homeserver/docker
1
0
Fork 0
Code Issues Pull requests 4 Actions Packages Projects Releases Wiki Activity

Update codeberg.org/forgejo/forgejo Docker tag to v7.0.16 #2

Open
renovate-bot wants to merge 1 commit from renovate/codeberg.org-forgejo-forgejo-7.x into main
pull from: renovate/codeberg.org-forgejo-forgejo-7.x
merge into: homeserver:main
Conversation 0 Commits 1 Files changed 1 +1 -1
renovate-bot commented 2024-07-05 20:17:50 +00:00
Collaborator
Copy link

This PR contains the following updates:

Package Update Change
codeberg.org/forgejo/forgejo (source) patch 7.0.3 -> 7.0.16

Release Notes

forgejo/forgejo (codeberg.org/forgejo/forgejo)

v7.0.16

Compare Source

See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/7.0.16.md

v7.0.15

Compare Source

See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/7.0.15.md

v7.0.14

Compare Source

See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/7.0.14.md

v7.0.13

Compare Source

See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/7.0.13.md

v7.0.12

Compare Source

See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/7.0.12.md

v7.0.11

Compare Source

See the Forgejo 7.0.11 release notes.

v7.0.10

Compare Source

See the Forgejo 7.0.10 release notes.

v7.0.9

Compare Source

See the Forgejo 7.0.9 release notes.

v7.0.8

Compare Source

See the Forgejo 7.0.8 release notes.

v7.0.7

Compare Source

See the Forgejo 7.0.7 release notes.

v7.0.6

Compare Source

This is a bug fix release. See the documentation for more information on the upgrade procedure. In addition to the pull requests listed below, you will find a complete list in the v7.0.6 milestone.

v7.0.5

Compare Source

This is a security release. See the documentation for more information on the upgrade procedure.

In addition to the following notable bug fixes, you can browse the full list of pull requests included in this release.

  • regreSSHion

    Recommended action when running Forgejo from a:

    • binary - upgrade the OpenSSH server that was installed independently.
    • root OCI image - upgrade to Forgejo 7.0.5.
    • rootless OCI image - no upgrade is necessary.

    CVE-2024-6387 also known as regreSSHion is an Unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) on glibc-based Linux systems. It is strongly recommended that an OpenSSH server installed independently of Forgejo is upgraded as soon as possible.

    All Forgejo OCI root images, including 7.0.5 contain an OpenSSH server. They are based on https://alpinelinux.org/ which relies on https://musl.libc.org/ and not https://en.wikipedia.org/wiki/Glibc. As a precaution the Forgejo v7.0.5 root OCI image contains an updated OpenSSH server patched for CVE-2024-6387.

    The Forgejo OCI rootless images, including 7.0.5, do not contain an OpenSSH server, they rely on the internal Forgejo implementation of the SSH protocol.

  • Security:

    • Compiled with Go v1.22.5. Fixed: CVE-2024-24791 - GO-2024-2963: Denial of service due to improper 100-continue handling in net/http. The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

  • Bug fixes:

    • backport - PR: Fixed: authentication Source Administration page wrongfully handles the "Custom URLs Instead of Default URLs" checkbox (missing checkbox, irrelevant fields).
    • backport - PR: Fixed: git push to an adopted repository fails.
    • backport - PR - commit: Fixed: markdown doesn't render math within brackets
    • backport - PR - commit: Fixed: selecting the "No Project" filter in the issue/pull request list has no effect
    • backport - PR: Fixed: error 500 when processing crafted TIFF files.
    • backport - PR: Fixed: wrong placeholder text in the form for adding repository collaborator.

v7.0.4

Compare Source

This is a security release. See the documentation for more information on the upgrade procedure.

In addition to the following notable bug fixes, you can browse the full list of commits included in this release.

  • Security:

    • PR. Fixed: CVE-2024-24789: the archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file.
    • PR - (fix & test). Fixed: the OAuth2 implementation does not always require authentication for public clients, a requirement of RFC 6749 Section 10.2. A malicious client can impersonate another client and obtain access to protected resources if the impersonated client fails to, or is unable to, keep its client credentials confidential.

