homeserver/docker

Fork 0

Update codeberg.org/forgejo/forgejo Docker tag to v13 #7

Open

renovate-bot wants to merge 1 commit from renovate/codeberg.org-forgejo-forgejo-13.x into main

renovate-bot commented

2025-12-09 00:01:10 +00:00

Collaborator

This PR contains the following updates:

Package	Update	Change
codeberg.org/forgejo/forgejo (source)	major	`7.0.3` -> `13.0.3`

Release Notes

forgejo/forgejo (codeberg.org/forgejo/forgejo)

A companion blog post provides additional context on this release. In addition to the pull requests listed below, you will find a complete list in the v8.0 milestone.

Two frontend features were removed because a license incompatibility was discovered. Read more in the dedicated blog post.
- PR: Mermaid rendering: %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% will now fail because ELK is no longer included.
- PR: Repository citation: Removed the ability to export citations in APA format.

Breaking
- PR: remove Microsoft SQL Server support see the discussion.
User interface features & enhancements
- PR (backported from): Replace vue-bar-graph with chart.js
- PR: make the tooltip of the author label in comments clearer.
- PR: only show the RSS feed button and Public activity tab in user profiles when the activity can be accessed and add messages about visibility.
- PR: reorder repo tabs for better UX: (i) Actions is now the last tab (ii) Packages are located after Releases (iii) this puts Projects after Pull requests. (tab positions may depend on which units are enabled in the repo).
- PR: code search results are now displayed in a foldable box.
- PR: disable the Subscribe button for guest users.
- PR:
  - Added Enter key handling to the new Markdown editor: Pressing Enter while in a list, quote or code block will copy the prefix to the new line - Ordered list index will be increased for the new line, and task list "checkbox" will be unchecked.
  - Added indent/unindent function for a line or selection. Currently available as toolbar buttons (#4263).
- PR: added support for displaying images based on the users current color code by using an anchor of #dark-mode-only or #light-mode-only respectively. Also supporting the github variants (e.g. #gh-dark-mode-only).
- PR: use CSS-native pattern for image diff background, add dark theme support.
- PR: allow navigating to the organization dashboard from the organization view.
- PR: when PDFs are displayed in the repository, the full height of the screen is now used instead of a predefined fixed height.
- PR: added support for grouping of log-lines inside steps between the special ::group::{title} and ::endgroup:: workflow commands. A runner of v3.4.2 or later is needed.
- PR: the default for [repository].USE_COMPAT_SSH_URI has been changed to true. With this change, Forgejo defaults to using the same URL style for SSH clone URLs as for HTTPS ones, instead of the former scp-style.
Features & Enhancements
- PR (backported from): add support for LFS server implementations which have batch API responses in an older/deprecated schema.
- PR: introduce a branch/tag dropdown in the code search page if using git-grep.
- PR: added support for fuzzy searching in /user/repo/issues and /user/repo/pulls.
- PR:
  - feat(perf): commit reduce memory usage for chunked artifact uploads to S3.
  - feat: commit allow downloading draft releases assets.
  - feat: commit API endpoints for managing tag protection.
  - feat: commit extract and display readme and comments for Composer packages.
  - fix: commit when a repository is adopted, its object format is not set in the database.
  - fix: commit during a migration from bitbucket, LFS downloads fail.
- PR: a help overlay, triggered by "?" key can be displayed when viewing asciinema files (.cast extension) and SGR color sequence are supported.
- PR: strikethrough in markdown can be achieved with a single ~ in addition to ~~.
- PR:
  - feat: add Reviewed-on and Reviewed-by variables to the merge template.
  - feat(perf): add the [ui.csv].MAX_ROWS setting to avoid displaying a large number of lines (defaults to 2500).
  - feat: add a setting to override or add headers of all outgoing emails, for instance Reply-To or In-Reply-To.
- PR: the Gitea/Forgejo webhook payload includes additional fields (html_url, additions, deletions, review_comments...) for better compatibility with OpenProject.
- PR: when an OAuth grant request submitted to a Forgejo user is denied, the server from which the request originates is notified that it has been denied.
- PR:
  - feat: API endpoints that return a repository now also include the topics.
  - feat: display an error when an issue comment is edited simultaneously by two users instead of silently overriding one of them.
  - feat: add support for a credentials chain for minio.
  - feat(perf): improve performances when retrieving pull requests via the API.
- PR: when installing Forgejo through the built-in installer, open (self-) registration is now disabled by default.
- PR: support setting the default attribute of the issue template dropdown field
- PR: For federated-star we introduce a new repository setting to define following repositories. That is a workaround till we find a better way to express repository federation.
- PR: Basic wiki content search using git-grep. The search results include the first ten matched files. Only the first three matches per file are displayed.
- PR: support using label names when changing issue labels.
- PR: parse prefix parameter from redis URI for queues and use that as prefix to keys.
- PR: neutralize delete runners' UUID to prevent collisions with new records.
- PR: implement a non-caching version of the RubyGems compact API for bundler dependency resolution.
- PR: add support for the reddit and Hubspot OAuth providers.
- PR: when parsing incoming emails, remove tspecials from type/subtype. According to the RFC, content type and subtype cannot contain special characters and any such character will fail parsing. Removing the characters from the type/subtype can help successfully parsing the content type that contains some extra garbage.
- PR: there are a couple of new configs to define the name of the instance. The more important is APP_SLOGAN. It permits to configure a slogan for the site and it is optional. The other is APP_DISPLAY_NAME_FORMAT and permits to customize the aspect of the full display name for the instance used in some parts of the UI as: (i) Title page, (ii) Homepage head title (ii) Open Graph site and title meta tags. Its default value is APP_NAME: APP_SLOGAN. The config APP_DISPLAY_NAME_FORMAT is used only if APP_SLOGAN is set otherwise the full display name shows only APP_NAME value.
- PR:
  - feat: commit: add actions-artifacts to the storage migrate CLI.
  - fix: commit: pull request search shows closed pull requests in the open tab.
- PR:
  - CERT management was improved when ENABLE_ACME=true
    - Draft support for draft-03 of ACME Renewal Information (ARI) which assists with deciding when to renew certificates. This augments CertMagic's already-advanced logic using cert lifetime and OCSP/revocation status.
    - New ZeroSSLIssuer uses the ZeroSSL API to get certificates. ZeroSSL also has an ACME endpoint, which can still be accessed using the existing ACMEIssuer, as always. Their proprietary API is paid, but has extra features like IP certificates, better reliability, and support.
    - DNS challenges should be smoother in some cases as we've improved propagation checking.
    - In the odd case your ACME account disappears from the ACME server, CertMagic will automatically retry with a new account. (This happens in some test/dev environments.)
    - ACME accounts are identified only by their public keys, but CertMagic maps accounts by CA+email for practical/storage reasons. So now you can "pin" an account key to use by specifying your email and the account public key in your config, which is useful if you need to absolutely be sure to use a specific account (like if you get rate limit exemptions from a CA).
- PR:
  - With the go-enry upgrade to v2.8.8, language detection in the repository now includes:
    - New languages
      - Roc
      - BitBake with .bbappend, .bbclass and .inc extensions
      - Glimmer TS
      - Edge
      - Pip Requirements
      - Mojo
      - Slint
      - Oberon
    - New data formats
      - TextGrid
    - File names and extensions:
- PR: support Code Search for non-default branches and tags when the repository indexer is disabled.
- PR: add an immutable tarball link to archive download headers for Nix.
- PR: allow to customize the domain name used as a fallback when synchronizing sources from ldap default domain name.
- PR: the default config for database.MAX_OPEN_CONNS changed from 0 (unlimited) to 100 to avoid problems if it exceeds the limit by the database server. If you require high concurrency, try to increase this value for both Forgejo and your database server.
- PR: infer the [email.incoming].PORT setting from .USE_TLS.
- PR: reverted the rootless container image path in GITEA_APP_INI from /etc/gitea/app.ini to its default value of /var/lib/gitea/custom/conf/app.ini. This allows container users to not have to mount two separate volumes (one for the configuration data and one for the configuration .ini file). A warning is issued for users with the legacy configuration on how to update to the new path.
- PR: added support for the workflow_dispatch trigger in Forgejo Actions.
- PR: support Proof Key for Code Exchange (PKCE - RFC7636) for external login using the OpenID Connect authentication source.
- PR: allow hiding auto generated release archives.
- PR: Update of Chroma from v2.13.0: to v2.14.0:
  - 1e983e7 lexers/cue: support CUE attributes (#961)
  - 9347b55 Add Gleam syntax highlighting (#959)
  - 2580aaa Add Bazel bzlmod support into Python lexer (#947)
Bug fixes
- PR (backported from): Show the AGit label on merged pull requests.
- PR (backported from): Fixed: issue state change via the API is not idempotent.
- PR (backported from): The milestone section in the sidebar on the issue and pull request page now uses HTMX. If you update the milestone of a issue or pull request it will no longer reload the whole page and instead update the current page with the new information about the milestone update. This should provide a smoother user experience.
- PR (backported from): Fix mobile UI for organisation creation.
- PR (backported from): Fixes: Forgejo Actions does not trigger an edited event when the title of an issue or pull request is changed.
- PR (backported from): Load attachments for /issues/comments/{id}.
- PR (backported from): Fixed: the "View command line instructions" link in pull requests and the "Copy content" button in file editor are not accessible.
- PR (backported from): Use correct SHA in GetCommitPullRequest
- PR (backported from): Fixed: unknown git push options are rejected instead of being ignored.
- PR: Fixed: markdown [*[a]*](b) is incorrectly rendered as <a href="b">[a]</a>.
- PR: Fixed: markdown files displayed in the UI that have an unescaped backtick in the image alt could (accidentally) trigger an inline code.
- PR: Fixed: when the git repository is empty, it is not possible to unsubscribe from an issue.
- PR: Fixed: it is not possible to remove attachments from an empty comment.
- PR: Fixed: the /api/v1/repos/{owner}/{repo}/wiki API endpoints is using a hardcoded "master" branch for the wiki, rather than the branch they really use.
- PR: Fixed: using the API to search for users, the results are not paged by default an the default paging limits are not respected.
- PR: Update of Chroma from v2.13.0: to v2.14.0:
 - 736c0ea Typescript: Several fixes (#952)
 - e5c25d0 Org: Keep all newlines (#951)
Localization
- PR (backported from): 24 July updates
- PR (backported from): 19 July updates
- PR (backported from): 11 July updates
- PR (backported from): 4 July updates
- PR: 18 June updates
- PR: 10 June updates
- PR: 2 June updates
- PR: 25 May updates
- PR: 20 May updates
- PR: 14 May updates
- PR: 5 May updates
- PR: 28 April updates
- PR: 22 April updates
- PR: 15 April updates
- PR: 10 April updates
- PR: 5 April updates
- PR: 3 April updates
- PR: 31 March updates

`v7.0.16`

Compare Source

See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/7.0.16.md

`v7.0.15`

Compare Source

See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/7.0.15.md

`v7.0.14`

Compare Source

See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/7.0.14.md

`v7.0.13`

Compare Source

See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/7.0.13.md

`v7.0.12`

Compare Source

See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/7.0.12.md

`v7.0.11`

Compare Source

See the Forgejo 7.0.11 release notes.

`v7.0.10`

Compare Source

See the Forgejo 7.0.10 release notes.

`v7.0.9`

Compare Source

See the Forgejo 7.0.9 release notes.

`v7.0.8`

Compare Source

See the Forgejo 7.0.8 release notes.

`v7.0.7`

Compare Source

See the Forgejo 7.0.7 release notes.

`v7.0.6`

Compare Source

This is a bug fix release. See the documentation for more information on the upgrade procedure. In addition to the pull requests listed below, you will find a complete list in the v7.0.6 milestone.

Two frontend features were removed because a license incompatibility was discovered. Read more in the companion blog post.
- PR (backported from): Mermaid rendering: %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% will now fail because ELK is no longer included.
- PR (backported from): Repository citation: Removed the ability to export citations in APA format.
User Interface bug fixes
- PR (backported from): Replace vue-bar-graph with chart.js
- PR (backported from): Show AGit label on merged PR
- PR (backported from): Fix mobile UI for organisation creation
Bug fixes
- PR (backported from): fix(api): issue state change is not idempotent
- PR (backported from): Reserve the devtest username
- PR (backported from): fix(actions): no edited event triggered when a title is changed
- PR (backported from): Load attachments for /issues/comments/{id}
- PR (backported from): When searching for users, page the results by default, and respect the default paging limits
- PR (backported from): the "View command line instructions" link in pull requests and the "Copy content" button in file editor are not accessible
- PR (backported from): Use correct SHA in GetCommitPullRequest
Localization
- PR (backported from): Update of translations from Weblate
- PR: Update of translations from Weblate
- PR (backported from): 3 translation updates from Weblate - PR 1, PR 2, PR 3

`v7.0.5`

Compare Source

This is a security release. See the documentation for more information on the upgrade procedure.

In addition to the following notable bug fixes, you can browse the full list of pull requests included in this release.

regreSSHion

Recommended action when running Forgejo from a:
- binary - upgrade the OpenSSH server that was installed independently.
- root OCI image - upgrade to Forgejo 7.0.5.
- rootless OCI image - no upgrade is necessary.
CVE-2024-6387 also known as regreSSHion is an Unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) on glibc-based Linux systems. It is strongly recommended that an OpenSSH server installed independently of Forgejo is upgraded as soon as possible.

All Forgejo OCI root images, including 7.0.5 contain an OpenSSH server. They are based on https://alpinelinux.org/ which relies on https://musl.libc.org/ and not https://en.wikipedia.org/wiki/Glibc. As a precaution the Forgejo v7.0.5 root OCI image contains an updated OpenSSH server patched for CVE-2024-6387.

The Forgejo OCI rootless images, including 7.0.5, do not contain an OpenSSH server, they rely on the internal Forgejo implementation of the SSH protocol.
Security:
- Compiled with Go v1.22.5. Fixed: CVE-2024-24791 - GO-2024-2963: Denial of service due to improper 100-continue handling in net/http. The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
Bug fixes:
- backport - PR: Fixed: authentication Source Administration page wrongfully handles the "Custom URLs Instead of Default URLs" checkbox (missing checkbox, irrelevant fields).
- backport - PR: Fixed: git push to an adopted repository fails.
- backport - PR - commit: Fixed: markdown doesn't render math within brackets
- backport - PR - commit: Fixed: selecting the "No Project" filter in the issue/pull request list has no effect
- backport - PR: Fixed: error 500 when processing crafted TIFF files.
- backport - PR: Fixed: wrong placeholder text in the form for adding repository collaborator.

`v7.0.4`

Compare Source

This is a security release. See the documentation for more information on the upgrade procedure.

In addition to the following notable bug fixes, you can browse the full list of commits included in this release.

Security:
- PR. Fixed: CVE-2024-24789: the archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file.
- PR - (fix & test). Fixed: the OAuth2 implementation does not always require authentication for public clients, a requirement of RFC 6749 Section 10.2. A malicious client can impersonate another client and obtain access to protected resources if the impersonated client fails to, or is unable to, keep its client credentials confidential.
Bug fixes:
- backport - PR. Fixed: forgejo migrate-storage --type actions-artifacts always fails because it picks the wrong path.
- backport - PR. Fixed: avatar files can be found in storage while they do not exist in the database.
- backport - PR. Fixed: repository admins are always denied the right to force merge and instance admins are subject to restrictions to merge that must only apply to repository admins.
- backport - PR. Fixed: non conformance with the Nix tarball fetcher immutable link protocol.
- backport - PR. Fixed: migrated activities (such as reviews) are mapped to the user who initiated the migration rather than the Ghost user, if the external user cannot be mapped to a local one. This mapping mismatch leads to internal server errors in some cases.
- backport - PR. Fixed: a v7.0.0 regression causes [admin].SEND_NOTIFICATION_EMAIL_ON_NEW_USER=true to always be ignored.
- backport - PR. Fixed: using a subquery for user deletion is a performance bottleneck when using mariadb 10 because only mariadb 11 takes advantage of the available index.
- backport - PR. Fixed: a v7.0.3 regression causes the expanding diffs in pull requests to fail with a 404 error.
- backport - PR. Fixed: SourceHut Builds webhook fail when the triggers field is used.
- backport - PR. Fixed: the label list rendering in the issue and pull request timeline is displayed on multiple lines instead of a single one.
- backport - PR - commit. Fixed: NuGet Package fails choco info pkgname when pkgname is also a substring of another package Id.
- backport - PR - commit. Fixed: "Git hooks of this repository seem to be broken." warning when pushing more than one branch at a time.
- backport - PR - commit. Fixed: automerge does not happen when the approval count reaches the required threshold.
- backport - PR - commit. Fixed: the FORCE_PRIVATE=true setting is not consistently enforced.
- backport - PR - commit. Fixed: CSRF validation errors when OAuth is not enabled.
- backport - PR. Fixed: headlines in rendered org-mode do not have a margin on the top
Localization:
- Improvements to English locale: [1], [2].
- Translation updates: [1], [2], [3].

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [codeberg.org/forgejo/forgejo](https://forgejo.org) ([source](https://codeberg.org/forgejo/forgejo)) | major | `7.0.3` -> `13.0.3` | --- ### Release Notes <details> <summary>forgejo/forgejo (codeberg.org/forgejo/forgejo)</summary> ### [`v13.0.3`](https://codeberg.org/forgejo/forgejo/releases/tag/v13.0.3) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v13.0.2...v13.0.3) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.3.md ### [`v13.0.2`](https://codeberg.org/forgejo/forgejo/releases/tag/v13.0.2) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v13.0.1...v13.0.2) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.2.md ### [`v13.0.1`](https://codeberg.org/forgejo/forgejo/releases/tag/v13.0.1) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v13.0.0...v13.0.1) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.1.md ### [`v13.0.0`](https://codeberg.org/forgejo/forgejo/releases/tag/v13.0.0) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v12.0.4...v13.0.0) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.0.md ### [`v12.0.4`](https://codeberg.org/forgejo/forgejo/releases/tag/v12.0.4) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v12.0.3...v12.0.4) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/12.0.4.md ### [`v12.0.3`](https://codeberg.org/forgejo/forgejo/releases/tag/v12.0.3) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v12.0.2...v12.0.3) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/12.0.3.md ### [`v12.0.2`](https://codeberg.org/forgejo/forgejo/releases/tag/v12.0.2) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v12.0.1...v12.0.2) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/12.0.2.md ### [`v12.0.1`](https://codeberg.org/forgejo/forgejo/releases/tag/v12.0.1) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v12.0.0...v12.0.1) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/12.0.1.md ### [`v12.0.0`](https://codeberg.org/forgejo/forgejo/releases/tag/v12.0.0) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v11.0.8...v12.0.0) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/12.0.0.md ### [`v11.0.8`](https://codeberg.org/forgejo/forgejo/releases/tag/v11.0.8) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v11.0.7...v11.0.8) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/11.0.8.md ### [`v11.0.7`](https://codeberg.org/forgejo/forgejo/releases/tag/v11.0.7) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v11.0.6...v11.0.7) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/11.0.7.md ### [`v11.0.6`](https://codeberg.org/forgejo/forgejo/releases/tag/v11.0.6) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v11.0.5...v11.0.6) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/11.0.6.md ### [`v11.0.5`](https://codeberg.org/forgejo/forgejo/releases/tag/v11.0.5) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v11.0.4...v11.0.5) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/11.0.5.md ### [`v11.0.4`](https://codeberg.org/forgejo/forgejo/releases/tag/v11.0.4) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v11.0.3...v11.0.4) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/11.0.4.md ### [`v11.0.3`](https://codeberg.org/forgejo/forgejo/releases/tag/v11.0.3) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v11.0.2...v11.0.3) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/11.0.3.md ### [`v11.0.2`](https://codeberg.org/forgejo/forgejo/releases/tag/v11.0.2) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v11.0.1...v11.0.2) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/11.0.2.md ### [`v11.0.1`](https://codeberg.org/forgejo/forgejo/releases/tag/v11.0.1) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v11.0.0...v11.0.1) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/11.0.1.md ### [`v11.0.0`](https://codeberg.org/forgejo/forgejo/releases/tag/v11.0.0) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v10.0.3...v11.0.0) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/11.0.0.md ### [`v10.0.3`](https://codeberg.org/forgejo/forgejo/releases/tag/v10.0.3) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v10.0.2...v10.0.3) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/10.0.3.md ### [`v10.0.2`](https://codeberg.org/forgejo/forgejo/releases/tag/v10.0.2) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v10.0.1...v10.0.2) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/10.0.2.md ### [`v10.0.1`](https://codeberg.org/forgejo/forgejo/releases/tag/v10.0.1) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v10.0.0...v10.0.1) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/10.0.1.md ### [`v10.0.0`](https://codeberg.org/forgejo/forgejo/releases/tag/v10.0.0) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v9.0.3...v10.0.0) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/10.0.0.md ### [`v9.0.3`](https://codeberg.org/forgejo/forgejo/releases/tag/v9.0.3) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v9.0.2...v9.0.3) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/9.0.3.md ### [`v9.0.2`](https://codeberg.org/forgejo/forgejo/blob/HEAD/RELEASE-NOTES.md#902) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v9.0.1...v9.0.2) See the [Forgejo 9.0.2 release notes](release-notes-published/9.0.2.md). ### [`v9.0.1`](https://codeberg.org/forgejo/forgejo/blob/HEAD/RELEASE-NOTES.md#901) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v9.0.0...v9.0.1) See the [Forgejo 9.0.1 release notes](release-notes-published/9.0.1.md). ### [`v9.0.0`](https://codeberg.org/forgejo/forgejo/blob/HEAD/RELEASE-NOTES.md#900) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v8.0.3...v9.0.0) See the [Forgejo 9.0.0 release notes](release-notes-published/9.0.0.md). ### [`v8.0.3`](https://codeberg.org/forgejo/forgejo/blob/HEAD/RELEASE-NOTES.md#803) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v8.0.2...v8.0.3) See the [Forgejo 8.0.3 release notes](release-notes-published/8.0.3.md). ### [`v8.0.2`](https://codeberg.org/forgejo/forgejo/blob/HEAD/RELEASE-NOTES.md#802) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v8.0.1...v8.0.2) See the [Forgejo 8.0.2 release notes](release-notes-published/8.0.2.md). ### [`v8.0.1`](https://codeberg.org/forgejo/forgejo/blob/HEAD/RELEASE-NOTES.md#801) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v8.0.0...v8.0.1) See the [Forgejo 8.0.1 release notes](release-notes-published/8.0.1.md). ### [`v8.0.0`](https://codeberg.org/forgejo/forgejo/blob/HEAD/RELEASE-NOTES.md#800) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.16...v8.0.0) A [companion blog post](https://forgejo.org/2024-07-release-v8-0/) provides additional context on this release. In addition to the pull requests listed below, you will find a complete list in the [v8.0 milestone](https://codeberg.org/forgejo/forgejo/milestone/6042). - Two frontend features were removed because a license incompatibility was discovered. [Read more in the dedicated blog post](https://forgejo.org/2024-07-non-free-dependency-found/). - [PR](https://codeberg.org/forgejo/forgejo/pulls/4670): [Mermaid](https://mermaid.js.org/) rendering: `%%{init: {"flowchart": {"defaultRenderer": "elk"}} }%%` will now fail because [ELK](https://github.com/kieler/elkjs) is no longer included. - [PR](https://codeberg.org/forgejo/forgejo/pulls/4595): Repository citation: Removed the ability to export citations in APA format.   - **Breaking** - [PR](https://codeberg.org/forgejo/forgejo/pulls/3040): remove Microsoft SQL Server support see [the discussion](https://codeberg.org/forgejo/discussions/issues/122). - **User interface features & enhancements** - [PR](https://codeberg.org/forgejo/forgejo/pulls/4590) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4571)): Replace `vue-bar-graph` with `chart.js` - [PR](https://codeberg.org/forgejo/forgejo/pulls/4201): make the tooltip of the author label in comments clearer. - [PR](https://codeberg.org/forgejo/forgejo/pulls/4189): only show the RSS feed button and Public activity tab in user profiles when the activity can be accessed and add messages about visibility. - [PR](https://codeberg.org/forgejo/forgejo/pulls/4139): reorder repo tabs for better UX: (i) `Actions` is now the last tab (ii) `Packages` are located after Releases (iii) this puts Projects after Pull requests. (tab positions may depend on which units are enabled in the repo). - [PR](https://codeberg.org/forgejo/forgejo/pulls/4134): code search results are now displayed in a foldable box. - [PR](https://codeberg.org/forgejo/forgejo/pulls/4095): disable the `Subscribe` button for guest users. - [PR](https://codeberg.org/forgejo/forgejo/pulls/4072):  - Added Enter key handling to the new Markdown editor: Pressing Enter while in a list, quote or code block will copy the prefix to the new line - Ordered list index will be increased for the new line, and task list "checkbox" will be unchecked. - Added indent/unindent function for a line or selection. Currently available as toolbar buttons ([#4263](https://codeberg.org/forgejo/forgejo/pulls/4263)). - [PR](https://codeberg.org/forgejo/forgejo/pulls/3985): added support for displaying images based on the users current color code by using an anchor of `#dark-mode-only` or `#light-mode-only` respectively. Also supporting the github variants (e.g. `#gh-dark-mode-only`). - [PR](https://codeberg.org/forgejo/forgejo/pulls/3870): use CSS-native pattern for image diff background, add dark theme support. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3642): allow navigating to the organization dashboard from the organization view. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3434): when PDFs are displayed in the repository, the full height of the screen is now used instead of a predefined fixed height. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3337): added support for grouping of log-lines inside steps between the special `::group::{title}` and `::endgroup::` workflow commands. A runner of v3.4.2 or later is needed. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3285): the default for `[repository].USE_COMPAT_SSH_URI` has been changed to `true`. With this change, Forgejo defaults to using the same URL style for SSH clone URLs as for HTTPS ones, instead of the former scp-style. - **Features & Enhancements** - [PR](https://codeberg.org/forgejo/forgejo/pulls/4283) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4266)): add support for LFS server implementations which have batch API responses in an older/deprecated schema. - [PR](https://codeberg.org/forgejo/forgejo/pulls/4262): introduce a branch/tag dropdown in the code search page if using git-grep. - [PR](https://codeberg.org/forgejo/forgejo/pulls/4160): added support for fuzzy searching in `/user/repo/issues` and `/user/repo/pulls`. - [PR](https://codeberg.org/forgejo/forgejo/pulls/4145):  - feat(perf): [commit](https://codeberg.org/forgejo/forgejo/commit/358cd67c4f316f2d4f1d3be6dcb891dc04a2ff07) reduce memory usage for chunked artifact uploads to S3. - feat: [commit](https://codeberg.org/forgejo/forgejo/commit/b60e3ac7b4aeeb9b8760f43eea9576c0e23309e9) allow downloading draft releases assets. - feat: [commit](https://codeberg.org/forgejo/forgejo/commit/1fca15529ac8fefb60d86b0c1f4bec8dae9a8566) API endpoints for managing tag protection. - feat: [commit](https://codeberg.org/forgejo/forgejo/commit/4334c705b5f9388b16af23c7e75a69d027d07d5e) extract and display readme and comments for Composer packages. - fix: [commit](https://codeberg.org/forgejo/forgejo/commit/364922c6e4f28264add9e2501a352c25ad6a0993) when a repository is adopted, its object format is not set in the database. - fix: [commit](https://codeberg.org/forgejo/forgejo/commit/e7f332a55d6a48a3f3b4f2bfa43d18455ac00acc) during a migration from bitbucket, LFS downloads fail. - [PR](https://codeberg.org/forgejo/forgejo/pulls/4143): a help overlay, triggered by "?" key can be displayed when viewing [asciinema](https://asciinema.org/) files (.cast extension) and [SGR color sequence](https://github.com/asciinema/avt/issues/9) are supported. - [PR](https://codeberg.org/forgejo/forgejo/pulls/4136): strikethrough in markdown can be achieved with [a single ~ in addition to ~~](https://github.github.com/gfm/#strikethrough-extension-). - [PR](https://codeberg.org/forgejo/forgejo/pulls/4083):  - feat: add [Reviewed-on and Reviewed-by variables](https://codeberg.org/forgejo/forgejo/commit/4ddd9af50fbfcfb2ebf629697a803b3bce56c4af) to the merge template. - feat(perf): [add the `[ui.csv].MAX_ROWS` setting](https://codeberg.org/forgejo/forgejo/commit/433b6c6910f8699dc41787ef8f5148b122b4677e) to avoid displaying a large number of lines (defaults to 2500). - feat: [add a setting to override or add headers of all outgoing emails](https://codeberg.org/forgejo/forgejo/commit/1d4bff4f65d5e4a3969871ef91d3612daf272b45), for instance `Reply-To` or `In-Reply-To`. - [PR](https://codeberg.org/forgejo/forgejo/pulls/4027): the Gitea/Forgejo webhook payload includes additional fields (`html_url`, `additions`, `deletions`, `review_comments`...) for better compatibility with [OpenProject](https://www.openproject.org/). - [PR](https://codeberg.org/forgejo/forgejo/pulls/4026): when an OAuth grant request submitted to a Forgejo user is denied, the server from which the request originates is notified that it has been denied. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3989):  - feat: API endpoints that return a repository now [also include the topics](https://codeberg.org/forgejo/forgejo/commit/ee2247d77c0b13b0b45df704d7589b541db03899). - feat: display an error when an issue comment is [edited simultaneously by two users](https://codeberg.org/forgejo/forgejo/commit/ca0921a95aa9a37d8820538458c15fd0a3b0c97c) instead of silently overriding one of them. - feat: add [support for a credentials chain for minio](https://codeberg.org/forgejo/forgejo/commit/73706ae26d138684ef9da9e1164846a040fd4a7d). - feat(perf): improve performances when [retrieving pull requests via the API](https://codeberg.org/forgejo/forgejo/commit/47a2102694c47bc30a2a7c673c328471839ef206). - [PR](https://codeberg.org/forgejo/forgejo/pulls/3934): when installing Forgejo through the built-in installer, open (self-) registration is now disabled by default. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3917): support [setting the default attribute of the issue template dropdown field](https://codeberg.org/forgejo/forgejo/commit/df15abd07264138fd07e003d0cf056f7da514b8f) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3886): For federated-star we introduce a new repository setting to define following repositories. That is a workaround till we find a better way to express repository federation. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3847): Basic wiki content search using git-grep. The search results include the first ten matched files. Only the first three matches per file are displayed. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3838): support using label names when changing issue labels. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3836): parse prefix parameter from redis URI for queues and use that as prefix to keys. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3830): neutralize delete runners' UUID to prevent collisions with new records. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3811): implement a non-caching version of the [RubyGems compact API](https://guides.rubygems.org/rubygems-org-compact-index-api/) for bundler dependency resolution. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3808): add support for the [reddit](https://github.com/markbates/goth/pull/523) and [Hubspot](https://github.com/markbates/goth/pull/531) OAuth providers. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3791): when parsing [incoming emails](https://forgejo.org/docs/v8.0/user/incoming/), [remove tspecials from type/subtype](https://github.com/jhillyerd/enmime/pull/317). According to the RFC, content type and subtype cannot contain special characters and any such character will fail parsing. Removing the characters from the type/subtype can help successfully parsing the content type that contains some extra garbage. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3752): there are a couple of new configs to define the name of the instance. The more important is `APP_SLOGAN`. It permits to configure a slogan for the site and it is optional. The other is `APP_DISPLAY_NAME_FORMAT` and permits to customize the aspect of the full display name for the instance used in some parts of the UI as: (i) Title page, (ii) Homepage head title (ii) Open Graph site and title meta tags. Its default value is `APP_NAME: APP_SLOGAN`. The config `APP_DISPLAY_NAME_FORMAT` is used only if `APP_SLOGAN` is set otherwise the full display name shows only `APP_NAME` value. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3729):  - feat: [commit](https://codeberg.org/forgejo/forgejo/commit/7028fe0b4d89c045b64ae891d2716e89965bc012): add actions-artifacts to the [storage migrate CLI](https://forgejo.org/docs/v8.0/admin/command-line/#migrate). - fix: [commit](https://codeberg.org/forgejo/forgejo/commit/8f0f6bf89cdcd12cd4daa761aa259fdba7e32b50): pull request search shows closed pull requests in the open tab. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3724):  - [CERT management was improved](https://codeberg.org/forgejo/forgejo/pulls/3724) when [`ENABLE_ACME=true`](https://forgejo.org/docs/v7.0/admin/config-cheat-sheet/#server-server) - Draft support for draft-03 of [ACME Renewal Information (ARI)](https://datatracker.ietf.org/doc/draft-ietf-acme-ari/) which assists with deciding when to renew certificates. This augments CertMagic's already-advanced logic using cert lifetime and OCSP/revocation status. - New [`ZeroSSLIssuer`](https://pkg.go.dev/github.com/caddyserver/certmagic@v0.21.0#ZeroSSLIssuer) uses the [ZeroSSL API](https://zerossl.com/documentation/api/) to get certificates. ZeroSSL also has an ACME endpoint, which can still be accessed using the existing ACMEIssuer, as always. Their proprietary API is paid, but has extra features like IP certificates, better reliability, and support. - DNS challenges should be smoother in some cases as we've improved propagation checking. - In the odd case your ACME account disappears from the ACME server, CertMagic will automatically retry with a new account. (This happens in some test/dev environments.) - ACME accounts are identified only by their public keys, but CertMagic maps accounts by CA+email for practical/storage reasons. So now you can "pin" an account key to use by specifying your email and the account public key in your config, which is useful if you need to absolutely be sure to use a specific account (like if you get rate limit exemptions from a CA). - [PR](https://codeberg.org/forgejo/forgejo/pulls/3723):  - With the go-enry upgrade to [v2.8.8](https://github.com/go-enry/go-enry/releases/tag/v2.8.8), language detection in the repository [now includes](https://github.com/github-linguist/linguist/releases/tag/v7.29.0): - New languages - [Roc](https://github.com/github-linguist/linguist/pull/6633) - [BitBake](https://github.com/github-linguist/linguist/pull/6665) with `.bbappend`, `.bbclass` and `.inc` extensions - [Glimmer TS](https://github.com/github-linguist/linguist/pull/6680) - [Edge](https://github.com/github-linguist/linguist/pull/6695) - [Pip Requirements](https://github.com/github-linguist/linguist/pull/6739) - [Mojo](https://github.com/github-linguist/linguist/pull/6400) - [Slint](https://github.com/github-linguist/linguist/pull/6750) - [Oberon](https://github.com/github-linguist/linguist/pull/4645) - New data formats - [TextGrid](https://github.com/github-linguist/linguist/pull/6719) - File names and extensions: - The [rebornix.Ruby extension is deprecated in favor of Shopify.ruby-lsp](https://github.com/github-linguist/linguist/pull/6738) - [Add .bicepparam to list of Bicep file extensions](https://github.com/github-linguist/linguist/pull/6664) - [Add cs.pp extension to C#](https://github.com/github-linguist/linguist/pull/6679) - [Add tmux.conf and .tmux.conf as shell filenames](https://github.com/github-linguist/linguist/pull/6726) - [Add .env.sample as Dotenv filename](https://github.com/github-linguist/linguist/pull/6732) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3654): support Code Search for non-default branches and tags when the repository indexer is disabled. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3615): add an immutable tarball link to archive download headers for Nix. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3414): allow to customize the domain name used as a fallback when synchronizing sources from ldap default domain name. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3383): the default config for `database.MAX_OPEN_CONNS` changed from 0 (unlimited) to 100 to avoid problems if it exceeds the limit by the database server. If you require high concurrency, try to increase this value for both Forgejo **and your database server**. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3366): infer the `[email.incoming].PORT` setting from `.USE_TLS`. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3363): reverted the rootless container image path in `GITEA_APP_INI` from `/etc/gitea/app.ini` to its default value of `/var/lib/gitea/custom/conf/app.ini`. This allows container users to not have to mount two separate volumes (one for the configuration data and one for the configuration `.ini` file). A warning is issued for users with the legacy configuration on how to update to the new path. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3334): added support for the [`workflow_dispatch` trigger](https://forgejo.org/docs/v8.0/user/actions/#onworkflow_dispatch) in Forgejo Actions. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3307): support [Proof Key for Code Exchange (PKCE - RFC7636)](https://www.rfc-editor.org/rfc/rfc7636) for external login using the OpenID Connect authentication source. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3139): allow hiding auto generated release archives. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3952): Update of Chroma from v2.13.0: to v2.14.0: - [`1e983e7`](https://github.com/alecthomas/chroma/commit/1e983e7) lexers/cue: support CUE attributes ([#961](https://github.com/alecthomas/chroma/issues/961)) - [`9347b55`](https://github.com/alecthomas/chroma/commit/9347b55) Add Gleam syntax highlighting ([#959](https://github.com/alecthomas/chroma/issues/959)) - [`2580aaa`](https://github.com/alecthomas/chroma/commit/2580aaa) Add Bazel bzlmod support into Python lexer ([#947](https://github.com/alecthomas/chroma/issues/947)) - **Bug fixes** - [PR](https://codeberg.org/forgejo/forgejo/pulls/4732) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4715)): Show the AGit label on merged pull requests. - [PR](https://codeberg.org/forgejo/forgejo/pulls/4689) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4687)): Fixed: issue state change via the API is not idempotent. - [PR](https://codeberg.org/forgejo/forgejo/pulls/4547) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4546)): The milestone section in the sidebar on the issue and pull request page now uses HTMX. If you update the milestone of a issue or pull request it will no longer reload the whole page and instead update the current page with the new information about the milestone update. This should provide a smoother user experience. - [PR](https://codeberg.org/forgejo/forgejo/pulls/4402) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4382)): Fix mobile UI for organisation creation. - [PR](https://codeberg.org/forgejo/forgejo/pulls/4621) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4618)): Fixes: Forgejo Actions does not trigger an edited event when the title of an issue or pull request is changed. - [PR](https://codeberg.org/forgejo/forgejo/pulls/4529) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4523)): Load attachments for `/issues/comments/{id}`. - [PR](https://codeberg.org/forgejo/forgejo/pulls/4423) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4375)): Fixed: the "View command line instructions" link in pull requests and the "Copy content" button in file editor are not accessible. - [PR](https://codeberg.org/forgejo/forgejo/pulls/4380) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4377)): Use correct SHA in `GetCommitPullRequest` - [PR](https://codeberg.org/forgejo/forgejo/pulls/4288) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4253)): Fixed: unknown git push options are rejected instead of being ignored. - [PR](https://codeberg.org/forgejo/forgejo/pulls/4240): Fixed: markdown `[*[a]*](b)` [is incorrectly rendered as `<a href="b">[a]</a>`](https://github.com/yuin/goldmark/issues/457). - [PR](https://codeberg.org/forgejo/forgejo/pulls/4222): Fixed: markdown files displayed in the UI that have an unescaped backtick in the image alt [could (accidentally) trigger an inline code](https://github.com/yuin/goldmark/issues/456). - [PR](https://codeberg.org/forgejo/forgejo/pulls/3562): Fixed: when the git repository is empty, it is not possible to unsubscribe from an issue. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3442): Fixed: it is not possible to remove attachments from an empty comment. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3430): Fixed: the `/api/v1/repos/{owner}/{repo}/wiki` API endpoints is using a hardcoded "master" branch for the wiki, rather than the branch they really use. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3379): Fixed: using the API to search for users, the results are not paged by default an the default paging limits are not respected. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3952): Update of Chroma from v2.13.0: to v2.14.0: - [`736c0ea`](https://github.com/alecthomas/chroma/commit/736c0ea) Typescript: Several fixes ([#952](https://github.com/alecthomas/chroma/issues/952)) - [`e5c25d0`](https://github.com/alecthomas/chroma/commit/e5c25d0) Org: Keep all newlines ([#951](https://github.com/alecthomas/chroma/issues/951)) - **Localization** - [PR](https://codeberg.org/forgejo/forgejo/pulls/4661) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4568)): 24 July updates - [PR](https://codeberg.org/forgejo/forgejo/pulls/4565) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4451)): 19 July updates - [PR](https://codeberg.org/forgejo/forgejo/pulls/4445) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4330)): 11 July updates - [PR](https://codeberg.org/forgejo/forgejo/pulls/4316) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4251)): 4 July updates - [PR](https://codeberg.org/forgejo/forgejo/pulls/4168): 18 June updates - [PR](https://codeberg.org/forgejo/forgejo/pulls/4098): 10 June updates - [PR](https://codeberg.org/forgejo/forgejo/pulls/3992): 2 June updates - [PR](https://codeberg.org/forgejo/forgejo/pulls/3908): 25 May updates - [PR](https://codeberg.org/forgejo/forgejo/pulls/3851): 20 May updates - [PR](https://codeberg.org/forgejo/forgejo/pulls/3759): 14 May updates - [PR](https://codeberg.org/forgejo/forgejo/pulls/3637): 5 May updates - [PR](https://codeberg.org/forgejo/forgejo/pulls/3508): 28 April updates - [PR](https://codeberg.org/forgejo/forgejo/pulls/3359): 22 April updates - [PR](https://codeberg.org/forgejo/forgejo/pulls/3244): 15 April updates - [PR](https://codeberg.org/forgejo/forgejo/pulls/3138): 10 April updates - [PR](https://codeberg.org/forgejo/forgejo/pulls/3064): 5 April updates - [PR](https://codeberg.org/forgejo/forgejo/pulls/2982): 3 April updates - [PR](https://codeberg.org/forgejo/forgejo/pulls/2937): 31 March updates  ### [`v7.0.16`](https://codeberg.org/forgejo/forgejo/releases/tag/v7.0.16) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.15...v7.0.16) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/7.0.16.md ### [`v7.0.15`](https://codeberg.org/forgejo/forgejo/releases/tag/v7.0.15) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.14...v7.0.15) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/7.0.15.md ### [`v7.0.14`](https://codeberg.org/forgejo/forgejo/releases/tag/v7.0.14) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.13...v7.0.14) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/7.0.14.md ### [`v7.0.13`](https://codeberg.org/forgejo/forgejo/releases/tag/v7.0.13) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.12...v7.0.13) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/7.0.13.md ### [`v7.0.12`](https://codeberg.org/forgejo/forgejo/releases/tag/v7.0.12) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.11...v7.0.12) See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/7.0.12.md ### [`v7.0.11`](https://codeberg.org/forgejo/forgejo/blob/HEAD/RELEASE-NOTES.md#7011) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.10...v7.0.11) See the [Forgejo 7.0.11 release notes](release-notes-published/7.0.11.md). ### [`v7.0.10`](https://codeberg.org/forgejo/forgejo/blob/HEAD/RELEASE-NOTES.md#7010) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.9...v7.0.10) See the [Forgejo 7.0.10 release notes](release-notes-published/7.0.10.md). ### [`v7.0.9`](https://codeberg.org/forgejo/forgejo/blob/HEAD/RELEASE-NOTES.md#709) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.8...v7.0.9) See the [Forgejo 7.0.9 release notes](release-notes-published/7.0.9.md). ### [`v7.0.8`](https://codeberg.org/forgejo/forgejo/blob/HEAD/RELEASE-NOTES.md#708) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.7...v7.0.8) See the [Forgejo 7.0.8 release notes](release-notes-published/7.0.8.md). ### [`v7.0.7`](https://codeberg.org/forgejo/forgejo/blob/HEAD/RELEASE-NOTES.md#707) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.6...v7.0.7) See the [Forgejo 7.0.7 release notes](release-notes-published/7.0.7.md). ### [`v7.0.6`](https://codeberg.org/forgejo/forgejo/blob/HEAD/RELEASE-NOTES.md#706) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.5...v7.0.6) This is a bug fix release. See the documentation for more information on the [upgrade procedure](https://forgejo.org/docs/v7.0/admin/upgrade/). In addition to the pull requests listed below, you will find a complete list in the [v7.0.6 milestone](https://codeberg.org/forgejo/forgejo/milestone/7252). - Two frontend features were removed because a license incompatibility was discovered. [Read more in the companion blog post](https://forgejo.org/2024-07-non-free-dependency-found/). - [PR](https://codeberg.org/forgejo/forgejo/pulls/4679) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4670)): [Mermaid](https://mermaid.js.org/) rendering: `%%{init: {"flowchart": {"defaultRenderer": "elk"}} }%%` will now fail because [ELK](https://github.com/kieler/elkjs) is no longer included. - [PR](https://codeberg.org/forgejo/forgejo/pulls/4600) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4595)): Repository citation: Removed the ability to export citations in APA format. - **User Interface bug fixes** - [PR](https://codeberg.org/forgejo/forgejo/pulls/4593) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4571)): Replace `vue-bar-graph` with `chart.js` - [PR](https://codeberg.org/forgejo/forgejo/pulls/4731) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4715)): Show AGit label on merged PR - [PR](https://codeberg.org/forgejo/forgejo/pulls/4424) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4382)): Fix mobile UI for organisation creation - **Bug fixes** - [PR](https://codeberg.org/forgejo/forgejo/pulls/4688) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4687)): fix(api): issue state change is not idempotent - [PR](https://codeberg.org/forgejo/forgejo/pulls/4647) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4638)): Reserve the `devtest` username - [PR](https://codeberg.org/forgejo/forgejo/pulls/4620) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4618)): fix(actions): no edited event triggered when a title is changed - [PR](https://codeberg.org/forgejo/forgejo/pulls/4528) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4523)): Load attachments for `/issues/comments/{id}` - [PR](https://codeberg.org/forgejo/forgejo/pulls/4526) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/3379)): When searching for users, page the results by default, and respect the default paging limits - [PR](https://codeberg.org/forgejo/forgejo/pulls/4422) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4375)): the "View command line instructions" link in pull requests and the "Copy content" button in file editor are not accessible - [PR](https://codeberg.org/forgejo/forgejo/pulls/4379) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4377)): Use correct SHA in `GetCommitPullRequest` - Localization - [PR](https://codeberg.org/forgejo/forgejo/pulls/4594) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4451)): Update of translations from Weblate - [PR](https://codeberg.org/forgejo/forgejo/pulls/4447): Update of translations from Weblate - [PR](https://codeberg.org/forgejo/forgejo/pulls/4420) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4098)): 3 translation updates from Weblate - [PR 1](https://codeberg.org/forgejo/forgejo/pulls/4098), [PR 2](https://codeberg.org/forgejo/forgejo/pulls/4168), [PR 3](https://codeberg.org/forgejo/forgejo/pulls/4251) ### [`v7.0.5`](https://codeberg.org/forgejo/forgejo/blob/HEAD/RELEASE-NOTES.md#705) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.4...v7.0.5) This is a security release. See the documentation for more information on the [upgrade procedure](https://forgejo.org/docs/v7.0/admin/upgrade/). In addition to the following notable bug fixes, you can browse the [full list of pull requests](https://codeberg.org/forgejo/forgejo/pulls?milestone=6654) included in this release. - **regreSSHion** Recommended action when running Forgejo from a: - binary - upgrade the OpenSSH server that was installed independently. - root OCI image - upgrade to [Forgejo 7.0.5](https://codeberg.org/forgejo/-/packages/container/forgejo/7.0.5). - rootless OCI image - no upgrade is necessary. [CVE-2024-6387](https://nvd.nist.gov/vuln/detail/CVE-2024-6387) also known as [regreSSHion](https://www.qualys.com/regresshion-cve-2024-6387/) is an Unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) on glibc-based Linux systems. It is **strongly recommended** that an OpenSSH server installed independently of Forgejo is upgraded as soon as possible. All Forgejo OCI root images, including [7.0.5](https://codeberg.org/forgejo/-/packages/container/forgejo/7.0.5) contain an OpenSSH server. They are based on https://alpinelinux.org/ which relies on https://musl.libc.org/ and not https://en.wikipedia.org/wiki/Glibc. As a precaution the [Forgejo v7.0.5 root OCI image](https://codeberg.org/forgejo/-/packages/container/forgejo/7.0.5) contains an [updated OpenSSH server](https://pkgs.alpinelinux.org/packages?name=openssh\&branch=v3.19) patched for [CVE-2024-6387](https://nvd.nist.gov/vuln/detail/CVE-2024-6387). The Forgejo OCI rootless images, including [7.0.5](https://codeberg.org/forgejo/-/packages/container/forgejo/7.0.5-rootless), do not contain an OpenSSH server, they rely on the internal Forgejo implementation of the SSH protocol. - **Security:** - Compiled with Go v1.22.5. Fixed: [CVE-2024-24791](https://nvd.nist.gov/vuln/detail/CVE-2024-24791) - [GO-2024-2963](https://pkg.go.dev/vuln/GO-2024-2963): Denial of service due to improper 100-continue handling in net/http. The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. - **Bug fixes:** - [backport](https://codeberg.org/forgejo/forgejo/pulls/4059) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4194): Fixed: authentication Source Administration page wrongfully handles the "Custom URLs Instead of Default URLs" checkbox (missing checkbox, irrelevant fields). - [backport](https://codeberg.org/forgejo/forgejo/pulls/4151) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4149): Fixed: git push to an adopted repository fails. - [backport](https://codeberg.org/forgejo/forgejo/pulls/4215) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4213) - [commit](https://codeberg.org/forgejo/forgejo/commit/4ed5044dea94872e025f585debf7a16e6bd6bbdb): Fixed: markdown doesn't render math within brackets - [backport](https://codeberg.org/forgejo/forgejo/pulls/4219) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4145) - [commit](https://codeberg.org/forgejo/forgejo/commit/9aa3ae955ff506d883737e576dd62f674a3ee372): Fixed: selecting the "No Project" filter in the issue/pull request list has no effect - [backport](https://codeberg.org/forgejo/forgejo/pulls/4248) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4241): Fixed: error 500 when processing crafted TIFF files. - [backport](https://codeberg.org/forgejo/forgejo/pulls/4261) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4258): Fixed: wrong placeholder text in the form for adding repository collaborator. ### [`v7.0.4`](https://codeberg.org/forgejo/forgejo/blob/HEAD/RELEASE-NOTES.md#704) [Compare Source](https://codeberg.org/forgejo/forgejo/compare/v7.0.3...v7.0.4) This is a security release. See the documentation for more information on the [upgrade procedure](https://forgejo.org/docs/v7.0/admin/upgrade/). In addition to the following notable bug fixes, you can browse the [full list of commits](https://codeberg.org/forgejo/forgejo/compare/v7.0.3...v7.0.4) included in this release. - **Security:** - [PR](https://codeberg.org/forgejo/forgejo/pulls/4054). Fixed: [CVE-2024-24789](https://pkg.go.dev/vuln/GO-2024-2888): the archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. - [PR](https://codeberg.org/forgejo/forgejo/pulls/3639) - ([fix](https://codeberg.org/forgejo/forgejo/commit/1b088fade6c69e63843d1bdf402454c363b22ce2) & [test](https://codeberg.org/forgejo/forgejo/pulls/4032)). Fixed: the OAuth2 implementation does not always require authentication for public clients, a requirement of [RFC 6749 Section 10.2](https://datatracker.ietf.org/doc/html/rfc6749#section-10.2). A malicious client can impersonate another client and obtain access to protected resources if the impersonated client fails to, or is unable to, keep its client credentials confidential. - **Bug fixes:** - [backport](https://codeberg.org/forgejo/forgejo/pulls/4086) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4085). Fixed: `forgejo migrate-storage --type actions-artifacts` always fails because it picks the wrong path. - [backport](https://codeberg.org/forgejo/forgejo/pulls/4017) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4015). Fixed: avatar files can be found in storage while they do not exist in the database. - [backport](https://codeberg.org/forgejo/forgejo/pulls/3997) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3976). Fixed: repository admins are always denied the right to force merge and instance admins are subject to restrictions to merge that must only apply to repository admins. - [backport](https://codeberg.org/forgejo/forgejo/pulls/3946) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3615). Fixed: non conformance with the [Nix tarball fetcher immutable link protocol](https://github.com/nixos/nix/blob/56763ff918eb308db23080e560ed2ea3e00c80a7/doc/manual/src/protocols/tarball-fetcher.md). - [backport](https://codeberg.org/forgejo/forgejo/pulls/3936) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3935). Fixed: migrated activities (such as reviews) are mapped to the user who initiated the migration rather than the Ghost user, if the external user cannot be mapped to a local one. This mapping mismatch leads to internal server errors in some cases. - [backport](https://codeberg.org/forgejo/forgejo/pulls/3906) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3904). Fixed: a v7.0.0 regression causes `[admin].SEND_NOTIFICATION_EMAIL_ON_NEW_USER=true` to always be ignored. - [backport](https://codeberg.org/forgejo/forgejo/pulls/3888) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3865). Fixed: using a subquery for user deletion is a performance bottleneck when using mariadb 10 because only mariadb 11 takes advantage of the available index. - [backport](https://codeberg.org/forgejo/forgejo/pulls/3887) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3885). Fixed: a v7.0.3 regression causes the expanding diffs in pull requests to fail with a 404 error. - [backport](https://codeberg.org/forgejo/forgejo/pulls/3881) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3864). Fixed: SourceHut Builds webhook fail when the `triggers` field is used. - [backport](https://codeberg.org/forgejo/forgejo/pulls/3877) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3242). Fixed: the label list rendering in the issue and pull request timeline is displayed on multiple lines instead of a single one. - [backport](https://codeberg.org/forgejo/forgejo/pulls/4084) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4083) - [commit](https://codeberg.org/forgejo/forgejo/commit/c6e04c3c9eddfa6c4bec541f681c8d300b157cdb). Fixed: NuGet Package fails `choco info pkgname` when `pkgname` is also a substring of another package Id. - [backport](https://codeberg.org/forgejo/forgejo/pulls/4004) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3989) - [commit](https://codeberg.org/forgejo/forgejo/commit/62448bfb931882859388b2fd472cb89428c25323). Fixed: "Git hooks of this repository seem to be broken." warning when pushing more than one branch at a time. - [backport](https://codeberg.org/forgejo/forgejo/pulls/3942) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3917) - [commit](https://codeberg.org/forgejo/forgejo/commit/7d7ea45465d6cd1ea0ec549a71f67b4a8ff930cf). Fixed: automerge does not happen when the approval count reaches the required threshold. - [backport](https://codeberg.org/forgejo/forgejo/pulls/3942) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3917) - [commit](https://codeberg.org/forgejo/forgejo/commit/a649610d6175d1994b838f5672261400df9fdb92). Fixed: the `FORCE_PRIVATE=true` setting is not consistently enforced. - [backport](https://codeberg.org/forgejo/forgejo/pulls/3859) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3838) - [commit](https://codeberg.org/forgejo/forgejo/commit/193ac67176afc72e9d108bc1730c354bfbf9a442). Fixed: CSRF validation errors when OAuth is not enabled. - [backport](https://codeberg.org/forgejo/forgejo/pulls/4107) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4076). Fixed: headlines in rendered org-mode do not have a margin on the top - **Localization:** - Improvements to English locale: [\[1\]](https://codeberg.org/forgejo/forgejo/pulls/3914), [\[2\]](https://codeberg.org/forgejo/forgejo/pulls/4114). - Translation updates: [\[1\]](https://codeberg.org/forgejo/forgejo/pulls/3907), [\[2\]](https://codeberg.org/forgejo/forgejo/pulls/3990), [\[3\]](https://codeberg.org/forgejo/forgejo/pulls/4099). </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

renovate-bot added 1 commit 2025-12-09 00:01:10 +00:00

Update codeberg.org/forgejo/forgejo Docker tag to v13 64d1c7c889

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions.

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin renovate/codeberg.org-forgejo-forgejo-13.x:renovate/codeberg.org-forgejo-forgejo-13.x

git checkout renovate/codeberg.org-forgejo-forgejo-13.x

Merge

Merge the changes and update on Forgejo.

git checkout main

git merge --no-ff renovate/codeberg.org-forgejo-forgejo-13.x

git checkout main

git merge --ff-only renovate/codeberg.org-forgejo-forgejo-13.x

git checkout renovate/codeberg.org-forgejo-forgejo-13.x

git rebase main

git checkout main

git merge --no-ff renovate/codeberg.org-forgejo-forgejo-13.x

git checkout main

git merge --squash renovate/codeberg.org-forgejo-forgejo-13.x

git checkout main

git merge --ff-only renovate/codeberg.org-forgejo-forgejo-13.x

git checkout main

git merge renovate/codeberg.org-forgejo-forgejo-13.x

git push origin main

No reviewers

No labels

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: homeserver/docker#7

No description provided.