.1015 Jan 2022 10:25 minor feature: 1.15.10 ## 1.15.10 - 2022-01-14. . Inconsistent PR comment counts. Release link broken. Update user from site administration page. Set HeadCommit when creating tags. Use correct translation key for error messages due to max repo limits. Purple color in suggested label colors. SECURITY. Bump mermaid from 8.10.1 to 8.13.8.
1.15.931 Dec 2021 03:18 minor feature: v1.15.9 . wrong redirect on org labels. : unstable sort skips/duplicates across pages. Revert "delete u2f keys ". Migrating wiki don't require token, so we should move it out of the require form. Prevent NPE if gitea uploader fails to open url. Reset locale on login. Correctly handle failed migrations. Instead of using routerCtx just escape the url before routing. Quote references to the user table in consistency checks. Add NotFound handler. Ensure that git repository is before transfer. Use common sessioner for API and web routes. TRANSLATION. code search result hint on zh-CN.
1.15.822 Dec 2021 03:05 minor feature: . Move POST / username /action/ action to simply POST / username . delete u2f keys. Reset Session ID on login. Prevent off-by-one error on comments on newly appended lines. Stop printing 03d after escaped characters in logs. Reset locale on login. reset password email template. outType on gitea dump. Ensure complexity, minlength and isPwned are checked on password setting. rename notification. Prevent double decoding of in url params. Prevent hang in git cat-file if the repository is not a valid repository. Prevent deadlock in create. TESTING. Use non-expiring key..
1.15.703 Dec 2021 03:17 minor feature: v1.15.7 ENHANCEMENTS. Only allow webhook to send requests to allowed hosts. login redirection links. . database inconsistent when admin change user email. Use correct user on releases. commit count in tag view. but time watcher still running. Migrate Description. when project board get open number. Return 400 but not 500 when request archive with wrong format. when read mysql database max lifetime. database deadlock when update labels. on detect /comment writer. Remove appSubUrl from pasted images. Make `ParsePatch` more robust. stats upon searching. Escape titles in comments list. zero created time on commit api. database keyword quote problem on migration v161. email with + when active. Stop double encoding blame commit messages. Quote the table name in CountOrphanedObjects. Run Migrate in Install rather than just SyncTables. BUILD. golangci-lint warnings. MISC. Preserve color when inverting emojis.
1.15.629 Oct 2021 10:45 minor feature: v1.15.6 . Prevent panic in serv.go with Deploy Keys. CSV render error. Read expected buffer size. Ensure that restricted users can access repos for which they are members. Make commit-statuses popup show correctly. TESTING. Add integration tests for private.NoServCommand and private.ServCommand.
1.15.523 Oct 2021 07:25 minor feature: SECURITY. Upgrade Bluemonday to v1.0.16. Ensure correct SSH permissions check for private and restricted users. . Prevent NPE in CSV diff rendering when column removed. Offer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH. Don't panic if we fail to parse U2FRegistration data. Ensure popup text is aligned left (backport for 1.15). Ensure that git daemon export ok is created for mirrors. Disable core.protectNTFS. Use pointer for wrappedConn methods. AutoRegistration is supposed to be working with disabled registration (backport). Handle duplicate keys on GPG key ring. SVG side by side comparison link.
1.15.409 Oct 2021 08:05 minor feature: Raw file API: don't try to interpret 40char filenames as commit SHA Don't allow merged PRs to be reopened incorrect repository count on organization tab of dashboard unwanted team review request deletion broken Activities link in team dashboard API pull's head/base have correct permission stange behavior of DownloadPullDiffOrPatch in incorect index Upgrade xorm to v1.2.5 missing repo link in /pull assigned emails of get context user Nicely handle missing user in collaborations Add Horizontal scrollbar to inner menu on Chrome wrong i18n keys Archive Creation: correct transaction ending Prevent panic in Org mode HighlightCodeBlock Create doctor command to repo_units broken by dumps from 1.14.3-1.14.6 . Raw file API: don't try to interpret 40char filenames as commit SHA. Don't allow merged PRs to be reopened. incorrect repository count on organization tab of dashboard. unwanted team review request deletion. broken Activities link in team dashboard. API pull's head/base have correct permission. stange behavior of DownloadPullDiffOrPatch in incorect index. Upgrade xorm to v1.2.5. missing repo link in /pull assigned emails. of get context user. Nicely handle missing user in collaborations. Add Horizontal scrollbar to inner menu on Chrome. wrong i18n keys. Archive Creation: correct transaction ending. Prevent panic in Org mode HighlightCodeBlock. Create doctor command to repo_units broken by dumps from 1.14.3-1.14.6. ENHANCEMENT Check user instead of organization when creating a repo from a template via API . Check user instead of organization when creating a repo from a template via API. TRANSLATION v1.15 Sprintf format 'verbs' in locale files . v1.15 Sprintf format 'verbs' in locale files.
1.15.322 Sep 2021 11:25 minor feature: ENHANCEMENTS Add fluid to ui container class to remove margin Add caller to cat-file batch calls . Add fluid to ui container class to remove margin. Add caller to cat-file batch calls. Render full plain readme. Upgrade xorm to v1.2.4 of migrate comments which only fetch one page Do not show context popup on external Decrement Fork Num when converting from Fork Correctly rollback in ForkRepository missing in WalkGitLog Add preto SVG id/class attributes of migrated repository not index Skip AllowedUserVisibilityModes validation on update user if it is an organisation storage Iterate and Add storage doctor to delete garbage attachments with default mail template Ensure that rebase conflicts are handled in updates Prevent panic on diff generation . Render full plain readme.. Upgrade xorm to v1.2.4. of migrate comments which only fetch one page. Do not show context popup on external. Decrement Fork Num when converting from Fork. Correctly rollback in ForkRepository. missing in WalkGitLog. Add preto SVG id/class attributes. of migrated repository not index. Skip AllowedUserVisibilityModes validation on update user if it is an organisation. storage Iterate and Add storage doctor to delete garbage attachments. with default mail template. Ensure that rebase conflicts are handled in updates. Prevent panic on diff generation.
1.15.207 Sep 2021 08:05 minor feature: Add unique constraint back into _index Storage objects before cleaning . Add unique constraint back into _index. Storage objects before cleaning.
