23 Jan 15:56

GiteaBot

v1.18.3

SECURITY
- Prevent multiple To recipients (#22566) (#22569)
BUGFIXES
- Truncate commit summary on repo files table. (#22551) (#22552)
- Mute all links in issue timeline (#22534)

Assets 80

20 Jan 00:19

GiteaBot

v1.18.2

This version also includes docker images with a patched git binary for the CVE reported.

❗ ❗ ❗ For anyone who doesn't use docker, you will need to update your version of git to a version with the security patch applied.

The patched versions are the following:
>= v2.30.7, v2.31.6, v2.32.5, v2.33.6, v2.34.6, v2.35.6, v2.36.4, v2.37.5, v2.38.3, v2.39.1

More information can be found at GHSA-c738-c5qq-xg89

BUGFIXES
- When updating by rebase we need to set the environment for head repo (#22535) (#22536)
- Fix issue not auto-closing when it includes a reference to a branch (#22514) (#22521)
- Fix invalid issue branch reference if not specified in template (#22513) (#22520)
- Fix 500 error viewing pull request when fork has pull requests disabled (#22512) (#22515)
- Reliable selection of admin user (#22509) (#22511)
- Set disable_gravatar/enable_federated_avatar when offline mode is true (#22479) (#22496)
BUILD
- cgo cross-compile for freebsd (#22397) (#22519)

Assets 80

17 Jan 17:44

GiteaBot

v1.18.1

API
- Add sync_on_commit option for push mirrors api (#22271) (#22292)
BUGFIXES
- Update github.com/zeripath/zapx/v15 (#22485)
- Fix pull request API field closed_at always being null (#22482) (#22483)
- Fix container blob mount (#22226) (#22476)
- Fix error when calculating repository size (#22392) (#22474)
- Fix Operator does not exist bug on explore page with ONLY_SHOW_RELEVANT_REPOS (#22454) (#22472)
- Fix environments for KaTeX and error reporting (#22453) (#22473)
- Remove the netgo tag for Windows build (#22467) (#22468)
- Fix migration from GitBucket (#22477) (#22465)
- Prevent panic on looking at api "git" endpoints for empty repos (#22457) (#22458)
- Fix PR status layout on mobile (#21547) (#22441)
- Fix wechatwork webhook sends empty content in PR review (#21762) (#22440)
- Remove duplicate "Actions" label in mobile view (#21974) (#22439)
- Fix leaving organization bug on user settings -> orgs (#21983) (#22438)
- Fixed colour transparency regex matching in project board sorting (#22092) (#22437)
- Correctly handle select on multiple channels in Queues (#22146) (#22428)
- Prepend refs/heads/ to issue template refs (#20461) (#22427)
- Restore function to "Show more" buttons (#22399) (#22426)
- Continue GCing other repos on error in one repo (#22422) (#22425)
- Allow HOST has no port (#22280) (#22409)
- Fix omit avatar_url in discord payload when empty (#22393) (#22394)
- Don't display stop watch top bar icon when disabled and hidden when click other place (#22374) (#22387)
- Don't lookup mail server when using sendmail (#22300) (#22383)
- Fix gravatar disable bug (#22337)
- Fix update settings table on install (#22326) (#22327)
- Fix sitemap (#22272) (#22320)
- Fix code search title translation (#22285) (#22316)
- Fix due date rendering the wrong date in issue (#22302) (#22306)
- Fix get system setting bug when enabled redis cache (#22298)
- Fix bug of DisableGravatar default value (#22297)
- Fix key signature error page (#22229) (#22230)
TESTING
- Remove test session cache to reduce possible concurrent problem (#22199) (#22429)
MISC
- Restore previous official review when an official review is deleted (#22449) (#22460)
- Log STDERR of external renderer when it fails (#22442) (#22444)

