diff options
Diffstat (limited to '')
94 files changed, 427 insertions, 0 deletions
diff --git a/release-notes-assistant.sh b/release-notes-assistant.sh new file mode 100755 index 0000000..630fa91 --- /dev/null +++ b/release-notes-assistant.sh @@ -0,0 +1,251 @@ +#!/bin/bash +# Copyright twenty-panda <twenty-panda@posteo.com> +# SPDX-License-Identifier: MIT + +label_worth=worth +label_bug=bug +label_feature=feature +label_ui=forgejo/ui +label_breaking=breaking +label_localization=internationalization + +payload=$(mktemp) +pr=$(mktemp) +trap "rm $payload $pr" EXIT + +function test_main() { + set -ex + PS4='${BASH_SOURCE[0]}:$LINENO: ${FUNCNAME[0]}: ' + + test_payload_labels $label_worth $label_breaking $label_feature + test "$(categorize)" = 'AA Breaking features' + + test_payload_labels $label_worth $label_breaking $label_bug + test "$(categorize)" = 'AB Breaking bug fixes' + + test_payload_labels $label_worth $label_breaking + test "$(categorize)" = 'ZC Breaking changes without a feature or bug label' + + test_payload_labels $label_worth $label_ui $label_feature + test "$(categorize)" = 'BA User Interface features' + + test_payload_labels $label_worth $label_ui $label_bug + test "$(categorize)" = 'BB User Interface bug fixes' + + test_payload_labels $label_worth $label_ui + test "$(categorize)" = 'ZD User Interface changes without a feature or bug label' + + test_payload_labels $label_worth $label_feature + test "$(categorize)" = 'CA Features' + + test_payload_labels $label_worth $label_bug + test "$(categorize)" = 'CB Bug fixes' + + test_payload_labels $label_worth $label_localization + test "$(categorize)" = 'DA Localization' + + test_payload_labels $label_worth + test "$(categorize)" = 'ZE Other changes without a feature or bug label' + + test_payload_labels + test "$(categorize)" = 'ZF Included for completeness but not worth a release note' + + test_payload_draft "feat!: breaking feature" + test "$(categorize)" = 'AA Breaking features' + + test_payload_draft "fix!: breaking bug fix" + test "$(categorize)" = 'AB Breaking bug fixes' + + test_payload_draft "feat: feature" + test "$(categorize)" = 'CA Features' + + test_payload_draft "fix: bug fix" + test "$(categorize)" = 'CB Bug fixes' + + test_payload_draft "something with no prefix" + test "$(categorize)" = 'ZE Other changes without a feature or bug label' +} + +function main() { + cat >$payload + categorize +} + +function categorize() { + # + # If this is a backport, refer to the original PR to figure + # out the classification. + # + if $(jq --raw-output .IsBackportedFrom <$payload); then + jq --raw-output '.BackportedFrom[0]' <$payload >$pr + else + jq --raw-output '.Pr' <$payload >$pr + fi + + labels=$(jq --raw-output '.labels[].name' <$pr) + + # + # Was this PR labeled `worth a release note`? + # + if echo "$labels" | grep --quiet $label_worth; then + worth=true + else + worth=false + fi + + # + # If there was no release-notes/N.md file and it is not + # worth a release note, just forget about it. + # + if test -z "$(jq --raw-output .Draft <$payload)"; then + if ! $worth; then + echo -n ZF Included for completeness but not worth a release note + exit 0 + fi + fi + + is_ui=false + is_bug=false + is_feature=false + is_localization=false + is_breaking=false + + # + # first try to figure out the category from the labels + # + case "$labels" in + *$label_bug*) + is_bug=true + ;; + *$label_feature*) + is_feature=true + ;; + *$label_localization*) + is_localization=true + ;; + esac + + case "$labels" in + *$label_breaking*) + is_breaking=true + ;; + esac + + case "$labels" in + *$label_ui*) + is_ui=true + ;; + esac + + # + # then try the prefix of the release note + # + if ! $is_bug && ! $is_feature; then + draft="$(jq --raw-output .Draft <$payload)" + case "$draft" in + fix!:*) + is_bug=true + is_breaking=true + ;; + fix:*) + is_bug=true + ;; + feat!:*) + is_feature=true + is_breaking=true + ;; + feat:*) + is_feature=true + ;; + esac + fi + + if $is_bug; then + if $(jq --raw-output .IsBackportedTo <$payload); then + # + # if it has been backported, it was in the release notes of an older stable release + # and does not need to be in this more recent release notes + # + echo -n ZG Already announced in the release notes of an older stable release + exit 0 + fi + fi + + if $is_breaking; then + if $is_feature; then + echo -n AA Breaking features + elif $is_bug; then + echo -n AB Breaking bug fixes + else + echo -n ZC Breaking changes without a feature or bug label + fi + elif $is_ui; then + if $is_feature; then + echo -n BA User Interface features + elif $is_bug; then + echo -n BB User Interface bug fixes + else + echo -n ZD User Interface changes without a feature or bug label + fi + elif $is_localization; then + echo -n DA Localization + else + if $is_feature; then + echo -n CA Features + elif $is_bug; then + echo -n CB Bug fixes + else + echo -n ZE Other changes without a feature or bug label + fi + fi +} + +function test_payload_labels() { + local label1="$1" + local label2="$2" + local label3="$3" + local label4="$4" + + cat >$payload <<EOF +{ + "Pr": { + "labels": [ + { + "name": "$label1" + }, + { + "name": "$label2" + }, + { + "name": "$label3" + }, + { + "name": "$label4" + } + ] + }, + "IsBackportedFrom": false, + "Draft": "" +} +EOF +} + +function test_payload_draft() { + local draft="$1" + + cat >$payload <<EOF +{ + "Pr": { + "labels": [ + { + "name": "$label_worth" + } + ] + }, + "IsBackportedFrom": false, + "Draft": "$draft" +} +EOF +} + +"${@:-main}" diff --git a/release-notes/3139.md b/release-notes/3139.md new file mode 100644 index 0000000..cac054b --- /dev/null +++ b/release-notes/3139.md @@ -0,0 +1 @@ +Allow hiding auto generated release archives diff --git a/release-notes/3285.md b/release-notes/3285.md new file mode 100644 index 0000000..5ba8b7d --- /dev/null +++ b/release-notes/3285.md @@ -0,0 +1 @@ +The default for `[repository].USE_COMPAT_SSH_URI` has been changed to `true`. With this change, Forgejo defaults to using the same URL style for SSH clone URLs as for HTTPS ones, instead of the former scp-style. diff --git a/release-notes/3307.md b/release-notes/3307.md new file mode 100644 index 0000000..e243b62 --- /dev/null +++ b/release-notes/3307.md @@ -0,0 +1 @@ +Support [Proof Key for Code Exchange (PKCE - RFC7636)](https://www.rfc-editor.org/rfc/rfc7636) for external login using the OpenID Connect authentication source. diff --git a/release-notes/3334.md b/release-notes/3334.md new file mode 100644 index 0000000..3e2b22e --- /dev/null +++ b/release-notes/3334.md @@ -0,0 +1 @@ +Added support for the `workflow_dispatch` workflow trigger diff --git a/release-notes/3337.md b/release-notes/3337.md new file mode 100644 index 0000000..4ee66ef --- /dev/null +++ b/release-notes/3337.md @@ -0,0 +1 @@ +Added support for grouping of log-lines inside steps between the special `::group::{title}` and `::endgroup::` workflow commands. A runner of v3.4.2 or later is needed.
\ No newline at end of file diff --git a/release-notes/3363.md b/release-notes/3363.md new file mode 100644 index 0000000..426a44a --- /dev/null +++ b/release-notes/3363.md @@ -0,0 +1 @@ +Reverted the rootless container image path in `GITEA_APP_INI` from `/etc/gitea/app.ini` to its default value of `/var/lib/gitea/custom/conf/app.ini`. This allows container users to not have to mount two separate volumes (one for the configuration data and one for the configuration `.ini` file). A warning is issued for users with the legacy configuration on how to update to the new path. diff --git a/release-notes/3383.md b/release-notes/3383.md new file mode 100644 index 0000000..9832030 --- /dev/null +++ b/release-notes/3383.md @@ -0,0 +1 @@ +The default config for `database.MAX_OPEN_CONNS` changed from 0 (unlimited) to 100 to avoid problems if it exceeds the limit by the database server. If you require high concurrency, try to increase this value for both Forgejo **and your database server**. [`Limit database max connections by default`](https://codeberg.org/forgejo/forgejo/pulls/3383) diff --git a/release-notes/3414.md b/release-notes/3414.md new file mode 100644 index 0000000..2e10483 --- /dev/null +++ b/release-notes/3414.md @@ -0,0 +1 @@ +Allow to customize the domain name used as a fallback when synchronizing sources from ldap [`ldap: default domain name`](https://codeberg.org/forgejo/forgejo/pulls/3414) diff --git a/release-notes/3430.md b/release-notes/3430.md new file mode 100644 index 0000000..17d9165 --- /dev/null +++ b/release-notes/3430.md @@ -0,0 +1 @@ +Fixed a bug where the `/api/v1/repos/{owner}/{repo}/wiki` API endpoints were using a hardcoded "master" branch for the wiki, rather than the branch they really use. diff --git a/release-notes/3434.md b/release-notes/3434.md new file mode 100644 index 0000000..a8b28eb --- /dev/null +++ b/release-notes/3434.md @@ -0,0 +1 @@ +When PDFs are displayed in the repository, the [full height of the screen](https://codeberg.org/forgejo/forgejo/pulls/3434) is now used instead of a predefined fixed height diff --git a/release-notes/3442.md b/release-notes/3442.md new file mode 100644 index 0000000..7c4feaf --- /dev/null +++ b/release-notes/3442.md @@ -0,0 +1 @@ +Save updated empty comments instead of skipping the update silently, [which prevented the removal of attachments of such comments](https://codeberg.org/forgejo/forgejo/issues/3424). diff --git a/release-notes/3642.md b/release-notes/3642.md new file mode 100644 index 0000000..2a93b15 --- /dev/null +++ b/release-notes/3642.md @@ -0,0 +1 @@ +Allow navigating to the organization dashboard from the organization view diff --git a/release-notes/3654.md b/release-notes/3654.md new file mode 100644 index 0000000..7545599 --- /dev/null +++ b/release-notes/3654.md @@ -0,0 +1 @@ +Code Search for non-default branches and tags when repository indexer is disabled diff --git a/release-notes/3723.md b/release-notes/3723.md new file mode 100644 index 0000000..986e10b --- /dev/null +++ b/release-notes/3723.md @@ -0,0 +1,18 @@ +- With the go-enry upgrade to [v2.8.8](https://github.com/go-enry/go-enry/releases/tag/v2.8.8), language detection in the repository [now includes](https://github.com/github-linguist/linguist/releases/tag/v7.29.0): + - New languages + - [Roc](https://github.com/github-linguist/linguist/pull/6633) + - [BitBake](https://github.com/github-linguist/linguist/pull/6665) with `.bbappend`, `.bbclass` and `.inc` extensions + - [Glimmer TS](https://github.com/github-linguist/linguist/pull/6680) + - [Edge](https://github.com/github-linguist/linguist/pull/6695) + - [Pip Requirements](https://github.com/github-linguist/linguist/pull/6739) + - [Mojo](https://github.com/github-linguist/linguist/pull/6400) + - [Slint](https://github.com/github-linguist/linguist/pull/6750) + - [Oberon](https://github.com/github-linguist/linguist/pull/4645) + - New data formats + - [TextGrid](https://github.com/github-linguist/linguist/pull/6719) + - File names and extensions: + - The [rebornix.Ruby extension is deprecated in favor of Shopify.ruby-lsp](https://github.com/github-linguist/linguist/pull/6738) + - [Add .bicepparam to list of Bicep file extensions](https://github.com/github-linguist/linguist/pull/6664) + - [Add cs.pp extension to C#](https://github.com/github-linguist/linguist/pull/6679) + - [Add tmux.conf and .tmux.conf as shell filenames](https://github.com/github-linguist/linguist/pull/6726) + - [Add .env.sample as Dotenv filename](https://github.com/github-linguist/linguist/pull/6732) diff --git a/release-notes/3724.md b/release-notes/3724.md new file mode 100644 index 0000000..5cc96f7 --- /dev/null +++ b/release-notes/3724.md @@ -0,0 +1,6 @@ +- [CERT management was improved](https://codeberg.org/forgejo/forgejo/pulls/3724) when [`ENABLE_ACME=true`](https://forgejo.org/docs/v7.0/admin/config-cheat-sheet/#server-server) + - Draft support for draft-03 of [ACME Renewal Information (ARI)](https://datatracker.ietf.org/doc/draft-ietf-acme-ari/) which assists with deciding when to renew certificates. This augments CertMagic's already-advanced logic using cert lifetime and OCSP/revocation status. + - New [`ZeroSSLIssuer`](https://pkg.go.dev/github.com/caddyserver/certmagic@v0.21.0#ZeroSSLIssuer) uses the [ZeroSSL API](https://zerossl.com/documentation/api/) to get certificates. ZeroSSL also has an ACME endpoint, which can still be accessed using the existing ACMEIssuer, as always. Their proprietary API is paid, but has extra features like IP certificates, better reliability, and support. + - DNS challenges should be smoother in some cases as we've improved propagation checking. + - In the odd case your ACME account disappears from the ACME server, CertMagic will automatically retry with a new account. (This happens in some test/dev environments.) + - ACME accounts are identified only by their public keys, but CertMagic maps accounts by CA+email for practical/storage reasons. So now you can "pin" an account key to use by specifying your email and the account public key in your config, which is useful if you need to absolutely be sure to use a specific account (like if you get rate limit exemptions from a CA). diff --git a/release-notes/3729.md b/release-notes/3729.md new file mode 100644 index 0000000..6074f0e --- /dev/null +++ b/release-notes/3729.md @@ -0,0 +1,2 @@ +- feat: [commit](https://codeberg.org/forgejo/forgejo/commit/7028fe0b4d89c045b64ae891d2716e89965bc012): add actions-artifacts to the [storage migrate CLI](https://forgejo.org/docs/v8.0/admin/command-line/#migrate). +- fix: [commit](https://codeberg.org/forgejo/forgejo/commit/8f0f6bf89cdcd12cd4daa761aa259fdba7e32b50): pull request search shows closed pull requests in the open tab. diff --git a/release-notes/3752.md b/release-notes/3752.md new file mode 100644 index 0000000..358b31a --- /dev/null +++ b/release-notes/3752.md @@ -0,0 +1 @@ +There are a couple of new configs to define the name of the instance. The more important is `APP_SLOGAN`. It permits to configure a slogan for the site and it is optional. The other is `APP_DISPLAY_NAME_FORMAT` and permits to customize the aspect of the full display name for the instance used in some parts of the UI as: (i) Title page, (ii) Homepage head title (ii) Open Graph site and title meta tags. Its default value is `APP_NAME: APP_SLOGAN`. The config `APP_DISPLAY_NAME_FORMAT` is used only if `APP_SLOGAN` is set otherwise the full display name shows only `APP_NAME` value. diff --git a/release-notes/3791.md b/release-notes/3791.md new file mode 100644 index 0000000..bc2173d --- /dev/null +++ b/release-notes/3791.md @@ -0,0 +1 @@ +- when parsing [incoming emails](https://forgejo.org/docs/v8.0/user/incoming/), [remove tspecials from type/subtype](https://github.com/jhillyerd/enmime/pull/317). According to the RFC, content type and subtype cannot contain special characters and any such character will fail parsing. Removing the characters from the type/subtype can help successfully parsing the content type that contains some extra garbage. diff --git a/release-notes/3808.md b/release-notes/3808.md new file mode 100644 index 0000000..52bc0ad --- /dev/null +++ b/release-notes/3808.md @@ -0,0 +1 @@ +- Add support for the [reddit](https://github.com/markbates/goth/pull/523) and [Hubspot](https://github.com/markbates/goth/pull/531) OAuth providers. diff --git a/release-notes/3811.md b/release-notes/3811.md new file mode 100644 index 0000000..e792ca4 --- /dev/null +++ b/release-notes/3811.md @@ -0,0 +1 @@ +Implement a non-caching version of the [RubyGems compact API](https://guides.rubygems.org/rubygems-org-compact-index-api/) for bundler dependency resolution. diff --git a/release-notes/3830.md b/release-notes/3830.md new file mode 100644 index 0000000..5e46a45 --- /dev/null +++ b/release-notes/3830.md @@ -0,0 +1 @@ +Neutralize delete runners' UUID to prevent collisions with new records diff --git a/release-notes/3836.md b/release-notes/3836.md new file mode 100644 index 0000000..1052c6d --- /dev/null +++ b/release-notes/3836.md @@ -0,0 +1 @@ +Parse prefix parameter from redis URI for queues and use that as prefix to keys diff --git a/release-notes/3838.md b/release-notes/3838.md new file mode 100644 index 0000000..ea135b1 --- /dev/null +++ b/release-notes/3838.md @@ -0,0 +1 @@ +- [Support using label names when changing issue labels](https://codeberg.org/forgejo/forgejo/commit/8e1de85980f1e4ae05b240cafbf9eaf33c94a203) diff --git a/release-notes/3847.md b/release-notes/3847.md new file mode 100644 index 0000000..8467a72 --- /dev/null +++ b/release-notes/3847.md @@ -0,0 +1 @@ +Basic wiki content search using git-grep. The search results include the first ten matched files. Only the first three matches per file are displayed. diff --git a/release-notes/3870.md b/release-notes/3870.md new file mode 100644 index 0000000..497ba19 --- /dev/null +++ b/release-notes/3870.md @@ -0,0 +1 @@ +Use CSS-native pattern for image diff background, add dark theme support diff --git a/release-notes/3886.md b/release-notes/3886.md new file mode 100644 index 0000000..262f5ed --- /dev/null +++ b/release-notes/3886.md @@ -0,0 +1 @@ +For federated-star we introduce a new repository setting to define following repositories. That is a workaround till we find a better way to express repository federation. diff --git a/release-notes/3917.md b/release-notes/3917.md new file mode 100644 index 0000000..4e551ad --- /dev/null +++ b/release-notes/3917.md @@ -0,0 +1 @@ +support [setting the default attribute of the issue template dropdown field](https://codeberg.org/forgejo/forgejo/commit/df15abd07264138fd07e003d0cf056f7da514b8f) diff --git a/release-notes/3922.md b/release-notes/3922.md new file mode 100644 index 0000000..d05a78d --- /dev/null +++ b/release-notes/3922.md @@ -0,0 +1,5 @@ +- feat: [`1e983e7`](https://github.com/alecthomas/chroma/commit/1e983e7) lexers/cue: support CUE attributes ([#​961](https://github.com/alecthomas/chroma/issues/961)) +- feat: [`9347b55`](https://github.com/alecthomas/chroma/commit/9347b55) Add Gleam syntax highlighting ([#​959](https://github.com/alecthomas/chroma/issues/959)) +- feat: [`2580aaa`](https://github.com/alecthomas/chroma/commit/2580aaa) Add Bazel bzlmod support into Python lexer ([#​947](https://github.com/alecthomas/chroma/issues/947)) +- fix: [`736c0ea`](https://github.com/alecthomas/chroma/commit/736c0ea) Typescript: Several fixes ([#​952](https://github.com/alecthomas/chroma/issues/952)) +- fix: [`e5c25d0`](https://github.com/alecthomas/chroma/commit/e5c25d0) Org: Keep all newlines ([#​951](https://github.com/alecthomas/chroma/issues/951)) diff --git a/release-notes/3934.md b/release-notes/3934.md new file mode 100644 index 0000000..d6e7dd6 --- /dev/null +++ b/release-notes/3934.md @@ -0,0 +1 @@ +When installing Forgejo through the built-in installer, open (self-) registration is now disabled by default. diff --git a/release-notes/3985.md b/release-notes/3985.md new file mode 100644 index 0000000..31274c2 --- /dev/null +++ b/release-notes/3985.md @@ -0,0 +1 @@ +Added support for displaying images based on the users current color code by using an anchor of `#dark-mode-only` or `#light-mode-only` respectively. Also supporting the github variants (e.g. `#gh-dark-mode-only`).
\ No newline at end of file diff --git a/release-notes/3989.md b/release-notes/3989.md new file mode 100644 index 0000000..0057296 --- /dev/null +++ b/release-notes/3989.md @@ -0,0 +1,4 @@ +- feat: API endpoints that return a repository now [also include the topics](https://codeberg.org/forgejo/forgejo/commit/ee2247d77c0b13b0b45df704d7589b541db03899). +- feat: display an error when an issue comment is [edited simultaneously by two users](https://codeberg.org/forgejo/forgejo/commit/ca0921a95aa9a37d8820538458c15fd0a3b0c97c) instead of silently overriding one of them. +- feat: add [support for a credentials chain for minio](https://codeberg.org/forgejo/forgejo/commit/73706ae26d138684ef9da9e1164846a040fd4a7d). +- feat(perf): improve performances when [retrieving pull requests via the API](https://codeberg.org/forgejo/forgejo/commit/47a2102694c47bc30a2a7c673c328471839ef206). diff --git a/release-notes/4026.md b/release-notes/4026.md new file mode 100644 index 0000000..747c3a7 --- /dev/null +++ b/release-notes/4026.md @@ -0,0 +1 @@ +- when an OAuth grant request submitted to a Forgejo user is denied, the server from which the request originates is not notified that it has been denied diff --git a/release-notes/4027.md b/release-notes/4027.md new file mode 100644 index 0000000..710f827 --- /dev/null +++ b/release-notes/4027.md @@ -0,0 +1 @@ +- Gitea/Forgejo webhook payload include additional fields (`html_url`, `additions`, `deletions`, `review_comments`...) for better compatibility with [OpenProject](https://www.openproject.org/), ported from [gitea#28435](https://github.com/go-gitea/gitea/pull/28435). diff --git a/release-notes/4072.md b/release-notes/4072.md new file mode 100644 index 0000000..8e28b73 --- /dev/null +++ b/release-notes/4072.md @@ -0,0 +1,2 @@ +- Added Enter key handling to the new Markdown editor: Pressing Enter while in a list, quote or code block will copy the prefix to the new line - Ordered list index will be increased for the new line, and task list "checkbox" will be unchecked. +- Added indent/unindent function for a line or selection. Currently available as toolbar buttons ([#4263](https://codeberg.org/forgejo/forgejo/pulls/4263)). diff --git a/release-notes/4083.md b/release-notes/4083.md new file mode 100644 index 0000000..0a9e3b3 --- /dev/null +++ b/release-notes/4083.md @@ -0,0 +1,3 @@ +- feat: add [Reviewed-on and Reviewed-by variables](https://codeberg.org/forgejo/forgejo/commit/4ddd9af50fbfcfb2ebf629697a803b3bce56c4af) to the merge template. +- feat(perf): [add the `[ui.csv].MAX_ROWS` setting](https://codeberg.org/forgejo/forgejo/commit/433b6c6910f8699dc41787ef8f5148b122b4677e) to avoid displaying a large number of lines (defaults to 2500). +- feat: [add a setting to override or add headers of all outgoing emails](https://codeberg.org/forgejo/forgejo/commit/1d4bff4f65d5e4a3969871ef91d3612daf272b45), for instance `Reply-To` or `In-Reply-To`. diff --git a/release-notes/4095.md b/release-notes/4095.md new file mode 100644 index 0000000..0f072b6 --- /dev/null +++ b/release-notes/4095.md @@ -0,0 +1 @@ +Disable Subscribe button for guest users. diff --git a/release-notes/4134.md b/release-notes/4134.md new file mode 100644 index 0000000..ddef4c0 --- /dev/null +++ b/release-notes/4134.md @@ -0,0 +1 @@ +Code Search results are now displayed in a foldable box diff --git a/release-notes/4136.md b/release-notes/4136.md new file mode 100644 index 0000000..ae41d3f --- /dev/null +++ b/release-notes/4136.md @@ -0,0 +1 @@ +- strikethrough in markdown can be achieved with [a single ~ in addition to ~~](https://github.github.com/gfm/#strikethrough-extension-) diff --git a/release-notes/4139.md b/release-notes/4139.md new file mode 100644 index 0000000..a85aac9 --- /dev/null +++ b/release-notes/4139.md @@ -0,0 +1 @@ +reorder repo tabs for better UX: (i) `Actions` is now the last tab (ii) `Packages` are located after Releases (iii) this puts Projects after Pull requests. (tab positions may depend on which units are enabled in the repo). diff --git a/release-notes/4143.md b/release-notes/4143.md new file mode 100644 index 0000000..346d531 --- /dev/null +++ b/release-notes/4143.md @@ -0,0 +1 @@ +a help overlay, triggered by "?" key can be displayed when viewing [asciinema](https://asciinema.org/) files (.cast extension) and [SGR color sequence](https://github.com/asciinema/avt/issues/9) are supported. diff --git a/release-notes/4145.md b/release-notes/4145.md new file mode 100644 index 0000000..77eb126 --- /dev/null +++ b/release-notes/4145.md @@ -0,0 +1,6 @@ +- feat(perf): [commit](https://codeberg.org/forgejo/forgejo/commit/358cd67c4f316f2d4f1d3be6dcb891dc04a2ff07) reduce memory usage for chunked artifact uploads to S3. +- feat: [commit](https://codeberg.org/forgejo/forgejo/commit/b60e3ac7b4aeeb9b8760f43eea9576c0e23309e9) allow downloading draft releases assets. +- feat: [commit](https://codeberg.org/forgejo/forgejo/commit/1fca15529ac8fefb60d86b0c1f4bec8dae9a8566) API endpoints for managing tag protection. +- feat: [commit](https://codeberg.org/forgejo/forgejo/commit/4334c705b5f9388b16af23c7e75a69d027d07d5e) extract and display readme and comments for Composer packages. +- fix: [commit](https://codeberg.org/forgejo/forgejo/commit/364922c6e4f28264add9e2501a352c25ad6a0993) when a repository is adopted, its object format is not set in the database. +- fix: [commit](https://codeberg.org/forgejo/forgejo/commit/e7f332a55d6a48a3f3b4f2bfa43d18455ac00acc) during a migration from bitbucket, LFS downloads fail. diff --git a/release-notes/4160.md b/release-notes/4160.md new file mode 100644 index 0000000..9a6bf64 --- /dev/null +++ b/release-notes/4160.md @@ -0,0 +1 @@ +Added support for fuzzy searching issues and pulls - support for `/issues` and `/pulls` were ported from [`gitea#be5be0ac81`](https://github.com/go-gitea/gitea/commit/be5be0ac81ce50ad5adb079af6ca4e8c396aaece) - support for `/user/repo/issues` and `/user/repo/pulls` were added diff --git a/release-notes/4189.md b/release-notes/4189.md new file mode 100644 index 0000000..214a104 --- /dev/null +++ b/release-notes/4189.md @@ -0,0 +1 @@ +User profiles: only show RSS feed button and Public activity tab when the activity can be accessed, add messages about visibility diff --git a/release-notes/4201.md b/release-notes/4201.md new file mode 100644 index 0000000..ea2797f --- /dev/null +++ b/release-notes/4201.md @@ -0,0 +1 @@ +Make tooltip of Author label in comments more clear diff --git a/release-notes/4212.md b/release-notes/4212.md new file mode 100644 index 0000000..92fc9e9 --- /dev/null +++ b/release-notes/4212.md @@ -0,0 +1 @@ +Added the foundations of a flexible, configurable quota system diff --git a/release-notes/4218.md b/release-notes/4218.md new file mode 100644 index 0000000..88591ed --- /dev/null +++ b/release-notes/4218.md @@ -0,0 +1 @@ +[Forgejo Actions artifacts](https://forgejo.org/docs/next/user/actions/#artifacts) support [range requests](https://en.wikipedia.org/wiki/Byte_serving) to resume a download diff --git a/release-notes/4222.md b/release-notes/4222.md new file mode 100644 index 0000000..5d27d43 --- /dev/null +++ b/release-notes/4222.md @@ -0,0 +1 @@ +- markdown files displayed in the UI that have an unescaped backtick in the image alt [could (accidentally) trigger an inline code](https://github.com/yuin/goldmark/issues/456) diff --git a/release-notes/4240.md b/release-notes/4240.md new file mode 100644 index 0000000..75b8cd4 --- /dev/null +++ b/release-notes/4240.md @@ -0,0 +1 @@ +- markdown `[*[a]*](b)` [is incorrectly rendered as `<p><a href="b"><em>[a]</em></a></p>`](https://github.com/yuin/goldmark/issues/457) diff --git a/release-notes/4253.md b/release-notes/4253.md new file mode 100644 index 0000000..1533c2a --- /dev/null +++ b/release-notes/4253.md @@ -0,0 +1 @@ +- unknown git push options are rejected instead of being ignored diff --git a/release-notes/4262.md b/release-notes/4262.md new file mode 100644 index 0000000..9918f06 --- /dev/null +++ b/release-notes/4262.md @@ -0,0 +1 @@ +Introduced branch/tag dropdown in code search page if using git-grep. diff --git a/release-notes/4266.md b/release-notes/4266.md new file mode 100644 index 0000000..3c9baf5 --- /dev/null +++ b/release-notes/4266.md @@ -0,0 +1 @@ +- add support for LFS server implementations which have batch API responses in an older/deprecated schema diff --git a/release-notes/4291.md b/release-notes/4291.md new file mode 100644 index 0000000..58c17c4 --- /dev/null +++ b/release-notes/4291.md @@ -0,0 +1 @@ +add support for \emph when rendering KaTeX diff --git a/release-notes/4367.md b/release-notes/4367.md new file mode 100644 index 0000000..b552861 --- /dev/null +++ b/release-notes/4367.md @@ -0,0 +1 @@ +The caching of contributor stats was improved (the data used by `/<user>/<repo>/activity/recent-commits`) to use the configured cache TTL from the config (`[cache].ITEM_TTL`) instead of a hardcoded TTL of ten minutes. The computation of this operation is computationally heavy and makes a lot of requests to the database and Git on repositories with a lot of commits. It should be cached for longer than what was previously hardcoded, ten minutes. diff --git a/release-notes/4375.md b/release-notes/4375.md new file mode 100644 index 0000000..b0c5654 --- /dev/null +++ b/release-notes/4375.md @@ -0,0 +1 @@ +the "View command line instructions" link in pull requests and the "Copy content" button in file editor are not accessible diff --git a/release-notes/4400.md b/release-notes/4400.md new file mode 100644 index 0000000..b8976a5 --- /dev/null +++ b/release-notes/4400.md @@ -0,0 +1 @@ +the user interface of the login page is modified diff --git a/release-notes/4427.md b/release-notes/4427.md new file mode 100644 index 0000000..3556a8f --- /dev/null +++ b/release-notes/4427.md @@ -0,0 +1 @@ +Fixed social media previews for links to wiki pages. diff --git a/release-notes/4429.md b/release-notes/4429.md new file mode 100644 index 0000000..b8d6e1c --- /dev/null +++ b/release-notes/4429.md @@ -0,0 +1 @@ +[display URLs in .sh-session files](https://github.com/buildkite/terminal-to-html/pull/163) diff --git a/release-notes/4439.md b/release-notes/4439.md new file mode 100644 index 0000000..60b9539 --- /dev/null +++ b/release-notes/4439.md @@ -0,0 +1 @@ +Make descriptions of user privacy settings more visible and clear diff --git a/release-notes/4487.md b/release-notes/4487.md new file mode 100644 index 0000000..3c2767a --- /dev/null +++ b/release-notes/4487.md @@ -0,0 +1 @@ +Do not fire webhook notifications for updates and deletions of comments that are part of an ongoing review (a review that is still in draft). Also, content history will not be saved for such comments, to avoid exposing fixing embarrassing typos you've have made while the review was still pending. diff --git a/release-notes/4506.md b/release-notes/4506.md new file mode 100644 index 0000000..b402494 --- /dev/null +++ b/release-notes/4506.md @@ -0,0 +1 @@ +Replaced the openpgp library to use a maintained version, github.com/ProtonMail/go-crypto. This change also went hand in hand with doing correct revocation checks (instead of merely checking if a revocation signature existed) and using the expiration of a subkey if one existed instead of always using the expiration of the default key. diff --git a/release-notes/4547.md b/release-notes/4547.md new file mode 100644 index 0000000..08f131f --- /dev/null +++ b/release-notes/4547.md @@ -0,0 +1 @@ +The milestone section in the sidebar on the issue and pull request page now uses HTMX. If you update the milestone of a issue or pull request it will no longer reload the whole page and instead update the current page with the new information about the milestone update. This should provide a smoother user experience. diff --git a/release-notes/4595.md b/release-notes/4595.md new file mode 100644 index 0000000..8bfffc8 --- /dev/null +++ b/release-notes/4595.md @@ -0,0 +1 @@ +Repository citation: Removed the ability to export citations in APA format. [Read more in the companion blog post](https://forgejo.org/2024-07-non-free-dependency-found/) diff --git a/release-notes/4605.md b/release-notes/4605.md new file mode 100644 index 0000000..90d0ed5 --- /dev/null +++ b/release-notes/4605.md @@ -0,0 +1 @@ +feat: the default setting attachment.ALLOWED_TYPES was adjusted to allow .webp attachments in issues - a more efficient format for images like screenshots. All attachments are treated as normal files and are not re-encoded by Forgejo. If you have customized this setting, you may also want to add .webp to it for the benefit of your users, as well as to reduce server traffic and storage usage. diff --git a/release-notes/4607.md b/release-notes/4607.md new file mode 100644 index 0000000..586225b --- /dev/null +++ b/release-notes/4607.md @@ -0,0 +1,3 @@ +feat: [commit](https://codeberg.org/forgejo/forgejo/commit/21fdd28f084e7f1aef309c9ebd7599ffa6986453) allow synchronizing user status from OAuth2 login providers. +feat: [commit](https://codeberg.org/forgejo/forgejo/commit/004cc6dc0ab7cc9c324ccb4ecd420c6aeeb20500) add option to change mail from user display name. +feat: [commit](https://codeberg.org/forgejo/forgejo/commit/d0227c236aa195bd03990210f968b8e52eb20b79) issue Templates: add option to have dropdown printed list. diff --git a/release-notes/4635.md b/release-notes/4635.md new file mode 100644 index 0000000..42ace0c --- /dev/null +++ b/release-notes/4635.md @@ -0,0 +1 @@ +Email notifications are now sent when account security changes are made: password changed, primary email changed (email sent to old primary mail), TOTP disabled or a security key removed. diff --git a/release-notes/4684.md b/release-notes/4684.md new file mode 100644 index 0000000..497d580 --- /dev/null +++ b/release-notes/4684.md @@ -0,0 +1 @@ +Forgejo v9.0 is GPLv3+. Read more in [the companion blog post](https://forgejo.org/2024-08-gpl/). diff --git a/release-notes/4716.md b/release-notes/4716.md new file mode 100644 index 0000000..e47f43c --- /dev/null +++ b/release-notes/4716.md @@ -0,0 +1,4 @@ +feat: [commit](https://codeberg.org/forgejo/forgejo/commit/8d23433dab08fcbb8043e5d239171fba59c53108): support pull_request_target event for commit status. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/ee11a263f8c9de33d42fc117443f4054a311c875): add return type to GetRawFileOrLFS and GetRawFile. +feat: [commit](https://codeberg.org/forgejo/forgejo/commit/cb9071bbf433715f0e16e39cb60126b65f8236a0): support delete user email in admin panel. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/f61873c7e42b613405d367421ad19db80f831053): properly filter issue list given no assignees filter. diff --git a/release-notes/4724.md b/release-notes/4724.md new file mode 100644 index 0000000..4037c71 --- /dev/null +++ b/release-notes/4724.md @@ -0,0 +1 @@ +OIDC integrations that POST to `/login/oauth/introspect` without sending HTTP basic authentication will now fail with a 401 HTTP Unauthorized error. To fix the error, the client must begin sending HTTP basic authentication with a valid client ID and secret. This endpoint was previously authenticated via the introspection token itself, which is less secure. diff --git a/release-notes/4801.md b/release-notes/4801.md new file mode 100644 index 0000000..c0f7b0d --- /dev/null +++ b/release-notes/4801.md @@ -0,0 +1,9 @@ +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/0dbc6230286e113accbc6d5e829ce8dae1d1f5d4) Hide the "Details" link of commit status when the user cannot access actions. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/6e63afe31f43eaf5ff7c8595ddeaf8515c2dc0c0) The API endpoint to get the actions registration token is GET /repos/{owner}/{repo}/actions/runners/registration-token and not GET /repos/{owner}/{repo}/runners/registration-token. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/6e63afe31f43eaf5ff7c8595ddeaf8515c2dc0c0) Runner registration token via API is broken for repo level runners. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/c784a5874066ca1a1fd518408d5767b4eb57bd69) Deleted projects causes bad popover text on issues. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/42bb51af9b8283071e15ac6470ada9824d87cd40) Distinguish LFS object errors to ignore missing objects during migration. +feat: [commit](https://codeberg.org/forgejo/forgejo/commit/11b6253e7532ba11dee8bc31d4c262b102674a4d) Use UTC as a timezone when running scheduled actions tasks. +feat: [commit](https://codeberg.org/forgejo/forgejo/commit/feb43b2584b7f64ec7f9952af2b50b2210e6e6cf) The actions logs older than `[actions].LOG_RETENTION_DAYS` days are removed (the default is 365). +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/6328f648decc2754ef10ee5ca6ca9785a156614c) When viewing the revision history of wiki pages, the pagination links are broken: instead of org/repo/wiki/Page?action=_revision&page=2, the link is only org/repo/wiki/Page?page=2, thus bringing the user back to the wiki page. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/2310556158d70bf1dbfca96dc928e1be3d3f41be) Also rename the head branch of open pull requests when renaming a branch. diff --git a/release-notes/4819.md b/release-notes/4819.md new file mode 100644 index 0000000..88c3f77 --- /dev/null +++ b/release-notes/4819.md @@ -0,0 +1 @@ +Allow push mirrors to use a SSH key as the authentication method for the mirroring action instead of using user:password authentication. The SSH keypair is created by Forgejo and the destination repository must be configured with the public key to allow for push over SSH. diff --git a/release-notes/4907.md b/release-notes/4907.md new file mode 100644 index 0000000..7c6cbdd --- /dev/null +++ b/release-notes/4907.md @@ -0,0 +1 @@ +Reverted a change from Gitea which prevented allow/reject reviews on merged or closed PRs. This change was not considered by the Forgejo UI team and there is a consensus that it feels like a regression, since it interferes with workflows known to be used by Forgejo users without providing a tangible benefit. diff --git a/release-notes/4924.md b/release-notes/4924.md new file mode 100644 index 0000000..6ef951b --- /dev/null +++ b/release-notes/4924.md @@ -0,0 +1,2 @@ +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/9812b7af91b69386c5d4c08982aece7bd8f9a174) /repos/{owner}/{repo}/pulls/{index} [requested_reviewers contains null for teams](https://codeberg.org/forgejo/forgejo/issues/4108). +feat: [commit](https://codeberg.org/forgejo/forgejo/commit/bf7373a2520ae56a1dc00416efa02de9749b63d3) Forgejo Actions logs are compressed by default. It can be disabled by setting `[actions].LOG_COMPRESSION=none`. diff --git a/release-notes/4941.md b/release-notes/4941.md new file mode 100644 index 0000000..85b896a --- /dev/null +++ b/release-notes/4941.md @@ -0,0 +1 @@ +Drop support to build Forgejo with the optional go-git Git backend. It only affects users who built Forgejo manually using `TAGS=gogits`, which no longer has any effect. Moving forward, we only support the default backend using the git binary. Please get in touch if you used the go-git backend and require any assistance moving away from it. diff --git a/release-notes/4998.md b/release-notes/4998.md new file mode 100644 index 0000000..436d520 --- /dev/null +++ b/release-notes/4998.md @@ -0,0 +1,4 @@ +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/7f1db1df3ee8d620f997b8e70a40c2f48ae96c0f) Show lock owner instead of repo owner on LFS setting page. +feat: [commit](https://codeberg.org/forgejo/forgejo/commit/ebfdc659d814561f8783094e2eb26738a5500e55) Render plain text file if the LFS object doesn't exist. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/9e066c3cad7bb1b30e2def34bd0608aac825cf58) Fix panic of ssh public key page after deletion of auth source. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/a8e25e907c66140961f28ba92403176c816dfb60) Add missing repository type filter parameters to pager. diff --git a/release-notes/5065.md b/release-notes/5065.md new file mode 100644 index 0000000..9399d68 --- /dev/null +++ b/release-notes/5065.md @@ -0,0 +1 @@ +when a Forgejo Actions workflow includes a `workflow_dispatch` with `inputs` and other events (for instance `push`), it is silently ignored because of a parsing error. diff --git a/release-notes/5090.md b/release-notes/5090.md new file mode 100644 index 0000000..dba7855 --- /dev/null +++ b/release-notes/5090.md @@ -0,0 +1 @@ +Remove support for Couchbase as a session provider; it instead will now fallback to the file provider. The rationale for removing Couchbase support is that it's not free software, https://www.couchbase.com/blog/couchbase-adopts-bsl-license/, and therefore cannot be tested in Forgejo and neither should be supported. diff --git a/release-notes/5109.md b/release-notes/5109.md new file mode 100644 index 0000000..b3aecd8 --- /dev/null +++ b/release-notes/5109.md @@ -0,0 +1,2 @@ +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/3ade4d9b2bfa6ae84a1ded932907a53060565575) Don't return 500 if mirror url contains special chars +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/dda53569b1b70507469fc296881eec89606ab9c3) Fix agit automerge diff --git a/release-notes/5120.md b/release-notes/5120.md new file mode 100644 index 0000000..d502b21 --- /dev/null +++ b/release-notes/5120.md @@ -0,0 +1,2 @@ +feat: Language detection in the repository learned about the following languages: [Luau](https://github.com/github-linguist/linguist/pull/6612), [BQN](https://github.com/github-linguist/linguist/pull/6623), [Cron table](https://github.com/github-linguist/linguist/pull/6759), [NMODL](https://github.com/github-linguist/linguist/pull/6776), [Pkl](https://github.com/github-linguist/linguist/pull/6730), [templ](https://github.com/github-linguist/linguist/pull/6798), [FIRRTL](https://github.com/github-linguist/linguist/pull/6848), [Julia REPL](https://github.com/github-linguist/linguist/pull/6859), [Caddyfile](https://github.com/github-linguist/linguist/pull/6862). +feat: The following extensions or filenames in a repository are associated with the matching language: [.sublime-color-scheme](https://github.com/github-linguist/linguist/pull/6758), [MODULE.bazel.lock](https://github.com/github-linguist/linguist/pull/6783), [Cargo.toml.orig](https://github.com/github-linguist/linguist/pull/6787), [tsx](https://github.com/github-linguist/linguist/pull/6788), [justfile](https://github.com/github-linguist/linguist/pull/6795), [.zig.zon](https://github.com/github-linguist/linguist/pull/6820), [.envrc](https://github.com/github-linguist/linguist/pull/6865). diff --git a/release-notes/5149.md b/release-notes/5149.md new file mode 100644 index 0000000..1f508d2 --- /dev/null +++ b/release-notes/5149.md @@ -0,0 +1 @@ +The scope of application tokens is not verified when writing containers or Conan packages. This is of no consequence when the user associated with the application token does not have write access to packages. If the user has write access to packages, such a token can be used to write containers and Conan packages. diff --git a/release-notes/5195.md b/release-notes/5195.md new file mode 100644 index 0000000..3c4990c --- /dev/null +++ b/release-notes/5195.md @@ -0,0 +1,2 @@ +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/196907e359420f63003f884d1cf827b4a4d7a4e5) Handle "close" actionable references for manual merges. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/46b1f2e7e4e795331f28f74666094c9416499e03) Team admins are allowed to search team members via the API. diff --git a/release-notes/5205.md b/release-notes/5205.md new file mode 100644 index 0000000..f98e32a --- /dev/null +++ b/release-notes/5205.md @@ -0,0 +1,3 @@ +feat: mermaid: [Add support for iconify icons](https://github.com/mermaid-js/mermaid/pull/5793). +feat: mermaid: [Allow multi-line relationship labels](https://github.com/mermaid-js/mermaid/pull/5711). +feat: mermaid: [Adds architecture diagrams which allows users to show relations between services](https://github.com/mermaid-js/mermaid/pull/5452). diff --git a/release-notes/5325.md b/release-notes/5325.md new file mode 100644 index 0000000..497944b --- /dev/null +++ b/release-notes/5325.md @@ -0,0 +1,3 @@ +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/eb765dabfd43e353bd2208e8375b102935d0f103) Handle invalid target when creating releases using API. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/5af168fb92e5dd3b0c81d97ba27a6f19739bef18) /repos/{owner}/{repo}/pulls/{index}/files endpoint not populating previous_filename. +feat: [commit](https://codeberg.org/forgejo/forgejo/commit/2da0ebbd2314f12b287694c378a888311dd337bc) Support allowed hosts for migrations to work with proxy. diff --git a/release-notes/5372.md b/release-notes/5372.md new file mode 100644 index 0000000..fccb305 --- /dev/null +++ b/release-notes/5372.md @@ -0,0 +1,5 @@ +feat: [commit](https://codeberg.org/forgejo/forgejo/commit/9d3473119893ffde0ab36d98e7a0e41c5d0ba9a3) Add bin to Composer Metadata. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/f709de24039ab7e605d3e09e3b61240836381603) Fix wrong last modify time. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/2675a24649af2fff34f5c7e416d6ff78591d8d9c) Repo Activity: count new issues that were closed. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/526054332acb221e061d3900bba2dc6e012da52d) Fix incorrect /tokens api. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/0cafec4c7a2faf810953e9d522faf5dc019e1522) Do not escape relative path in RPM primary index. diff --git a/release-notes/5418.md b/release-notes/5418.md new file mode 100644 index 0000000..729f4a4 --- /dev/null +++ b/release-notes/5418.md @@ -0,0 +1,2 @@ +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/0a0a3cea1b54d9cd7c95faf9318f6c3cdf1469a9) After migrating a repository that contains merged pull requests, the branch is missing and cannot be deleted. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/14c7055494b995476d9d2ec1948784bf36dd9e4d) Forgejo Actions artifact v4 upload above 8MB. diff --git a/release-notes/5480.md b/release-notes/5480.md new file mode 100644 index 0000000..5623c0d --- /dev/null +++ b/release-notes/5480.md @@ -0,0 +1,2 @@ +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/7d3a013e5e81bbc054f4a730923e08f61814bf66) PR creation on forked repositories. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/700e9f027bce8c783b74de07b3f29e09be045fa7) the logic of finding the latest pull review commit ID is incorrect. diff --git a/release-notes/5647.md b/release-notes/5647.md new file mode 100644 index 0000000..5341a0d --- /dev/null +++ b/release-notes/5647.md @@ -0,0 +1,2 @@ +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/1913399d8176944f170d4f1c032dc37003aaafc0) Always update expiration time when creating an artifact +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/4fe311e7c0292e3ac79f8bc063f1bcacef4494f0) Update scheduled tasks even if changes are pushed by "ActionsUser" diff --git a/release-notes/5715.md b/release-notes/5715.md new file mode 100644 index 0000000..fa8a2cc --- /dev/null +++ b/release-notes/5715.md @@ -0,0 +1 @@ +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/768402c8841db5e8acc97919149ba329d5124e17) Fix disable 2fa bug diff --git a/release-notes/5718.md b/release-notes/5718.md new file mode 100644 index 0000000..f44178d --- /dev/null +++ b/release-notes/5718.md @@ -0,0 +1 @@ +Because of a missing permission check, the branch used to propose a pull request to a repository can always be deleted by the user performing the merge. It was fixed so that such a deletion is only allowed if the user performing the merge has write permission to the repository from which the pull request was made. diff --git a/release-notes/5719.md b/release-notes/5719.md new file mode 100644 index 0000000..19a7482 --- /dev/null +++ b/release-notes/5719.md @@ -0,0 +1 @@ +Forgejo generates a token which is used to authenticate web endpoints that are only meant to be used internally, for instance when the SSH daemon is used to push a commit with Git. The verification of this token was not done in constant time and was susceptible to [timing attacks](https://en.wikipedia.org/wiki/Timing_attack). A pre-condition for such an attack is the precise measurements of the time for each operation. Since it requires observing the timing of network operations, the issue is mitigated when a Forgejo instance is accessed over the internet because the ISP introduce unpredictable random delays. diff --git a/release-notes/5778.md b/release-notes/5778.md new file mode 100644 index 0000000..a3c6305 --- /dev/null +++ b/release-notes/5778.md @@ -0,0 +1,3 @@ +fix: In a Forgejo Actions workflow, the `unlabeled` event type for pull requests was incorrectly mapped to the labeled event type. +fix: When a Forgejo Actions issue or pull request workflow is triggered by an `labeled` or `unlabeled` event type, it misses information about the label added or removed. It is now available in the `label` data member of the event payload. +fix: The pull request workflow must always update the head SHA commit status. Not just when the PR is synchronized, opened or closed. Otherwise it makes it impossible to define a job to be a required check (for instance a job that is triggered when labels are modified and verifies that a given combination is present). diff --git a/release-notes/5975.md b/release-notes/5975.md new file mode 100644 index 0000000..1cab8fd --- /dev/null +++ b/release-notes/5975.md @@ -0,0 +1,8 @@ +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/177011717848d3847d1432f22c9285def2595947) it was possible to use a token sent via email for secondary email validation to reset the password instead. In other words, a token sent for a given action (registration, password reset or secondary email validation) could be used to perform a different action. It is no longer possible to use a token for an action that is different from its original purpose. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/36300be94eca5ffcd9f64fac5e761c21ba94ff57) a fork of a public repository would show in the list of forks, even if its owner was not a public user or organization. Such a fork is now hidden from the list of forks of the public repository. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/6c75d1a5045c667bf5879deef71a101abf4ce550) the members of an organization team with read access to a repository (e.g. to read issues) but no read access to the code could read the RSS or atom feeds which include the commit activity. Reading the RSS or atom feeds is now denied unless the team has read permissions on the code. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/1379914c45680d41b17b451238fed6c1813196aa) the tokens used when [replying by email to issues or pull requests](https://forgejo.org/docs/v9.0/user/incoming/) were weaker than the [rfc2104 recommendations](https://datatracker.ietf.org/doc/html/rfc2104#section-5). The tokens are now truncated to 128 bits instead of 80 bits. It is no longer possible to reply to emails sent before the upgrade because the weaker tokens are invalid. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/c8c8377acbab41083f1b92e836a9bde15e29e362) a registered user could modify the update frequency of any push mirror (e.g. every 4h instead of every 8h). They are now only able to do that if they have administrative permissions on the repository. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/42f36444098a604c5bf80cf3b904e88ef260f36e) it was possible to use basic authorization (i.e. user:password) for requests to the API even when security keys were enrolled for a user. It is no longer possible, an application token must be used instead. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/254bded75e1a3f5f6b8babcb84d99b87e83483ce) some markup sanitation rules were not as strong as they could be (e.g. allowing `emoji somethingelse` as well as `emoji`). The rules are now stricter and do not allow for such cases. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/a88e3e6ac0c75ccb08028b3f5b3523ff668a41f3) when Forgejo is configured to enable instance wide search (e.g. with [bleve](https://blevesearch.com/)), results found in the repositories of private or limited users were displayed to anonymous visitors. The results found in private or limited organizations were not displayed. The search results found in the repositories of private or limited user are no longer displayed to anonymous visitors. diff --git a/release-notes/5998.md b/release-notes/5998.md new file mode 100644 index 0000000..b1b7d56 --- /dev/null +++ b/release-notes/5998.md @@ -0,0 +1,4 @@ +fix(security): [commit](https://codeberg.org/forgejo/forgejo/commit/53c546951115d9e269a2778f90e43b0cb413eab6) Fix and refactor markdown rendering +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/6ac04b8c7dcedb9c6d994bb2a8cd37580394d9dd) Fix oauth2 error handle not return immediately +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/9f05c76b7b84f3cfafd4de22f5f18b87e4c79775) Fix nil panic if repo doesn't exist +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/8cec637d08542535d1dc9689c22943cd3ffe1c45) Disable Oauth check if oauth disabled diff --git a/release-notes/6064.md b/release-notes/6064.md new file mode 100644 index 0000000..c146c8d --- /dev/null +++ b/release-notes/6064.md @@ -0,0 +1,3 @@ +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/bf520f5184327eea9590ac5eb52d98f16af43c12) Fix GetInactiveUsers +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/1c04f8f10a7ebc02f41af3d2db6a2a4e85127441) Fix submodule parsing +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/48872d11ca920849ec174f76c0d667ca2b289aef) allow the actions user to login via the jwt token |