  • Bug fixes:

    • backport - PR. Fixed: forgejo migrate-storage --type actions-artifacts always fails because it picks the wrong path.
    • backport - PR. Fixed: avatar files can be found in storage while they do not exist in the database.
    • backport - PR. Fixed: repository admins are always denied the right to force merge and instance admins are subject to restrictions to merge that must only apply to repository admins.
    • backport - PR. Fixed: non conformance with the Nix tarball fetcher immutable link protocol.
    • backport - PR. Fixed: migrated activities (such as reviews) are mapped to the user who initiated the migration rather than the Ghost user, if the external user cannot be mapped to a local one. This mapping mismatch leads to internal server errors in some cases.
    • backport - PR. Fixed: a v7.0.0 regression causes [admin].SEND_NOTIFICATION_EMAIL_ON_NEW_USER=true to always be ignored.
    • backport - PR. Fixed: using a subquery for user deletion is a performance bottleneck when using mariadb 10 because only mariadb 11 takes advantage of the available index.
    • backport - PR. Fixed: a v7.0.3 regression causes the expanding diffs in pull requests to fail with a 404 error.
    • backport - PR. Fixed: SourceHut Builds webhook fail when the triggers field is used.
    • backport - PR. Fixed: the label list rendering in the issue and pull request timeline is displayed on multiple lines instead of a single one.
    • backport - PR - commit. Fixed: NuGet Package fails choco info pkgname when pkgname is also a substring of another package Id.
    • backport - PR - commit. Fixed: "Git hooks of this repository seem to be broken." warning when pushing more than one branch at a time.
    • backport - PR - commit. Fixed: automerge does not happen when the approval count reaches the required threshold.
    • backport - PR - commit. Fixed: the FORCE_PRIVATE=true setting is not consistently enforced.
    • backport - PR - commit. Fixed: CSRF validation errors when OAuth is not enabled.
    • backport - PR. Fixed: headlines in rendered org-mode do not have a margin on the top

  • Localization:

    • Improvements to English locale: [1], [2].
    • Translation updates: [1], [2], [3].