Assets 74

29 Dec 19:52

6543

v1.18.0

Changelog

SECURITY
- Remove ReverseProxy authentication from the API (#22219) (#22251)
- Support Go Vulnerability Management (#21139)
- Forbid HTML string tooltips (#20935)
BREAKING
- Rework mailer settings (#18982)
- Remove U2F support (#20141)
- Refactor i18n to locale (#20153)
- Enable contenthash in filename for dynamic assets (#20813)
FEATURES
- Add color previews in markdown (#21474)
- Allow package version sorting (#21453)
- Add support for Chocolatey/NuGet v2 API (#21393)
- Add API endpoint to get changed files of a PR (#21177)
- Add filetree on left of diff view (#21012)
- Support Issue forms and PR forms (#20987)
- Add support for Vagrant packages (#20930)
- Add support for npm unpublish (#20688)
- Add badge capabilities to users (#20607)
- Add issue filter for Author (#20578)
- Add KaTeX rendering to Markdown. (#20571)
- Add support for Pub packages (#20560)
- Support localized README (#20508)
- Add support mCaptcha as captcha provider (#20458)
- Add team member invite by email (#20307)
- Added email notification option to receive all own messages (#20179)
- Switch Unicode Escaping to a VSCode-like system (#19990)
- Add user/organization code search (#19977)
- Only show relevant repositories on explore page (#19361)
- User keypairs and HTTP signatures for ActivityPub federation using go-ap (#19133)
- Add sitemap support (#18407)
- Allow creation of OAuth2 applications for orgs (#18084)
- Add system setting table with cache and also add cache supports for user setting (#18058)
- Add pages to view watched repos and subscribed issues/PRs (#17156)
- Support Proxy protocol (#12527)
- Implement sync push mirror on commit (#19411)
API
- Allow empty assignees on pull request edit (#22150) (#22214)
- Make external issue tracker regexp configurable via API (#21338)
- Add name field for org api (#21270)
- Show teams with no members if user is admin (#21204)
- Add latest commit's SHA to content response (#20398)
- Add allow_rebase_update, default_delete_branch_after_merge to repository api response (#20079)
- Add new endpoints for push mirrors management (#19841)
ENHANCEMENTS
- Add setting to disable the git apply step in test patch (#22130) (#22170)
- Multiple improvements for comment edit diff (#21990) (#22007)
- Fix button in branch list, avoid unexpected page jump before restore branch actually done (#21562) (#21928)
- Fix flex layout for repo list icons (#21896) (#21920)
- Fix vertical align of committer avatar rendered by email address (#21884) (#21918)
- Fix setting HTTP headers after write (#21833) (#21877)
- Color and Style enhancements (#21784, #21799) (#21868)
- Ignore line anchor links with leading zeroes (#21728) (#21776)
- Quick fixes monaco-editor error: "vs.editor.nullLanguage" (#21734) (#21738)
- Use CSS color-scheme instead of invert (#21616) (#21623)
- Respect user's locale when rendering the date range in the repo activity page (#21410)
- Change commits-table column width (#21564)
- Refactor git command arguments and make all arguments to be safe to be used (#21535)
- CSS color enhancements (#21534)
- Add link to user profile in markdown mention only if user exists (#21533, #21554)
- Add option to skip index dirs (#21501)
- Diff file tree tweaks (#21446)
- Localize all timestamps (#21440)
- Add code highlighting in issue titles (#21432)
- Use Name instead of DisplayName in LFS Lock (#21415)
- Consolidate more CSS colors into variables (#21402)
- Redirect to new repository owner (#21398)
- Use ISO date format instead of hard-coded English date format for date range in repo activity page (#21396)
- Use weighted algorithm for string matching when finding files in repo (#21370)
- Show private data in feeds (#21369)
- Refactor parseTreeEntries, speed up tree list (#21368)
- Add GET and DELETE endpoints for Docker blob uploads (#21367)
- Add nicer error handling on template compile errors (#21350)
- Add stat to ToCommit function for speed (#21337)
- Support instance-wide OAuth2 applications (#21335)
- Record OAuth client type at registration (#21316)
- Add new CSS variables --color-accent and --color-small-accent (#21305)
- Improve error descriptions for unauthorized_client (#21292)
- Case-insensitive "find files in repo" (#21269)
- Consolidate more CSS rules, fix inline code on arc-green (#21260)
- Log real ip of requests from ssh (#21216)
- Save files in local storage as group readable (#21198)
- Enable fluid page layout on medium size viewports (#21178)
- File header tweaks (#21175)
- Added missing headers on user packages page (#21172)
- Display image digest for container packages (#21170)
- Skip dirty check for team forms (#21154)
- Keep path when creating a new branch (#21153)
