Recent Releases
1.14.012 Apr 2021 16:25
minor feature:
SECURITY
Respect approved email domain list for externally validated user registration
Add reverse proxy configuration support for remote IP address detection
Ensure validation occurs on clone addresses too
.
Respect approved email domain list for externally validated user registration.
Add reverse proxy configuration support for remote IP address detection.
Ensure validation occurs on clone addresses too.
BREAKING
double 'push tag' action feed
Remove possible resource leak
Handle unauthorized user events gracefully
Restore Access.log following migration to Chi framework (Stops access logging of /api/internal routes)
Migrate from Macaron to Chi framework
Deprecate building for mips
Consolidate Logos and update README header
Inline manifest.json
Store repository data in data path if not previously set
Rename "gitea" png to "logo"
Standardise logging of failed authentication attempts in internal SSH
Add markdown support in organization description
Improve users management through the CLI
.
double 'push tag' action feed.
Remove possible resource leak.
Handle unauthorized user events gracefully.
Restore Access.log following migration to Chi framework (Stops access logging of /api/internal routes).
Migrate from Macaron to Chi framework.
Deprecate building for mips.
Consolidate Logos and update README header.
Inline manifest.json.
Store repository data in data path if not previously set.
Rename "gitea" png to "logo".
Standardise logging of failed authentication attempts in internal SSH.
Add markdown support in organization description.
Improve users management through the CLI.
FEATURES
Create a new with reference to lines of code from file view
Repository transfer has to be confirmed, if user can not create repo for new owner
Allow blocking some email domains from registering an account
Create a new based on reference to an comment
Add support to migrate from gogs
Add pager to the branches page
Minimal OpenID Connect implementation
Display curre
1.13.708 Apr 2021 10:45
minor feature:
SECURITY
Update to bluemonday-1.0.6
Clusterfuzz found another way
.
Update to bluemonday-1.0.6.
Clusterfuzz found another way.
API
wrong user returned in API
.
wrong user returned in API.
Add 'fonts' into 'KnownPublicEntries'
Speed up enry.IsVendor
Response 404 for diff/patch of a commit that not exist
Prevent NPE in CommentMustAsDiff if no hunk header
.
Add 'fonts' into 'KnownPublicEntries'.
Speed up enry.IsVendor.
Response 404 for diff/patch of a commit that not exist.
Prevent NPE in CommentMustAsDiff if no hunk header.
MISC
Add size to Save function
.
Add size to Save function.
1.14.0-rc226 Mar 2021 01:45
minor feature:
SECURITY
on avatar middleware
Another clusterfuzz identified
.
on avatar middleware.
Another clusterfuzz identified.
API
Nil exeption for get pull reviews API #15104
.
Nil exeption for get pull reviews API #15104.
Markdown rendering in milestone content
.
Markdown rendering in milestone content.
1.15.0-dev21 Mar 2021 06:45
minor feature:
SECURITY
Popups
.
Popups.
Race in LFS ContentStore.Put(...)
a couple of with a feeds
When transfering repository and database transaction failed, rollback the renames
Race in local storage
on pull view page if user is not loged in
.
Race in LFS ContentStore.Put(...).
a couple of with a feeds.
When transfering repository and database transaction failed, rollback the renames.
Race in local storage.
on pull view page if user is not loged in.
DOCS
How lfs data path is set
.
How lfs data path is set.
1.13.409 Mar 2021 14:05
minor feature:
SECURITY
Popups
.
Popups.
Race in LFS ContentStore.Put(...)
a couple of with a feeds
When transfering repository and database transaction failed, rollback the renames
Race in local storage
on pull view page if user is not loged in
.
Race in LFS ContentStore.Put(...).
a couple of with a feeds.
When transfering repository and database transaction failed, rollback the renames.
Race in local storage.
on pull view page if user is not loged in.
DOCS
How lfs data path is set
.
How lfs data path is set.
1.13.305 Mar 2021 14:25
minor feature:
BREAKING SECURITY
Turn default hash password algorithm back to pbkdf2 from argon2 until we find a better one
.
Turn default hash password algorithm back to pbkdf2 from argon2 until we find a better one.
paging of file commit logs
Print useful error if SQLite is used in settings but not supported
display since time round
When Deleting Repository only explicitly PRs whose base is not this repository
Set HCaptchaSiteKey on Link Account pages
a couple of CommentAsPatch.
Disable broken OAuth2 providers at startup
Repo Transfer permission checks
double alert in oauth2 application edit view
broken spans in diffs
Prevent race in PersistableChannelUniqueQueue.Has
HasPreviousCommit causes recursive load of commits unnecessarily
Do not assume all 40 char strings are SHA1s
Allow org labels to be set with templates
Accept multiple SSH keys in single LDAP SSHPublicKey attribute
about ListOptions and stars/watchers pagnation
GPG key deletion during account deletion
.
paging of file commit logs.
Print useful error if SQLite is used in settings but not supported.
display since time round.
When Deleting Repository only explicitly PRs whose base is not this repository.
Set HCaptchaSiteKey on Link Account pages.
a couple of CommentAsPatch..
Disable broken OAuth2 providers at startup.
Repo Transfer permission checks.
double alert in oauth2 application edit view.
broken spans in diffs.
Prevent race in PersistableChannelUniqueQueue.Has.
HasPreviousCommit causes recursive load of commits unnecessarily.
Do not assume all 40 char strings are SHA1s.
Allow org labels to be set with templates.
Accept multiple SSH keys in single LDAP SSHPublicKey attribute.
about ListOptions and stars/watchers pagnation.
GPG key deletion during account deletion.
1.13.202 Feb 2021 12:05
minor feature:
SECURITY
Prevent panic on fuzzer provided string
Add secure/httpOnly attributes to the lang cookie
.
Prevent panic on fuzzer provided string.
Add secure/httpOnly attributes to the lang cookie.