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [codeberg.org/forgejo/forgejo](https://forgejo.org) ([source](https://codeberg.org/forgejo/forgejo)) | patch | `7.0.3` -> `7.0.16` | --- ### Release Notes <details> <summary>forgejo/forgejo (codeberg.org/forgejo/forgejo)</summary> ### [`v7.0.16`](https://codeberg.org/forgejo/forgejo/releases/tag/v7.0.16) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.15...v7.0.16) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/7.0.16.md ### [`v7.0.15`](https://codeberg.org/forgejo/forgejo/releases/tag/v7.0.15) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.14...v7.0.15) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/7.0.15.md ### [`v7.0.14`](https://codeberg.org/forgejo/forgejo/releases/tag/v7.0.14) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.13...v7.0.14) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/7.0.14.md ### [`v7.0.13`](https://codeberg.org/forgejo/forgejo/releases/tag/v7.0.13) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.12...v7.0.13) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/7.0.13.md ### [`v7.0.12`](https://codeberg.org/forgejo/forgejo/releases/tag/v7.0.12) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.11...v7.0.12) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/7.0.12.md ### [`v7.0.11`](https://codeberg.org/forgejo/forgejo/blob/HEAD/RELEASE-NOTES.md#7011) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.10...v7.0.11) See the [Forgejo 7.0.11 release notes](release-notes-published/7.0.11.md). ### [`v7.0.10`](https://codeberg.org/forgejo/forgejo/blob/HEAD/RELEASE-NOTES.md#7010) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.9...v7.0.10) See the [Forgejo 7.0.10 release notes](release-notes-published/7.0.10.md). ### [`v7.0.9`](https://codeberg.org/forgejo/forgejo/blob/HEAD/RELEASE-NOTES.md#709) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.8...v7.0.9) See the [Forgejo 7.0.9 release notes](release-notes-published/7.0.9.md). ### [`v7.0.8`](https://codeberg.org/forgejo/forgejo/blob/HEAD/RELEASE-NOTES.md#708) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.7...v7.0.8) See the [Forgejo 7.0.8 release notes](release-notes-published/7.0.8.md). ### [`v7.0.7`](https://codeberg.org/forgejo/forgejo/blob/HEAD/RELEASE-NOTES.md#707) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.6...v7.0.7) See the [Forgejo 7.0.7 release notes](release-notes-published/7.0.7.md). ### [`v7.0.6`](https://codeberg.org/forgejo/forgejo/blob/HEAD/RELEASE-NOTES.md#706) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.5...v7.0.6) This is a bug fix release. See the documentation for more information on the [upgrade procedure](https://forgejo.org/docs/v7.0/admin/upgrade/). In addition to the pull requests listed below, you will find a complete list in the [v7.0.6 milestone](https://codeberg.org/forgejo/forgejo/milestone/7252). - Two frontend features were removed because a license incompatibility was discovered. [Read more in the companion blog post](https://forgejo.org/2024-07-non-free-dependency-found/). - [PR](https://codeberg.org/forgejo/forgejo/pulls/4679) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4670)): <!--number 4679 --><!--line 0 --><!--description W0NIT1JFXSBEb24ndCBidW5kbGUgYGVsa2pzYA==-->[Mermaid](https://mermaid.js.org/) rendering: `%%{init: {"flowchart": {"defaultRenderer": "elk"}} }%%` will now fail because [ELK](https://github.com/kieler/elkjs) is no longer included.<!--description--> - [PR](https://codeberg.org/forgejo/forgejo/pulls/4600) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4595)): <!--number 4600 --><!--line 0 --><!--description UmVwb3NpdG9yeSBjaXRhdGlvbjogUmVtb3ZlZCB0aGUgYWJpbGl0eSB0byBleHBvcnQgY2l0YXRpb25zIGluIEFQQSBmb3JtYXQuIFtSZWFkIG1vcmUgaW4gdGhlIGNvbXBhbmlvbiBibG9nIHBvc3RdKGh0dHBzOi8vZm9yZ2Vqby5vcmcvMjAyNC0wNy1ub24tZnJlZS1kZXBlbmRlbmN5LWZvdW5kLyk=-->Repository citation: Removed the ability to export citations in APA format.<!--description--> - **User Interface bug fixes** - [PR](https://codeberg.org/forgejo/forgejo/pulls/4593) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4571)): <!--number 4593 --><!--line 0 --><!--description UmVwbGFjZSBgdnVlLWJhci1ncmFwaGAgd2l0aCBgY2hhcnQuanNg-->Replace `vue-bar-graph` with `chart.js`<!--description--> - [PR](https://codeberg.org/forgejo/forgejo/pulls/4731) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4715)): <!--number 4731 --><!--line 0 --><!--description U2hvdyBBR2l0IGxhYmVsIG9uIG1lcmdlZCBQUg==-->Show AGit label on merged PR<!--description--> - [PR](https://codeberg.org/forgejo/forgejo/pulls/4424) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4382)): <!--number 4424 --><!--line 0 --><!--description Rml4IG1vYmlsZSBVSSBmb3Igb3JnYW5pc2F0aW9uIGNyZWF0aW9u-->Fix mobile UI for organisation creation<!