- Remove fomantic image module (#21145)
- Make labels clickable in the comments section. (#21137)
- Sort branches and tags by date descending (#21136)
- Better repo API unit checks (#21130)
- Improve commit status icons (#21124)
- Limit length of repo description and repo url input fields (#21119)
- Show .editorconfig errors in frontend (#21088)
- Allow poster to choose reviewers (#21084)
- Remove black labels and CSS cleanup (#21003)
- Make e-mail sanity check more precise (#20991)
- Use native inputs in whitespace dropdown (#20980)
- Enhance package date display (#20928)
- Display total blob size of a package version (#20927)
- Show language name on hover (#20923)
- Show instructions for all generic package files (#20917)
- Refactor AssertExistsAndLoadBean to use generics (#20797)
- Move the official website link at the footer of gitea (#20777)
- Add support for full name in reverse proxy auth (#20776)
- Remove useless JS operation for relative time tooltips (#20756)
- Replace some icons with SVG (#20741)
- Change commit status icons to SVG (#20736)
- Improve single repo action for issue and pull requests (#20730)
- Allow multiple files in generic packages (#20661)
- Add option to create new issue from /issues page (#20650)
- Background color of private list-items updated (#20630)
- Added search input field to issue filter (#20623)
- Increase default item listing size ISSUE_PAGING_NUM to 20 (#20547)
- Modify milestone search keywords to be case insensitive again (#20513)
- Show hint to link package to repo when viewing empty repo package list (#20504)
- Add Tar ZSTD support (#20493)
- Make code review checkboxes clickable (#20481)
- Add "X-Gitea-Object-Type" header for GET /raw/ & /media/ API (#20438)
- Display project in issue list (#20434)
- Prepend commit message to template content when opening a new PR (#20429)
- Replace fomantic popup module with tippy.js (#20428)
- Allow to specify colors for text in markup (#20363)
- Allow access to the Public Organization Member lists with minimal permissions (#20330)
- Use default values when provided values are empty (#20318)
- Vertical align navbar avatar at middle (#20302)
- Delete cancel button in repo creation page (#21381)
- Include login_name in adminCreateUser response (#20283)
- fix: icon margin in user/settings/repos (#20281)
- Remove blue text on migrate page (#20273)
- Modify milestone search keywords to be case insensitive (#20266)
- Move some files into models' sub packages (#20262)
- Add tooltip to repo icons in explore page (#20241)
- Remove deprecated licenses (#20222)
- Webhook for Wiki changes (#20219)
- Share HTML template renderers and create a watcher framework (#20218)
- Allow enable LDAP source and disable user sync via CLI (#20206)
- Adds a checkbox to select all issues/PRs (#20177)
- Refactor i18n to locale (#20153)
- Disable status checks in template if none found (#20088)
- Allow manager logging to set SQL (#20064)
- Add order by for assignee no sort issue (#20053)
- Take a stab at porting existing components to Vue3 (#20044)
- Add doctor command to write commit-graphs (#20007)
- Add support for authentication based on reverse proxy email (#19949)
- Enable spellcheck for EasyMDE, use contenteditable mode (#19776)
- Allow specifying SECRET_KEY_URI, similar to INTERNAL_TOKEN_URI (#19663)
- Rework mailer settings (#18982)
- Add option to purge users (#18064)
- Add author search input (#21246)
- Make rss/atom identifier globally unique (#21550)
BUGFIXES
- Auth interface return error when verify failure (#22119) (#22259)
- Use complete SHA to create and query commit status (#22244) (#22257)
- Update bleve and zapx to fix unaligned atomic (#22031) (#22218)
- Prevent panic in doctor command when running default checks (#21791) (#21807)
- Load GitRepo in API before deleting issue (#21720) (#21796)
- Ignore line anchor links with leading zeroes (#21728) (#21776)
- Set last login when activating account (#21731) (#21755)
- Fix UI language switching bug (#21597) (#21749)
- Quick fixes monaco-editor error: "vs.editor.nullLanguage" (#21734) (#21738)
- Allow local package identifiers for PyPI packages (#21690) (#21727)
- Deal with markdown template without metadata (#21639) (#21654)
- Fix opaque background on mermaid diagrams (#21642) (#21652)
- Fix repository adoption on Windows (#21646) (#21650)
- Sync git hooks when config file path changed (#21619) (#21626)
- Fix 500 on PR files API (#21602) (#21607)
- Fix Timestamp.IsZero (#21593) (#21603)
- Fix viewing user subscriptions (#21482)
- Fix mermaid-related bugs (#21431)
- Fix branch dropdown shifting on page load (#21428)
- Fix default theme-auto selector when nologin (#21346)
- Fix and improve incorrect error messages (#21342)
- Fix formatted link for PR revie...