API
If release publisher is deleted use ghost user
.
If release publisher is deleted use ghost user.
Internal ssh server respect Ciphers, MACs and KeyExchanges settings
Set the name Mapper in migrations
wiki preview
Update code.gitea.io/sdk/gitea v0.13.1 - v0.13.2
ChangeUserName: rename user files back on DB
lfs preview
Ensure timeout error is shown on u2f timeout
Deadlock Delete affected reactions on comment deletion
Use path not filepath in routers/editor
Check if label template exist first
migration v141
Use Request.URL.RequestURI() for fcgi
Use ServerError provided by Context
edit-label form init
mailCommentBatch for pull request
Render links for commit hashes followed by comma
Send notifications for mentions in pulls,, (code-)comments
avatar
Ensure that schema search path is set with every connection on postgres
dashboard labels filter
When visit /favicon.ico but the static file is not exist return 404 but not continue to handle the route
branch selector on new page
Check for notExist on profile repository page
.
Internal ssh server respect Ciphers, MACs and KeyExchanges settings.
Set the name Mapper in migrations.
wiki preview.
Update code.gitea.io/sdk/gitea v0.13.1 - v0.13.2.
ChangeUserName: rename user files back on DB.
lfs preview.
Ensure timeout error is shown on u2f timeout.
Deadlock Delete affected reactions on comment deletion.
Use path not filepath in routers/editor.
Check if label template exist first.
migration v141.
Use Request.URL.RequestURI() for fcgi.
Use ServerError provided by Context.
edit-label form init.
mailCommentBatch for pull request.
Render links for commit hashes followed by comma.
Send notifications for mentions in pulls,, (code-)comments.
avatar.
Ensure that schema search path is set with ever
1.13.130 Dec 2020 13:05
minor feature:
SECURITY
Hide private participation in Orgs
escaping in diff
.
Hide private participation in Orgs.
escaping in diff.
of link query order on markdown render
Drop long repo topics during migration
Ensure that search term and page are not lost on adoption page-turn
storage config implementation
panic in BasicAuthDecode
Always wait for the cmd to finish
Don't use simpleMDE editor on mobile devices for 1.13
incorrect review comment diffs
Trim the branch prefrom action.GetBranch
Ensure template renderer is available before storage handler
Whenever the password is updated ensure that the hash algorithm is too
Enforce setting HEAD in wiki to master
feishu webhook caused by API changed
Quote Reply button on review diff
Pull Merge when tag with same name as base branch exist
mermaid chart size
branch/tag notifications in mirror sync
crash in short link processor
Update font stack to bootstrap's latest
Make sure email recipients can see
Reply button is not removed when deleting a code review comment
When reinitialising DBConfig reset the database use flags
.
of link query order on markdown render.
Drop long repo topics during migration.
Ensure that search term and page are not lost on adoption page-turn.
storage config implementation.
panic in BasicAuthDecode.
Always wait for the cmd to finish.
Don't use simpleMDE editor on mobile devices for 1.13.
incorrect review comment diffs.
Trim the branch prefrom action.GetBranch.
Ensure template renderer is available before storage handler.
Whenever the password is updated ensure that the hash algorithm is too.
Enforce setting HEAD in wiki to master.
feishu webhook caused by API changed.
Quote Reply button on review diff.
Pull Merge when tag with same name as base branch exist.
mermaid chart size.
branch/tag notifications in mirror sync.
crash in short link processor.
Update font stack to bootstrap's latest.
Make sure email recipients can see.
Reply button is not removed when deleting a code
1.13.003 Dec 2020 13:45
minor feature:
SECURITY
Add Allow-/Block-List for Migrate Mirrors
Prevent git operations for inactive users
Disallow urlencoded new lines in git protocol paths if there is a port
Mitigate Security vulnerability in the git hook feature
Disable DSA ssh keys by default
Set TLS minimum version to 1.2
Use argon as default password hash algorithm
.
Add Allow-/Block-List for Migrate Mirrors.
Prevent git operations for inactive users.
Disallow urlencoded new lines in git protocol paths if there is a port.
Mitigate Security vulnerability in the git hook feature.
Disable DSA ssh keys by default.
Set TLS minimum version to 1.2.
Use argon as default password hash algorithm.
BREAKING
Set RUN_MODE prod by default
Don't replace underscores in auto-generated IDs in goldmark
Add Primary Key to Topic and RepoTopic tables
Disable password complexity check default
Change PIDFile default from /var/run/gitea.pid to /run/gitea.pid
Add extension Support to Attachments (allow all types for releases)
Remove IE11 Support
.
Set RUN_MODE prod by default.
Don't replace underscores in auto-generated IDs in goldmark.
Add Primary Key to Topic and RepoTopic tables.
Disable password complexity check default.
Change PIDFile default from /var/run/gitea.pid to /run/gitea.pid.
Add extension Support to Attachments (allow all types for releases).
Remove IE11 Support.
FEATURES
Adopt repositories
Check passwords against HaveIBeenPwned
Gitea 2 Gitea migration
Support storing Avatars in minio
Allow addition of gpg keyring with multiple keys
Add email notify for new release
Add Access-Control-Expose-Headers
UserProfile Page: Render Description
Add command to recreate tables
Add mermaid JS renderer
Add ssh certificate support
Add spent time to referenced in commit message
Initial support for push options
Provide option to unlink a fork
Show exact tag for commit on diff view
Pause, Resume, Release Reopen, Add and Remove Logging from command line
templates directory
Add a storage layer for
1.12.617 Nov 2020 07:05
minor feature:
SECURITY
Prevent git operations for inactive users
Disallow urlencoded new lines in git protocol paths if there is a port
.
Prevent git operations for inactive users.
Disallow urlencoded new lines in git protocol paths if there is a port.