--description--> - **Bug fixes** - [PR](https://codeberg.org/forgejo/forgejo/pulls/4688) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4687)): <!--number 4688 --><!--line 0 --><!--description Zml4KGFwaSk6IGlzc3VlIHN0YXRlIGNoYW5nZSBpcyBub3QgaWRlbXBvdGVudA==-->fix(api): issue state change is not idempotent<!--description--> - [PR](https://codeberg.org/forgejo/forgejo/pulls/4647) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4638)): <!--number 4647 --><!--line 0 --><!--description UmVzZXJ2ZSB0aGUgYGRldnRlc3RgIHVzZXJuYW1l-->Reserve the `devtest` username<!--description--> - [PR](https://codeberg.org/forgejo/forgejo/pulls/4620) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4618)): <!--number 4620 --><!--line 0 --><!--description Zml4KGFjdGlvbnMpOiBubyBlZGl0ZWQgZXZlbnQgdHJpZ2dlcmVkIHdoZW4gYSB0aXRsZSBpcyBjaGFuZ2Vk-->fix(actions): no edited event triggered when a title is changed<!--description--> - [PR](https://codeberg.org/forgejo/forgejo/pulls/4528) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4523)): <!--number 4528 --><!--line 0 --><!--description TG9hZCBhdHRhY2htZW50cyBmb3IgYC9pc3N1ZXMvY29tbWVudHMve2lkfWA=-->Load attachments for `/issues/comments/{id}`<!--description--> - [PR](https://codeberg.org/forgejo/forgejo/pulls/4526) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/3379)): <!--number 4526 --><!--line 0 --><!--description V2hlbiBzZWFyY2hpbmcgZm9yIHVzZXJzLCBwYWdlIHRoZSByZXN1bHRzIGJ5IGRlZmF1bHQsIGFuZCByZXNwZWN0IHRoZSBkZWZhdWx0IHBhZ2luZyBsaW1pdHM=-->When searching for users, page the results by default, and respect the default paging limits<!--description--> - [PR](https://codeberg.org/forgejo/forgejo/pulls/4422) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4375)): <!--number 4422 --><!--line 0 --><!--description dGhlICJWaWV3IGNvbW1hbmQgbGluZSBpbnN0cnVjdGlvbnMiIGxpbmsgaW4gcHVsbCByZXF1ZXN0cyBhbmQgdGhlICJDb3B5IGNvbnRlbnQiIGJ1dHRvbiBpbiBmaWxlIGVkaXRvciBhcmUgbm90IGFjY2Vzc2libGU=-->the "View command line instructions" link in pull requests and the "Copy content" button in file editor are not accessible<!--description--> - [PR](https://codeberg.org/forgejo/forgejo/pulls/4379) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4377)): <!--number 4379 --><!--line 0 --><!--description VXNlIGNvcnJlY3QgU0hBIGluIGBHZXRDb21taXRQdWxsUmVxdWVzdGA=-->Use correct SHA in `GetCommitPullRequest`<!--description--> - Localization - [PR](https://codeberg.org/forgejo/forgejo/pulls/4594) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4451)): <!--number 4594 --><!--line 0 --><!--description VXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIFdlYmxhdGU=-->Update of translations from Weblate<!--description--> - [PR](https://codeberg.org/forgejo/forgejo/pulls/4447): <!--number 4447 --><!--line 0 --><!--description VXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIFdlYmxhdGU=-->Update of translations from Weblate<!--description--> - [PR](https://codeberg.org/forgejo/forgejo/pulls/4420) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4098)): <!--number 4420 --><!--line 0 --><!--description MyB0cmFuc2xhdGlvbiB1cGRhdGVzIGZyb20gV2VibGF0ZQ==-->3 translation updates from Weblate - [PR 1](https://codeberg.org/forgejo/forgejo/pulls/4098), [PR 2](https://codeberg.org/forgejo/forgejo/pulls/4168), [PR 3](https://codeberg.org/forgejo/forgejo/pulls/4251)<!--description--> ### [`v7.0.5`](https://codeberg.org/forgejo/forgejo/blob/HEAD/RELEASE-NOTES.md#705) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.4...v7.0.5) This is a security release. See the documentation for more information on the [upgrade procedure](https://forgejo.org/docs/v7.0/admin/upgrade/). In addition to the following notable bug fixes, you can browse the [full list of pull requests](https://codeberg.org/forgejo/forgejo/pulls?milestone=6654) included in this release. - **regreSSHion** Recommended action when running Forgejo from a: - binary - upgrade the OpenSSH server that was installed independently. - root OCI image - upgrade to [Forgejo 7.0.5](https://codeberg.org/forgejo/-/packages/container/forgejo/7.0.5). - rootless OCI image - no upgrade is necessary. [CVE-2024-6387](https://nvd.nist.gov/vuln/detail/CVE-2024-6387) also known as [regreSSHion](https://www.qualys.com/regresshion-cve-2024-6387/) is an Unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) on glibc-based Linux systems. It is **strongly recommended** that an OpenSSH server installed independently of Forgejo is upgraded as soon as possible. All Forgejo OCI root images, including [7.0.5](https://codeberg.org/forgejo/-/packages/container/forgejo/7.0.5) contain an OpenSSH server. They are based on https://alpinelinux.org/ which relies on https://musl.libc.org/ and not https://en.wikipedia.org/wiki/Glibc. As a precaution the [Forgejo v7.0.5 root OCI image](https://codeberg.org/forgejo/-/packages/container/forgejo/7.0.5) contains an [updated OpenSSH server](https://pkgs.alpinelinux.org/packages?name=openssh\&branch=v3.19) patched for [CVE-2024-6387](https://nvd.nist.gov/vuln/detail/CVE-2024-6387). The Forgejo OCI rootless images, including [7.0.5](https://codeberg.org/forgejo/-/packages/container/forgejo/7.0.5-rootless), do not contain an OpenSSH server, they rely on the internal Forgejo implementation of the SSH protocol. - **Security:** - Compiled with Go v1.22.5. Fixed: [CVE-2024-24791](https://nvd.nist.gov/vuln/detail/CVE-2024-24791) - [GO-2024-2963](https://pkg.go.dev/vuln/GO-2024-2963): Denial of service due to improper 100-continue handling in net/http. The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. - **Bug fixes:** - [backport](https://codeberg.org/forgejo/forgejo/pulls/4059) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4194): Fixed: authentication Source Administration page wrongfully handles the "Custom URLs Instead of Default URLs" checkbox (missing checkbox, irrelevant fields). - [backport](https://codeberg.org/forgejo/forgejo/pulls/4151) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4149): Fixed: git push to an adopted repository fails. - [backport](https://codeberg.org/forgejo/forgejo/pulls/4215) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4213) - [commit](https://codeberg.org/forgejo/forgejo/commit/4ed5044dea94872e025f585debf7a16e6bd6bbdb): Fixed: markdown doesn't render math within brackets - [backport](https://codeberg.org/forgejo/forgejo/pulls/4219) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4145) - [commit](https://codeberg.org/forgejo/forgejo/commit/9aa3ae955ff506d883737e576dd62f674a3ee372): Fixed: selecting the "No Project" filter in the issue/pull request list has no effect - [backport](https://codeberg.org/forgejo/forgejo/pulls/4248) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4241): Fixed: error 500 when processing crafted TIFF files. - [backport](https://codeberg.org/forgejo/forgejo/pulls/4261) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4258): Fixed: wrong placeholder text in the form for adding repository collaborator. ### [`v7.0.4`](https://codeberg.org/forgejo/forgejo/blob/HEAD/RELEASE-NOTES.md#704) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.3...v7.0.4) This is a security release. See the documentation for more information on the [upgrade procedure](https://forgejo.org/docs/v7.0/admin/upgrade/). In addition to the following notable bug fixes, you can browse the [full list of commits](https://codeberg.org/forgejo/forgejo/compare/v7.0.3...v7.0.4) included in this release. - **Security:** - [PR](https://codeberg.org/forgejo/forgejo/pulls/4054). Fixed: [CVE-2024-24789](https://pkg.go.dev/vuln/GO-2024-2888): the archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3639) - ([fix](https://codeberg.org/forgejo/forgejo/commit/1b088fade6c69e63843d1bdf402454c363b22ce2) & [test](https://codeberg.org/forgejo/forgejo/pulls/4032)). Fixed: the OAuth2 implementation does not always require authentication for public clients, a requirement of [RFC 6749 Section 10.2](https://datatracker.ietf.org/doc/html/rfc6749#section-10.2). A malicious client can impersonate another client and obtain access to protected resources if the impersonated client fails to, or is unable to, keep its client credentials confidential. - **Bug fixes:** - [backport](https://codeberg.org/forgejo/forgejo/pulls/4086) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4085). Fixed: `forgejo migrate-storage --type actions-artifacts` always fails because it picks the wrong path. - [backport](https://codeberg.org/forgejo/forgejo/pulls/4017) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4015). Fixed: avatar files can be found in storage while they do not exist in the database. - [backport](https://codeberg.org/forgejo/forgejo/pulls/3997) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3976). Fixed: repository admins are always denied the right to force merge and instance admins are subject to restrictions to merge that must only apply to repository admins. - [backport](https://codeberg.org/forgejo/forgejo/pulls/3946) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3615). Fixed: non conformance with the [Nix tarball fetcher immutable link protocol](https://github.com/nixos/nix/blob/56763ff918eb308db23080e560ed2ea3e00c80a7/doc/manual/src/protocols/tarball-fetcher.md). - [backport](https://codeberg.org/forgejo/forgejo/pulls/3936) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3935). Fixed: migrated activities (such as reviews) are mapped to the user who initiated the migration rather than the Ghost user, if the external user cannot be mapped to a local one. This mapping mismatch leads to internal server errors in some cases. - [backport](https://codeberg.org/forgejo/forgejo/pulls/3906) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3904). Fixed: a v7.0.0 regression causes `[admin].SEND_NOTIFICATION_EMAIL_ON_NEW_USER=true` to always be ignored. - [backport](https://codeberg.org/forgejo/forgejo/pulls/3888) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3865). Fixed: using a subquery for user deletion is a performance bottleneck when using mariadb 10 because only mariadb 11 takes advantage of the available index. - [backport](https://codeberg.org/forgejo/forgejo/pulls/3887) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3885). Fixed: a v7.0.3 regression causes the expanding diffs in pull requests to fail with a 404 error. - [backport](https://codeberg.org/forgejo/forgejo/pulls/3881) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3864). Fixed: SourceHut Builds webhook fail when the `triggers` field is used. - [backport](https://codeberg.org/forgejo/forgejo/pulls/3877) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3242). Fixed: the label list rendering in the issue and pull request timeline is displayed on multiple lines instead of a single one. - [backport](https://codeberg.org/forgejo/forgejo/pulls/4084) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4083) - [commit](https://codeberg.org/forgejo/forgejo/commit/c6e04c3c9eddfa6c4bec541f681c8d300b157cdb). Fixed: NuGet Package fails `choco info pkgname` when `pkgname` is also a substring of another package Id. - [backport](https://codeberg.org/forgejo/forgejo/pulls/4004) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3989) - [commit](https://codeberg.org/forgejo/forgejo/commit/62448bfb931882859388b2fd472cb89428c25323). Fixed: "Git hooks of this repository seem to be broken." warning when pushing more than one branch at a time. - [backport](https://codeberg.org/forgejo/forgejo/pulls/3942) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3917) - [commit](https://codeberg.org/forgejo/forgejo/commit/7d7ea45465d6cd1ea0ec549a71f67b4a8ff930cf). Fixed: automerge does not happen when the approval count reaches the required threshold. - [backport](https://codeberg.org/forgejo/forgejo/pulls/3942) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3917) - [commit](https://codeberg.org/forgejo/forgejo/commit/a649610d6175d1994b838f5672261400df9fdb92). Fixed: the `FORCE_PRIVATE=true` setting is not consistently enforced. - [backport](https://codeberg.org/forgejo/forgejo/pulls/3859) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3838) - [commit](https://codeberg.org/forgejo/forgejo/commit/193ac67176afc72e9d108bc1730c354bfbf9a442). Fixed: CSRF validation errors when OAuth is not enabled. - [backport](https://codeberg.org/forgejo/forgejo/pulls/4107) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4076). Fixed: headlines in rendered org-mode do not have a margin on the top - **Localization:** - Improvements to English locale: [\[1\]](https://codeberg.org/forgejo/forgejo/pulls/3914), [\[2\]](https://codeberg.org/forgejo/forgejo/pulls/4114). - Translation updates: [\[1\]](https://codeberg.org/forgejo/forgejo/pulls/3907), [\[2\]](https://codeberg.org/forgejo/forgejo/pulls/3990), [\[3\]](https://codeberg.org/forgejo/forgejo/pulls/4099). </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjQuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQyNC40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
renovate-bot added 1 commit 2024-07-05 20:17:50 +00:00
renovate-bot force-pushed renovate/codeberg.org-forgejo-forgejo-7.x from 0e834a025b to ca4dbe6204 2025-12-09 00:00:56 +00:00 Compare
renovate-bot changed title from Update codeberg.org/forgejo/forgejo Docker tag to v7.0.5 to Update codeberg.org/forgejo/forgejo Docker tag to v7.0.16 2025-12-09 00:01:04 +00:00
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions.

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin renovate/codeberg.org-forgejo-forgejo-7.x:renovate/codeberg.org-forgejo-forgejo-7.x
git checkout renovate/codeberg.org-forgejo-forgejo-7.x

Merge

Merge the changes and update on Forgejo.
git checkout main
git merge --no-ff renovate/codeberg.org-forgejo-forgejo-7.x
git checkout main
git merge --ff-only renovate/codeberg.org-forgejo-forgejo-7.x
git checkout renovate/codeberg.org-forgejo-forgejo-7.x
git rebase main
git checkout main
git merge --no-ff renovate/codeberg.org-forgejo-forgejo-7.x
git checkout main
git merge --squash renovate/codeberg.org-forgejo-forgejo-7.x
git checkout main
git merge --ff-only renovate/codeberg.org-forgejo-forgejo-7.x
git checkout main
git merge renovate/codeberg.org-forgejo-forgejo-7.x
git push origin main
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: homeserver/docker#2
No description provided.
Delete branch "renovate/codeberg.org-forgejo-forgejo-7.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?