Read more

Contributors

willnorris, algernon, and 92 other contributors

Assets 74

21 Dec 23:46

GiteaBot

v1.17.4

SECURITY
- Do not allow Ghost access to limited visible user/org (#21849) (#21875)
- Fix package access for admins and inactive users (#21580) (#21592)
ENHANCEMENTS
- Fix button in branch list, avoid unexpected page jump before restore branch actually done (#21562) (#21927)
- Fix vertical align of committer avatar rendered by email address (#21884) (#21919)
- Fix setting HTTP headers after write (#21833) (#21874)
- Ignore line anchor links with leading zeroes (#21728) (#21777)
- Enable Monaco automaticLayout (#21516)
BUGFIXES
- Do not list active repositories as unadopted (#22034) (#22167)
- Correctly handle moved files in apply patch (#22118) (#22136)
- Fix condition for is_internal (#22095) (#22131)
- Fix permission check on issue/pull lock (#22114)
- Fix sorting admin user list by last login (#22081) (#22106)
- Workaround for container registry push/pull errors (#21862) (#22069)
- Fix issue/PR numbers (#22037) (#22045)
- Handle empty author names (#21902) (#22028)
- Fix ListBranches to handle empty case (#21921) (#22025)
- Fix enabling partial clones on 1.17 (#21809)
- Prevent panic in doctor command when running default checks (#21791) (#21808)
- Upgrade golang.org/x/crypto (#21792) (#21794)
- Init git module before database migration (#21764) (#21766)
- Set last login when activating account (#21731) (#21754)
- Add HEAD fix to gitea doctor (#21352) (#21751)
- Fix UI language switching bug (#21597) (#21748)
- Remove semver compatible flag and change pypi to an array of test cases (#21708) (#21729)
- Allow local package identifiers for PyPI packages (#21690) (#21726)
- Fix repository adoption on Windows (#21646) (#21651)
- Sync git hooks when config file path changed (#21619) (#21625)
- Added check for disabled Packages (#21540) (#21614)
- Fix Timestamp.IsZero (#21593) (#21604)
- Fix issues count bug (#21600)
- Support binary deploy in npm packages (#21589)
- Update milestone counters when issue is deleted (#21459) (#21586)
- SessionUser protection against nil pointer dereference (#21581)
- Case-insensitive NuGet symbol file GUID (#21409) (#21575)
- Suppress ExternalLoginUserNotExist error (#21504) (#21572)
- Prevent Authorization header for presigned LFS urls (#21531) (#21569)
- Update binding to fix bugs (#21560)
- Fix generating compare link (#21519) (#21530)
- Ignore error when retrieving changed PR review files (#21487) (#21524)
- Fix incorrect notification commit url (#21479) (#21483)
- Display total commit count in hook message (#21400) (#21481)
- Enforce grouped NuGet search results (#21442) (#21480)
- Return 404 when user is not found on avatar (#21476) (#21477)
- Normalize NuGet package version on upload (#22186) (#22201)
MISC
- Check for zero time instant in TimeStamp.IsZero() (#22171) (#22173)
- Fix warn in database structs sync (#22111)
- Allow for resolution of NPM registry paths that match upstream (#21568) (#21723)