API should only return Json
before and since query arguments at API
Prevent panic on git blame by limiting lines to 4096 bytes at most
link detection in repository description with tailing '_'
Remove obsolete change of email on profile page
permission check on get Reactions API endpoints
Add migrated pulls to pull request task queue
API deny wrong pull creation options
initial commit page binary munching problem
diff parsing
Return error 404 not 500 from API if team does not exist
Prohibit automatic downgrades
GitLab Migration Option AuthToken
GitLab Label Color Normalizer
Log the underlying panic in runMigrateTask
attachments list in edit comment
deadlock when deleting team user
error create comment on outdated file
repository create/delete event webhooks
internal server error on README in submodule
.
API should only return Json.
before and since query arguments at API.
Prevent panic on git blame by limiting lines to 4096 bytes at most.
link detection in repository description with tailing '_'.
Remove obsolete change of email on profile page.
permission check on get Reactions API endpoints.
Add migrated pulls to pull request task queue.
API deny wrong pull creation options.
initial commit page binary munching problem.
diff parsing.
Return error 404 not 500 from API if team does not exist.
Prohibit automatic downgrades.
GitLab Migration Option AuthToken.
GitLab Label Color Normalizer.
Log the underlying panic in runMigrateTask.
attachments list in edit comment.
deadlock when deleting team user.
error create comment on outdated file.
repository create/delete event webhooks.
internal server error on README in submodule.
1.13.0-rc211 Nov 2020 17:25
minor feature:
Allow U2F with default settings for gitea in subpath
Prevent empty div when editing comment
On mirror update also update address in DB
Allow extended config on cron settings
Open transaction when adding Avatar email-hash pairs to the DB
internal server error from ListUserOrgs API
Update only the repository columns that need updating
panic when adding long comment
Add size limit for content of comment on action ui
Convert User expose ID each time
Support slashes in release tags
Add missing information to CreateRepo API endpoint
On Migration respect old DefaultBranch
notifications page links
Stop cloning unnecessarily on PR update
Escape more things that are passed through str2html
Remove double escape on labels addition in comments
"only mail on mention".
yet another with diff file names
RepoInit Respect AlternateDefaultBranch
Avatar Resize (resize algo NearestNeighbor - Bilinear)
.
Allow U2F with default settings for gitea in subpath.
Prevent empty div when editing comment.
On mirror update also update address in DB.
Allow extended config on cron settings.
Open transaction when adding Avatar email-hash pairs to the DB.
internal server error from ListUserOrgs API.
Update only the repository columns that need updating.
panic when adding long comment.
Add size limit for content of comment on action ui.
Convert User expose ID each time.
Support slashes in release tags.
Add missing information to CreateRepo API endpoint.
On Migration respect old DefaultBranch.
notifications page links.
Stop cloning unnecessarily on PR update.
Escape more things that are passed through str2html.
Remove double escape on labels addition in comments.
"only mail on mention".
yet another with diff file names.
RepoInit Respect AlternateDefaultBranch.
Avatar Resize (resize algo NearestNeighbor - Bilinear).
ENHANCEMENTS
gitea dump: include version Check InstallLock
.
gitea dump: include version Check InstallLock.
1.14.0-dev15 Oct 2020 18:25
minor feature:
Allow U2F with default settings for gitea in subpath
Prevent empty div when editing comment
On mirror update also update address in DB
Allow extended config on cron settings
Open transaction when adding Avatar email-hash pairs to the DB
internal server error from ListUserOrgs API
Update only the repository columns that need updating
panic when adding long comment
Add size limit for content of comment on action ui
Convert User expose ID each time
Support slashes in release tags
Add missing information to CreateRepo API endpoint
On Migration respect old DefaultBranch
notifications page links
Stop cloning unnecessarily on PR update
Escape more things that are passed through str2html
Remove double escape on labels addition in comments
"only mail on mention".
yet another with diff file names
RepoInit Respect AlternateDefaultBranch
Avatar Resize (resize algo NearestNeighbor - Bilinear)
.
Allow U2F with default settings for gitea in subpath.
Prevent empty div when editing comment.
On mirror update also update address in DB.
Allow extended config on cron settings.
Open transaction when adding Avatar email-hash pairs to the DB.
internal server error from ListUserOrgs API.
Update only the repository columns that need updating.
panic when adding long comment.
Add size limit for content of comment on action ui.
Convert User expose ID each time.
Support slashes in release tags.
Add missing information to CreateRepo API endpoint.
On Migration respect old DefaultBranch.
notifications page links.
Stop cloning unnecessarily on PR update.
Escape more things that are passed through str2html.
Remove double escape on labels addition in comments.
"only mail on mention".
yet another with diff file names.
RepoInit Respect AlternateDefaultBranch.
Avatar Resize (resize algo NearestNeighbor - Bilinear).
ENHANCEMENTS
gitea dump: include version Check InstallLock
.
gitea dump: include version Check InstallLock.
1.12.502 Oct 2020 10:45
minor feature:
Allow U2F with default settings for gitea in subpath
Prevent empty div when editing comment
On mirror update also update address in DB
Allow extended config on cron settings
Open transaction when adding Avatar email-hash pairs to the DB
internal server error from ListUserOrgs API
Update only the repository columns that need updating
panic when adding long comment
Add size limit for content of comment on action ui
Convert User expose ID each time
Support slashes in release tags
Add missing information to CreateRepo API endpoint
On Migration respect old DefaultBranch
notifications page links
Stop cloning unnecessarily on PR update
Escape more things that are passed through str2html
Remove double escape on labels addition in comments
"only mail on mention".
yet another with diff file names
RepoInit Respect AlternateDefaultBranch
Avatar Resize (resize algo NearestNeighbor - Bilinear)
.
Allow U2F with default settings for gitea in subpath.
Prevent empty div when editing comment.
On mirror update also update address in DB.
Allow extended config on cron settings.
Open transaction when adding Avatar email-hash pairs to the DB.
internal server error from ListUserOrgs API.
