Recent Releases
1.18.327 Jan 2023 13:05
minor feature:
SECURITY.
Prevent multiple `To` recipients.
.
Truncate commit summary on repo files table..
Mute all links in timeline.
1.18.223 Jan 2023 07:05
minor feature:
.
When updating by rebase we need to set the environment for head repo.
Not auto-closing when it includes a reference to a branch.
Invalid branch reference if not specified in template.
Error viewing pull request when fork has pull requests disabled.
Reliable selection of admin user.
Set disable_gravatar/enable_federated_avatar when offline mode is true.
BUILD.
Cgo cross-compile for freebsd.
1.18.120 Jan 2023 00:05
minor feature:
API.
Add `sync_on_commit` option for push mirrors api.
.
Update `github.com/zeripath/zapx/v15`.
pull request API field `_at` always being `null`.
container blob mount.
error when calculating repository size.
Operator does not exist on explore page with ONLY_SHOW_RELEVANT_REPOS.
environments for KaTeX and error reporting.
Remove the netgo tag for Windows build.
migration from GitBucket.
Prevent panic on looking at api "git" endpoints for empty repos.
PR status layout on mobile.
wechatwork webhook sends empty content in PR review.
Remove duplicate "Actions" label in mobile view.
leaving organization on user settings - gt; orgs.
colour transparency regex matching in project board sorting.
Correctly handle select on multiple channels in Queues.
Prepend refs/heads/ to template refs.
Restore function to "Show more" buttons.
Continue GCing other repos on error in one repo.
Allow HOST has no port.
omit avatar_url in discord payload when empty.
Don't display stop watch top bar icon when disabled and hidden when click other place.
Don't lookup mail server when using sendmail.
gravatar disable.
update settings table on install.
sitemap.
code search title translation.
due date rendering the wrong date in.
get system setting when enabled redis cache.
of DisableGravatar default value.
key signature error page.
TESTING.
Remove test session cache to reduce possible concurrent problem.
MISC.
Restore previous official review when an official review is deleted.
Log STDERR of external renderer when it fails.
1.18.030 Dec 2022 07:05
minor feature:
SECURITY.
Remove ReverseProxy authentication from the API.
Support Go Vulnerability Management.
Forbid HTML string tooltips.
BREAKING.
Rework mailer settings.
Remove U2F support.
Refactor `i18n` to `locale`.
Enable contenthash in filename for dynamic assets.
FEATURES.
Add color previews in markdown.
Allow package version sorting.
Add support for Chocolatey/NuGet v2 API.
Add API endpoint to get changed files of a PR.
Add filetree on left of diff view.
Support forms and PR forms.
Add support for Vagrant packages.
Add support for `npm unpublish`.
Add badge capabilities to users.
Add filter for Author.
Add KaTeX rendering to Markdown..
Add support for Pub packages.
Support localized README.
Add support mCaptcha as captcha provider.
Add team member invite by email.
Added email notification option to receive all own messages.
Switch Unicode Escaping to a VSCode-like system.
Add user/organization code search.
Only show relevant repositories on explore page.
User keypairs and HTTP signatures for ActivityPub federation using go-ap.
Add sitemap support.
Allow creation of OAuth2 applications for orgs.
Add system setting table with cache and also add cache supports for user setting.
Add pages to view watched repos and subscribed /PRs.
Support Proxy protocol.
Implement sync push mirror on commit.
API.
Allow empty assignees on pull request edit.
Make external tracker regexp configurable via API.
Add name field for org api.
Show teams with no members if user is admin.
Add latest commit's SHA to content response.
Add allow_rebase_update, default_delete_branch_after_merge to repository api response.
Add new endpoints for push mirrors management.
ENHANCEMENTS.
Add setting to disable the git apply step in test patch.
Multiple improvements for comment edit diff.
button in branch list, avoid unexpected page jump before restore branch actually done.
flex layout for repo list icons.
vertical align of committer avatar rendered by email a
1.17.422 Dec 2022 15:25
minor feature:
SECURITY.
Do not allow Ghost access to limited visible user/org.
package access for admins and inactive users.
ENHANCEMENTS.
button in branch list, avoid unexpected page jump before restore branch actually done.
vertical align of committer avatar rendered by email address.
setting HTTP headers after write.
Ignore line anchor links with leading zeroes.
Enable Monaco automaticLayout.
.
Do not list active repositories as unadopted.
Correctly handle moved files in apply patch.
condition for is_internal.
permission check on /pull lock.
sorting admin user list by last login.
Workaround for container registry push/pull errors.
/PR numbers.
Handle empty author names.
ListBranches to handle empty case.
enabling partial clones on 1.17.
Prevent panic in doctor command when running default checks.
Upgrade golang.org/x/crypto.
Init git module before database migration.
Set last login when activating account.
Add HEAD to gitea doctor.
UI language switching.
Remove semver compatible flag and change pypi to an array of test cases.
Allow local package identifiers for PyPI packages.
repository adoption on Windows.
Sync git hooks when config file path changed.
Added check for disabled Packages.
`Timestamp.IsZero`.
count.
Support binary deploy in npm packages.
Update milestone counters when is deleted.
SessionUser protection against nil pointer dereference.
Case-insensitive NuGet symbol file GUID.
Suppress `ExternalLoginUserNotExist` error.
Prevent Authorization header for presigned LFS urls.
Update binding to.
generating compare link.
Ignore error when retrieving changed PR review files.
incorrect notification commit url.
Display total commit count in hook message.
Enforce grouped NuGet search results.
Return 404 when user is not found on avatar.
Normalize NuGet package version on upload.
MISC.
Check for zero time instant in TimeStamp.IsZero().
warn in database structs sync.
Allow for resolution of NPM registry paths that match upstr
1.18.0-rc125 Nov 2022 15:25
minor feature:
BREAKING.
Remove U2F support.
FEATURES.
Add color previews in markdown.
Allow package version sorting.
Add support for Chocolatey/NuGet v2 API.
Add API endpoint to get changed files of a PR.
Add filetree on left of diff view.
Support forms and PR forms.
Add support for Vagrant packages.
Add support for `npm unpublish`.
Add badge capabilities to users.
Add filter for Author.
Add KaTeX rendering to Markdown..
Add support for Pub packages.
Support localized README.
Add support mCaptcha as captcha provider.
Add team member invite by email.
Added email notification option to receive all own messages.
Switch Unicode Escaping to a VSCode-like system.
Add user/organization code search.
Only show relevant repositories on explore page.
User keypairs and HTTP signatures for ActivityPub federation using go-ap.
Add sitemap support.
Allow creation of OAuth2 applications for orgs.
Add system setting table with cache and also add cache supports for user setting.
Add pages to view watched repos and subscribed /PRs.
Support Proxy protocol.
Implement sync push mirror on commit.
API.
Make external tracker regexp configurable via API.
Add name field for org api.
Show teams with no members if user is admin.
Add latest commit's SHA to content response.
Add allow_rebase_update, default_delete_branch_after_merge to repository api response.
Add new endpoints for push mirrors management.
ENHANCEMENTS.
Use CSS color-scheme instead of invert.
Respect user's locale when rendering the date range in the repo activity page.
Change `commits-table` column width.
Refactor git command arguments and make all arguments to be safe to be used.
CSS color enhancements.
Add link to user profile in markdown mention only if user exists.
Add option to skip index dirs.
Diff file tree tweaks.
Localize all timestamps.
Add `code` highlighting in titles.
Use Name instead of DisplayName in LFS Lock.
Consolidate more CSS colors into variables.
Redirect to new reposito
1.17.316 Oct 2022 07:45
minor feature:
Changelog
SECURITY.
Sanitize and Escape refs in git backend.
Bump `golang.org/x/text`.
Update bluemonday.
ENHANCEMENTS.
empty container layer history and UI.
Use en-US as fallback when using other default language.
Make the vscode clone link respect transport protocol.
.
Do DB update after merge in hammer context.
Add Num ,Pulls stats checks.
Stop logging CheckPath returns error: context canceled.
Parse OAuth Authorization header when request omits client secret.
Ignore port for loopback redirect URIs.
Set SemverCompatible to false for Conan packages.
Tag list should include draft releases with existing tags.
linked account translation.
Make NuGet service index publicly accessible.
Foreign ID conflicts if ID is 0 for each item.
Use absolute links in feeds.
Prevent invalid behavior for file reviewing when loading more files.
Respect `REQUIRE_SIGNIN_VIEW` for packages.
Treat git object mode 40755 as directory.
Allow uppercase ASCII alphabet in PyPI package names.
limited user cannot view himself's profile.
template of admin monitor.
reaction of.
CSV diff for added/deleted files.
pagination limit parameter problem.
TESTING.
missing m.Run() in TestMain.
BUILD.
Use Go 1.19 fmt for Gitea 1.17, sync emoji data.
1.17.208 Sep 2022 03:05
minor feature:
SECURITY.
Double check CloneURL is acceptable.
Add more checks in migration code.
ENHANCEMENTS.
hard-coded timeout and error panic in API archive download endpoint.
Improve arc-green code theme.
Enable contenthash in filename for dynamic assets.
Don't open new page for ext wiki on same repository.
Disable doctor logging on panic.
Remove calls to load Mirrors in user.Dashboard.
Update codemirror to 5.65.8.
Rework repo buttons.
.
Ensure delete user deletes all comments.
Delete unreferenced packages when deleting a package version.
Redirect if user does not exist on admin pages.
Set uploadpack.allowFilter etc on gitea serv to enable partial clones with ssh.
on time in timeline API.
Fill the specified ref in webhook test payload.
Add another index for Action table on postgres.
broken insecureskipverify handling in redis connection uris.
Add Dev, Peer and Optional dependencies to npm PackageMetadataVersion.
Do not add links to Posters or Assignees with ID lt; 0.
modified due date message.
missed sort.
input.value attr for RequiredClaimName/Value.
Change review buttons to icons to make space for text.
download archiver of a commit.
Return 404 NotFound if requested attachment does not exist.
Set no-tags in git fetch on compare.
Allow multiple metadata files for Maven packages.
Increase Content field size of gpg_key and public_key to MEDIUMTEXT.
mirror address setting not working.
push mirror address backend get error Address cause setting page display error.
panic when an invalid oauth2 name is passed.
In PushMirrorsIterate and MirrorsIterate if limit is negative do not set it.
Ensure that graceful start-up is informed of unused SSH listener.
Pad GPG Key ID with preceding zeroes.
SQL Query for `SearchTeam`.
the mode of custom dir to 0700 in docker-rootless.
UI mis-align for PR commit history.
1.17.119 Aug 2022 03:25
minor feature:
SECURITY.
Correctly escape within tribute.js.
ENHANCEMENTS.
Add support for NuGet API keys.
Display project in list.
Add disable download source configuration.
Add username check to doctor.
Enable Wire 2 for Internal SSH Server.
.
Use the total count for UI.
Add proxy host into allow list.
Add missing translation for queue flush workers.
Improve comment header for mobile.
git.Init for doctor sub-command.
Check webhooks slice length before calling xorm.
Remove manual rollback for failed generated repositories.
Use correct field name in npm template.
Keep download count on Container tag overwrite.
v220 migration to be compatible for MSSQL 2008 r2.
Use request timeout for git service rpc.
Send correct NuGet status codes.
Use correct context to get package content.
the JS error "EventSource is not defined" caused by some non-standard browsers.
Add default commit messages to PR for squash merge.
package upload for files gt;32mb.
the new-line copy-paste for rendered code.
Clean up and clone button script.
default merge style.
Add repository condition for count.
Make branch icon stand out more.
loading button with invalid form.
SecToTime edge-cases.
Executable check always returns true for windows.
Check labels slice length before calling xorm Insert.
owners cannot create organization repos.
Prevent 500 is head repo does not have PullRequest unit in IsUserAllowedToUpdate.
1.17.031 Jul 2022 03:19
minor feature:
v1.17.0
BREAKING.
Require go1.18 for Gitea 1.17.
Make AppDataPath absolute against the AppWorkPath if it is not.
Nuke the incorrect permission report on /api/v1/notifications.
Refactor git module, make Gitea use internal git config.
Remove `RequireHighlightJS` field, update plantuml example..
Increase minimal required git version to 2.0.
Add a directory pre`gitea-src-VERSION` to release-tar-file.
Use "main" as default branch name.
Make cron task no notice on success.
Add pam account authorization check.
Show messages for users if the ROOT_URL is wrong, show JavaScript errors.
Refactor mirror code amp; StartToMirror.
Remove deprecated SSH ciphers from default.
Add the possibility to allow the user to have a favicon which differs from the main logo.
Update reserved usernames list.
Support custom ACME provider.
Change initial TrustModel to committer.
Update HTTP status codes.
Upgrade Alpine from 3.13 to 3.15.
Restrict email address validation.
Refactor Router Logger.
SECURITY.
Use git.HOME_PATH for Git HOME directory.
Add write check for creating Commit Statuses.
Remove deprecated SSH ciphers from default.
FEDERATION.
Return statistic information for nodeinfo.
Add Webfinger endpoint.
Store the foreign ID of during migration.
FEATURES.
Automatically render wiki TOC.
Adding button to link accounts from user settings.
Allow set default merge style while creating repo.
Auto merge pull requests when all checks succeeded.
Improve reviewing PR UX.
Add support for rendering console output with colors.
Add Helm Chart registry.
Add Goroutine stack inspector to admin/monitor.
RSS/Atom support for Orgs amp; Repos.
Add button for deletion.
Allow to mark files in a PR as viewed.
Add Index to comment for migrations and mirroring.
Add health check endpoint.
Add packagist webhook.
Add "Allow edits from maintainer" feature.
Add apply-patch, basic reve
1.17.0-rc220 Jul 2022 08:05
minor feature:
SECURITY.
Use git.HOME_PATH for Git HOME directory.
Add write check for creating Commit Statuses.
ENHANCEMENTS.
Make notification bell more prominent on mobile.
Adjust max-widths for the repository file table.
Display full name.
.
Allow RSA 2047 bit keys.
Add missing return for when topic isn't found.
commit status icon when in subdirectory.
Initialize cron last.
Set target on create release with existing tag.
Update xorm.io/xorm to a interpreting db column sizes on 32bit systems.
Make sure `repo_dir` is an empty directory or doesn't exist before 'dump-repo'.
Prevent context deadline error propagation in GetCommitsInfo.
Correctly handle draft releases without a tag.
Prevent "empty" scrollbars on Firefox.
Refactor SSH init code, directory creation for TrustedUserCAKeys file.
Bump goldmark to v1.4.13.
Do not create empty ".ssh" directory when loading config.
NPE when using non-numeric.
Store read access in access for team repositories.
EscapeFilter the group dn membership.
Only show Followers that current user can access.
Update Bluemonday to v1.0.19.
Reindices on actions table.
Check if project has the same repository id with when assign project to.
remove file on initial comment.
Catch the error before the response is processed by goth.
Dashboard feed respect setting.UI.FeedPagingNum again.
Alter hook_task TEXT fields to LONGTEXT.
Respond with a 401 on git push when password isn't changed yet.
Return 404 when tag is broken.
1.16.913 Jul 2022 14:05
minor feature:
v1.16.9
SECURITY.
Add write check for creating Commit status.
Check for permission when fetching user controlled.
.
Hide notify mail setting ui if not enabled.
Add write check for creating Commit status.
Only show Followers that current user can access.
Release page show all tags in compare dropdown.
permission check for delete tag.
Only log non ErrNotExist errors in git.GetNote.
Use exact search instead of fuzzy search for branch filter dropdown.
Set Setpgid on child git processes.
Import git from alpine 3.16 repository as 2.30.4 is needed for `safe.directory = '*'` to work but alpine 3.13 has 2.30.3.
Ensure responses are context.ResponseWriters.
incorrect usage of `Count` function.
raw endpoint PDF file headers.
Make WIP precase insensitive, e.g. allow `Draft` as a WIP pre.
Don't return 500 on NotificationUnreadCount.
Prevent NPE when cache service is disabled.
Detect truncated utf-8 characters at the end of content as still representing utf-8.
doctor pq: syntax error at or near "." quote user table name.
with assigneees.
1.17.0-rc121 Jun 2022 03:15
minor feature:
v1.17.0-rc1
BREAKING.
Require go1.18 for Gitea 1.17.
Make AppDataPath absolute against the AppWorkPath if it is not.
Nuke the incorrect permission report on /api/v1/notifications.
Refactor git module, make Gitea use internal git config.
Remove `RequireHighlightJS` field, update plantuml example..
Increase minimal required git version to 2.0.
Add a directory pre`gitea-src-VERSION` to release-tar-file.
Use "main" as default branch name.
Make cron task no notice on success.
Add pam account authorization check.
Show messages for users if the ROOT_URL is wrong, show JavaScript errors.
Refactor mirror code amp; StartToMirror.
Remove deprecated SSH ciphers from default.
Add the possibility to allow the user to have a favicon which differs from the main logo.
Update reserved usernames list.
Support custom ACME provider.
Change initial TrustModel to committer.
Update HTTP status codes.
Upgrade Alpine from 3.13 to 3.15.
Restrict email address validation.
Refactor Router Logger.
SECURITY.
Remove deprecated SSH ciphers from default.
FEDERATION.
Return statistic information for nodeinfo.
Add Webfinger endpoint.
Store the foreign ID of during migration.
FEATURES.
Automatically render wiki TOC.
Adding button to link accounts from user settings.
Allow set default merge style while creating repo.
Auto merge pull requests when all checks succeeded.
Improve reviewing PR UX.
Add support for rendering console output with colors.
Add Helm Chart registry.
Add Goroutine stack inspector to admin/monitor.
RSS/Atom support for Orgs amp; Repos.
Add button for deletion.
Allow to mark files in a PR as viewed.
Add Index to comment for migrations and mirroring.
Add health check endpoint.
Add packagist webhook.
Add "Allow edits from maintainer" feature.
Add apply-patch, basic revert and cherry-pick functionality.
Add Package Registry.
Add LDAP group sync to Teams
1.16.817 May 2022 10:25
minor feature:
ENHANCEMENTS.
Add doctor check/for bogus action rows.
Make.cs highlighting legible on dark themes..
.
oauth setting list.
Delete user related oauth stuff on user deletion too.
new release from tags list UI.
Prevent NPE when checking repo units if the user is nil.
GetFeeds must always discard actions with dangling repo_id.
Call MultipartForm.RemoveAll when request finishes.
Avoid MoreThanOne error when creating a branch whose name conflicts with other ref names.
sending empty notifications.
Ignore DNS error when doing migration allow/block check.
overview for teams.
1.16.703 May 2022 10:45
minor feature:
SECURITY.
Escape git fetch remote.
.
Don't overwrite err with nil.
On Migrations, only write commit-graph if wiki clone was successful.
Respect DefaultUserIsRestricted system default when creating new user.
Don't error when branch's commit doesn't exist.
Support `hostname:port` to pass host matcher's check.
Prevent intermittent race in attribute reader.
bit atomic operations on 32-bit machines.
Prevent dangling archiver goroutine.
migrate release from github.
When view _Siderbar or _Footer, just display once.
blame page select range error and some typos.
name of doctor "authorized-keys" in hints.
User specific repoID or xorm builder conditions for search.
Prevent dangling cat-file calls (goroutine alternative).
RepoAssignment ensure to before overwrite.
Set correct PR status on 3way on conflict checking.
Mark TemplateLoading error as "UnprocessableEntity".
1.16.621 Apr 2022 08:05
minor feature:
v1.16.6
ENHANCEMENTS.
Only request write when necessary.
Disable service worker by default.
.
When dumping trim the standard suffices instead of a random suf.
DELETE request for non-existent public key.
Don't panic on ErrEmailInvalid.
Add uploadpack.allowAnySHA1InWant to allow --filter=blob:none with older git clients.
Warn on SSH connection for incorrect configuration.
Search via API, dont show 500 if filter result in empty list.
When updating mirror repo intervals by API reschedule next update too.
nil error when some pages are rendered outside request context.
double blob-hunk on diff page.
Don't allow merging PR's which are being conflict checked.
middleware function's placements.
invalid CSRF token, make sure CSRF tokens can be up-to-date.
Restore user autoregistration with email addresses.
Move checks for pulls before merge into own function.
Granular webhook events in editHook.
Only send webhook events to active system webhooks and only deliver to active hooks.
Use full output of git show-ref --tags to get tags for PushUpdateAddTag.
Touch mirrors on even on fail to update.
Hide sensitive content on admin panel progress monitor.
clone url JS error for the empty repo page.
Bump goldmark to v1.4.11.
TESTING.
Prevent intermittent failures in RepoIndexerTest.
BUILD.
Revert the minimal golang version requirement from 1.17 to 1.16 and add a warning in Makefile.
MISC.
Performance improvement for add team user when org has more than 1000 repositories.
Check go and nodejs version by go.mod and package.json.
1.16.524 Mar 2022 10:25
minor feature:
BREAKING.
Bump to build with go1.18.
SECURITY.
Prevent redirect to Host (2).
Try to prevent autolinking of displaynames by email readers.
Clean paths when looking in Storage.
Do not send notification emails to inactive users.
Do not send activation email if manual confirm is set.
ENHANCEMENTS.
Use the new/choose link for New on project page.
.
showing in your repositories.
compare link in active feeds for new branch.
Redirect.wiki/ ui link to /wiki.
Ensure deploy keys with write access can push.
Ensure that setting.LocalURL always has a trailing slash.
Cleanup protected branches when deleting users amp; teams.
Use IterateBufferSize whilst querying repositories during adoption check.
NPE /repos//search when not signed in.
Use custom favicon when viewing static files if it exists.
the editor height in review box.
Ensure isSSH is set whenever DISABLE_HTTP_GIT is set.
wrong scopes caused by empty scope input.
Make migrations SKIP_TLS_VERIFY apply to git too.
Handle email address not exist.
MISC.
Update json-iterator to allow compilation with go1.18.
Update golang.org/x/crypto.
1.16.415 Mar 2022 16:45
minor feature:
v1.16.4
SECURITY.
Restrict email address validation.
lfs.
ENHANCEMENTS.
Improve SyncMirrors logging.
.
Refactor mirror code amp; `StartToMirror`.
Update the webauthn_credential_id_sequence in Postgres.
Prevent 500 when there is an error during new auth source post.
If rendering has failed due to a net.OpError stop rendering (attempt 2).
flag validation.
Add pam account authorization check.
Ignore missing comment for user notifications.
Set `rel="nofollow noindex"` on new links.
Upgrading binding package.
Don't show context cancelled errors in attribute reader.
update hint.
MISC.
potential assignee query for repo.
1.16.304 Mar 2022 11:25
minor feature:
SECURITY.
Git backend ignore replace objects.
ENHANCEMENTS.
Adjust error for already locked db and prevent level db lock on malformed connstr.
.
Set max text height to prevent overflow.
newAttachmentPaths deletion for DeleteRepository().
Accounts with WebAuthn only (no TOTP) now exist... code to handle that case.
Send 404 on `/ org .gpg`.
admin user list pagination.
lfs management setting.
login with email panic when email is not exist.
Update go-org to v1.6.1.
` lt;strong gt;` html in translation.
page and missing return on unadopted repos API.
Allow adminstrator teams members to see other teams.
Don't treat BOM escape sequence as hidden character..
Correctly link URLs to users/repos with dashes, dots or underscores ( .
redirect when using lowercase repo name.
migration v210.
team management UI (18886).
BeforeSourcePath should point to base commit.
TRANSLATION.
Backport locales from master.
MISC.
Don't update email for organisation.
1.16.225 Feb 2022 06:45
minor feature:
v1.16.2
ENHANCEMENTS.
Show fullname on edits and gpg/ssh signing info.
Immediately Hammer if second kill is sent.
Allow mermaid render error to wrap.
.
ldap user sync missed email in email_address table.
Update assignees check to include any writing team and change org sidebar.
Don't report signal: killed errors in serviceRPC.
where certain LDAP settings were reverted.
Update go-org to 1.6.0.
login with email for ldap users.
for get user by email.
panic in EscapeReader.
ldap loginname.
Remove redundant call to UpdateRepoStats during migration.
In disk_channel queues synchronously push to disk on shutdown.
template of LFS lock.
Attempt to the webauthn migration again - part 3.
Send mail to /pr assignee/reviewer also when OnMention is set.
a broken link in commits_list_small.tmpl.
Increase the size of the webauthn_credential credential_id field.
Prevent dangling GetAttribute calls.
isempty detection of git repository.
source code line highlighting on external tracker.
Prevent double encoding of branch names in delete branch.
Always set PullRequestWorkInProgressPrein PrepareViewPullInfo.
forked repositories missed tags.
release typo.
Separate the details links of commit-statuses in headers.
Update object repo with the migrated repository.
for version update hint.
with docker-rootless shimming script.
Let `MinUnitAccessMode` return correct perm.
Prevent security failure due to bad APP_ID.
Restart zero worker if there is still work to do.
If rendering has failed due to a net.OpError stop rendering.
TESTING.
Ensure git tag tests and others create test repos in tmpdir.
BUILD.
Reduce CI go module downloads, add make targets.
MISC.
Put buttons back in org dashboard.
Various Mermaid improvements.
C preprocessor colors improvement.
the missing i18n key for update checker.
1.16.107 Feb 2022 10:05
minor feature:
## 1.16.1 .
- 2022-02-06.
SECURITY.
Update JS dependencies, lint.
ENHANCEMENTS.
Add dropdown icon to label set template dropdown.
.
Comments on migrated /prs must link to the comment ID.
Stop logging an error when notes are not found.
Ensure that blob-excerpt links work for wiki.
Only attempt to flush queue if the underlying worker pool is not finished.
Ensure commit-statuses box is sized correctly in headers.
Prevent merge messages from being sorted to the top of email chains.
Prevent panic on prohibited user login with oauth2.
Collaborator trust model should trust collaborators.
Detect conflicts with 3way merge.
In docker rootless use GITEA_APP_INI if provided.
Add `GetUserTeams`.
review excerpt.
for AvatarURL database type.
Use `ImagedProvider` for gplus oauth2 provider.
OAuth Source Edit Page.
Use "read" value for General Access.
Prevent NPE on partial match of compare URL and allow short SHA1 compare URLs.
BUILD.
Make docker gitea/gitea:v1.16-dev etc refer to the latest build on that branch.
DOCS.
Update 1.16.0 changelog to set #17846 as breaking.
1.16.003 Feb 2022 07:45
minor feature:
BREAKING.
Remove golang vendored directory.
Paginate releases page amp; set default page size to 10.
Only allow webhook to send requests to allowed hosts.
SECURITY.
Disable content sniffing on `PlainTextBytes`.
Only view milestones from current repo.
Sanitize user-input on file name.
Use `hostmatcher` to replace `matchlist` to improve blocking of bad hosts in Webhooks.
FEATURES.
Add/update SMTP auth providers via cli.
Support webauthn.
Team permission allow different unit has different permission.
Implement Well-Known URL for password change.
Add support for ssh commit signing.
Allow Loading of Diffs that are too large.
Add copy button to markdown code blocks.
Add.gitattribute assisted language detection to blame, diff and render.
Add `PULL_LIMIT` and `PUSH_LIMIT` to cron.update_mirror task.
Add Reindex buttons to repository settings page.
Make SSL cipher suite configurable.
Add groups scope/claim to OIDC/OAuth2 Provider.
Add simple update checker to Gitea.
Migrated Repository will show modifications when possible.
Create pub/priv keypair for federation.
Make LDAP be able to skip local 2FA.
Add nodeinfo endpoint for federation purposes.
Save and view /comment content history.
Use git attributes to determine generated and vendored status for language stats and diffs.
Add migrate from Codebase.
Add migration from GitBucket.
Add OAuth2 introspection endpoint.
Add proxy settings and support for migration and webhook.
Add microsoft oauth2 providers.
Send registration email on user autoregistration.
Defer Last Commit Info.
Support unprotected file patterns.
Add migrate from OneDev.
Add option to update pull request by `rebase`.
Add RSS/Atom feed support for user actions.
Add support for corporate WeChat webhooks.
Add a simple way to rename branch like gh.
Add bundle download for repository.
Add agit flow support in gitea.
API.
Add MirrorUpdated field to Repository API type.
Adjust Fork API to allow setting a custom reposit
1.15.1130 Jan 2022 04:05
minor feature:
v1.15.11
SECURITY.
Only view milestones from current repo.
.
broken when no commits and default branch is not master.
commit's time.
restore without topic failure.
mermaid import in 1.15 (it uses ESModule now).
Update to go/text 0.3.7.
MISC.
Upgrade EasyMDE to 2.16.1.
1.15.1015 Jan 2022 10:25
minor feature:
1.15.10
## 1.15.10 - 2022-01-14.
.
Inconsistent PR comment counts.
Release link broken.
Update user from site administration page.
Set HeadCommit when creating tags.
Use correct translation key for error messages due to max repo limits.
Purple color in suggested label colors.
SECURITY.
Bump mermaid from 8.10.1 to 8.13.8.
1.15.931 Dec 2021 03:18
minor feature:
v1.15.9
.
wrong redirect on org labels.
: unstable sort skips/duplicates across pages.
Revert "delete u2f keys ".
Migrating wiki don't require token, so we should move it out of the require form.
Prevent NPE if gitea uploader fails to open url.
Reset locale on login.
Correctly handle failed migrations.
Instead of using routerCtx just escape the url before routing.
Quote references to the user table in consistency checks.
Add NotFound handler.
Ensure that git repository is before transfer.
Use common sessioner for API and web routes.
TRANSLATION.
code search result hint on zh-CN.
1.15.822 Dec 2021 03:05
minor feature:
.
Move POST / username /action/ action to simply POST / username .
delete u2f keys.
Reset Session ID on login.
Prevent off-by-one error on comments on newly appended lines.
Stop printing 03d after escaped characters in logs.
Reset locale on login.
reset password email template.
outType on gitea dump.
Ensure complexity, minlength and isPwned are checked on password setting.
rename notification.
Prevent double decoding of in url params.
Prevent hang in git cat-file if the repository is not a valid repository.
Prevent deadlock in create.
TESTING.
Use non-expiring key..
1.15.703 Dec 2021 03:17
minor feature:
v1.15.7
ENHANCEMENTS.
Only allow webhook to send requests to allowed hosts.
login redirection links.
.
database inconsistent when admin change user email.
Use correct user on releases.
commit count in tag view.
but time watcher still running.
Migrate Description.
when project board get open number.
Return 400 but not 500 when request archive with wrong format.
when read mysql database max lifetime.
database deadlock when update labels.
on detect /comment writer.
Remove appSubUrl from pasted images.
Make `ParsePatch` more robust.
stats upon searching.
Escape titles in comments list.
zero created time on commit api.
database keyword quote problem on migration v161.
email with + when active.
Stop double encoding blame commit messages.
Quote the table name in CountOrphanedObjects.
Run Migrate in Install rather than just SyncTables.
BUILD.
golangci-lint warnings.
MISC.
Preserve color when inverting emojis.
1.15.629 Oct 2021 10:45
minor feature:
v1.15.6
.
Prevent panic in serv.go with Deploy Keys.
CSV render error.
Read expected buffer size.
Ensure that restricted users can access repos for which they are members.
Make commit-statuses popup show correctly.
TESTING.
Add integration tests for private.NoServCommand and private.ServCommand.
1.15.523 Oct 2021 07:25
minor feature:
SECURITY.
Upgrade Bluemonday to v1.0.16.
Ensure correct SSH permissions check for private and restricted users.
.
Prevent NPE in CSV diff rendering when column removed.
Offer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH.
Don't panic if we fail to parse U2FRegistration data.
Ensure popup text is aligned left (backport for 1.15).
Ensure that git daemon export ok is created for mirrors.
Disable core.protectNTFS.
Use pointer for wrappedConn methods.
AutoRegistration is supposed to be working with disabled registration (backport).
Handle duplicate keys on GPG key ring.
SVG side by side comparison link.
1.15.409 Oct 2021 08:05
minor feature:
Raw file API: don't try to interpret 40char filenames as commit SHA
Don't allow merged PRs to be reopened
incorrect repository count on organization tab of dashboard
unwanted team review request deletion
broken Activities link in team dashboard
API pull's head/base have correct permission
stange behavior of DownloadPullDiffOrPatch in incorect index
Upgrade xorm to v1.2.5
missing repo link in /pull assigned emails
of get context user
Nicely handle missing user in collaborations
Add Horizontal scrollbar to inner menu on Chrome
wrong i18n keys
Archive Creation: correct transaction ending
Prevent panic in Org mode HighlightCodeBlock
Create doctor command to repo_units broken by dumps from 1.14.3-1.14.6
.
Raw file API: don't try to interpret 40char filenames as commit SHA.
Don't allow merged PRs to be reopened.
incorrect repository count on organization tab of dashboard.
unwanted team review request deletion.
broken Activities link in team dashboard.
API pull's head/base have correct permission.
stange behavior of DownloadPullDiffOrPatch in incorect index.
Upgrade xorm to v1.2.5.
missing repo link in /pull assigned emails.
of get context user.
Nicely handle missing user in collaborations.
Add Horizontal scrollbar to inner menu on Chrome.
wrong i18n keys.
Archive Creation: correct transaction ending.
Prevent panic in Org mode HighlightCodeBlock.
Create doctor command to repo_units broken by dumps from 1.14.3-1.14.6.
ENHANCEMENT
Check user instead of organization when creating a repo from a template via API
.
Check user instead of organization when creating a repo from a template via API.
TRANSLATION
v1.15 Sprintf format 'verbs' in locale files
.
v1.15 Sprintf format 'verbs' in locale files.
1.15.322 Sep 2021 11:25
minor feature:
ENHANCEMENTS
Add fluid to ui container class to remove margin
Add caller to cat-file batch calls
.
Add fluid to ui container class to remove margin.
Add caller to cat-file batch calls.
Render full plain readme.
Upgrade xorm to v1.2.4
of migrate comments which only fetch one page
Do not show context popup on external
Decrement Fork Num when converting from Fork
Correctly rollback in ForkRepository
missing in WalkGitLog
Add preto SVG id/class attributes
of migrated repository not index
Skip AllowedUserVisibilityModes validation on update user if it is an organisation
storage Iterate and Add storage doctor to delete garbage attachments
with default mail template
Ensure that rebase conflicts are handled in updates
Prevent panic on diff generation
.
Render full plain readme..
Upgrade xorm to v1.2.4.
of migrate comments which only fetch one page.
Do not show context popup on external.
Decrement Fork Num when converting from Fork.
Correctly rollback in ForkRepository.
missing in WalkGitLog.
Add preto SVG id/class attributes.
of migrated repository not index.
Skip AllowedUserVisibilityModes validation on update user if it is an organisation.
storage Iterate and Add storage doctor to delete garbage attachments.
with default mail template.
Ensure that rebase conflicts are handled in updates.
Prevent panic on diff generation.
1.15.207 Sep 2021 08:05
minor feature:
Add unique constraint back into _index
Storage objects before cleaning
.
Add unique constraint back into _index.
Storage objects before cleaning.
1.15.103 Sep 2021 21:45
minor feature:
Allow BASIC authentication access to /:owner/:repo/releases/download/
Prevent leave changes dialogs due to autofill fields
Ignore review comment when ref commit is missed
wrong attachment removal
Gitlab Migrator: dont ignore reactions of last request
Correctly return the number of Repositories for Organizations
Test if LFS object is accessible
git.Blob.DataAsync(): pipe since we return a Nopr
dump and restore respository
Repair and Improve GetDiffRangeWithWhitespaceBehavior
wiki raw commit diff/patch view
Ensure wiki repos are all
List limited and private orgs if authenticated on API
Simplify split diff view generation and remove JS dependency
Ensure that the default visibility is set on the user create page
In Render tolerate not being passed a context
Upgrade xorm to v1.2.2 Add test to ensure that dumping of login sources remains correct
Report the correct number of pushes on the feeds
Add primary_key to _index
Prevent NPE on empty commit
branch pagination error
Add missing return to handleSettingRemoteAddrError
Remove spurious / from.opened_by
Ensure that template compilation panics are sent to the logs
Update caddyserver/certmagic
.
Allow BASIC authentication access to /:owner/:repo/releases/download/.
Prevent leave changes dialogs due to autofill fields.
Ignore review comment when ref commit is missed.
wrong attachment removal.
Gitlab Migrator: dont ignore reactions of last request.
Correctly return the number of Repositories for Organizations.
Test if LFS object is accessible.
git.Blob.DataAsync(): pipe since we return a Nopr.
dump and restore respository.
Repair and Improve GetDiffRangeWithWhitespaceBehavior.
wiki raw commit diff/patch view.
Ensure wiki repos are all.
List limited and private orgs if authenticated on API.
Simplify split diff view generation and remove JS dependency.
Ensure that the default visibility is set on the user create page.
In Render tolerate not being passed a context.
Upgrade xorm
1.15.022 Aug 2021 12:05
minor feature:
BREAKING
Make app.ini permissions more restrictive
Refactor Webhook + Add X-Hub-Signature
Add asymmetric JWT signing
Clean-up the settings hierarchy for _indexer queue
Change default queue settings to be low go-routines
Improve assets handler middleware
Rename StaticUrlPreto AssetUrlPre
Use a generic markup class to display externally rendered files and diffs
Add frontend testing, require node 12
Move (custom) assets into subpath /assets
Use level config in log section when sub log section not set level
Links in markdown should be absolute to the repository not the server
Upgrade to the latest version of golang-jwt
Set minimum supported version of go to 1.16
.
Make app.ini permissions more restrictive.
Refactor Webhook + Add X-Hub-Signature.
Add asymmetric JWT signing.
Clean-up the settings hierarchy for _indexer queue.
Change default queue settings to be low go-routines.
Improve assets handler middleware.
Rename StaticUrlPreto AssetUrlPre.
Use a generic markup class to display externally rendered files and diffs.
Add frontend testing, require node 12.
Move (custom) assets into subpath /assets.
Use level config in log section when sub log section not set level.
Links in markdown should be absolute to the repository not the server.
Upgrade to the latest version of golang-jwt.
Set minimum supported version of go to 1.16.
SECURITY
Encrypt LDAP bind password in db with SECRET_KEY
Remove random password in Dockerfiles
Upgrade to the latest version of golang-jwt and increase minimum go to 1.15
Correctly create of git-daemon-export-ok files
Don't show private user's repo in explore view
Update node tar dependency to 6.1.6
.
Encrypt LDAP bind password in db with SECRET_KEY.
Remove random password in Dockerfiles.
Upgrade to the latest version of golang-jwt and increase minimum go to 1.15.
Correctly create of git-daemon-export-ok files.
Don't show private user's repo in explore view.
Update node tar dependency to 6.1.6.
FEATURES
Update Go-Git to take a
1.15.0-rc311 Aug 2021 00:25
minor feature:
SECURITY
Bump github.com/markbates/goth from v1.67.1 to v1.68.0
Switch to maintained JWT lib
Upgrade to latest version of golang-jwt (as forked for 1.14)
.
Bump github.com/markbates/goth from v1.67.1 to v1.68.0.
Switch to maintained JWT lib.
Upgrade to latest version of golang-jwt (as forked for 1.14).
Add basic edit ldap auth test actually Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end
.
Add basic edit ldap auth test actually.
Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end.
1.14.606 Aug 2021 07:25
minor feature:
SECURITY
Hide mirror passwords on repo settings page
Update bluemonday to v1.0.15
.
Hide mirror passwords on repo settings page.
Update bluemonday to v1.0.15.
Retry rename on lock induced failures
Validate index before querying DB
crash following ldap authentication update
.
Retry rename on lock induced failures.
Validate index before querying DB.
crash following ldap authentication update.
ENHANCEMENTS
Redirect on bad CSRF instead of presenting bad page
.
Redirect on bad CSRF instead of presenting bad page.
1.15.0-rc226 Jul 2021 00:25
minor feature:
SECURITY
Hide mirror passwords on repo settings page
Update bluemonday to v1.0.15
.
Hide mirror passwords on repo settings page.
Update bluemonday to v1.0.15.
Retry rename on lock induced failures
Validate index before querying DB
crash following ldap authentication update
.
Retry rename on lock induced failures.
Validate index before querying DB.
crash following ldap authentication update.
ENHANCEMENTS
Redirect on bad CSRF instead of presenting bad page
.
Redirect on bad CSRF instead of presenting bad page.
1.14.521 Jul 2021 06:05
minor feature:
SECURITY
Hide mirror passwords on repo settings page
Update bluemonday to v1.0.15
.
Hide mirror passwords on repo settings page.
Update bluemonday to v1.0.15.
Retry rename on lock induced failures
Validate index before querying DB
crash following ldap authentication update
.
Retry rename on lock induced failures.
Validate index before querying DB.
crash following ldap authentication update.
ENHANCEMENTS
Redirect on bad CSRF instead of presenting bad page
.
Redirect on bad CSRF instead of presenting bad page.
1.16.0-dev16 Jul 2021 13:45
minor feature:
Relative links in postprocessed images
List_options GetStartEnd
API to use author for commits instead of committer
Handle misencoding of login_source cfg in mssql
Not updated by commits
Improve efficiency in FindRenderizableReferenceNumeric and getReference
Use html.Parse rather than html.ParseFragment
Milestone counters on new
ReqOrgMembership calls need to be preceded by reqToken
.
Relative links in postprocessed images.
List_options GetStartEnd.
API to use author for commits instead of committer.
Handle misencoding of login_source cfg in mssql.
Not updated by commits.
Improve efficiency in FindRenderizableReferenceNumeric and getReference.
Use html.Parse rather than html.ParseFragment.
Milestone counters on new.
ReqOrgMembership calls need to be preceded by reqToken.
1.14.407 Jul 2021 11:05
minor feature:
Relative links in postprocessed images
List_options GetStartEnd
API to use author for commits instead of committer
Handle misencoding of login_source cfg in mssql
Not updated by commits
Improve efficiency in FindRenderizableReferenceNumeric and getReference
Use html.Parse rather than html.ParseFragment
Milestone counters on new
ReqOrgMembership calls need to be preceded by reqToken
.
Relative links in postprocessed images.
List_options GetStartEnd.
API to use author for commits instead of committer.
Handle misencoding of login_source cfg in mssql.
Not updated by commits.
Improve efficiency in FindRenderizableReferenceNumeric and getReference.
Use html.Parse rather than html.ParseFragment.
Milestone counters on new.
ReqOrgMembership calls need to be preceded by reqToken.
1.14.319 Jun 2021 18:45
minor feature:
SECURITY
Encrypt migration credentials at rest
Only check access tokens if they are likely to be tokens
Add missing SameSite settings for the i_like_gitea cookie
setting of SameSite on cookies
.
Encrypt migration credentials at rest.
Only check access tokens if they are likely to be tokens.
Add missing SameSite settings for the i_like_gitea cookie.
setting of SameSite on cookies.
API
Repository object only count releases as releases
EditOrg respect RepoAdminChangeTeamAccess option
overly strict edit pr permissions
.
Repository object only count releases as releases.
EditOrg respect RepoAdminChangeTeamAccess option.
overly strict edit pr permissions.
Run processors on whole of text
Class -keyword is being incorrectly stripped off spans
language switch for install page
on getIDsByRepoID
Set self-adjusting deadline for connection writing
http path
data URI scramble
Merge all deleteBranch as one function and also when delete branch don't related PRs
git migration: don't prompt interactively for clone credentials
case change in ownernames
Don't manipulate input params in email notification
Remove branch URL before RefURL
layout of milestone view
GitHub Migration, migrate draft releases too
the gitrepo when deleting the repository
Upgrade xorm to v1.1.0
blame row height alignment
error message when saving generated LOCAL_ROOT_URL config
Backport LFS commit finder not working
Stop calling WriteHeader in Write
Add timeout to writing to responses
Return go-get info on subdirs
Restore PAM user autocreation functionality
truncate utf8 string
bound address/port for caddy's certmagic library
Upgrade unrolled/render to v1.1.1
Queue manager FlushAll can loop rapidly - add delay
Tagger can be empty, as can Commit and Author - tolerate this
Set autocomplete off on branches selector
Add missing error to Doctor log
Move restore repo to internal router and invoke from command to avoid open the same db file or que
1.14.210 May 2021 23:25
minor feature:
API
Make change repo settings work on empty repos
Add pull "merged" notification subject status to API
.
Make change repo settings work on empty repos.
Add pull "merged" notification subject status to API.
Ensure that ctx.Written is checked after (...) calls
Use pulls in commit graph unless pulls are disabled
Set GIT_DIR correctly if it is not set
where repositories appear unadopted
Not show ref-in-new-pop when was disabled
Drop back to use IsAnInteractiveSession for SVC
setting version table in dump
button change on delete in simplemde area
Defer closing the gitrepo until the end of the wrapped context functions
some ui about draft release
Only log Error on getLastCommitStatus error to let pull list still be visible
Move tooltip down to allow selection of Remove File on error
setting redis db path
DB session cleanup
several activation
Delete references if repository gets deleted
orphaned objects deletion
Delete protected branch if repository gets removed
Remove spurious set name from eventsource.sharedworker.js
Not update updated uinx for git gc
commit graph author link
webhook timeout
Resolve panic on failed interface conversion in migration v156
missing storage init
If the default branch is not present do not report error on stats indexing
lfs management find
NPE on view commit with notes
on commit graph
Send size to /avatars if requested
Prevent migration 156 failure if tag commit missing
.
Ensure that ctx.Written is checked after (...) calls.
Use pulls in commit graph unless pulls are disabled.
Set GIT_DIR correctly if it is not set.
where repositories appear unadopted.
Not show ref-in-new-pop when was disabled.
Drop back to use IsAnInteractiveSession for SVC.
setting version table in dump.
button change on delete in simplemde area.
Defer closing the gitrepo until the end of the wrapped context functions.
some ui about draft release.
Only log Error on getLastCommitStatus error to let pull list stil
1.14.116 Apr 2021 17:05
minor feature:
SECURITY
Respect approved email domain list for externally validated user registration
Add reverse proxy configuration support for remote IP address detection
Ensure validation occurs on clone addresses too
.
Respect approved email domain list for externally validated user registration.
Add reverse proxy configuration support for remote IP address detection.
Ensure validation occurs on clone addresses too.
BREAKING
double 'push tag' action feed
Remove possible resource leak
Handle unauthorized user events gracefully
Restore Access.log following migration to Chi framework (Stops access logging of /api/internal routes)
Migrate from Macaron to Chi framework
Deprecate building for mips
Consolidate Logos and update README header
Inline manifest.json
Store repository data in data path if not previously set
Rename "gitea" png to "logo"
Standardise logging of failed authentication attempts in internal SSH
Add markdown support in organization description
Improve users management through the CLI
.
double 'push tag' action feed.
Remove possible resource leak.
Handle unauthorized user events gracefully.
Restore Access.log following migration to Chi framework (Stops access logging of /api/internal routes).
Migrate from Macaron to Chi framework.
Deprecate building for mips.
Consolidate Logos and update README header.
Inline manifest.json.
Store repository data in data path if not previously set.
Rename "gitea" png to "logo".
Standardise logging of failed authentication attempts in internal SSH.
Add markdown support in organization description.
Improve users management through the CLI.
FEATURES
Create a new with reference to lines of code from file view
Repository transfer has to be confirmed, if user can not create repo for new owner
Allow blocking some email domains from registering an account
Create a new based on reference to an comment
Add support to migrate from gogs
Add pager to the branches page
Minimal OpenID Connect implementation
Display curre
1.14.012 Apr 2021 16:25
minor feature:
SECURITY
Respect approved email domain list for externally validated user registration
Add reverse proxy configuration support for remote IP address detection
Ensure validation occurs on clone addresses too
.
Respect approved email domain list for externally validated user registration.
Add reverse proxy configuration support for remote IP address detection.
Ensure validation occurs on clone addresses too.
BREAKING
double 'push tag' action feed
Remove possible resource leak
Handle unauthorized user events gracefully
Restore Access.log following migration to Chi framework (Stops access logging of /api/internal routes)
Migrate from Macaron to Chi framework
Deprecate building for mips
Consolidate Logos and update README header
Inline manifest.json
Store repository data in data path if not previously set
Rename "gitea" png to "logo"
Standardise logging of failed authentication attempts in internal SSH
Add markdown support in organization description
Improve users management through the CLI
.
double 'push tag' action feed.
Remove possible resource leak.
Handle unauthorized user events gracefully.
Restore Access.log following migration to Chi framework (Stops access logging of /api/internal routes).
Migrate from Macaron to Chi framework.
Deprecate building for mips.
Consolidate Logos and update README header.
Inline manifest.json.
Store repository data in data path if not previously set.
Rename "gitea" png to "logo".
Standardise logging of failed authentication attempts in internal SSH.
Add markdown support in organization description.
Improve users management through the CLI.
FEATURES
Create a new with reference to lines of code from file view
Repository transfer has to be confirmed, if user can not create repo for new owner
Allow blocking some email domains from registering an account
Create a new based on reference to an comment
Add support to migrate from gogs
Add pager to the branches page
Minimal OpenID Connect implementation
Display curre
1.13.708 Apr 2021 10:45
minor feature:
SECURITY
Update to bluemonday-1.0.6
Clusterfuzz found another way
.
Update to bluemonday-1.0.6.
Clusterfuzz found another way.
API
wrong user returned in API
.
wrong user returned in API.
Add 'fonts' into 'KnownPublicEntries'
Speed up enry.IsVendor
Response 404 for diff/patch of a commit that not exist
Prevent NPE in CommentMustAsDiff if no hunk header
.
Add 'fonts' into 'KnownPublicEntries'.
Speed up enry.IsVendor.
Response 404 for diff/patch of a commit that not exist.
Prevent NPE in CommentMustAsDiff if no hunk header.
MISC
Add size to Save function
.
Add size to Save function.
1.14.0-rc226 Mar 2021 01:45
minor feature:
SECURITY
on avatar middleware
Another clusterfuzz identified
.
on avatar middleware.
Another clusterfuzz identified.
API
Nil exeption for get pull reviews API #15104
.
Nil exeption for get pull reviews API #15104.
Markdown rendering in milestone content
.
Markdown rendering in milestone content.
1.15.0-dev21 Mar 2021 06:45
minor feature:
SECURITY
Popups
.
Popups.
Race in LFS ContentStore.Put(...)
a couple of with a feeds
When transfering repository and database transaction failed, rollback the renames
Race in local storage
on pull view page if user is not loged in
.
Race in LFS ContentStore.Put(...).
a couple of with a feeds.
When transfering repository and database transaction failed, rollback the renames.
Race in local storage.
on pull view page if user is not loged in.
DOCS
How lfs data path is set
.
How lfs data path is set.
1.13.409 Mar 2021 14:05
minor feature:
SECURITY
Popups
.
Popups.
Race in LFS ContentStore.Put(...)
a couple of with a feeds
When transfering repository and database transaction failed, rollback the renames
Race in local storage
on pull view page if user is not loged in
.
Race in LFS ContentStore.Put(...).
a couple of with a feeds.
When transfering repository and database transaction failed, rollback the renames.
Race in local storage.
on pull view page if user is not loged in.
DOCS
How lfs data path is set
.
How lfs data path is set.
1.13.305 Mar 2021 14:25
minor feature:
BREAKING SECURITY
Turn default hash password algorithm back to pbkdf2 from argon2 until we find a better one
.
Turn default hash password algorithm back to pbkdf2 from argon2 until we find a better one.
paging of file commit logs
Print useful error if SQLite is used in settings but not supported
display since time round
When Deleting Repository only explicitly PRs whose base is not this repository
Set HCaptchaSiteKey on Link Account pages
a couple of CommentAsPatch.
Disable broken OAuth2 providers at startup
Repo Transfer permission checks
double alert in oauth2 application edit view
broken spans in diffs
Prevent race in PersistableChannelUniqueQueue.Has
HasPreviousCommit causes recursive load of commits unnecessarily
Do not assume all 40 char strings are SHA1s
Allow org labels to be set with templates
Accept multiple SSH keys in single LDAP SSHPublicKey attribute
about ListOptions and stars/watchers pagnation
GPG key deletion during account deletion
.
paging of file commit logs.
Print useful error if SQLite is used in settings but not supported.
display since time round.
When Deleting Repository only explicitly PRs whose base is not this repository.
Set HCaptchaSiteKey on Link Account pages.
a couple of CommentAsPatch..
Disable broken OAuth2 providers at startup.
Repo Transfer permission checks.
double alert in oauth2 application edit view.
broken spans in diffs.
Prevent race in PersistableChannelUniqueQueue.Has.
HasPreviousCommit causes recursive load of commits unnecessarily.
Do not assume all 40 char strings are SHA1s.
Allow org labels to be set with templates.
Accept multiple SSH keys in single LDAP SSHPublicKey attribute.
about ListOptions and stars/watchers pagnation.
GPG key deletion during account deletion.
1.13.202 Feb 2021 12:05
minor feature:
SECURITY
Prevent panic on fuzzer provided string
Add secure/httpOnly attributes to the lang cookie
.
Prevent panic on fuzzer provided string.
Add secure/httpOnly attributes to the lang cookie.
API
If release publisher is deleted use ghost user
.
If release publisher is deleted use ghost user.
Internal ssh server respect Ciphers, MACs and KeyExchanges settings
Set the name Mapper in migrations
wiki preview
Update code.gitea.io/sdk/gitea v0.13.1 - v0.13.2
ChangeUserName: rename user files back on DB
lfs preview
Ensure timeout error is shown on u2f timeout
Deadlock Delete affected reactions on comment deletion
Use path not filepath in routers/editor
Check if label template exist first
migration v141
Use Request.URL.RequestURI() for fcgi
Use ServerError provided by Context
edit-label form init
mailCommentBatch for pull request
Render links for commit hashes followed by comma
Send notifications for mentions in pulls,, (code-)comments
avatar
Ensure that schema search path is set with every connection on postgres
dashboard labels filter
When visit /favicon.ico but the static file is not exist return 404 but not continue to handle the route
branch selector on new page
Check for notExist on profile repository page
.
Internal ssh server respect Ciphers, MACs and KeyExchanges settings.
Set the name Mapper in migrations.
wiki preview.
Update code.gitea.io/sdk/gitea v0.13.1 - v0.13.2.
ChangeUserName: rename user files back on DB.
lfs preview.
Ensure timeout error is shown on u2f timeout.
Deadlock Delete affected reactions on comment deletion.
Use path not filepath in routers/editor.
Check if label template exist first.
migration v141.
Use Request.URL.RequestURI() for fcgi.
Use ServerError provided by Context.
edit-label form init.
mailCommentBatch for pull request.
Render links for commit hashes followed by comma.
Send notifications for mentions in pulls,, (code-)comments.
avatar.
Ensure that schema search path is set with ever
1.13.130 Dec 2020 13:05
minor feature:
SECURITY
Hide private participation in Orgs
escaping in diff
.
Hide private participation in Orgs.
escaping in diff.
of link query order on markdown render
Drop long repo topics during migration
Ensure that search term and page are not lost on adoption page-turn
storage config implementation
panic in BasicAuthDecode
Always wait for the cmd to finish
Don't use simpleMDE editor on mobile devices for 1.13
incorrect review comment diffs
Trim the branch prefrom action.GetBranch
Ensure template renderer is available before storage handler
Whenever the password is updated ensure that the hash algorithm is too
Enforce setting HEAD in wiki to master
feishu webhook caused by API changed
Quote Reply button on review diff
Pull Merge when tag with same name as base branch exist
mermaid chart size
branch/tag notifications in mirror sync
crash in short link processor
Update font stack to bootstrap's latest
Make sure email recipients can see
Reply button is not removed when deleting a code review comment
When reinitialising DBConfig reset the database use flags
.
of link query order on markdown render.
Drop long repo topics during migration.
Ensure that search term and page are not lost on adoption page-turn.
storage config implementation.
panic in BasicAuthDecode.
Always wait for the cmd to finish.
Don't use simpleMDE editor on mobile devices for 1.13.
incorrect review comment diffs.
Trim the branch prefrom action.GetBranch.
Ensure template renderer is available before storage handler.
Whenever the password is updated ensure that the hash algorithm is too.
Enforce setting HEAD in wiki to master.
feishu webhook caused by API changed.
Quote Reply button on review diff.
Pull Merge when tag with same name as base branch exist.
mermaid chart size.
branch/tag notifications in mirror sync.
crash in short link processor.
Update font stack to bootstrap's latest.
Make sure email recipients can see.
Reply button is not removed when deleting a code
1.13.003 Dec 2020 13:45
minor feature:
SECURITY
Add Allow-/Block-List for Migrate Mirrors
Prevent git operations for inactive users
Disallow urlencoded new lines in git protocol paths if there is a port
Mitigate Security vulnerability in the git hook feature
Disable DSA ssh keys by default
Set TLS minimum version to 1.2
Use argon as default password hash algorithm
.
Add Allow-/Block-List for Migrate Mirrors.
Prevent git operations for inactive users.
Disallow urlencoded new lines in git protocol paths if there is a port.
Mitigate Security vulnerability in the git hook feature.
Disable DSA ssh keys by default.
Set TLS minimum version to 1.2.
Use argon as default password hash algorithm.
BREAKING
Set RUN_MODE prod by default
Don't replace underscores in auto-generated IDs in goldmark
Add Primary Key to Topic and RepoTopic tables
Disable password complexity check default
Change PIDFile default from /var/run/gitea.pid to /run/gitea.pid
Add extension Support to Attachments (allow all types for releases)
Remove IE11 Support
.
Set RUN_MODE prod by default.
Don't replace underscores in auto-generated IDs in goldmark.
Add Primary Key to Topic and RepoTopic tables.
Disable password complexity check default.
Change PIDFile default from /var/run/gitea.pid to /run/gitea.pid.
Add extension Support to Attachments (allow all types for releases).
Remove IE11 Support.
FEATURES
Adopt repositories
Check passwords against HaveIBeenPwned
Gitea 2 Gitea migration
Support storing Avatars in minio
Allow addition of gpg keyring with multiple keys
Add email notify for new release
Add Access-Control-Expose-Headers
UserProfile Page: Render Description
Add command to recreate tables
Add mermaid JS renderer
Add ssh certificate support
Add spent time to referenced in commit message
Initial support for push options
Provide option to unlink a fork
Show exact tag for commit on diff view
Pause, Resume, Release Reopen, Add and Remove Logging from command line
templates directory
Add a storage layer for
1.12.617 Nov 2020 07:05
minor feature:
SECURITY
Prevent git operations for inactive users
Disallow urlencoded new lines in git protocol paths if there is a port
.
Prevent git operations for inactive users.
Disallow urlencoded new lines in git protocol paths if there is a port.
API should only return Json
before and since query arguments at API
Prevent panic on git blame by limiting lines to 4096 bytes at most
link detection in repository description with tailing '_'
Remove obsolete change of email on profile page
permission check on get Reactions API endpoints
Add migrated pulls to pull request task queue
API deny wrong pull creation options
initial commit page binary munching problem
diff parsing
Return error 404 not 500 from API if team does not exist
Prohibit automatic downgrades
GitLab Migration Option AuthToken
GitLab Label Color Normalizer
Log the underlying panic in runMigrateTask
attachments list in edit comment
deadlock when deleting team user
error create comment on outdated file
repository create/delete event webhooks
internal server error on README in submodule
.
API should only return Json.
before and since query arguments at API.
Prevent panic on git blame by limiting lines to 4096 bytes at most.
link detection in repository description with tailing '_'.
Remove obsolete change of email on profile page.
permission check on get Reactions API endpoints.
Add migrated pulls to pull request task queue.
API deny wrong pull creation options.
initial commit page binary munching problem.
diff parsing.
Return error 404 not 500 from API if team does not exist.
Prohibit automatic downgrades.
GitLab Migration Option AuthToken.
GitLab Label Color Normalizer.
Log the underlying panic in runMigrateTask.
attachments list in edit comment.
deadlock when deleting team user.
error create comment on outdated file.
repository create/delete event webhooks.
internal server error on README in submodule.
1.13.0-rc211 Nov 2020 17:25
minor feature:
Allow U2F with default settings for gitea in subpath
Prevent empty div when editing comment
On mirror update also update address in DB
Allow extended config on cron settings
Open transaction when adding Avatar email-hash pairs to the DB
internal server error from ListUserOrgs API
Update only the repository columns that need updating
panic when adding long comment
Add size limit for content of comment on action ui
Convert User expose ID each time
Support slashes in release tags
Add missing information to CreateRepo API endpoint
On Migration respect old DefaultBranch
notifications page links
Stop cloning unnecessarily on PR update
Escape more things that are passed through str2html
Remove double escape on labels addition in comments
"only mail on mention".
yet another with diff file names
RepoInit Respect AlternateDefaultBranch
Avatar Resize (resize algo NearestNeighbor - Bilinear)
.
Allow U2F with default settings for gitea in subpath.
Prevent empty div when editing comment.
On mirror update also update address in DB.
Allow extended config on cron settings.
Open transaction when adding Avatar email-hash pairs to the DB.
internal server error from ListUserOrgs API.
Update only the repository columns that need updating.
panic when adding long comment.
Add size limit for content of comment on action ui.
Convert User expose ID each time.
Support slashes in release tags.
Add missing information to CreateRepo API endpoint.
On Migration respect old DefaultBranch.
notifications page links.
Stop cloning unnecessarily on PR update.
Escape more things that are passed through str2html.
Remove double escape on labels addition in comments.
"only mail on mention".
yet another with diff file names.
RepoInit Respect AlternateDefaultBranch.
Avatar Resize (resize algo NearestNeighbor - Bilinear).
ENHANCEMENTS
gitea dump: include version Check InstallLock
.
gitea dump: include version Check InstallLock.
1.14.0-dev15 Oct 2020 18:25
minor feature:
Allow U2F with default settings for gitea in subpath
Prevent empty div when editing comment
On mirror update also update address in DB
Allow extended config on cron settings
Open transaction when adding Avatar email-hash pairs to the DB
internal server error from ListUserOrgs API
Update only the repository columns that need updating
panic when adding long comment
Add size limit for content of comment on action ui
Convert User expose ID each time
Support slashes in release tags
Add missing information to CreateRepo API endpoint
On Migration respect old DefaultBranch
notifications page links
Stop cloning unnecessarily on PR update
Escape more things that are passed through str2html
Remove double escape on labels addition in comments
"only mail on mention".
yet another with diff file names
RepoInit Respect AlternateDefaultBranch
Avatar Resize (resize algo NearestNeighbor - Bilinear)
.
Allow U2F with default settings for gitea in subpath.
Prevent empty div when editing comment.
On mirror update also update address in DB.
Allow extended config on cron settings.
Open transaction when adding Avatar email-hash pairs to the DB.
internal server error from ListUserOrgs API.
Update only the repository columns that need updating.
panic when adding long comment.
Add size limit for content of comment on action ui.
Convert User expose ID each time.
Support slashes in release tags.
Add missing information to CreateRepo API endpoint.
On Migration respect old DefaultBranch.
notifications page links.
Stop cloning unnecessarily on PR update.
Escape more things that are passed through str2html.
Remove double escape on labels addition in comments.
"only mail on mention".
yet another with diff file names.
RepoInit Respect AlternateDefaultBranch.
Avatar Resize (resize algo NearestNeighbor - Bilinear).
ENHANCEMENTS
gitea dump: include version Check InstallLock
.
gitea dump: include version Check InstallLock.
1.12.502 Oct 2020 10:45
minor feature:
Allow U2F with default settings for gitea in subpath
Prevent empty div when editing comment
On mirror update also update address in DB
Allow extended config on cron settings
Open transaction when adding Avatar email-hash pairs to the DB
internal server error from ListUserOrgs API
Update only the repository columns that need updating
panic when adding long comment
Add size limit for content of comment on action ui
Convert User expose ID each time
Support slashes in release tags
Add missing information to CreateRepo API endpoint
On Migration respect old DefaultBranch
notifications page links
Stop cloning unnecessarily on PR update
Escape more things that are passed through str2html
Remove double escape on labels addition in comments
"only mail on mention".
yet another with diff file names
RepoInit Respect AlternateDefaultBranch
Avatar Resize (resize algo NearestNeighbor - Bilinear)
.
Allow U2F with default settings for gitea in subpath.
Prevent empty div when editing comment.
On mirror update also update address in DB.
Allow extended config on cron settings.
Open transaction when adding Avatar email-hash pairs to the DB.
internal server error from ListUserOrgs API.
Update only the repository columns that need updating.
panic when adding long comment.
Add size limit for content of comment on action ui.
Convert User expose ID each time.
Support slashes in release tags.
Add missing information to CreateRepo API endpoint.
On Migration respect old DefaultBranch.
notifications page links.
Stop cloning unnecessarily on PR update.
Escape more things that are passed through str2html.
Remove double escape on labels addition in comments.
"only mail on mention".
yet another with diff file names.
RepoInit Respect AlternateDefaultBranch.
Avatar Resize (resize algo NearestNeighbor - Bilinear).
ENHANCEMENTS
gitea dump: include version Check InstallLock
.
gitea dump: include version Check InstallLock.
1.12.404 Sep 2020 17:25
minor feature:
SECURITY.
Escape provider name in oauth2 provider redirect.
Escape Email on password reset page.
When reading expired sessions - expire them.
ENHANCEMENTS.
StaticRootPath configurable at compile time.
.
to show an that is related to a deleted.
Expire time acknowledged for cache.
diff path unquoting.
Improve HTML escaping helper.
models: break out of loop.
Default empty merger list to those with write permissions.
Skip SSPI authentication attempts for /api/internal.
Prevent NPE on commenting on lines with invalidated comments.
Remove hardcoded ES indexername.
preventing transfer to private organization.
Keys should not verify revoked email addresses.
Do not add preon http/https submodule links.
ignored login on compare.
incorrect error logging in Stats indexer and OAuth2.
Upgrade google/go-github to v32.1.0.
Render emoji's of Commit message on feed-page.
handling of diff on unrelated branches when Git 2.28 used.
1.12.329 Jul 2020 21:45
minor feature:
.
Don't change creation date when updating Release.
Show 404 page when release not found.
emoji detection in certain cases.
Reduce emoji size.
double-indirection in logging IDs.
Link to pull list page on sidebar when view pr.
Extend Notifications API and return pinned notifications by default.
1.12.213 Jul 2020 06:45
minor feature:
When deleting repository decrese user repositry count in cache
Gitea commits API again returns commit summaries, not full messages
Properly set HEAD when a repo is created with a non-master default branch
Ensure Subkeys are verified
failing to cache last commit with key being to long
Multiple small admin dashboard
Remove spurious logging
repository setup instructions when default branch is not master
Move EventSource to SharedWorker
ui in wiki commit page
gitgraph branch continues after merge
Set the base url when migrating from Gitlab using access token or username without password
Ensure BlameReaders at end of request
comments webhook panic backport
.
When deleting repository decrese user repositry count in cache.
Gitea commits API again returns commit summaries, not full messages.
Properly set HEAD when a repo is created with a non-master default branch.
Ensure Subkeys are verified.
failing to cache last commit with key being to long.
Multiple small admin dashboard.
Remove spurious logging.
repository setup instructions when default branch is not master.
Move EventSource to SharedWorker.
ui in wiki commit page.
gitgraph branch continues after merge.
Set the base url when migrating from Gitlab using access token or username without password.
Ensure BlameReaders at end of request.
comments webhook panic backport.
ENHANCEMENTS
Disable dropzone's timeout
.
Disable dropzone's timeout.
1.12.123 Jun 2020 15:05
minor feature:
Handle multiple merges in gitgraph.js
Add serviceworker.js to KnownPublicEntries
For language detection do not try to analyze big files by content
.
Handle multiple merges in gitgraph.js.
Add serviceworker.js to KnownPublicEntries.
For language detection do not try to analyze big files by content.
ENHANCEMENTS
scrollable header on dropdowns
.
scrollable header on dropdowns.
1.12.019 Jun 2020 03:25
minor feature:
When using API CreateRelease set created_unix to the tag commit time.
Enable ENABLE_HARD_LINE_BREAK by default for rendering markdown.
sanitizer config - multiple rules.
Remove check on username when using AccessToken authentication for the API.
Return 404 from Contents API when items don't exist.
Notification API should always return a JSON object with the current count of notifications.
Remove migration support from versions earlier than 1.6.0.
Use -1 to disable key algorithm type in ssh.minimum_key_sizes.
Improve config logging when WrappedQueue times out.
Add branch delete to API.
Use markdown frontmatter to provide Table of contents, language and frontmatter rendering.
Add a way to mark Conversation (code comment) resolved.
Handle yaml frontmatter in markdown.
Cache PullRequest Divergence.
Make gitea admin auth list formatting configurable.
Add Matrix webhook.
Add Organization Wide Labels.
Allow to set protected file patterns for files that can not be changed under no conditions.
Option to set default branch at repository creation.
Add request review from specific reviewers feature in pull request.
Add NextCloud oauth.
System-wide webhooks.
Relax sanitization as per https://github.com/jch/html-pipeline.
Use media links for img in post-process.
Add API endpoints to manage OAuth2 Application (list/create/delete).
Render READMEs in docs/.gitea or.github from root.
Add feishu webhook support.
Cache last commit to accelerate the repository directory page visit.
Implement basic app.ini and path checks to doctor cmd.
Make WorkerPools and Queues flushable.
Implement "embedded" command to extract static resources.
Add API endpoint for repo transfer.
Make archive preing configurable with a global setting.
Add Unique Queue infrastructure and move TestPullRequests to this.
/PR Context Popups.
Add "Update Branch" button to Pull Requests.
Add require signed commit for protected branch.
Mark PR reviews as stale at push and allow to dismiss stale approvals.
Add API notificati
1.12.0-rc209 Jun 2020 19:05
minor feature:
SECURITY
missing authorization check on pull for public repos of private/limited org
Use session for retrieving org teams
.
missing authorization check on pull for public repos of private/limited org.
Use session for retrieving org teams.
Return json on 500 error from API
wrong milestone in webhook message
Prevent (caught) panic on login
commit page js error
Use media links for img in post-process
Ensure public repositories in private organizations are visible and admin organizations list
Set correct Content-Type value for Gogs/Gitea webhooks
Allow all members of private orgs to see public repos
Whenever the ctx.Session is updated, release it to save it before sending the redirect
Forcibly clean and destroy the session on logout
/api/v1/orgs/ endpoints by changing parameter to :org from :orgname.
Add tracked time to doctor
webpack chunk loading with STATIC_URL_PRE
Remove unnecessary parentheses in wiki/revision.tmpl to allow 1.11 to build on go1.14
.
Return json on 500 error from API.
wrong milestone in webhook message.
Prevent (caught) panic on login.
commit page js error.
Use media links for img in post-process.
Ensure public repositories in private organizations are visible and admin organizations list.
Set correct Content-Type value for Gogs/Gitea webhooks.
Allow all members of private orgs to see public repos.
Whenever the ctx.Session is updated, release it to save it before sending the redirect.
Forcibly clean and destroy the session on logout.
/api/v1/orgs/ endpoints by changing parameter to :org from :orgname.
Add tracked time to doctor.
webpack chunk loading with STATIC_URL_PRE.
Remove unnecessary parentheses in wiki/revision.tmpl to allow 1.11 to build on go1.14.
1.11.601 Jun 2020 00:45
minor feature:
SECURITY
missing authorization check on pull for public repos of private/limited org
Use session for retrieving org teams
.
missing authorization check on pull for public repos of private/limited org.
Use session for retrieving org teams.
Return json on 500 error from API
wrong milestone in webhook message
Prevent (caught) panic on login
commit page js error
Use media links for img in post-process
Ensure public repositories in private organizations are visible and admin organizations list
Set correct Content-Type value for Gogs/Gitea webhooks
Allow all members of private orgs to see public repos
Whenever the ctx.Session is updated, release it to save it before sending the redirect
Forcibly clean and destroy the session on logout
/api/v1/orgs/ endpoints by changing parameter to :org from :orgname.
Add tracked time to doctor
webpack chunk loading with STATIC_URL_PRE
Remove unnecessary parentheses in wiki/revision.tmpl to allow 1.11 to build on go1.14
.
Return json on 500 error from API.
wrong milestone in webhook message.
Prevent (caught) panic on login.
commit page js error.
Use media links for img in post-process.
Ensure public repositories in private organizations are visible and admin organizations list.
Set correct Content-Type value for Gogs/Gitea webhooks.
Allow all members of private orgs to see public repos.
Whenever the ctx.Session is updated, release it to save it before sending the redirect.
Forcibly clean and destroy the session on logout.
/api/v1/orgs/ endpoints by changing parameter to :org from :orgname.
Add tracked time to doctor.
webpack chunk loading with STATIC_URL_PRE.
Remove unnecessary parentheses in wiki/revision.tmpl to allow 1.11 to build on go1.14.
1.12.0-rc122 May 2020 22:45
minor feature:
Prevent timer leaks in Workerpool and others
tracked time
Add NotifySyncPushCommits to indexer notifier
Allow X in addition to x in tasks
When delete tracked time through the API return 404 not 500
Prevent duplicate records in organizations list when creating a repository
Manage port in submodule refurl
api.Context.NotFound(...) should tolerate nil
Show pull request selection even when unrelated branches
Repo: milestone: make /milestone/:id endpoint accessible
GetContents(): Dont't ignore Executables
submodule paths when AppSubUrl is not root
Prevent clones and pushes to disabled wiki
Remove errant third closing curly-bracket from account.tmpl and send account ID in account.tmpl
On Repo Deletion: Delete related TrackedTimes too
Refresh codemirror on show pull comment tab
merge dialog on protected branch with missing required statuses
Load pr Poster on API too
release counter on API repository info
Generate Diff and Patch direct from Pull head
rebase conflict detection in git 2.26
.
Prevent timer leaks in Workerpool and others.
tracked time.
Add NotifySyncPushCommits to indexer notifier.
Allow X in addition to x in tasks.
When delete tracked time through the API return 404 not 500.
Prevent duplicate records in organizations list when creating a repository.
Manage port in submodule refurl.
api.Context.NotFound(...) should tolerate nil.
Show pull request selection even when unrelated branches.
Repo: milestone: make /milestone/:id endpoint accessible.
GetContents(): Dont't ignore Executables.
submodule paths when AppSubUrl is not root.
Prevent clones and pushes to disabled wiki.
Remove errant third closing curly-bracket from account.tmpl and send account ID in account.tmpl.
On Repo Deletion: Delete related TrackedTimes too.
Refresh codemirror on show pull comment tab.
merge dialog on protected branch with missing required statuses.
Load pr Poster on API too.
release counter on API repository info.
Generate Diff and Patch direct f
1.13.0-dev18 May 2020 23:25
minor feature:
Prevent timer leaks in Workerpool and others
tracked time
Add NotifySyncPushCommits to indexer notifier
Allow X in addition to x in tasks
When delete tracked time through the API return 404 not 500
Prevent duplicate records in organizations list when creating a repository
Manage port in submodule refurl
api.Context.NotFound(...) should tolerate nil
Show pull request selection even when unrelated branches
Repo: milestone: make /milestone/:id endpoint accessible
GetContents(): Dont't ignore Executables
submodule paths when AppSubUrl is not root
Prevent clones and pushes to disabled wiki
Remove errant third closing curly-bracket from account.tmpl and send account ID in account.tmpl
On Repo Deletion: Delete related TrackedTimes too
Refresh codemirror on show pull comment tab
merge dialog on protected branch with missing required statuses
Load pr Poster on API too
release counter on API repository info
Generate Diff and Patch direct from Pull head
rebase conflict detection in git 2.26
.
Prevent timer leaks in Workerpool and others.
tracked time.
Add NotifySyncPushCommits to indexer notifier.
Allow X in addition to x in tasks.
When delete tracked time through the API return 404 not 500.
Prevent duplicate records in organizations list when creating a repository.
Manage port in submodule refurl.
api.Context.NotFound(...) should tolerate nil.
Show pull request selection even when unrelated branches.
Repo: milestone: make /milestone/:id endpoint accessible.
GetContents(): Dont't ignore Executables.
submodule paths when AppSubUrl is not root.
Prevent clones and pushes to disabled wiki.
Remove errant third closing curly-bracket from account.tmpl and send account ID in account.tmpl.
On Repo Deletion: Delete related TrackedTimes too.
Refresh codemirror on show pull comment tab.
merge dialog on protected branch with missing required statuses.
Load pr Poster on API too.
release counter on API repository info.
Generate Diff and Patch direct f
1.11.511 May 2020 06:25
minor feature:
Prevent timer leaks in Workerpool and others
tracked time
Add NotifySyncPushCommits to indexer notifier
Allow X in addition to x in tasks
When delete tracked time through the API return 404 not 500
Prevent duplicate records in organizations list when creating a repository
Manage port in submodule refurl
api.Context.NotFound(...) should tolerate nil
Show pull request selection even when unrelated branches
Repo: milestone: make /milestone/:id endpoint accessible
GetContents(): Dont't ignore Executables
submodule paths when AppSubUrl is not root
Prevent clones and pushes to disabled wiki
Remove errant third closing curly-bracket from account.tmpl and send account ID in account.tmpl
On Repo Deletion: Delete related TrackedTimes too
Refresh codemirror on show pull comment tab
merge dialog on protected branch with missing required statuses
Load pr Poster on API too
release counter on API repository info
Generate Diff and Patch direct from Pull head
rebase conflict detection in git 2.26
.
Prevent timer leaks in Workerpool and others.
tracked time.
Add NotifySyncPushCommits to indexer notifier.
Allow X in addition to x in tasks.
When delete tracked time through the API return 404 not 500.
Prevent duplicate records in organizations list when creating a repository.
Manage port in submodule refurl.
api.Context.NotFound(...) should tolerate nil.
Show pull request selection even when unrelated branches.
Repo: milestone: make /milestone/:id endpoint accessible.
GetContents(): Dont't ignore Executables.
submodule paths when AppSubUrl is not root.
Prevent clones and pushes to disabled wiki.
Remove errant third closing curly-bracket from account.tmpl and send account ID in account.tmpl.
On Repo Deletion: Delete related TrackedTimes too.
Refresh codemirror on show pull comment tab.
merge dialog on protected branch with missing required statuses.
Load pr Poster on API too.
release counter on API repository info.
Generate Diff and Patch direct f
1.11.402 Apr 2020 13:05
minor feature:
Only update merge_base if not already merged
milestones too many SQL variables
Protect against NPEs in notifications list
Convert plumbing.ErrObjectNotFound to git.ErrNotExist in getCommit
Convert plumbing.ErrReferenceNotFound to git.ErrNotExist in GetRefCommitID
Account for empty lines in receive-hook message
on branch API
Migrate to go-git/go-git v5.0.0
hiding of fields in authorization source page
Prevent default for linkAction
.
Only update merge_base if not already merged.
milestones too many SQL variables.
Protect against NPEs in notifications list.
Convert plumbing.ErrObjectNotFound to git.ErrNotExist in getCommit.
Convert plumbing.ErrReferenceNotFound to git.ErrNotExist in GetRefCommitID.
Account for empty lines in receive-hook message.
on branch API.
Migrate to go-git/go-git v5.0.0.
hiding of fields in authorization source page.
Prevent default for linkAction.
1.11.311 Mar 2020 19:45
minor feature:
.
Prevent panic in stopwatch.
on pull view when required status check no ci result.
Build explicitly with Go 1.13.
1.11.118 Feb 2020 05:05
minor feature:
Repo name added to automatically generated commit message when merging
Workerpool deadlock
Divide Gettats query in smaller chunks
reply on code review
Stop hanging indexer initialisation from preventing shutdown
filter label emoji width
sidebar menus having an infinite height
commit between two commits calculation if there is only last commit
Only check for conflicts/merging if the PR has not been merged in the interim
Blacklist manifest.json milestones user
.
Repo name added to automatically generated commit message when merging.
Workerpool deadlock.
Divide Gettats query in smaller chunks.
reply on code review.
Stop hanging indexer initialisation from preventing shutdown.
filter label emoji width.
sidebar menus having an infinite height.
commit between two commits calculation if there is only last commit.
Only check for conflicts/merging if the PR has not been merged in the interim.
Blacklist manifest.json milestones user.
1.11.012 Feb 2020 00:05
minor feature:
BREAKING
followers and following tabs in profile
Make CertFile and KeyFile relative to CustomPath
Remove unused endpoints
Preall user-generated IDs in markup
Enforce Gitea environment for pushes
Hide some user information via API if user have not enough permissions
Move startpage/homepage translation to crowdin
.
followers and following tabs in profile.
Make CertFile and KeyFile relative to CustomPath.
Remove unused endpoints.
Preall user-generated IDs in markup.
Enforce Gitea environment for pushes.
Hide some user information via API if user have not enough permissions.
Move startpage/homepage translation to crowdin.
SECURITY
Never allow an empty password to validate
Prevent redirect to Host
Swagger hide search field
Add "search" to reserved usernames
Switch to fomantic-ui
Only serve attachments when linked to /release and if accessible by user
.
Never allow an empty password to validate.
Prevent redirect to Host.
Swagger hide search field.
Add "search" to reserved usernames.
Switch to fomantic-ui.
Only serve attachments when linked to /release and if accessible by user.
FEATURES
Webhooks should only show sender if it makes sense
Provide Default messages for merges
Add description to labels on create
Graceful Queues: Indexing and Tasks
Default NO_REPLY_ADDRESS to DOMAIN
Allow FCGI over unix sockets
Graceful: Xorm, RepoIndexer, Cron and Others
Add API for Reactions
Graceful: Cancel Process on monitor pages HammerTime
Graceful: Allow graceful restart for unix sockets
Graceful: Allow graceful restart for fcgi
Sign protected branches
Add Graceful shutdown for Windows and hooks for shutdown of goroutines
Add Gitea icon to Emojis
Expand/Collapse Files and Blob Excerpt while Reviewing/Comparing code
Allow Custom Reactions
/reopen by keywords in titles and comments.
Allow incompletely specified Time Formats
Prevent upload (overwrite) of lfs locked file
Template Repositories
Add /milestones endpoint
Make repository management section
1.11.0-rc223 Jan 2020 12:45
minor feature:
SECURITY
Hide credentials when submitting migration
Never allow an empty password to validate
Prevent redirect to Host
Hide public repos owned by private orgs
.
Hide credentials when submitting migration.
Never allow an empty password to validate.
Prevent redirect to Host.
Hide public repos owned by private orgs.
Allow assignee on Pull Creation when Unit is deactivated
download file wrong content-type
wrong identify poster on a migrated pull request when submit review
dump non-exist log directory
compare
missing msteam webhook on organization
add team on collaborator page when same name as organization
cache problem on dashboard
Send tag create and push webhook when release created on UI
Branches not at ref commit ID should not be listed as Merged
.
Allow assignee on Pull Creation when Unit is deactivated.
download file wrong content-type.
wrong identify poster on a migrated pull request when submit review.
dump non-exist log directory.
compare.
missing msteam webhook on organization.
add team on collaborator page when same name as organization.
cache problem on dashboard.
Send tag create and push webhook when release created on UI.
Branches not at ref commit ID should not be listed as Merged.
1.10.318 Jan 2020 23:25
minor feature:
SECURITY
Hide credentials when submitting migration
Never allow an empty password to validate
Prevent redirect to Host
Hide public repos owned by private orgs
.
Hide credentials when submitting migration.
Never allow an empty password to validate.
Prevent redirect to Host.
Hide public repos owned by private orgs.
Allow assignee on Pull Creation when Unit is deactivated
download file wrong content-type
wrong identify poster on a migrated pull request when submit review
dump non-exist log directory
compare
missing msteam webhook on organization
add team on collaborator page when same name as organization
cache problem on dashboard
Send tag create and push webhook when release created on UI
Branches not at ref commit ID should not be listed as Merged
.
Allow assignee on Pull Creation when Unit is deactivated.
download file wrong content-type.
wrong identify poster on a migrated pull request when submit review.
dump non-exist log directory.
compare.
missing msteam webhook on organization.
add team on collaborator page when same name as organization.
cache problem on dashboard.
Send tag create and push webhook when release created on UI.
Branches not at ref commit ID should not be listed as Merged.
1.12.0-dev09 Jan 2020 16:05
minor feature:
Allow only specific Columns to be updated on via API
Add ErrReactionAlreadyExist error
when migrate from API
Use default avatar for ghost user
repository pagination when there are more than one label filter
deleted branch not removed when push the branch again
missing repository status when migrating repository via API
Trigger webhook when deleting a branch after merging a PR
paging on /repos/ owner / repo /git/trees/ sha API endpoint
NewCommitStatus
Use OriginalURL instead of CloneAddr in migration logging
Slack webhook payload title generation to work with Mattermost
DefaultBranch needs to be preby BranchPre
indexer not triggered when migrating a repository
that release attachment files not deleted when deleting repository
migration releases
File Edit: Author/Committer interchanged
.
Allow only specific Columns to be updated on via API.
Add ErrReactionAlreadyExist error.
when migrate from API.
Use default avatar for ghost user.
repository pagination when there are more than one label filter.
deleted branch not removed when push the branch again.
missing repository status when migrating repository via API.
Trigger webhook when deleting a branch after merging a PR.
paging on /repos/ owner / repo /git/trees/ sha API endpoint.
NewCommitStatus.
Use OriginalURL instead of CloneAddr in migration logging.
Slack webhook payload title generation to work with Mattermost.
DefaultBranch needs to be preby BranchPre.
indexer not triggered when migrating a repository.
that release attachment files not deleted when deleting repository.
migration releases.
File Edit: Author/Committer interchanged.
1.10.203 Jan 2020 16:25
minor feature:
Allow only specific Columns to be updated on via API
Add ErrReactionAlreadyExist error
when migrate from API
Use default avatar for ghost user
repository pagination when there are more than one label filter
deleted branch not removed when push the branch again
missing repository status when migrating repository via API
Trigger webhook when deleting a branch after merging a PR
paging on /repos/ owner / repo /git/trees/ sha API endpoint
NewCommitStatus
Use OriginalURL instead of CloneAddr in migration logging
Slack webhook payload title generation to work with Mattermost
DefaultBranch needs to be preby BranchPre
indexer not triggered when migrating a repository
that release attachment files not deleted when deleting repository
migration releases
File Edit: Author/Committer interchanged
.
Allow only specific Columns to be updated on via API.
Add ErrReactionAlreadyExist error.
when migrate from API.
Use default avatar for ghost user.
repository pagination when there are more than one label filter.
deleted branch not removed when push the branch again.
missing repository status when migrating repository via API.
Trigger webhook when deleting a branch after merging a PR.
paging on /repos/ owner / repo /git/trees/ sha API endpoint.
NewCommitStatus.
Use OriginalURL instead of CloneAddr in migration logging.
Slack webhook payload title generation to work with Mattermost.
DefaultBranch needs to be preby BranchPre.
indexer not triggered when migrating a repository.
that release attachment files not deleted when deleting repository.
migration releases.
File Edit: Author/Committer interchanged.
1.10.106 Dec 2019 13:05
minor feature:
Max length check and limit in multiple repo forms
Properly displaying virtual session provider in admin panel
Upgrade levelqueue to 0.1.0
Panic when diff
Smtp logger configuration sendTos should be an array
Always Show Password Field on Link Account Sign-in Page
Create PR on Current Repository by Default
Race on indexer
ReCAPTCHA URL
Hide migrated credentials
Update golang.org/x/crypto vendor to use acme v2
Password checks on admin create/edit user
Add search as a reserved username
Permission checks for /reopen from commit
Ensure Written is set in GZIP ProxyResponseWriter
Broken link to branch from list
Wrong system notice when repository is empty
Shadow password correctly for session config
.
Max length check and limit in multiple repo forms.
Properly displaying virtual session provider in admin panel.
Upgrade levelqueue to 0.1.0.
Panic when diff.
Smtp logger configuration sendTos should be an array.
Always Show Password Field on Link Account Sign-in Page.
Create PR on Current Repository by Default.
Race on indexer.
ReCAPTCHA URL.
Hide migrated credentials.
Update golang.org/x/crypto vendor to use acme v2.
Password checks on admin create/edit user.
Add search as a reserved username.
Permission checks for /reopen from commit.
Ensure Written is set in GZIP ProxyResponseWriter.
Broken link to branch from list.
Wrong system notice when repository is empty.
Shadow password correctly for session config.
1.10.018 Nov 2019 20:05
minor feature:
BREAKING
deadline on update or PR via API
Hide some user information via API if user doesn't have enough permission
Remove legacy handling of drone token
Change repo search to use exact match for topic search.
Add pagination for admin api get orgs and only list public orgs
Implement the ability to change the ssh port to match what is in the gitea config
.
deadline on update or PR via API.
Hide some user information via API if user doesn't have enough permission.
Remove legacy handling of drone token.
Change repo search to use exact match for topic search.
Add pagination for admin api get orgs and only list public orgs.
Implement the ability to change the ssh port to match what is in the gitea config.
SECURITY.
Ignore mentions for users with no access
Be more strict with git arguments
reserve.well-known username
.
Ignore mentions for users with no access.
Be more strict with git arguments.
reserve.well-known username.
FEATURE.
Org/Members: display 2FA members states + optimize sql requests
SetDefaultBranch on pushing to empty repository
Adds side-by-side diff for images
API method to list all commits of a repository
Password Complexity Checks
Add option to initialize repository with labels
Add additional password hash algorithms
.
Org/Members: display 2FA members states + optimize sql requests.
SetDefaultBranch on pushing to empty repository.
Adds side-by-side diff for images.
API method to list all commits of a repository.
Password Complexity Checks.
Add option to initialize repository with labels.
Add additional password hash algorithms.
Allow to merge if file path contains " or .
On windows set core.longpaths true
when edit hook
Checkbox at RepoSettings Protected Branch
SSH2 conditional in key parsing code
commit expand button to not go to commit link
new user form for non-local users
to opened io resources as soon as not needed
edit content button on migrated content
require external registration password
password comple
1.9.614 Nov 2019 14:05
minor feature:
Allow to merge if file path contains " or
when edit hook
with user.fullname
Update Github Migration Test
Add () method to gogitRepository
.
Allow to merge if file path contains " or .
when edit hook.
with user.fullname.
Update Github Migration Test.
Add () method to gogitRepository.
1.10.0-rc231 Oct 2019 10:25
minor feature:
BREAKING.
deadline on update or PR via API.
Hide some user information via API if user doesn't have enough permission.
.
Expose db.SetMaxOpenConns and allow non MySQL dbs to set conn pool params.
milestone timestamp.
when getting user as unauthenticated user.
'New Missing Milestone Comment'.
Use AppSubUrl for more redirections.
Add SubURL to redirect path.
template error on account page.
Allow externalID to be UUID.
Prevent removal of non-empty emoji panel following selection of duplicate.
Update heatmap tures to restore tests.
Ensure that diff stats can scroll independently of the diff.
Webhook: set Content-Type for application/x-www-form-urlencoded.
by handling empty repos.
on pull requests when transfer head repository.
Add missed in ServeBlobLFS.
Ensure that GitRepo is set on Empty repositories.
migrate mirror 500.
password complexity regex for special characters.
Prevent.code-view from overriding font on icon fonts.
Allow more than 255 characters for tokens in external_login_user table.
1.11.0-dev15 Oct 2019 11:05
minor feature:
Highlight references
When migrating a private repository #7917
Change general form binding to gogs form
Editor commit to new branch if PR disabled
Milestone num_
Allow users with explicit read access to give approvals
Commit status in PR #8316 and PR #8321
API for edit and delete release attachment
Assets on release webhook
Release API URL generation
Allow registration when button is hidden
MS Teams webhook misses commit messages (backport v1.9)
Data race
Pull merge 500 error caused by git-fetch breaking behaviors
The SSH config specification in the authorized_keys template
Reading git notes from nested trees
Team user api
Add reviewers as participants
.
Highlight references.
When migrating a private repository #7917.
Change general form binding to gogs form.
Editor commit to new branch if PR disabled.
Milestone num_.
Allow users with explicit read access to give approvals.
Commit status in PR #8316 and PR #8321.
API for edit and delete release attachment.
Assets on release webhook.
Release API URL generation.
Allow registration when button is hidden.
MS Teams webhook misses commit messages (backport v1.9).
Data race.
Pull merge 500 error caused by git-fetch breaking behaviors.
The SSH config specification in the authorized_keys template.
Reading git notes from nested trees.
Team user api.
Add reviewers as participants.
BUILD
Use vendored go-swagger
Version-validation for GO 1.13 (go-macaron/cors)
.
Use vendored go-swagger.
Version-validation for GO 1.13 (go-macaron/cors).
MISC
Make show private icon when repo avatar set
.
Make show private icon when repo avatar set.
1.9.409 Oct 2019 22:27
minor feature:
Homepage
Download