Assets 74

24 Nov 13:39

GiteaBot

v1.18.0-rc1 Pre-release

Pre-release

BREAKING
- Remove U2F support (#20141)
FEATURES
- Add color previews in markdown (#21474)
- Allow package version sorting (#21453)
- Add support for Chocolatey/NuGet v2 API (#21393)
- Add API endpoint to get changed files of a PR (#21177)
- Add filetree on left of diff view (#21012)
- Support Issue forms and PR forms (#20987)
- Add support for Vagrant packages (#20930)
- Add support for npm unpublish (#20688)
- Add badge capabilities to users (#20607)
- Add issue filter for Author (#20578)
- Add KaTeX rendering to Markdown. (#20571)
- Add support for Pub packages (#20560)
- Support localized README (#20508)
- Add support mCaptcha as captcha provider (#20458)
- Add team member invite by email (#20307)
- Added email notification option to receive all own messages (#20179)
- Switch Unicode Escaping to a VSCode-like system (#19990)
- Add user/organization code search (#19977)
- Only show relevant repositories on explore page (#19361)
- User keypairs and HTTP signatures for ActivityPub federation using go-ap (#19133)
- Add sitemap support (#18407)
- Allow creation of OAuth2 applications for orgs (#18084)
- Add system setting table with cache and also add cache supports for user setting (#18058)
- Add pages to view watched repos and subscribed issues/PRs (#17156)
- Support Proxy protocol (#12527)
- Implement sync push mirror on commit (#19411)
API
- Make external issue tracker regexp configurable via API (#21338)
- Add name field for org api (#21270)
- Show teams with no members if user is admin (#21204)
- Add latest commit's SHA to content response (#20398)
- Add allow_rebase_update, default_delete_branch_after_merge to repository api response (#20079)
- Add new endpoints for push mirrors management (#19841)
ENHANCEMENTS
- Use CSS color-scheme instead of invert (#21616) (#21623)
- Respect user's locale when rendering the date range in the repo activity page (#21410)
- Change commits-table column width (#21564)
- Refactor git command arguments and make all arguments to be safe to be used (#21535)
- CSS color enhancements (#21534)
- Add link to user profile in markdown mention only if user exists (#21533, #21554)
- Add option to skip index dirs (#21501)
- Diff file tree tweaks (#21446)
- Localize all timestamps (#21440)
- Add code highlighting in issue titles (#21432)
- Use Name instead of DisplayName in LFS Lock (#21415)
- Consolidate more CSS colors into variables (#21402)
- Redirect to new repository owner (#21398)
- Use ISO date format instead of hard-coded English date format for date range in repo activity page (#21396)
- Use weighted algorithm for string matching when finding files in repo (#21370)
- Show private data in feeds (#21369)
- Refactor parseTreeEntries, speed up tree list (#21368)
- Add GET and DELETE endpoints for Docker blob uploads (#21367)
- Add nicer error handling on template compile errors (#21350)
- Add stat to ToCommit function for speed (#21337)
- Support instance-wide OAuth2 applications (#21335)
- Record OAuth client type at registration (#21316)
- Add new CSS variables --color-accent and --color-small-accent (#21305)
- Improve error descriptions for unauthorized_client (#21292)
- Case-insensitive "find files in repo" (#21269)
- Consolidate more CSS rules, fix inline code on arc-green (#21260)
- Log real ip of requests from ssh (#21216)
- Save files in local storage as group readable (#21198)
- Enable fluid page layout on medium size viewports (#21178)
- File header tweaks (#21175)
- Added missing headers on user packages page (#21172)
- Display image digest for container packages (#21170)
- Skip dirty check for team forms (#21154)
- Keep path when creating a new branch (#21153)
- Remove fomantic image module (#21145)
- Make labels clickable in the comments section. (#21137)
- Sort branches and tags by date descending (#21136)
- Better repo API unit checks (#21130)
- Improve commit status icons (#21124)
- Limit length of repo description and repo url input fields (#21119)
- Show .editorconfig errors in frontend (#21088)
- Allow poster to choose reviewers (#21084)
- Remove black labels and CSS cleanup (#21003)
- Make e-mail sanity check more precise (#20991)
- Use native inputs in whitespace dropdown (#20980)
- Enhance package date display (#20928)
- Display total blob size of a package version (#20927)
- Show language name on hover (#20923)
- Show instructions for all generic package files (#20917)
- Refactor AssertExistsAndLoadBean to use generics (#20797)
- Move the official website link at the footer of gitea (#20777)
- Add support for full name in reverse proxy auth (#20776)
- Remove useless JS operation for relative time tooltips (#20756)
- Replace some icons with SVG (#20741)
- Change commit status icons to SVG (#20736)
- Improve single repo action for issue and pull requests (#20730)
- Allow multiple files in generic packages (#20661)
- Add option to create new issue from /issues page (#20650)
- Background color of private list-items updated (#20630)
- Added search input field to issue filter (#20623)
- Increase default item listing size ISSUE_PAGING_NUM to 20 (#20547)
- Modify milestone search keywords to be case insensitive again (#20513)
- Show hint to link package to repo when viewing empty repo package list (#20504)
- Add Tar ZSTD support (#20493)
- Make code review checkboxes clickable (#20481)
- Add "X-Gitea-Object-Type" header for GET /raw/ & /media/ API (#20438)
- Display project in issue list (#20434)
- Prepend commit message to template content when opening a new PR (#20429)
- Replace fomantic popup module with tippy.js (#20428)
- Allow to specify colors for text in markup (#20363)
- Allow access to the Public Organization Member lists with minimal permissions (#20330)
- Use default values when provided values are empty (#20318)
- Vertical align navbar avatar at middle (#20302)
- Delete cancel button in repo creation page (#21381)
- Include login_name in adminCreateUser response (#20283)
- fix: icon margin in user/settings/repos (#20281)
- Remove blue text on migrate page (#20273)
- Modify milestone search keywords to be case insensitive (#20266)
- Move some files into models' sub packages (#20262)
- Add tooltip to repo icons in explore page (#20241)
- Remove deprecated licenses (#20222)
- Webhook for Wiki changes (#20219)
- Share HTML template renderers and create a watcher framework (#20218)
- Allow enable LDAP source and disable user sync via CLI (#20206)
- Adds a checkbox to select all issues/PRs (#20177)
- Refactor i18n to locale (#20153)
- Disable status checks in template if none found (#20088)
- Allow manager logging to set SQL (#20064)
- Add order by for assignee no sort issue (#20053)
- Take a stab at porting existing components to Vue3 (#20044)
- Add doctor command to write commit-graphs (#20007)
- Add support for authentication based on reverse proxy email (#19949)
- Enable spellcheck for EasyMDE, use contenteditable mode (#19776)
- Allow specifying SECRET_KEY_URI, similar to INTERNAL_TOKEN_URI (#19663)
- Rework mailer settings (#18982)
- Add option to purge users (#18064)
- Add author search input (#21246)
- Make rss/atom identifier globally unique (#21550)
BUGFIXES
- Prevent panic in doctor command when running default checks (#21791) (#21807)
- Load GitRepo in API before deleting issue (#21720) (#21796)
- Ignore line anchor links with leading zeroes (#21728) (#21776)
- Set last login when activating account (#21731) (#21755)
- Fix UI language switching bug (#21597) (#21749)
- Quick fixes monaco-editor error: "vs.editor.nullLanguage" (#21734) (#21738)
- Allow local package identifiers for PyPI packages (#21690) (#21727)
- Deal with markdown template without metadata (#21639) (#21654)
- Fix opaque background on mermaid diagrams (#21642) (#21652)
- Fix repository adoption on Windows (#21646) (#21650)
- Sync git hooks when config file path changed (#21619) (#21626)
- Fix 500 on PR files API (#21602) (#21607)
- Fix Timestamp.IsZero (#21593) (#21603)
- Fix viewing user subscriptions (#21482)
- Fix mermaid-related bugs (#21431)
- Fix branch dropdown shifting on page load (#21428)
- Fix default theme-auto selector when nologin (#21346)
- Fix and improve incorrect error messages (#21342)
- Fix formatted link for PR review notifications to matrix (#21319)
- Center-aligning content of WebAuthN page (#21127)
- Remove follow from commits by file (#20765)
- Fix commit status popup (#20737)
- Fix init mail render logic (#20704)
- Use correct page size for link header pagination (#20546)
- Preserve unix socket file (#20499)
- Use tippy.js for context popup (#20393)
- Add missing parameter for error in log message (#20144)
- Do not allow organisation owners add themselves as collaborator (#20043)
- Rework file highlight rendering and fix yaml copy-paste (#19967)
- Improve code diff highlight, fix incorrect rendered diff result (#19958)
TESTING
- Improve OAuth integration tests (#21390)
- Add playwright tests (#20123)
BUILD
- Switch to building with go1.19 (#20695)
- Update JS dependencies, adjust eslint (#20659)
- Add more linters to improve code readability (#19989)

Assets 74

25 Oct 23:21

GiteaBot

v1.18.0-rc0 Pre-release

Pre-release

v1.18.0-rc0

Assets 74

15 Oct 14:04

GiteaBot

v1.17.3

SECURITY
- Sanitize and Escape refs in git backend (#21464) (#21463) CVE-2022-42968
- Bump golang.org/x/text (#21412) (#21413)
- Update bluemonday (#21281) (#21287)
ENHANCEMENTS
- Fix empty container layer history and UI (#21251) (#21278)
- Use en-US as fallback when using other default language (#21200) (#21256)
- Make the vscode clone link respect transport protocol (#20557) (#21128)
BUGFIXES
- Do DB update after merge in hammer context (#21401) (#21416)
- Add Num{Issues,Pulls} stats checks (#21404) (#21414)
- Stop logging CheckPath returns error: context canceled (#21064) (#21405)
- Parse OAuth Authorization header when request omits client secret (#21351) (#21374)
- Ignore port for loopback redirect URIs (#21293) (#21373)
- Set SemverCompatible to false for Conan packages (#21275) (#21366)
- Tag list should include draft releases with existing tags (#21263) (#21365)
- Fix linked account translation (#21331) (#21334)
- Make NuGet service index publicly accessible (#21242) (#21277)
- Foreign ID conflicts if ID is 0 for each item (#21271) (#21272)
- Use absolute links in feeds (#21229) (#21265)
- Prevent invalid behavior for file reviewing when loading more files (#21230) (#21234)
- Respect REQUIRE_SIGNIN_VIEW for packages (#20873) (#21232)
- Treat git object mode 40755 as directory (#21195) (#21218)
- Allow uppercase ASCII alphabet in PyPI package names (#21095) (#21217)
- Fix limited user cannot view himself's profile (#21212)
- Fix template bug of admin monitor (#21209)
- Fix reaction of issues (#21185) (#21196)
- Fix CSV diff for added/deleted files (#21189) (#21193)
- Fix pagination limit parameter problem (#21111)
TESTING
- Fix missing m.Run() in TestMain (#21341)
BUILD
- Use Go 1.19 fmt for Gitea 1.17, sync emoji data (#21239)

Assets 74

06 Sep 22:26

GiteaBot

v1.17.2

SECURITY
- Double check CloneURL is acceptable (#20869) (#20892)
- Add more checks in migration code (#21011) (#21050)
ENHANCEMENTS
- Fix hard-coded timeout and error panic in API archive download endpoint (#20925) (#21051)
- Improve arc-green code theme (#21039) (#21042)
- Enable contenthash in filename for dynamic assets (#20813) (#20932)
- Don't open new page for ext wiki on same repository (#20725) (#20910)
- Disable doctor logging on panic (#20847) (#20898)
- Remove calls to load Mirrors in user.Dashboard (#20855) (#20897)
- Update codemirror to 5.65.8 (#20875)
- Rework repo buttons (#20602, #20718) (#20719)
BUGFIXES
- Ensure delete user deletes all comments (#21067) (#21068)
- Delete unreferenced packages when deleting a package version (#20977) (#21060)
- Redirect if user does not exist on admin pages (#20981) (#21059)
- Set uploadpack.allowFilter etc on gitea serv to enable partial clones with ssh (#20902) (#21058)
- Fix 500 on time in timeline API (#21052) (#21057)
- Fill the specified ref in webhook test payload (#20961) (#21055)
- Add another index for Action table on postgres (#21033) (#21054)
- Fix broken insecureskipverify handling in redis connection uris (#20967) (#21053)
- Add Dev, Peer and Optional dependencies to npm PackageMetadataVersion (#21017) (#21044)
- Do not add links to Posters or Assignees with ID < 0 (#20577) (#21037)
- Fix modified due date message (#20388) (#21032)
- Fix missed sort bug (#21006)
- Fix input.value attr for RequiredClaimName/Value (#20946) (#21001)
- Change review buttons to icons to make space for text (#20934) (#20978)
- Fix download archiver of a commit (#20962) (#20971)
- Return 404 NotFound if requested attachment does not exist (#20886) (#20941)
- Set no-tags in git fetch on compare (#20893) (#20936)
- Allow multiple metadata files for Maven packages (#20674) (#20916)
- Increase Content field size of gpg_key and public_key to MEDIUMTEXT (#20896) (#20911)
- Fix mirror address setting not working (#20850) (#20904)
- Fix push mirror address backend get error Address cause setting page display error (#20593) (#20901)
- Fix panic when an invalid oauth2 name is passed (#20820) (#20900)
- In PushMirrorsIterate and MirrorsIterate if limit is negative do not set it (#20837) (#20899)
- Ensure that graceful start-up is informed of unused SSH listener (#20877) (#20888)
- Pad GPG Key ID with preceding zeroes (#20878) (#20885)
- Fix SQL Query for SearchTeam (#20844) (#20872)
- Fix the mode of custom dir to 0700 in docker-rootless (#20861) (#20867)
- Fix UI mis-align for PR commit history (#20845) (#20859)

Assets 74

18 Aug 20:32

GiteaBot

v1.17.1

SECURITY
- Correctly escape within tribute.js (#20831) (#20832)
ENHANCEMENTS
- Add support for NuGet API keys (#20721) (#20734)
- Display project in issue list (#20583)
- Add disable download source configuration (#20548) (#20579)
- Add username check to doctor (#20140) (#20671)
- Enable Wire 2 for Internal SSH Server (#20616) (#20617)
BUGFIXES
- Use the total issue count for UI (#20785) (#20827)
- Add proxy host into allow list (#20798) (#20819)
- Add missing translation for queue flush workers (#20791) (#20792)
- Improve comment header for mobile (#20781) (#20789)
- Fix git.Init for doctor sub-command (#20782) (#20783)
- Check webhooks slice length before calling xorm (#20642) (#20768)
- Remove manual rollback for failed generated repositories (#20639) (#20762)
- Use correct field name in npm template (#20675) (#20760)
- Keep download count on Container tag overwrite (#20728) (#20735)
- Fix v220 migration to be compatible for MSSQL 2008 r2 (#20702) (#20707)
- Use request timeout for git service rpc (#20689) (#20693)
- Send correct NuGet status codes (#20647) (#20677)
- Use correct context to get package content (#20673) (#20676)
- Fix the JS error "EventSource is not defined" caused by some non-standard browsers (#20584) (#20663)
- Add default commit messages to PR for squash merge (#20618) (#20645)
- Fix package upload for files >32mb (#20622) (#20635)
- Fix the new-line copy-paste for rendered code (#20612)
- Clean up and fix clone button script (#20415 & #20600) (#20599)
- Fix default merge style (#20564) (#20565)
- Add repository condition for issue count (#20454) (#20496)
- Make branch icon stand out more (#20726) (#20774)
- Fix loading button with invalid form (#20754) (#20759)
- Fix SecToTime edge-cases (#20610) (#20611)
- Executable check always returns true for windows (#20637) (#20835)
- Check issue labels slice length before calling xorm Insert (#20655) (#20836)
- Fix owners cannot create organization repos bug (#20841) (#20854)
- Prevent 500 is head repo does not have PullRequest unit in IsUserAllowedToUpdate (#20839) (#20848)

Assets 74