Update only the repository columns that need updating.
panic when adding long comment.
Add size limit for content of comment on action ui.
Convert User expose ID each time.
Support slashes in release tags.
Add missing information to CreateRepo API endpoint.
On Migration respect old DefaultBranch.
notifications page links.
Stop cloning unnecessarily on PR update.
Escape more things that are passed through str2html.
Remove double escape on labels addition in comments.
"only mail on mention".
yet another with diff file names.
RepoInit Respect AlternateDefaultBranch.
Avatar Resize (resize algo NearestNeighbor - Bilinear).
ENHANCEMENTS
gitea dump: include version Check InstallLock
.
gitea dump: include version Check InstallLock.
1.12.404 Sep 2020 17:25
minor feature:
SECURITY.
Escape provider name in oauth2 provider redirect.
Escape Email on password reset page.
When reading expired sessions - expire them.
ENHANCEMENTS.
StaticRootPath configurable at compile time.
.
to show an that is related to a deleted.
Expire time acknowledged for cache.
diff path unquoting.
Improve HTML escaping helper.
models: break out of loop.
Default empty merger list to those with write permissions.
Skip SSPI authentication attempts for /api/internal.
Prevent NPE on commenting on lines with invalidated comments.
Remove hardcoded ES indexername.
preventing transfer to private organization.
Keys should not verify revoked email addresses.
Do not add preon http/https submodule links.
ignored login on compare.
incorrect error logging in Stats indexer and OAuth2.
Upgrade google/go-github to v32.1.0.
Render emoji's of Commit message on feed-page.
handling of diff on unrelated branches when Git 2.28 used.
1.12.329 Jul 2020 21:45
minor feature:
.
Don't change creation date when updating Release.
Show 404 page when release not found.
emoji detection in certain cases.
Reduce emoji size.
double-indirection in logging IDs.
Link to pull list page on sidebar when view pr.
Extend Notifications API and return pinned notifications by default.
1.12.213 Jul 2020 06:45
minor feature:
When deleting repository decrese user repositry count in cache
Gitea commits API again returns commit summaries, not full messages
Properly set HEAD when a repo is created with a non-master default branch
Ensure Subkeys are verified
failing to cache last commit with key being to long
Multiple small admin dashboard
Remove spurious logging
repository setup instructions when default branch is not master
Move EventSource to SharedWorker
ui in wiki commit page
gitgraph branch continues after merge
Set the base url when migrating from Gitlab using access token or username without password
Ensure BlameReaders at end of request
comments webhook panic backport
.
When deleting repository decrese user repositry count in cache.
Gitea commits API again returns commit summaries, not full messages.
Properly set HEAD when a repo is created with a non-master default branch.
Ensure Subkeys are verified.
failing to cache last commit with key being to long.
Multiple small admin dashboard.
Remove spurious logging.
repository setup instructions when default branch is not master.
Move EventSource to SharedWorker.
ui in wiki commit page.
gitgraph branch continues after merge.
Set the base url when migrating from Gitlab using access token or username without password.
Ensure BlameReaders at end of request.
comments webhook panic backport.
ENHANCEMENTS
Disable dropzone's timeout
.
Disable dropzone's timeout.
1.12.123 Jun 2020 15:05
minor feature:
Handle multiple merges in gitgraph.js
Add serviceworker.js to KnownPublicEntries
For language detection do not try to analyze big files by content
.
Handle multiple merges in gitgraph.js.
Add serviceworker.js to KnownPublicEntries.
For language detection do not try to analyze big files by content.
ENHANCEMENTS
scrollable header on dropdowns
.
scrollable header on dropdowns.
1.12.019 Jun 2020 03:25
minor feature:
When using API CreateRelease set created_unix to the tag commit time.
Enable ENABLE_HARD_LINE_BREAK by default for rendering markdown.
sanitizer config - multiple rules.
Remove check on username when using AccessToken authentication for the API.
Return 404 from Contents API when items don't exist.
Notification API should always return a JSON object with the current count of notifications.
Remove migration support from versions earlier than 1.6.0.
Use -1 to disable key algorithm type in ssh.minimum_key_sizes.
Improve config logging when WrappedQueue times out.
Add branch delete to API.
Use markdown frontmatter to provide Table of contents, language and frontmatter rendering.
Add a way to mark Conversation (code comment) resolved.
Handle yaml frontmatter in markdown.
Cache PullRequest Divergence.
Make gitea admin auth list formatting configurable.
Add Matrix webhook.
Add Organization Wide Labels.
Allow to set protected file patterns for files that can not be changed under no conditions.
Option to set default branch at repository creation.
Add request review from specific reviewers feature in pull request.
Add NextCloud oauth.
System-wide webhooks.
Relax sanitization as per https://github.com/jch/html-pipeline.
Use media links for img in post-process.
Add API endpoints to manage OAuth2 Application (list/create/delete).
Render READMEs in docs/.gitea or.github from root.
Add feishu webhook support.
Cache last commit to accelerate the repository directory page visit.
Implement basic app.ini and path checks to doctor cmd.
Make WorkerPools and Queues flushable.
Implement "embedded" command to extract static resources.
Add API endpoint for repo transfer.
Make archive preing configurable with a global setting.
Add Unique Queue infrastructure and move TestPullRequests to this.
/PR Context Popups.
Add "Update Branch" button to Pull Requests.
Add require signed commit for protected branch.
Mark PR reviews as stale at push and allow to dismiss stale approvals.
Add API notificati
1.12.0-rc209 Jun 2020 19:05
minor feature:
SECURITY
missing authorization check on pull for public repos of private/limited org
Use session for retrieving org teams
.
missing authorization check on pull for public repos of private/limited org.
Use session for retrieving org teams.
Return json on 500 error from API
wrong milestone in webhook message
Prevent (caught) panic on login
commit page js error
Use media links for img in post-process
Ensure public repositories in private organizations are visible and admin organizations list
Set correct Content-Type value for Gogs/Gitea webhooks
Allow all members of private orgs to see public repos
Whenever the ctx.Session is updated, release it to save it before sending the redirect
Forcibly clean and destroy the session on logout
/api/v1/orgs/ endpoints by changing parameter to :org from :orgname.
Add tracked time to doctor
webpack chunk loading with STATIC_URL_PRE
Remove unnecessary parentheses in wiki/revision.tmpl to allow 1.11 to build on go1.14
.
Return json on 500 error from API.
wrong milestone in webhook message.
Prevent (caught) panic on login.
commit page js error.
Use media links for img in post-process.
Ensure public repositories in private organizations are visible and admin organizations list.
Set correct Content-Type value for Gogs/Gitea webhooks.
Allow all members of private orgs to see public repos.
Whenever the ctx.Session is updated, release it to save it before sending the redirect.
Forcibly clean and destroy the session on logout.
/api/v1/orgs/ endpoints by changing parameter to :org from :orgname.
Add tracked time to doctor.
webpack chunk loading with STATIC_URL_PRE.
Remove unnecessary parentheses in wiki/revision.tmpl to allow 1.11 to build on go1.14.
1.11.601 Jun 2020 00:45
minor feature:
SECURITY
missing authorization check on pull for public repos of private/limited org
Use session for retrieving org teams
.
missing authorization check on pull for public repos of private/limited org.
Use session for retrieving org teams.
Return json on 500 error from API
wrong milestone in webhook message
Prevent (caught) panic on login
commit page js error
Use media links for img in post-process
Ensure public repositories in private organizations are visible and admin organizations list
Set correct Content-Type value for Gogs/Gitea webhooks
Allow all members of private orgs to see public repos
Whenever the ctx.Session is updated, release it to save it before sending the redirect
Forcibly clean and destroy the session on logout
/api/v1/orgs/ endpoints by changing parameter to :org from :orgname.
Add tracked time to doctor
webpack chunk loading with STATIC_URL_PRE
Remove unnecessary parentheses in wiki/revision.tmpl to allow 1.11 to build on go1.14
.
Return json on 500 error from API.
wrong milestone in webhook message.
Prevent (caught) panic on login.
commit page js error.
Use media links for img in post-process.
Ensure public repositories in private organizations are visible and admin organizations list.
Set correct Content-Type value for Gogs/Gitea webhooks.
Allow all members of private orgs to see public repos.
Whenever the ctx.Session is updated, release it to save it before sending the redirect.
Forcibly clean and destroy the session on logout.
/api/v1/orgs/ endpoints by changing parameter to :org from :orgname.
Add tracked time to doctor.
webpack chunk loading with STATIC_URL_PRE.
Remove unnecessary parentheses in wiki/revision.tmpl to allow 1.11 to build on go1.14.
1.12.0-rc122 May 2020 22:45
minor feature:
Prevent timer leaks in Workerpool and others
tracked time
Add NotifySyncPushCommits to indexer notifier
Allow X in addition to x in tasks
When delete tracked time through the API return 404 not 500
Prevent duplicate records in organizations list when creating a repository
Manage port in submodule refurl
api.Context.NotFound(...) should tolerate nil
Show pull request selection even when unrelated branches
Repo: milestone: make /milestone/:id endpoint accessible
GetContents(): Dont't ignore Executables
submodule paths when AppSubUrl is not root
Prevent clones and pushes to disabled wiki
Remove errant third closing curly-bracket from account.tmpl and send account ID in account.tmpl
On Repo Deletion: Delete related TrackedTimes too
Refresh codemirror on show pull comment tab
merge dialog on protected branch with missing required statuses
Load pr Poster on API too
release counter on API repository info
Generate Diff and Patch direct from Pull head
rebase conflict detection in git 2.26
.
Prevent timer leaks in Workerpool and others.
tracked time.
Add NotifySyncPushCommits to indexer notifier.
Allow X in addition to x in tasks.
When delete tracked time through the API return 404 not 500.
Prevent duplicate records in organizations list when creating a repository.
Manage port in submodule refurl.
api.Context.NotFound(...) should tolerate nil.
Show pull request selection even when unrelated branches.
Repo: milestone: make /milestone/:id endpoint accessible.
GetContents(): Dont't ignore Executables.
submodule paths when AppSubUrl is not root.
Prevent clones and pushes to disabled wiki.
Remove errant third closing curly-bracket from account.tmpl and send account ID in account.tmpl.
On Repo Deletion: Delete related TrackedTimes too.
Refresh codemirror on show pull comment tab.
merge dialog on protected branch with missing required statuses.
Load pr Poster on API too.
release counter on API repository info.
Generate Diff and Patch direct f
1.13.0-dev18 May 2020 23:25
minor feature:
Prevent timer leaks in Workerpool and others
tracked time
Add NotifySyncPushCommits to indexer notifier
Allow X in addition to x in tasks
When delete tracked time through the API return 404 not 500
Prevent duplicate records in organizations list when creating a repository
Manage port in submodule refurl
api.Context.NotFound(...) should tolerate nil
Show pull request selection even when unrelated branches
Repo: milestone: make /milestone/:id endpoint accessible
GetContents(): Dont't ignore Executables
submodule paths when AppSubUrl is not root
Prevent clones and pushes to disabled wiki
Remove errant third closing curly-bracket from account.tmpl and send account ID in account.tmpl
On Repo Deletion: Delete related TrackedTimes too
Refresh codemirror on show pull comment tab
merge dialog on protected branch with missing required statuses
Load pr Poster on API too
release counter on API repository info
Generate Diff and Patch direct from Pull head
rebase conflict detection in git 2.26
.
Prevent timer leaks in Workerpool and others.
tracked time.
Add NotifySyncPushCommits to indexer notifier.
Allow X in addition to x in tasks.
When delete tracked time through the API return 404 not 500.
Prevent duplicate records in organizations list when creating a repository.
Manage port in submodule refurl.
api.Context.NotFound(...) should tolerate nil.
Show pull request selection even when unrelated branches.
Repo: milestone: make /milestone/:id endpoint accessible.
GetContents(): Dont't ignore Executables.
submodule paths when AppSubUrl is not root.
Prevent clones and pushes to disabled wiki.
Remove errant third closing curly-bracket from account.tmpl and send account ID in account.tmpl.
On Repo Deletion: Delete related TrackedTimes too.
Refresh codemirror on show pull comment tab.
merge dialog on protected branch with missing required statuses.
Load pr Poster on API too.
release counter on API repository info.
Generate Diff and Patch direct f
1.11.511 May 2020 06:25
minor feature:
Prevent timer leaks in Workerpool and others
tracked time
Add NotifySyncPushCommits to indexer notifier
Allow X in addition to x in tasks
When delete tracked time through the API return 404 not 500
Prevent duplicate records in organizations list when creating a repository
Manage port in submodule refurl
api.Context.NotFound(...) should tolerate nil
Show pull request selection even when unrelated branches
Repo: milestone: make /milestone/:id endpoint accessible
GetContents(): Dont't ignore Executables
submodule paths when AppSubUrl is not root
Prevent clones and pushes to disabled wiki
Remove errant third closing curly-bracket from account.tmpl and send account ID in account.tmpl
On Repo Deletion: Delete related TrackedTimes too
Refresh codemirror on show pull comment tab
merge dialog on protected branch with missing required statuses
Load pr Poster on API too
release counter on API repository info
Generate Diff and Patch direct from Pull head
rebase conflict detection in git 2.26
.
Prevent timer leaks in Workerpool and others.
tracked time.
Add NotifySyncPushCommits to indexer notifier.
Allow X in addition to x in tasks.
When delete tracked time through the API return 404 not 500.
Prevent duplicate records in organizations list when creating a repository.
Manage port in submodule refurl.
api.Context.NotFound(...) should tolerate nil.
Show pull request selection even when unrelated branches.
Repo: milestone: make /milestone/:id endpoint accessible.
GetContents(): Dont't ignore Executables.
submodule paths when AppSubUrl is not root.
Prevent clones and pushes to disabled wiki.
Remove errant third closing curly-bracket from account.tmpl and send account ID in account.tmpl.
On Repo Deletion: Delete related TrackedTimes too.
Refresh codemirror on show pull comment tab.
merge dialog on protected branch with missing required statuses.
Load pr Poster on API too.
release counter on API repository info.
Generate Diff and Patch direct f
1.11.402 Apr 2020 13:05
minor feature:
Only update merge_base if not already merged
milestones too many SQL variables
Protect against NPEs in notifications list
Convert plumbing.ErrObjectNotFound to git.ErrNotExist in getCommit
Convert plumbing.ErrReferenceNotFound to git.ErrNotExist in GetRefCommitID
Account for empty lines in receive-hook message
on branch API
Migrate to go-git/go-git v5.0.0
hiding of fields in authorization source page
Prevent default for linkAction
.
Only update merge_base if not already merged.
milestones too many SQL variables.
Protect against NPEs in notifications list.
Convert plumbing.ErrObjectNotFound to git.ErrNotExist in getCommit.
Convert plumbing.ErrReferenceNotFound to git.ErrNotExist in GetRefCommitID.
Account for empty lines in receive-hook message.
on branch API.
Migrate to go-git/go-git v5.0.0.
hiding of fields in authorization source page.
Prevent default for linkAction.
1.11.311 Mar 2020 19:45
minor feature:
.
Prevent panic in stopwatch.
on pull view when required status check no ci result.
Build explicitly with Go 1.13.
1.11.118 Feb 2020 05:05
minor feature:
Repo name added to automatically generated commit message when merging
Workerpool deadlock
Divide Gettats query in smaller chunks
reply on code review
Stop hanging indexer initialisation from preventing shutdown
filter label emoji width
sidebar menus having an infinite height
commit between two commits calculation if there is only last commit
Only check for conflicts/merging if the PR has not been merged in the interim
Blacklist manifest.json milestones user
.
Repo name added to automatically generated commit message when merging.
Workerpool deadlock.
Divide Gettats query in smaller chunks.
reply on code review.
Stop hanging indexer initialisation from preventing shutdown.
filter label emoji width.
sidebar menus having an infinite height.
commit between two commits calculation if there is only last commit.
Only check for conflicts/merging if the PR has not been merged in the interim.
Blacklist manifest.json milestones user.
1.11.012 Feb 2020 00:05
minor feature:
BREAKING
followers and following tabs in profile
Make CertFile and KeyFile relative to CustomPath
Remove unused endpoints
Preall user-generated IDs in markup
Enforce Gitea environment for pushes
Hide some user information via API if user have not enough permissions
Move startpage/homepage translation to crowdin
.
followers and following tabs in profile.
Make CertFile and KeyFile relative to CustomPath.
Remove unused endpoints.
Preall user-generated IDs in markup.
Enforce Gitea environment for pushes.
Hide some user information via API if user have not enough permissions.
Move startpage/homepage translation to crowdin.
SECURITY
Never allow an empty password to validate
Prevent redirect to Host
Swagger hide search field
Add "search" to reserved usernames
Switch to fomantic-ui
Only serve attachments when linked to /release and if accessible by user
.
Never allow an empty password to validate.
Prevent redirect to Host.
Swagger hide search field.
Add "search" to reserved usernames.
Switch to fomantic-ui.
Only serve attachments when linked to /release and if accessible by user.
FEATURES
Webhooks should only show sender if it makes sense
Provide Default messages for merges
Add description to labels on create
Graceful Queues: Indexing and Tasks
Default NO_REPLY_ADDRESS to DOMAIN
Allow FCGI over unix sockets
Graceful: Xorm, RepoIndexer, Cron and Others
Add API for Reactions
Graceful: Cancel Process on monitor pages HammerTime
Graceful: Allow graceful restart for unix sockets
Graceful: Allow graceful restart for fcgi
Sign protected branches
Add Graceful shutdown for Windows and hooks for shutdown of goroutines
Add Gitea icon to Emojis
Expand/Collapse Files and Blob Excerpt while Reviewing/Comparing code
Allow Custom Reactions
/reopen by keywords in titles and comments.
Allow incompletely specified Time Formats
Prevent upload (overwrite) of lfs locked file
Template Repositories
Add /milestones endpoint
Make repository management section
1.11.0-rc223 Jan 2020 12:45
minor feature:
SECURITY
Hide credentials when submitting migration
Never allow an empty password to validate
Prevent redirect to Host
Hide public repos owned by private orgs
.
Hide credentials when submitting migration.
Never allow an empty password to validate.
Prevent redirect to Host.
Hide public repos owned by private orgs.
Allow assignee on Pull Creation when Unit is deactivated
download file wrong content-type
wrong identify poster on a migrated pull request when submit review
dump non-exist log directory
compare
missing msteam webhook on organization
add team on collaborator page when same name as organization
cache problem on dashboard
Send tag create and push webhook when release created on UI
Branches not at ref commit ID should not be listed as Merged
.
Allow assignee on Pull Creation when Unit is deactivated.
download file wrong content-type.
wrong identify poster on a migrated pull request when submit review.
dump non-exist log directory.
compare.
missing msteam webhook on organization.
add team on collaborator page when same name as organization.
cache problem on dashboard.
Send tag create and push webhook when release created on UI.
Branches not at ref commit ID should not be listed as Merged.
1.10.318 Jan 2020 23:25
minor feature:
SECURITY
Hide credentials when submitting migration
Never allow an empty password to validate
Prevent redirect to Host
Hide public repos owned by private orgs
.
Hide credentials when submitting migration.
Never allow an empty password to validate.
Prevent redirect to Host.
Hide public repos owned by private orgs.
Allow assignee on Pull Creation when Unit is deactivated
download file wrong content-type
wrong identify poster on a migrated pull request when submit review
dump non-exist log directory
compare
missing msteam webhook on organization
add team on collaborator page when same name as organization
cache problem on dashboard
Send tag create and push webhook when release created on UI
Branches not at ref commit ID should not be listed as Merged
.
Allow assignee on Pull Creation when Unit is deactivated.
download file wrong content-type.
wrong identify poster on a migrated pull request when submit review.
dump non-exist log directory.
compare.
missing msteam webhook on organization.
add team on collaborator page when same name as organization.
cache problem on dashboard.
Send tag create and push webhook when release created on UI.
Branches not at ref commit ID should not be listed as Merged.
1.12.0-dev09 Jan 2020 16:05
minor feature:
Allow only specific Columns to be updated on via API
Add ErrReactionAlreadyExist error
when migrate from API
Use default avatar for ghost user
repository pagination when there are more than one label filter
deleted branch not removed when push the branch again
missing repository status when migrating repository via API
Trigger webhook when deleting a branch after merging a PR
paging on /repos/ owner / repo /git/trees/ sha API endpoint
NewCommitStatus
Use OriginalURL instead of CloneAddr in migration logging
Slack webhook payload title generation to work with Mattermost
DefaultBranch needs to be preby BranchPre
indexer not triggered when migrating a repository
that release attachment files not deleted when deleting repository
migration releases
File Edit: Author/Committer interchanged
.
Allow only specific Columns to be updated on via API.
Add ErrReactionAlreadyExist error.
when migrate from API.
Use default avatar for ghost user.
repository pagination when there are more than one label filter.
deleted branch not removed when push the branch again.
missing repository status when migrating repository via API.
Trigger webhook when deleting a branch after merging a PR.
paging on /repos/ owner / repo /git/trees/ sha API endpoint.
NewCommitStatus.
Use OriginalURL instead of CloneAddr in migration logging.
Slack webhook payload title generation to work with Mattermost.
DefaultBranch needs to be preby BranchPre.
indexer not triggered when migrating a repository.
that release attachment files not deleted when deleting repository.
migration releases.
File Edit: Author/Committer interchanged.
1.10.203 Jan 2020 16:25
minor feature:
Allow only specific Columns to be updated on via API
Add ErrReactionAlreadyExist error
when migrate from API
Use default avatar for ghost user
repository pagination when there are more than one label filter
deleted branch not removed when push the branch again
missing repository status when migrating repository via API
Trigger webhook when deleting a branch after merging a PR
paging on /repos/ owner / repo /git/trees/ sha API endpoint
NewCommitStatus
Use OriginalURL instead of CloneAddr in migration logging
Slack webhook payload title generation to work with Mattermost
DefaultBranch needs to be preby BranchPre
indexer not triggered when migrating a repository
that release attachment files not deleted when deleting repository
migration releases
File Edit: Author/Committer interchanged
.
Allow only specific Columns to be updated on via API.
Add ErrReactionAlreadyExist error.
when migrate from API.
Use default avatar for ghost user.
repository pagination when there are more than one label filter.
deleted branch not removed when push the branch again.
missing repository status when migrating repository via API.
Trigger webhook when deleting a branch after merging a PR.
paging on /repos/ owner / repo /git/trees/ sha API endpoint.
NewCommitStatus.
Use OriginalURL instead of CloneAddr in migration logging.
Slack webhook payload title generation to work with Mattermost.
DefaultBranch needs to be preby BranchPre.
indexer not triggered when migrating a repository.
that release attachment files not deleted when deleting repository.
migration releases.
File Edit: Author/Committer interchanged.
1.10.106 Dec 2019 13:05
minor feature:
Max length check and limit in multiple repo forms
Properly displaying virtual session provider in admin panel
Upgrade levelqueue to 0.1.0
Panic when diff
Smtp logger configuration sendTos should be an array
Always Show Password Field on Link Account Sign-in Page
Create PR on Current Repository by Default
Race on indexer
ReCAPTCHA URL
Hide migrated credentials
Update golang.org/x/crypto vendor to use acme v2
Password checks on admin create/edit user
Add search as a reserved username
Permission checks for /reopen from commit
Ensure Written is set in GZIP ProxyResponseWriter
Broken link to branch from list
Wrong system notice when repository is empty
Shadow password correctly for session config
.
Max length check and limit in multiple repo forms.
Properly displaying virtual session provider in admin panel.
Upgrade levelqueue to 0.1.0.
Panic when diff.
Smtp logger configuration sendTos should be an array.
Always Show Password Field on Link Account Sign-in Page.
Create PR on Current Repository by Default.
Race on indexer.
ReCAPTCHA URL.
Hide migrated credentials.
Update golang.org/x/crypto vendor to use acme v2.
Password checks on admin create/edit user.
Add search as a reserved username.
Permission checks for /reopen from commit.
Ensure Written is set in GZIP ProxyResponseWriter.
Broken link to branch from list.
Wrong system notice when repository is empty.
Shadow password correctly for session config.
1.10.018 Nov 2019 20:05
minor feature:
BREAKING
deadline on update or PR via API
Hide some user information via API if user doesn't have enough permission
Remove legacy handling of drone token
Change repo search to use exact match for topic search.
Add pagination for admin api get orgs and only list public orgs
Implement the ability to change the ssh port to match what is in the gitea config
.
deadline on update or PR via API.
Hide some user information via API if user doesn't have enough permission.
Remove legacy handling of drone token.
Change repo search to use exact match for topic search.
Add pagination for admin api get orgs and only list public orgs.
Implement the ability to change the ssh port to match what is in the gitea config.
SECURITY.
Ignore mentions for users with no access
Be more strict with git arguments
reserve.well-known username
.
Ignore mentions for users with no access.
Be more strict with git arguments.
reserve.well-known username.
FEATURE.
Org/Members: display 2FA members states + optimize sql requests
SetDefaultBranch on pushing to empty repository
Adds side-by-side diff for images
API method to list all commits of a repository
Password Complexity Checks
Add option to initialize repository with labels
Add additional password hash algorithms
.
Org/Members: display 2FA members states + optimize sql requests.
SetDefaultBranch on pushing to empty repository.
Adds side-by-side diff for images.
API method to list all commits of a repository.
Password Complexity Checks.
Add option to initialize repository with labels.
Add additional password hash algorithms.
Allow to merge if file path contains " or .
On windows set core.longpaths true
when edit hook
Checkbox at RepoSettings Protected Branch
SSH2 conditional in key parsing code
commit expand button to not go to commit link
new user form for non-local users
to opened io resources as soon as not needed
edit content button on migrated content
require external registration password
password comple
1.9.614 Nov 2019 14:05
minor feature:
Allow to merge if file path contains " or
when edit hook
with user.fullname
Update Github Migration Test
Add () method to gogitRepository
.
Allow to merge if file path contains " or .
when edit hook.
with user.fullname.
Update Github Migration Test.
Add () method to gogitRepository.
1.10.0-rc231 Oct 2019 10:25
minor feature:
BREAKING.
deadline on update or PR via API.
Hide some user information via API if user doesn't have enough permission.
.
Expose db.SetMaxOpenConns and allow non MySQL dbs to set conn pool params.
milestone timestamp.
when getting user as unauthenticated user.
'New Missing Milestone Comment'.
Use AppSubUrl for more redirections.
Add SubURL to redirect path.
template error on account page.
Allow externalID to be UUID.
Prevent removal of non-empty emoji panel following selection of duplicate.
Update heatmap tures to restore tests.
Ensure that diff stats can scroll independently of the diff.
Webhook: set Content-Type for application/x-www-form-urlencoded.
by handling empty repos.
on pull requests when transfer head repository.
Add missed in ServeBlobLFS.
Ensure that GitRepo is set on Empty repositories.
migrate mirror 500.
password complexity regex for special characters.
Prevent.code-view from overriding font on icon fonts.
Allow more than 255 characters for tokens in external_login_user table.
1.11.0-dev15 Oct 2019 11:05
minor feature:
Highlight references
When migrating a private repository #7917
Change general form binding to gogs form
Editor commit to new branch if PR disabled
Milestone num_
Allow users with explicit read access to give approvals
Commit status in PR #8316 and PR #8321
API for edit and delete release attachment
Assets on release webhook
Release API URL generation
Allow registration when button is hidden
MS Teams webhook misses commit messages (backport v1.9)
Data race
Pull merge 500 error caused by git-fetch breaking behaviors
The SSH config specification in the authorized_keys template
Reading git notes from nested trees
Team user api
Add reviewers as participants
.
Highlight references.
When migrating a private repository #7917.
Change general form binding to gogs form.
Editor commit to new branch if PR disabled.
Milestone num_.
Allow users with explicit read access to give approvals.
Commit status in PR #8316 and PR #8321.
API for edit and delete release attachment.
Assets on release webhook.
Release API URL generation.
Allow registration when button is hidden.
MS Teams webhook misses commit messages (backport v1.9).
Data race.
Pull merge 500 error caused by git-fetch breaking behaviors.
The SSH config specification in the authorized_keys template.
Reading git notes from nested trees.
Team user api.
Add reviewers as participants.
BUILD
Use vendored go-swagger
Version-validation for GO 1.13 (go-macaron/cors)
.
Use vendored go-swagger.
Version-validation for GO 1.13 (go-macaron/cors).
MISC
Make show private icon when repo avatar set
.
Make show private icon when repo avatar set.
1.9.409 Oct 2019 22:27
minor feature: