* SECURITY

  * Check that repositories can only be migrated to own user or organizations (#4366) (#4370)
  * Limit uploaded avatar image-size to 4096px x 3072px by default (#4353)
  * Do not allow to reuse TOTP passcode (#3878)
* BUGFIXES
  * Fix column droping for MSSQL that need new transaction for that (#4440) (#4484)
  * Redirect to correct page after using scratch token (#4458) (#4472)
  * Replace src with raw to fix image paths (#4377) (#4386)
  * Fixes repo membership check in API (#4341) (#4379)
  * Add default merge options when adding new repository (#4369) (#4373)
  * Fix repository last updated time update when delete a user who watched the repo (#4363) (#4371)
  * Fix html entity escaping in branch deletion message (#4471) (#4485)
  * Fix out-of-transaction query in removeOrgUser (#4521) (#4524)
  * Fix incorrect MergeWhitelistTeamIDs check in CanUserMerge function (#4519)
  * Fix panic issue on update avatar email (#4580) (#4590)
  * Fix bugs when too many IN variables (#4594) (#4597)
  * Push whitelist now doesn't apply to branch deletion (#4601) (#4640)
  * Site admin could create repos even MAX_CREATION_LIMIT=0 (#4645) (#4650)
* FEATURE
  * Add cli commands to regen hooks & keys (#3979)
  * Add support for FIDO U2F (#3971)
  * Added user language setting (#3875)
  * LDAP Public SSH Keys synchronization (#1844)
  * Add topic support (#3711)
  * Multiple assignees (#3705)
  * Add protected branch whitelists for merging (#3689)
  * Global code search support (#3664)
  * Add label descriptions (#3662)
  * Add issue search via API (#3612)
  * Add repository setting to enable/disable health checks (#3607)
  * Emoji Autocomplete (#3433)
  * Implements generator cli for secrets (#3531)
* ENHANCEMENT
  * Add more webhooks support and refactor webhook templates directory (#3929)
  * Add new option to allow only OAuth2/OpenID user registration (#3910)
  * Add option to use paged LDAP search when synchronizing users (#3895)
  * Symlink icons (#1416)
  * Improve release page UI (#3693)
  * Add admin dashboard option to run health checks (#3606)
  * Add branch link in branch list (#3576)
  * Reduce sql query times in retrieveFeeds (#3547)
  * Option to enable or disable swagger endpoints (#3502)
  * Add missing licenses (#3497)
  * Reduce repo indexer disk usage (#3452)
  * Enable caching on assets and avatars (#3376)
  * Add repository search ordered by stars/forks. Forks column in admin repo list (#3969)
  * Add Environment Variables to Docker template (#4012)
  * LFS: make HTTP auth period configurable (#4035)
  * Add config path as an optionial flag when changing pass via CLI (#4184)
  * Refactor User Settings sections (#3900)
  * Allow square brackets in external issue patterns (#3408)
  * Add Attachment API (#3478)
  * Add EnableTimetracking option to app settings (#3719)
  * Add config option to enable or disable log executed SQL (#3726)
  * Shows total tracked time in issue and milestone list (#3341)
* TRANSLATION
  * Improve English grammar and consistency (#3614)
* DEPLOYMENT
  * Allow Gitea to run as different USER in Docker (#3961)
  * Provide compressed release binaries (#3991)
  * Sign release binaries (#4188)
-----BEGIN PGP SIGNATURE-----

iQEzBAABCAAdFiEEjEAzojiVI3yyfVLZ2bVhO+uBP5kFAltty3sACgkQ2bVhO+uB
P5lZIwgAvW+dYBRsiH3+kxcVdDSs1zWIUWuyGxrD2BIUj+6JGmrm5qXu8TWwDt/l
AubVhcXmjzAmEnzr+j1L/nr4jth1KCm24NINtQxyU3wEzrYVrwhG+h3SnQ7Z6K6W
Swtn092NT/pf5xivMC0wo9C1FKKPGgb/n9OiC8Llzhy4nur8J9lDqQHDzRv8+M2/
4P//d/wV3SPprjnjcPJcbSQ/SZgWUUMpy1E+/ZzXVTy3mR8XDMdZHxdMz0x5q6K8
ZP8LeMpRjCW04EfIPci/XGxJQtvLF/TAIBqkFinFtEsjT3upBDtOjN7+hWTGodDw
HrMPq3DoTRpe3oXGVDs44Tg0YwWXgQ==
=0EJ4
-----END PGP SIGNATURE-----