1.15.103 Sep 2021 21:45 minor feature: Allow BASIC authentication access to /:owner/:repo/releases/download/ Prevent leave changes dialogs due to autofill fields Ignore review comment when ref commit is missed wrong attachment removal Gitlab Migrator: dont ignore reactions of last request Correctly return the number of Repositories for Organizations Test if LFS object is accessible git.Blob.DataAsync(): pipe since we return a Nopr dump and restore respository Repair and Improve GetDiffRangeWithWhitespaceBehavior wiki raw commit diff/patch view Ensure wiki repos are all List limited and private orgs if authenticated on API Simplify split diff view generation and remove JS dependency Ensure that the default visibility is set on the user create page In Render tolerate not being passed a context Upgrade xorm to v1.2.2 Add test to ensure that dumping of login sources remains correct Report the correct number of pushes on the feeds Add primary_key to _index Prevent NPE on empty commit branch pagination error Add missing return to handleSettingRemoteAddrError Remove spurious / from.opened_by Ensure that template compilation panics are sent to the logs Update caddyserver/certmagic . Allow BASIC authentication access to /:owner/:repo/releases/download/. Prevent leave changes dialogs due to autofill fields. Ignore review comment when ref commit is missed. wrong attachment removal. Gitlab Migrator: dont ignore reactions of last request. Correctly return the number of Repositories for Organizations. Test if LFS object is accessible. git.Blob.DataAsync(): pipe since we return a Nopr. dump and restore respository. Repair and Improve GetDiffRangeWithWhitespaceBehavior. wiki raw commit diff/patch view. Ensure wiki repos are all. List limited and private orgs if authenticated on API. Simplify split diff view generation and remove JS dependency. Ensure that the default visibility is set on the user create page. In Render tolerate not being passed a context. Upgrade xorm
1.15.022 Aug 2021 12:05 minor feature: BREAKING Make app.ini permissions more restrictive Refactor Webhook + Add X-Hub-Signature Add asymmetric JWT signing Clean-up the settings hierarchy for _indexer queue Change default queue settings to be low go-routines Improve assets handler middleware Rename StaticUrlPreto AssetUrlPre Use a generic markup class to display externally rendered files and diffs Add frontend testing, require node 12 Move (custom) assets into subpath /assets Use level config in log section when sub log section not set level Links in markdown should be absolute to the repository not the server Upgrade to the latest version of golang-jwt Set minimum supported version of go to 1.16 . Make app.ini permissions more restrictive. Refactor Webhook + Add X-Hub-Signature. Add asymmetric JWT signing. Clean-up the settings hierarchy for _indexer queue. Change default queue settings to be low go-routines. Improve assets handler middleware. Rename StaticUrlPreto AssetUrlPre. Use a generic markup class to display externally rendered files and diffs. Add frontend testing, require node 12. Move (custom) assets into subpath /assets. Use level config in log section when sub log section not set level. Links in markdown should be absolute to the repository not the server. Upgrade to the latest version of golang-jwt. Set minimum supported version of go to 1.16. SECURITY Encrypt LDAP bind password in db with SECRET_KEY Remove random password in Dockerfiles Upgrade to the latest version of golang-jwt and increase minimum go to 1.15 Correctly create of git-daemon-export-ok files Don't show private user's repo in explore view Update node tar dependency to 6.1.6 . Encrypt LDAP bind password in db with SECRET_KEY. Remove random password in Dockerfiles. Upgrade to the latest version of golang-jwt and increase minimum go to 1.15. Correctly create of git-daemon-export-ok files. Don't show private user's repo in explore view. Update node tar dependency to 6.1.6. FEATURES Update Go-Git to take a
1.15.0-rc311 Aug 2021 00:25 minor feature: SECURITY Bump github.com/markbates/goth from v1.67.1 to v1.68.0 Switch to maintained JWT lib Upgrade to latest version of golang-jwt (as forked for 1.14) . Bump github.com/markbates/goth from v1.67.1 to v1.68.0. Switch to maintained JWT lib. Upgrade to latest version of golang-jwt (as forked for 1.14). Add basic edit ldap auth test actually Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end . Add basic edit ldap auth test actually. Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end.
1.14.606 Aug 2021 07:25 minor feature: SECURITY Hide mirror passwords on repo settings page Update bluemonday to v1.0.15 . Hide mirror passwords on repo settings page. Update bluemonday to v1.0.15. Retry rename on lock induced failures Validate index before querying DB crash following ldap authentication update . Retry rename on lock induced failures. Validate index before querying DB. crash following ldap authentication update. ENHANCEMENTS Redirect on bad CSRF instead of presenting bad page . Redirect on bad CSRF instead of presenting bad page.
1.15.0-rc226 Jul 2021 00:25 minor feature: SECURITY Hide mirror passwords on repo settings page Update bluemonday to v1.0.15 . Hide mirror passwords on repo settings page. Update bluemonday to v1.0.15. Retry rename on lock induced failures Validate index before querying DB crash following ldap authentication update . Retry rename on lock induced failures. Validate index before querying DB. crash following ldap authentication update. ENHANCEMENTS Redirect on bad CSRF instead of presenting bad page . Redirect on bad CSRF instead of presenting bad page.
1.14.521 Jul 2021 06:05 minor feature: SECURITY Hide mirror passwords on repo settings page Update bluemonday to v1.0.15 . Hide mirror passwords on repo settings page. Update bluemonday to v1.0.15. Retry rename on lock induced failures Validate index before querying DB crash following ldap authentication update . Retry rename on lock induced failures. Validate index before querying DB. crash following ldap authentication update. ENHANCEMENTS Redirect on bad CSRF instead of presenting bad page . Redirect on bad CSRF instead of presenting bad page.
1.16.0-dev16 Jul 2021 13:45 minor feature: Relative links in postprocessed images List_options GetStartEnd API to use author for commits instead of committer Handle misencoding of login_source cfg in mssql Not updated by commits Improve efficiency in FindRenderizableReferenceNumeric and getReference Use html.Parse rather than html.ParseFragment Milestone counters on new ReqOrgMembership calls need to be preceded by reqToken . Relative links in postprocessed images. List_options GetStartEnd. API to use author for commits instead of committer. Handle misencoding of login_source cfg in mssql. Not updated by commits. Improve efficiency in FindRenderizableReferenceNumeric and getReference. Use html.Parse rather than html.ParseFragment. Milestone counters on new. ReqOrgMembership calls need to be preceded by reqToken.
1.14.407 Jul 2021 11:05 minor feature: Relative links in postprocessed images List_options GetStartEnd API to use author for commits instead of committer Handle misencoding of login_source cfg in mssql Not updated by commits Improve efficiency in FindRenderizableReferenceNumeric and getReference Use html.Parse rather than html.ParseFragment Milestone counters on new ReqOrgMembership calls need to be preceded by reqToken . Relative links in postprocessed images. List_options GetStartEnd. API to use author for commits instead of committer. Handle misencoding of login_source cfg in mssql. Not updated by commits. Improve efficiency in FindRenderizableReferenceNumeric and getReference. Use html.Parse rather than html.ParseFragment. Milestone counters on new. ReqOrgMembership calls need to be preceded by reqToken.
1.14.319 Jun 2021 18:45 minor feature: SECURITY Encrypt migration credentials at rest Only check access tokens if they are likely to be tokens Add missing SameSite settings for the i_like_gitea cookie setting of SameSite on cookies . Encrypt migration credentials at rest. Only check access tokens if they are likely to be tokens. Add missing SameSite settings for the i_like_gitea cookie. setting of SameSite on cookies. API Repository object only count releases as releases EditOrg respect RepoAdminChangeTeamAccess option overly strict edit pr permissions . Repository object only count releases as releases. EditOrg respect RepoAdminChangeTeamAccess option. overly strict edit pr permissions. Run processors on whole of text Class -keyword is being incorrectly stripped off spans language switch for install page on getIDsByRepoID Set self-adjusting deadline for connection writing http path data URI scramble Merge all deleteBranch as one function and also when delete branch don't related PRs git migration: don't prompt interactively for clone credentials case change in ownernames Don't manipulate input params in email notification Remove branch URL before RefURL layout of milestone view GitHub Migration, migrate draft releases too the gitrepo when deleting the repository Upgrade xorm to v1.1.0 blame row height alignment error message when saving generated LOCAL_ROOT_URL config Backport LFS commit finder not working Stop calling WriteHeader in Write Add timeout to writing to responses Return go-get info on subdirs Restore PAM user autocreation functionality truncate utf8 string bound address/port for caddy's certmagic library Upgrade unrolled/render to v1.1.1 Queue manager FlushAll can loop rapidly - add delay Tagger can be empty, as can Commit and Author - tolerate this Set autocomplete off on branches selector Add missing error to Doctor log Move restore repo to internal router and invoke from command to avoid open the same db file or que
1.14.210 May 2021 23:25 minor feature: API Make change repo settings work on empty repos Add pull "merged" notification subject status to API . Make change repo settings work on empty repos. Add pull "merged" notification subject status to API. Ensure that ctx.Written is checked after (...) calls Use pulls in commit graph unless pulls are disabled Set GIT_DIR correctly if it is not set where repositories appear unadopted Not show ref-in-new-pop when was disabled Drop back to use IsAnInteractiveSession for SVC setting version table in dump button change on delete in simplemde area Defer closing the gitrepo until the end of the wrapped context functions some ui about draft release Only log Error on getLastCommitStatus error to let pull list still be visible Move tooltip down to allow selection of Remove File on error setting redis db path DB session cleanup several activation Delete references if repository gets deleted orphaned objects deletion Delete protected branch if repository gets removed Remove spurious set name from eventsource.sharedworker.js Not update updated uinx for git gc commit graph author link webhook timeout Resolve panic on failed interface conversion in migration v156 missing storage init If the default branch is not present do not report error on stats indexing lfs management find NPE on view commit with notes on commit graph Send size to /avatars if requested Prevent migration 156 failure if tag commit missing . Ensure that ctx.Written is checked after (...) calls. Use pulls in commit graph unless pulls are disabled. Set GIT_DIR correctly if it is not set. where repositories appear unadopted. Not show ref-in-new-pop when was disabled. Drop back to use IsAnInteractiveSession for SVC. setting version table in dump. button change on delete in simplemde area. Defer closing the gitrepo until the end of the wrapped context functions. some ui about draft release. Only log Error on getLastCommitStatus error to let pull list stil
1.14.116 Apr 2021 17:05 minor feature: SECURITY Respect approved email domain list for externally validated user registration Add reverse proxy configuration support for remote IP address detection Ensure validation occurs on clone addresses too . Respect approved email domain list for externally validated user registration. Add reverse proxy configuration support for remote IP address detection. Ensure validation occurs on clone addresses too. BREAKING double 'push tag' action feed Remove possible resource leak Handle unauthorized user events gracefully Restore Access.log following migration to Chi framework (Stops access logging of /api/internal routes) Migrate from Macaron to Chi framework Deprecate building for mips Consolidate Logos and update README header Inline manifest.json Store repository data in data path if not previously set Rename "gitea" png to "logo" Standardise logging of failed authentication attempts in internal SSH Add markdown support in organization description Improve users management through the CLI . double 'push tag' action feed. Remove possible resource leak. Handle unauthorized user events gracefully. Restore Access.log following migration to Chi framework (Stops access logging of /api/internal routes). Migrate from Macaron to Chi framework. Deprecate building for mips. Consolidate Logos and update README header. Inline manifest.json. Store repository data in data path if not previously set. Rename "gitea" png to "logo". Standardise logging of failed authentication attempts in internal SSH. Add markdown support in organization description. Improve users management through the CLI. FEATURES Create a new with reference to lines of code from file view Repository transfer has to be confirmed, if user can not create repo for new owner Allow blocking some email domains from registering an account Create a new based on reference to an comment Add support to migrate from gogs Add pager to the branches page Minimal OpenID Connect implementation Display curre
1.14.012 Apr 2021 16:25 minor feature: SECURITY Respect approved email domain list for externally validated user registration Add reverse proxy configuration support for remote IP address detection Ensure validation occurs on clone addresses too . Respect approved email domain list for externally validated user registration. Add reverse proxy configuration support for remote IP address detection. Ensure validation occurs on clone addresses too. BREAKING double 'push tag' action feed Remove possible resource leak Handle unauthorized user events gracefully Restore Access.log following migration to Chi framework (Stops access logging of /api/internal routes) Migrate from Macaron to Chi framework Deprecate building for mips Consolidate Logos and update README header Inline manifest.json Store repository data in data path if not previously set Rename "gitea" png to "logo" Standardise logging of failed authentication attempts in internal SSH Add markdown support in organization description Improve users management through the CLI . double 'push tag' action feed. Remove possible resource leak. Handle unauthorized user events gracefully. Restore Access.log following migration to Chi framework (Stops access logging of /api/internal routes). Migrate from Macaron to Chi framework. Deprecate building for mips. Consolidate Logos and update README header. Inline manifest.json. Store repository data in data path if not previously set. Rename "gitea" png to "logo". Standardise logging of failed authentication attempts in internal SSH. Add markdown support in organization description. Improve users management through the CLI. FEATURES Create a new with reference to lines of code from file view Repository transfer has to be confirmed, if user can not create repo for new owner Allow blocking some email domains from registering an account Create a new based on reference to an comment Add support to migrate from gogs Add pager to the branches page Minimal OpenID Connect implementation Display curre
1.13.708 Apr 2021 10:45 minor feature: SECURITY Update to bluemonday-1.0.6 Clusterfuzz found another way . Update to bluemonday-1.0.6. Clusterfuzz found another way. API wrong user returned in API . wrong user returned in API. Add 'fonts' into 'KnownPublicEntries' Speed up enry.IsVendor Response 404 for diff/patch of a commit that not exist Prevent NPE in CommentMustAsDiff if no hunk header . Add 'fonts' into 'KnownPublicEntries'. Speed up enry.IsVendor. Response 404 for diff/patch of a commit that not exist. Prevent NPE in CommentMustAsDiff if no hunk header. MISC Add size to Save function . Add size to Save function.
1.14.0-rc226 Mar 2021 01:45 minor feature: SECURITY on avatar middleware Another clusterfuzz identified . on avatar middleware. Another clusterfuzz identified. API Nil exeption for get pull reviews API #15104 . Nil exeption for get pull reviews API #15104. Markdown rendering in milestone content . Markdown rendering in milestone content.
1.15.0-dev21 Mar 2021 06:45 minor feature: SECURITY Popups . Popups. Race in LFS ContentStore.Put(...) a couple of with a feeds When transfering repository and database transaction failed, rollback the renames Race in local storage on pull view page if user is not loged in . Race in LFS ContentStore.Put(...). a couple of with a feeds. When transfering repository and database transaction failed, rollback the renames. Race in local storage. on pull view page if user is not loged in. DOCS How lfs data path is set . How lfs data path is set.
1.13.409 Mar 2021 14:05 minor feature: SECURITY Popups . Popups. Race in LFS ContentStore.Put(...) a couple of with a feeds When transfering repository and database transaction failed, rollback the renames Race in local storage on pull view page if user is not loged in . Race in LFS ContentStore.Put(...). a couple of with a feeds. When transfering repository and database transaction failed, rollback the renames. Race in local storage. on pull view page if user is not loged in. DOCS How lfs data path is set . How lfs data path is set.
1.13.305 Mar 2021 14:25 minor feature: BREAKING SECURITY Turn default hash password algorithm back to pbkdf2 from argon2 until we find a better one . Turn default hash password algorithm back to pbkdf2 from argon2 until we find a better one. paging of file commit logs Print useful error if SQLite is used in settings but not supported display since time round When Deleting Repository only explicitly PRs whose base is not this repository Set HCaptchaSiteKey on Link Account pages a couple of CommentAsPatch. Disable broken OAuth2 providers at startup Repo Transfer permission checks double alert in oauth2 application edit view broken spans in diffs Prevent race in PersistableChannelUniqueQueue.Has HasPreviousCommit causes recursive load of commits unnecessarily Do not assume all 40 char strings are SHA1s Allow org labels to be set with templates Accept multiple SSH keys in single LDAP SSHPublicKey attribute about ListOptions and stars/watchers pagnation GPG key deletion during account deletion . paging of file commit logs. Print useful error if SQLite is used in settings but not supported. display since time round. When Deleting Repository only explicitly PRs whose base is not this repository. Set HCaptchaSiteKey on Link Account pages. a couple of CommentAsPatch.. Disable broken OAuth2 providers at startup. Repo Transfer permission checks. double alert in oauth2 application edit view. broken spans in diffs. Prevent race in PersistableChannelUniqueQueue.Has. HasPreviousCommit causes recursive load of commits unnecessarily. Do not assume all 40 char strings are SHA1s. Allow org labels to be set with templates. Accept multiple SSH keys in single LDAP SSHPublicKey attribute. about ListOptions and stars/watchers pagnation. GPG key deletion during account deletion.
1.13.202 Feb 2021 12:05 minor feature: SECURITY Prevent panic on fuzzer provided string Add secure/httpOnly attributes to the lang cookie . Prevent panic on fuzzer provided string. Add secure/httpOnly attributes to the lang cookie. API If release publisher is deleted use ghost user . If release publisher is deleted use ghost user. Internal ssh server respect Ciphers, MACs and KeyExchanges settings Set the name Mapper in migrations wiki preview Update code.gitea.io/sdk/gitea v0.13.1 - v0.13.2 ChangeUserName: rename user files back on DB lfs preview Ensure timeout error is shown on u2f timeout Deadlock Delete affected reactions on comment deletion Use path not filepath in routers/editor Check if label template exist first migration v141 Use Request.URL.RequestURI() for fcgi Use ServerError provided by Context edit-label form init mailCommentBatch for pull request Render links for commit hashes followed by comma Send notifications for mentions in pulls,, (code-)comments avatar Ensure that schema search path is set with every connection on postgres dashboard labels filter When visit /favicon.ico but the static file is not exist return 404 but not continue to handle the route branch selector on new page Check for notExist on profile repository page . Internal ssh server respect Ciphers, MACs and KeyExchanges settings. Set the name Mapper in migrations. wiki preview. Update code.gitea.io/sdk/gitea v0.13.1 - v0.13.2. ChangeUserName: rename user files back on DB. lfs preview. Ensure timeout error is shown on u2f timeout. Deadlock Delete affected reactions on comment deletion. Use path not filepath in routers/editor. Check if label template exist first. migration v141. Use Request.URL.RequestURI() for fcgi. Use ServerError provided by Context. edit-label form init. mailCommentBatch for pull request. Render links for commit hashes followed by comma. Send notifications for mentions in pulls,, (code-)comments. avatar. Ensure that schema search path is set with ever
1.13.130 Dec 2020 13:05 minor feature: SECURITY Hide private participation in Orgs escaping in diff . Hide private participation in Orgs. escaping in diff. of link query order on markdown render Drop long repo topics during migration Ensure that search term and page are not lost on adoption page-turn storage config implementation panic in BasicAuthDecode Always wait for the cmd to finish Don't use simpleMDE editor on mobile devices for 1.13 incorrect review comment diffs Trim the branch prefrom action.GetBranch Ensure template renderer is available before storage handler Whenever the password is updated ensure that the hash algorithm is too Enforce setting HEAD in wiki to master feishu webhook caused by API changed Quote Reply button on review diff Pull Merge when tag with same name as base branch exist mermaid chart size branch/tag notifications in mirror sync crash in short link processor Update font stack to bootstrap's latest Make sure email recipients can see Reply button is not removed when deleting a code review comment When reinitialising DBConfig reset the database use flags . of link query order on markdown render. Drop long repo topics during migration. Ensure that search term and page are not lost on adoption page-turn. storage config implementation. panic in BasicAuthDecode. Always wait for the cmd to finish. Don't use simpleMDE editor on mobile devices for 1.13. incorrect review comment diffs. Trim the branch prefrom action.GetBranch. Ensure template renderer is available before storage handler. Whenever the password is updated ensure that the hash algorithm is too. Enforce setting HEAD in wiki to master. feishu webhook caused by API changed. Quote Reply button on review diff. Pull Merge when tag with same name as base branch exist. mermaid chart size. branch/tag notifications in mirror sync. crash in short link processor. Update font stack to bootstrap's latest. Make sure email recipients can see. Reply button is not removed when deleting a code
1.13.003 Dec 2020 13:45 minor feature: SECURITY Add Allow-/Block-List for Migrate Mirrors Prevent git operations for inactive users Disallow urlencoded new lines in git protocol paths if there is a port Mitigate Security vulnerability in the git hook feature Disable DSA ssh keys by default Set TLS minimum version to 1.2 Use argon as default password hash algorithm . Add Allow-/Block-List for Migrate Mirrors. Prevent git operations for inactive users. Disallow urlencoded new lines in git protocol paths if there is a port. Mitigate Security vulnerability in the git hook feature. Disable DSA ssh keys by default. Set TLS minimum version to 1.2. Use argon as default password hash algorithm. BREAKING Set RUN_MODE prod by default Don't replace underscores in auto-generated IDs in goldmark Add Primary Key to Topic and RepoTopic tables Disable password complexity check default Change PIDFile default from /var/run/gitea.pid to /run/gitea.pid Add extension Support to Attachments (allow all types for releases) Remove IE11 Support . Set RUN_MODE prod by default. Don't replace underscores in auto-generated IDs in goldmark. Add Primary Key to Topic and RepoTopic tables. Disable password complexity check default. Change PIDFile default from /var/run/gitea.pid to /run/gitea.pid. Add extension Support to Attachments (allow all types for releases). Remove IE11 Support. FEATURES Adopt repositories Check passwords against HaveIBeenPwned Gitea 2 Gitea migration Support storing Avatars in minio Allow addition of gpg keyring with multiple keys Add email notify for new release Add Access-Control-Expose-Headers UserProfile Page: Render Description Add command to recreate tables Add mermaid JS renderer Add ssh certificate support Add spent time to referenced in commit message Initial support for push options Provide option to unlink a fork Show exact tag for commit on diff view Pause, Resume, Release Reopen, Add and Remove Logging from command line templates directory Add a storage layer for
1.12.617 Nov 2020 07:05 minor feature: SECURITY Prevent git operations for inactive users Disallow urlencoded new lines in git protocol paths if there is a port . Prevent git operations for inactive users. Disallow urlencoded new lines in git protocol paths if there is a port. API should only return Json before and since query arguments at API Prevent panic on git blame by limiting lines to 4096 bytes at most link detection in repository description with tailing '_' Remove obsolete change of email on profile page permission check on get Reactions API endpoints Add migrated pulls to pull request task queue API deny wrong pull creation options initial commit page binary munching problem diff parsing Return error 404 not 500 from API if team does not exist Prohibit automatic downgrades GitLab Migration Option AuthToken GitLab Label Color Normalizer Log the underlying panic in runMigrateTask attachments list in edit comment deadlock when deleting team user error create comment on outdated file repository create/delete event webhooks internal server error on README in submodule . API should only return Json. before and since query arguments at API. Prevent panic on git blame by limiting lines to 4096 bytes at most. link detection in repository description with tailing '_'. Remove obsolete change of email on profile page. permission check on get Reactions API endpoints. Add migrated pulls to pull request task queue. API deny wrong pull creation options. initial commit page binary munching problem. diff parsing. Return error 404 not 500 from API if team does not exist. Prohibit automatic downgrades. GitLab Migration Option AuthToken. GitLab Label Color Normalizer. Log the underlying panic in runMigrateTask. attachments list in edit comment. deadlock when deleting team user. error create comment on outdated file. repository create/delete event webhooks. internal server error on README in submodule.
1.13.0-rc211 Nov 2020 17:25 minor feature: Allow U2F with default settings for gitea in subpath Prevent empty div when editing comment On mirror update also update address in DB Allow extended config on cron settings Open transaction when adding Avatar email-hash pairs to the DB internal server error from ListUserOrgs API Update only the repository columns that need updating panic when adding long comment Add size limit for content of comment on action ui Convert User expose ID each time Support slashes in release tags Add missing information to CreateRepo API endpoint On Migration respect old DefaultBranch notifications page links Stop cloning unnecessarily on PR update Escape more things that are passed through str2html Remove double escape on labels addition in comments "only mail on mention". yet another with diff file names RepoInit Respect AlternateDefaultBranch Avatar Resize (resize algo NearestNeighbor - Bilinear) . Allow U2F with default settings for gitea in subpath. Prevent empty div when editing comment. On mirror update also update address in DB. Allow extended config on cron settings. Open transaction when adding Avatar email-hash pairs to the DB. internal server error from ListUserOrgs API. Update only the repository columns that need updating. panic when adding long comment. Add size limit for content of comment on action ui. Convert User expose ID each time. Support slashes in release tags. Add missing information to CreateRepo API endpoint. On Migration respect old DefaultBranch. notifications page links. Stop cloning unnecessarily on PR update. Escape more things that are passed through str2html. Remove double escape on labels addition in comments. "only mail on mention". yet another with diff file names. RepoInit Respect AlternateDefaultBranch. Avatar Resize (resize algo NearestNeighbor - Bilinear). ENHANCEMENTS gitea dump: include version Check InstallLock . gitea dump: include version Check InstallLock.
1.14.0-dev15 Oct 2020 18:25 minor feature: Allow U2F with default settings for gitea in subpath Prevent empty div when editing comment On mirror update also update address in DB Allow extended config on cron settings Open transaction when adding Avatar email-hash pairs to the DB internal server error from ListUserOrgs API Update only the repository columns that need updating panic when adding long comment Add size limit for content of comment on action ui Convert User expose ID each time Support slashes in release tags Add missing information to CreateRepo API endpoint On Migration respect old DefaultBranch notifications page links Stop cloning unnecessarily on PR update Escape more things that are passed through str2html Remove double escape on labels addition in comments "only mail on mention". yet another with diff file names RepoInit Respect AlternateDefaultBranch Avatar Resize (resize algo NearestNeighbor - Bilinear) . Allow U2F with default settings for gitea in subpath. Prevent empty div when editing comment. On mirror update also update address in DB. Allow extended config on cron settings. Open transaction when adding Avatar email-hash pairs to the DB. internal server error from ListUserOrgs API. Update only the repository columns that need updating. panic when adding long comment. Add size limit for content of comment on action ui. Convert User expose ID each time. Support slashes in release tags. Add missing information to CreateRepo API endpoint. On Migration respect old DefaultBranch. notifications page links. Stop cloning unnecessarily on PR update. Escape more things that are passed through str2html. Remove double escape on labels addition in comments. "only mail on mention". yet another with diff file names. RepoInit Respect AlternateDefaultBranch. Avatar Resize (resize algo NearestNeighbor - Bilinear). ENHANCEMENTS gitea dump: include version Check InstallLock . gitea dump: include version Check InstallLock.
1.12.502 Oct 2020 10:45 minor feature: Allow U2F with default settings for gitea in subpath Prevent empty div when editing comment On mirror update also update address in DB Allow extended config on cron settings Open transaction when adding Avatar email-hash pairs to the DB internal server error from ListUserOrgs API Update only the repository columns that need updating panic when adding long comment Add size limit for content of comment on action ui Convert User expose ID each time Support slashes in release tags Add missing information to CreateRepo API endpoint On Migration respect old DefaultBranch notifications page links Stop cloning unnecessarily on PR update Escape more things that are passed through str2html Remove double escape on labels addition in comments "only mail on mention". yet another with diff file names RepoInit Respect AlternateDefaultBranch Avatar Resize (resize algo NearestNeighbor - Bilinear) . Allow U2F with default settings for gitea in subpath. Prevent empty div when editing comment. On mirror update also update address in DB. Allow extended config on cron settings. Open transaction when adding Avatar email-hash pairs to the DB. internal server error from ListUserOrgs API. Update only the repository columns that need updating. panic when adding long comment. Add size limit for content of comment on action ui. Convert User expose ID each time. Support slashes in release tags. Add missing information to CreateRepo API endpoint. On Migration respect old DefaultBranch. notifications page links. Stop cloning unnecessarily on PR update. Escape more things that are passed through str2html. Remove double escape on labels addition in comments. "only mail on mention". yet another with diff file names. RepoInit Respect AlternateDefaultBranch. Avatar Resize (resize algo NearestNeighbor - Bilinear). ENHANCEMENTS gitea dump: include version Check InstallLock . gitea dump: include version Check InstallLock.
1.12.404 Sep 2020 17:25 minor feature: SECURITY. Escape provider name in oauth2 provider redirect. Escape Email on password reset page. When reading expired sessions - expire them. ENHANCEMENTS. StaticRootPath configurable at compile time. . to show an that is related to a deleted. Expire time acknowledged for cache. diff path unquoting. Improve HTML escaping helper. models: break out of loop. Default empty merger list to those with write permissions. Skip SSPI authentication attempts for /api/internal. Prevent NPE on commenting on lines with invalidated comments. Remove hardcoded ES indexername. preventing transfer to private organization. Keys should not verify revoked email addresses. Do not add preon http/https submodule links. ignored login on compare. incorrect error logging in Stats indexer and OAuth2. Upgrade google/go-github to v32.1.0. Render emoji's of Commit message on feed-page. handling of diff on unrelated branches when Git 2.28 used.
1.12.329 Jul 2020 21:45 minor feature: . Don't change creation date when updating Release. Show 404 page when release not found. emoji detection in certain cases. Reduce emoji size. double-indirection in logging IDs. Link to pull list page on sidebar when view pr. Extend Notifications API and return pinned notifications by default.
1.12.213 Jul 2020 06:45 minor feature: When deleting repository decrese user repositry count in cache Gitea commits API again returns commit summaries, not full messages Properly set HEAD when a repo is created with a non-master default branch Ensure Subkeys are verified failing to cache last commit with key being to long Multiple small admin dashboard Remove spurious logging repository setup instructions when default branch is not master Move EventSource to SharedWorker ui in wiki commit page gitgraph branch continues after merge Set the base url when migrating from Gitlab using access token or username without password Ensure BlameReaders at end of request comments webhook panic backport . When deleting repository decrese user repositry count in cache. Gitea commits API again returns commit summaries, not full messages. Properly set HEAD when a repo is created with a non-master default branch. Ensure Subkeys are verified. failing to cache last commit with key being to long. Multiple small admin dashboard. Remove spurious logging. repository setup instructions when default branch is not master. Move EventSource to SharedWorker. ui in wiki commit page. gitgraph branch continues after merge. Set the base url when migrating from Gitlab using access token or username without password. Ensure BlameReaders at end of request. comments webhook panic backport. ENHANCEMENTS Disable dropzone's timeout . Disable dropzone's timeout.
1.12.123 Jun 2020 15:05 minor feature: Handle multiple merges in gitgraph.js Add serviceworker.js to KnownPublicEntries For language detection do not try to analyze big files by content . Handle multiple merges in gitgraph.js. Add serviceworker.js to KnownPublicEntries. For language detection do not try to analyze big files by content. ENHANCEMENTS scrollable header on dropdowns . scrollable header on dropdowns.
1.12.019 Jun 2020 03:25 minor feature: When using API CreateRelease set created_unix to the tag commit time. Enable ENABLE_HARD_LINE_BREAK by default for rendering markdown. sanitizer config - multiple rules. Remove check on username when using AccessToken authentication for the API. Return 404 from Contents API when items don't exist. Notification API should always return a JSON object with the current count of notifications. Remove migration support from versions earlier than 1.6.0. Use -1 to disable key algorithm type in ssh.minimum_key_sizes. Improve config logging when WrappedQueue times out. Add branch delete to API. Use markdown frontmatter to provide Table of contents, language and frontmatter rendering. Add a way to mark Conversation (code comment) resolved. Handle yaml frontmatter in markdown. Cache PullRequest Divergence. Make gitea admin auth list formatting configurable. Add Matrix webhook. Add Organization Wide Labels. Allow to set protected file patterns for files that can not be changed under no conditions. Option to set default branch at repository creation. Add request review from specific reviewers feature in pull request. Add NextCloud oauth. System-wide webhooks. Relax sanitization as per https://github.com/jch/html-pipeline. Use media links for img in post-process. Add API endpoints to manage OAuth2 Application (list/create/delete). Render READMEs in docs/.gitea or.github from root. Add feishu webhook support. Cache last commit to accelerate the repository directory page visit. Implement basic app.ini and path checks to doctor cmd. Make WorkerPools and Queues flushable. Implement "embedded" command to extract static resources. Add API endpoint for repo transfer. Make archive preing configurable with a global setting. Add Unique Queue infrastructure and move TestPullRequests to this. /PR Context Popups. Add "Update Branch" button to Pull Requests. Add require signed commit for protected branch. Mark PR reviews as stale at push and allow to dismiss stale approvals. Add API notificati
1.12.0-rc209 Jun 2020 19:05 minor feature: SECURITY missing authorization check on pull for public repos of private/limited org Use session for retrieving org teams . missing authorization check on pull for public repos of private/limited org. Use session for retrieving org teams. Return json on 500 error from API wrong milestone in webhook message Prevent (caught) panic on login commit page js error Use media links for img in post-process Ensure public repositories in private organizations are visible and admin organizations list Set correct Content-Type value for Gogs/Gitea webhooks Allow all members of private orgs to see public repos Whenever the ctx.Session is updated, release it to save it before sending the redirect Forcibly clean and destroy the session on logout /api/v1/orgs/ endpoints by changing parameter to :org from :orgname. Add tracked time to doctor webpack chunk loading with STATIC_URL_PRE Remove unnecessary parentheses in wiki/revision.tmpl to allow 1.11 to build on go1.14 . Return json on 500 error from API. wrong milestone in webhook message. Prevent (caught) panic on login. commit page js error. Use media links for img in post-process. Ensure public repositories in private organizations are visible and admin organizations list. Set correct Content-Type value for Gogs/Gitea webhooks. Allow all members of private orgs to see public repos. Whenever the ctx.Session is updated, release it to save it before sending the redirect. Forcibly clean and destroy the session on logout. /api/v1/orgs/ endpoints by changing parameter to :org from :orgname. Add tracked time to doctor. webpack chunk loading with STATIC_URL_PRE. Remove unnecessary parentheses in wiki/revision.tmpl to allow 1.11 to build on go1.14.
1.11.601 Jun 2020 00:45 minor feature: SECURITY missing authorization check on pull for public repos of private/limited org Use session for retrieving org teams . missing authorization check on pull for public repos of private/limited org. Use session for retrieving org teams. Return json on 500 error from API wrong milestone in webhook message Prevent (caught) panic on login commit page js error Use media links for img in post-process Ensure public repositories in private organizations are visible and admin organizations list Set correct Content-Type value for Gogs/Gitea webhooks Allow all members of private orgs to see public repos Whenever the ctx.Session is updated, release it to save it before sending the redirect Forcibly clean and destroy the session on logout /api/v1/orgs/ endpoints by changing parameter to :org from :orgname. Add tracked time to doctor webpack chunk loading with STATIC_URL_PRE Remove unnecessary parentheses in wiki/revision.tmpl to allow 1.11 to build on go1.14 . Return json on 500 error from API. wrong milestone in webhook message. Prevent (caught) panic on login. commit page js error. Use media links for img in post-process. Ensure public repositories in private organizations are visible and admin organizations list. Set correct Content-Type value for Gogs/Gitea webhooks. Allow all members of private orgs to see public repos. Whenever the ctx.Session is updated, release it to save it before sending the redirect. Forcibly clean and destroy the session on logout. /api/v1/orgs/ endpoints by changing parameter to :org from :orgname. Add tracked time to doctor. webpack chunk loading with STATIC_URL_PRE. Remove unnecessary parentheses in wiki/revision.tmpl to allow 1.11 to build on go1.14.
1.12.0-rc122 May 2020 22:45 minor feature: Prevent timer leaks in Workerpool and others tracked time Add NotifySyncPushCommits to indexer notifier Allow X in addition to x in tasks When delete tracked time through the API return 404 not 500 Prevent duplicate records in organizations list when creating a repository Manage port in submodule refurl api.Context.NotFound(...) should tolerate nil Show pull request selection even when unrelated branches Repo: milestone: make /milestone/:id endpoint accessible GetContents(): Dont't ignore Executables submodule paths when AppSubUrl is not root Prevent clones and pushes to disabled wiki Remove errant third closing curly-bracket from account.tmpl and send account ID in account.tmpl On Repo Deletion: Delete related TrackedTimes too Refresh codemirror on show pull comment tab merge dialog on protected branch with missing required statuses Load pr Poster on API too release counter on API repository info Generate Diff and Patch direct from Pull head rebase conflict detection in git 2.26 . Prevent timer leaks in Workerpool and others. tracked time. Add NotifySyncPushCommits to indexer notifier. Allow X in addition to x in tasks. When delete tracked time through the API return 404 not 500. Prevent duplicate records in organizations list when creating a repository. Manage port in submodule refurl. api.Context.NotFound(...) should tolerate nil. Show pull request selection even when unrelated branches. Repo: milestone: make /milestone/:id endpoint accessible. GetContents(): Dont't ignore Executables. submodule paths when AppSubUrl is not root. Prevent clones and pushes to disabled wiki. Remove errant third closing curly-bracket from account.tmpl and send account ID in account.tmpl. On Repo Deletion: Delete related TrackedTimes too. Refresh codemirror on show pull comment tab. merge dialog on protected branch with missing required statuses. Load pr Poster on API too. release counter on API repository info. Generate Diff and Patch direct f
1.13.0-dev18 May 2020 23:25 minor feature: Prevent timer leaks in Workerpool and others tracked time Add NotifySyncPushCommits to indexer notifier Allow X in addition to x in tasks When delete tracked time through the API return 404 not 500 Prevent duplicate records in organizations list when creating a repository Manage port in submodule refurl api.Context.NotFound(...) should tolerate nil Show pull request selection even when unrelated branches Repo: milestone: make /milestone/:id endpoint accessible GetContents(): Dont't ignore Executables submodule paths when AppSubUrl is not root Prevent clones and pushes to disabled wiki Remove errant third closing curly-bracket from account.tmpl and send account ID in account.tmpl On Repo Deletion: Delete related TrackedTimes too Refresh codemirror on show pull comment tab merge dialog on protected branch with missing required statuses Load pr Poster on API too release counter on API repository info Generate Diff and Patch direct from Pull head rebase conflict detection in git 2.26 . Prevent timer leaks in Workerpool and others. tracked time. Add NotifySyncPushCommits to indexer notifier. Allow X in addition to x in tasks. When delete tracked time through the API return 404 not 500. Prevent duplicate records in organizations list when creating a repository. Manage port in submodule refurl. api.Context.NotFound(...) should tolerate nil. Show pull request selection even when unrelated branches. Repo: milestone: make /milestone/:id endpoint accessible. GetContents(): Dont't ignore Executables. submodule paths when AppSubUrl is not root. Prevent clones and pushes to disabled wiki. Remove errant third closing curly-bracket from account.tmpl and send account ID in account.tmpl. On Repo Deletion: Delete related TrackedTimes too. Refresh codemirror on show pull comment tab. merge dialog on protected branch with missing required statuses. Load pr Poster on API too. release counter on API repository info. Generate Diff and Patch direct f
1.11.511 May 2020 06:25 minor feature: Prevent timer leaks in Workerpool and others tracked time Add NotifySyncPushCommits to indexer notifier Allow X in addition to x in tasks When delete tracked time through the API return 404 not 500 Prevent duplicate records in organizations list when creating a repository Manage port in submodule refurl api.Context.NotFound(...) should tolerate nil Show pull request selection even when unrelated branches Repo: milestone: make /milestone/:id endpoint accessible GetContents(): Dont't ignore Executables submodule paths when AppSubUrl is not root Prevent clones and pushes to disabled wiki Remove errant third closing curly-bracket from account.tmpl and send account ID in account.tmpl On Repo Deletion: Delete related TrackedTimes too Refresh codemirror on show pull comment tab merge dialog on protected branch with missing required statuses Load pr Poster on API too release counter on API repository info Generate Diff and Patch direct from Pull head rebase conflict detection in git 2.26 . Prevent timer leaks in Workerpool and others. tracked time. Add NotifySyncPushCommits to indexer notifier. Allow X in addition to x in tasks. When delete tracked time through the API return 404 not 500. Prevent duplicate records in organizations list when creating a repository. Manage port in submodule refurl. api.Context.NotFound(...) should tolerate nil. Show pull request selection even when unrelated branches. Repo: milestone: make /milestone/:id endpoint accessible. GetContents(): Dont't ignore Executables. submodule paths when AppSubUrl is not root. Prevent clones and pushes to disabled wiki. Remove errant third closing curly-bracket from account.tmpl and send account ID in account.tmpl. On Repo Deletion: Delete related TrackedTimes too. Refresh codemirror on show pull comment tab. merge dialog on protected branch with missing required statuses. Load pr Poster on API too. release counter on API repository info. Generate Diff and Patch direct f
1.11.402 Apr 2020 13:05 minor feature: Only update merge_base if not already merged milestones too many SQL variables Protect against NPEs in notifications list Convert plumbing.ErrObjectNotFound to git.ErrNotExist in getCommit Convert plumbing.ErrReferenceNotFound to git.ErrNotExist in GetRefCommitID Account for empty lines in receive-hook message on branch API Migrate to go-git/go-git v5.0.0 hiding of fields in authorization source page Prevent default for linkAction . Only update merge_base if not already merged. milestones too many SQL variables. Protect against NPEs in notifications list. Convert plumbing.ErrObjectNotFound to git.ErrNotExist in getCommit. Convert plumbing.ErrReferenceNotFound to git.ErrNotExist in GetRefCommitID. Account for empty lines in receive-hook message. on branch API. Migrate to go-git/go-git v5.0.0. hiding of fields in authorization source page. Prevent default for linkAction.
1.11.311 Mar 2020 19:45 minor feature: . Prevent panic in stopwatch. on pull view when required status check no ci result. Build explicitly with Go 1.13.
1.11.118 Feb 2020 05:05 minor feature: Repo name added to automatically generated commit message when merging Workerpool deadlock Divide Gettats query in smaller chunks reply on code review Stop hanging indexer initialisation from preventing shutdown filter label emoji width sidebar menus having an infinite height commit between two commits calculation if there is only last commit Only check for conflicts/merging if the PR has not been merged in the interim Blacklist manifest.json milestones user . Repo name added to automatically generated commit message when merging. Workerpool deadlock. Divide Gettats query in smaller chunks. reply on code review. Stop hanging indexer initialisation from preventing shutdown. filter label emoji width. sidebar menus having an infinite height. commit between two commits calculation if there is only last commit. Only check for conflicts/merging if the PR has not been merged in the interim. Blacklist manifest.json milestones user.
1.11.012 Feb 2020 00:05 minor feature: BREAKING followers and following tabs in profile Make CertFile and KeyFile relative to CustomPath Remove unused endpoints Preall user-generated IDs in markup Enforce Gitea environment for pushes Hide some user information via API if user have not enough permissions Move startpage/homepage translation to crowdin . followers and following tabs in profile. Make CertFile and KeyFile relative to CustomPath. Remove unused endpoints. Preall user-generated IDs in markup. Enforce Gitea environment for pushes. Hide some user information via API if user have not enough permissions. Move startpage/homepage translation to crowdin. SECURITY Never allow an empty password to validate Prevent redirect to Host Swagger hide search field Add "search" to reserved usernames Switch to fomantic-ui Only serve attachments when linked to /release and if accessible by user . Never allow an empty password to validate. Prevent redirect to Host. Swagger hide search field. Add "search" to reserved usernames. Switch to fomantic-ui. Only serve attachments when linked to /release and if accessible by user. FEATURES Webhooks should only show sender if it makes sense Provide Default messages for merges Add description to labels on create Graceful Queues: Indexing and Tasks Default NO_REPLY_ADDRESS to DOMAIN Allow FCGI over unix sockets Graceful: Xorm, RepoIndexer, Cron and Others Add API for Reactions Graceful: Cancel Process on monitor pages HammerTime Graceful: Allow graceful restart for unix sockets Graceful: Allow graceful restart for fcgi Sign protected branches Add Graceful shutdown for Windows and hooks for shutdown of goroutines Add Gitea icon to Emojis Expand/Collapse Files and Blob Excerpt while Reviewing/Comparing code Allow Custom Reactions /reopen by keywords in titles and comments. Allow incompletely specified Time Formats Prevent upload (overwrite) of lfs locked file Template Repositories Add /milestones endpoint Make repository management section
1.11.0-rc223 Jan 2020 12:45 minor feature: SECURITY Hide credentials when submitting migration Never allow an empty password to validate Prevent redirect to Host Hide public repos owned by private orgs . Hide credentials when submitting migration. Never allow an empty password to validate. Prevent redirect to Host. Hide public repos owned by private orgs. Allow assignee on Pull Creation when Unit is deactivated download file wrong content-type wrong identify poster on a migrated pull request when submit review dump non-exist log directory compare missing msteam webhook on organization add team on collaborator page when same name as organization cache problem on dashboard Send tag create and push webhook when release created on UI Branches not at ref commit ID should not be listed as Merged . Allow assignee on Pull Creation when Unit is deactivated. download file wrong content-type. wrong identify poster on a migrated pull request when submit review. dump non-exist log directory. compare. missing msteam webhook on organization. add team on collaborator page when same name as organization. cache problem on dashboard. Send tag create and push webhook when release created on UI. Branches not at ref commit ID should not be listed as Merged.
1.10.318 Jan 2020 23:25 minor feature: SECURITY Hide credentials when submitting migration Never allow an empty password to validate Prevent redirect to Host Hide public repos owned by private orgs . Hide credentials when submitting migration. Never allow an empty password to validate. Prevent redirect to Host. Hide public repos owned by private orgs. Allow assignee on Pull Creation when Unit is deactivated download file wrong content-type wrong identify poster on a migrated pull request when submit review dump non-exist log directory compare missing msteam webhook on organization add team on collaborator page when same name as organization cache problem on dashboard Send tag create and push webhook when release created on UI Branches not at ref commit ID should not be listed as Merged . Allow assignee on Pull Creation when Unit is deactivated. download file wrong content-type. wrong identify poster on a migrated pull request when submit review. dump non-exist log directory. compare. missing msteam webhook on organization. add team on collaborator page when same name as organization. cache problem on dashboard. Send tag create and push webhook when release created on UI. Branches not at ref commit ID should not be listed as Merged.
1.12.0-dev09 Jan 2020 16:05 minor feature: Allow only specific Columns to be updated on via API Add ErrReactionAlreadyExist error when migrate from API Use default avatar for ghost user repository pagination when there are more than one label filter deleted branch not removed when push the branch again missing repository status when migrating repository via API Trigger webhook when deleting a branch after merging a PR paging on /repos/ owner / repo /git/trees/ sha API endpoint NewCommitStatus Use OriginalURL instead of CloneAddr in migration logging Slack webhook payload title generation to work with Mattermost DefaultBranch needs to be preby BranchPre indexer not triggered when migrating a repository that release attachment files not deleted when deleting repository migration releases File Edit: Author/Committer interchanged . Allow only specific Columns to be updated on via API. Add ErrReactionAlreadyExist error. when migrate from API. Use default avatar for ghost user. repository pagination when there are more than one label filter. deleted branch not removed when push the branch again. missing repository status when migrating repository via API. Trigger webhook when deleting a branch after merging a PR. paging on /repos/ owner / repo /git/trees/ sha API endpoint. NewCommitStatus. Use OriginalURL instead of CloneAddr in migration logging. Slack webhook payload title generation to work with Mattermost. DefaultBranch needs to be preby BranchPre. indexer not triggered when migrating a repository. that release attachment files not deleted when deleting repository. migration releases. File Edit: Author/Committer interchanged.
1.10.203 Jan 2020 16:25 minor feature: Allow only specific Columns to be updated on via API Add ErrReactionAlreadyExist error when migrate from API Use default avatar for ghost user repository pagination when there are more than one label filter deleted branch not removed when push the branch again missing repository status when migrating repository via API Trigger webhook when deleting a branch after merging a PR paging on /repos/ owner / repo /git/trees/ sha API endpoint NewCommitStatus Use OriginalURL instead of CloneAddr in migration logging Slack webhook payload title generation to work with Mattermost DefaultBranch needs to be preby BranchPre indexer not triggered when migrating a repository that release attachment files not deleted when deleting repository migration releases File Edit: Author/Committer interchanged . Allow only specific Columns to be updated on via API. Add ErrReactionAlreadyExist error. when migrate from API. Use default avatar for ghost user. repository pagination when there are more than one label filter. deleted branch not removed when push the branch again. missing repository status when migrating repository via API. Trigger webhook when deleting a branch after merging a PR. paging on /repos/ owner / repo /git/trees/ sha API endpoint. NewCommitStatus. Use OriginalURL instead of CloneAddr in migration logging. Slack webhook payload title generation to work with Mattermost. DefaultBranch needs to be preby BranchPre. indexer not triggered when migrating a repository. that release attachment files not deleted when deleting repository. migration releases. File Edit: Author/Committer interchanged.
1.10.106 Dec 2019 13:05 minor feature: Max length check and limit in multiple repo forms Properly displaying virtual session provider in admin panel Upgrade levelqueue to 0.1.0 Panic when diff Smtp logger configuration sendTos should be an array Always Show Password Field on Link Account Sign-in Page Create PR on Current Repository by Default Race on indexer ReCAPTCHA URL Hide migrated credentials Update golang.org/x/crypto vendor to use acme v2 Password checks on admin create/edit user Add search as a reserved username Permission checks for /reopen from commit Ensure Written is set in GZIP ProxyResponseWriter Broken link to branch from list Wrong system notice when repository is empty Shadow password correctly for session config . Max length check and limit in multiple repo forms. Properly displaying virtual session provider in admin panel. Upgrade levelqueue to 0.1.0. Panic when diff. Smtp logger configuration sendTos should be an array. Always Show Password Field on Link Account Sign-in Page. Create PR on Current Repository by Default. Race on indexer. ReCAPTCHA URL. Hide migrated credentials. Update golang.org/x/crypto vendor to use acme v2. Password checks on admin create/edit user. Add search as a reserved username. Permission checks for /reopen from commit. Ensure Written is set in GZIP ProxyResponseWriter. Broken link to branch from list. Wrong system notice when repository is empty. Shadow password correctly for session config.
1.10.018 Nov 2019 20:05 minor feature: BREAKING deadline on update or PR via API Hide some user information via API if user doesn't have enough permission Remove legacy handling of drone token Change repo search to use exact match for topic search. Add pagination for admin api get orgs and only list public orgs Implement the ability to change the ssh port to match what is in the gitea config . deadline on update or PR via API. Hide some user information via API if user doesn't have enough permission. Remove legacy handling of drone token. Change repo search to use exact match for topic search. Add pagination for admin api get orgs and only list public orgs. Implement the ability to change the ssh port to match what is in the gitea config. SECURITY. Ignore mentions for users with no access Be more strict with git arguments reserve.well-known username . Ignore mentions for users with no access. Be more strict with git arguments. reserve.well-known username. FEATURE. Org/Members: display 2FA members states + optimize sql requests SetDefaultBranch on pushing to empty repository Adds side-by-side diff for images API method to list all commits of a repository Password Complexity Checks Add option to initialize repository with labels Add additional password hash algorithms . Org/Members: display 2FA members states + optimize sql requests. SetDefaultBranch on pushing to empty repository. Adds side-by-side diff for images. API method to list all commits of a repository. Password Complexity Checks. Add option to initialize repository with labels. Add additional password hash algorithms. Allow to merge if file path contains " or . On windows set core.longpaths true when edit hook Checkbox at RepoSettings Protected Branch SSH2 conditional in key parsing code commit expand button to not go to commit link new user form for non-local users to opened io resources as soon as not needed edit content button on migrated content require external registration password password comple
1.9.614 Nov 2019 14:05 minor feature: Allow to merge if file path contains " or when edit hook with user.fullname Update Github Migration Test Add () method to gogitRepository . Allow to merge if file path contains " or . when edit hook. with user.fullname. Update Github Migration Test. Add () method to gogitRepository.
1.10.0-rc231 Oct 2019 10:25 minor feature: BREAKING. deadline on update or PR via API. Hide some user information via API if user doesn't have enough permission. . Expose db.SetMaxOpenConns and allow non MySQL dbs to set conn pool params. milestone timestamp. when getting user as unauthenticated user. 'New Missing Milestone Comment'. Use AppSubUrl for more redirections. Add SubURL to redirect path. template error on account page. Allow externalID to be UUID. Prevent removal of non-empty emoji panel following selection of duplicate. Update heatmap tures to restore tests. Ensure that diff stats can scroll independently of the diff. Webhook: set Content-Type for application/x-www-form-urlencoded. by handling empty repos. on pull requests when transfer head repository. Add missed in ServeBlobLFS. Ensure that GitRepo is set on Empty repositories. migrate mirror 500. password complexity regex for special characters. Prevent.code-view from overriding font on icon fonts. Allow more than 255 characters for tokens in external_login_user table.
1.11.0-dev15 Oct 2019 11:05 minor feature: Highlight references When migrating a private repository #7917 Change general form binding to gogs form Editor commit to new branch if PR disabled Milestone num_ Allow users with explicit read access to give approvals Commit status in PR #8316 and PR #8321 API for edit and delete release attachment Assets on release webhook Release API URL generation Allow registration when button is hidden MS Teams webhook misses commit messages (backport v1.9) Data race Pull merge 500 error caused by git-fetch breaking behaviors The SSH config specification in the authorized_keys template Reading git notes from nested trees Team user api Add reviewers as participants . Highlight references. When migrating a private repository #7917. Change general form binding to gogs form. Editor commit to new branch if PR disabled. Milestone num_. Allow users with explicit read access to give approvals. Commit status in PR #8316 and PR #8321. API for edit and delete release attachment. Assets on release webhook. Release API URL generation. Allow registration when button is hidden. MS Teams webhook misses commit messages (backport v1.9). Data race. Pull merge 500 error caused by git-fetch breaking behaviors. The SSH config specification in the authorized_keys template. Reading git notes from nested trees. Team user api. Add reviewers as participants. BUILD Use vendored go-swagger Version-validation for GO 1.13 (go-macaron/cors) . Use vendored go-swagger. Version-validation for GO 1.13 (go-macaron/cors). MISC Make show private icon when repo avatar set . Make show private icon when repo avatar set.
1.9.409 Oct 2019 22:27 minor feature: