Revisions of forgejo
buildservice-autocommit
accepted
request 1187532
from
Richard Rahl (rrahl0)
(revision 26)
Richard Rahl (rrahl0)
(revision 26)
baserev update by copy to link target
Richard Rahl (rrahl0)
accepted
request 1187469
from
Johannes Kastl (ojkastl_buildservice)
(revision 25)
fix typo Environemnt in forgejo.service
buildservice-autocommit
accepted
request 1185732
from
Richard Rahl (rrahl0)
(revision 24)
Richard Rahl (rrahl0)
(revision 24)
baserev update by copy to link target
Richard Rahl (rrahl0)
accepted
request 1185730
from
Richard Rahl (rrahl0)
(revision 23)
- update to 7.0.5:
* Fixed: CVE-2024-24791 - GO-2024-2963 Denial of service due to improper
100-continue handling in net/http
* Fixed: authentication Source Administration page wrongfully handles the "Custom URLs Instead
of Default URLs" checkbox (missing checkbox, irrelevant fields).
* Fixed: git push to an adopted repository fails.
* Fixed: markdown doesn't render math within brackets
* Fixed: selecting the "No Project" filter in the issue/pull request list has no effect
* Fixed: error 500 when processing crafted TIFF files.
* Fixed: wrong placeholder text in the form for adding repository collaborator.
buildservice-autocommit
accepted
request 1181170
from
Richard Rahl (rrahl0)
(revision 22)
Richard Rahl (rrahl0)
(revision 22)
baserev update by copy to link target
Richard Rahl (rrahl0)
accepted
request 1181169
from
Richard Rahl (rrahl0)
(revision 21)
- update to 7.0.4:
* Fixed: CVE-2024-24789: the archive/zip package's handling of certain types
of invalid zip files differs from the behavior of most zip implementations.
This misalignment could be exploited to create an zip file with contents that
vary depending on the implementation reading the file.
* the OAuth2 implementation does not always require authentication for public
clients, a requirement of RFC 6749 Section 10.2
* forgejo migrate-storage --type actions-artifacts always fails because it picks the wrong path.
* avatar files can be found in storage while they do not exist in the database.
* repository admins are always denied the right to force merge and instance admins
are subject to restrictions to merge that must only apply to repository admins.
* non conformance with the Nix tarball fetcher immutable link protocol.
* migrated activities (such as reviews) are mapped to the user who initiated the
migration rather than the Ghost user, if the external user cannot be mapped to a
local one. This mapping mismatch leads to internal server errors in some cases.
* a v7.0.0 regression causes [admin].SEND_NOTIFICATION_EMAIL_ON_NEW_USER=true to always be ignored.
* using a subquery for user deletion is a performance bottleneck when using mariadb 10
because only mariadb 11 takes advantage of the available index.
* a v7.0.3 regression causes the expanding diffs in pull requests to fail with a 404 error.
* SourceHut Builds webhook fail when the triggers field is used.
* the label list rendering in the issue and pull request timeline is displayed on
multiple lines instead of a single one.
* Git hooks of this repository seem to be broken." warning when pushing more than one branch at a time.
* automerge does not happen when the approval count reaches the required threshold.
* the FORCE_PRIVATE=true setting is not consistently enforced.
* CSRF validation errors when OAuth is not enabled.
* headlines in rendered org-mode do not have a margin on the top
buildservice-autocommit
accepted
request 1175962
from
Richard Rahl (rrahl0)
(revision 20)
Richard Rahl (rrahl0)
(revision 20)
baserev update by copy to link target
Richard Rahl (rrahl0)
accepted
request 1175961
from
Richard Rahl (rrahl0)
(revision 19)
- update to 7.0.3:
* CVE-2024-24788: a malformed DNS message in response to a query can
cause the lookup functions to get stuck in an infinite loop
* backticks in mermaid block diagram labels are not sanitized properly
* migration of a repository from gogs fails when it is hosted at a subpath.
* when creating an OAuth2 application the redirect URLs are not enforced to
be mandatory
* the API incorrectly excludes repositories where code is not enabled
* "Allow edits from maintainers" cannot be modified via the pull request web UI
* repository activity feeds (including RSS and Atom feeds) contain
repeated activities
* uploading maven packages with metadata being uploaded separately will fail
* the mail notification sent about commits pushed to pull requests are empty
* inline emails attachments are not properly handled when commenting on an
issue via email
* the links to .zip and tar.gz on the tag list web UI fail
* expanding code diff while previewing a pull request before it is created fails
* the CLI is not able to migrate Forgejo Actions artifacts
* when adopting a repository, the default branch is not taken into account
* when using reverse proxy authentication, logout will not be taken into
account when immediately trying to login afterwards
* pushing to the master branch of a sha256 repository fails
* a very long project column name will make the action menu inaccessible
* a useless error is displayed when the title of a merged pull request is
modified
* workflow badges are not working for workflows that are not running on push
(such as scheduled workflows, and ones that run on tags and pull requests)
buildservice-autocommit
accepted
request 1171483
from
Richard Rahl (rrahl0)
(revision 18)
Richard Rahl (rrahl0)
(revision 18)
baserev update by copy to link target
Richard Rahl (rrahl0)
accepted
request 1171482
from
Richard Rahl (rrahl0)
(revision 17)
- update to 7.0.2:
* regression where subscribing to or unsubscribing from an issue in a
repository with no code produced an internal server error.
* regression makes all the refs sent in Gitea webhooks to be full refs and
might break Woodpecker CI pipelines triggered on tag (CI_COMMIT_TAG
contained the full ref). This issue has been fixed in the main branch of
Woodpecker CI as well.
* the webhook branch filter wrongly applied the match on the full ref for
branch creation and deletion (wrongly skipping events).
* toggling the WIP state of a pull request is possible from the sidebar,
but not from the footer.
* when mentioning a user, the markup post-processor does not handle the case
where the mentioned user does not exist: it tries to skip to the next node,
which in turn, ended up skipping the rest of the line.
* excessive and unnecessary database queries when a user with no repositories
is viewing their dashboard.
* duplicate status check contexts show in the branch protection settings.
* profile info fails to render german singular translation.
* inline attachments of incoming emails (as they occur for example with Apple
Mail) are not attached to comments.
buildservice-autocommit
accepted
request 1170483
from
Richard Rahl (rrahl0)
(revision 16)
Richard Rahl (rrahl0)
(revision 16)
baserev update by copy to link target
Richard Rahl (rrahl0)
accepted
request 1170482
from
Richard Rahl (rrahl0)
(revision 15)
- update to 7.0.1:
* LFS data corruption when running the forgejo doctor check --fix CLI command
or setting [cron.gc_lfs].ENABLED=true (the default is false)
* non backward compatible change in the forgejo admin user create CLI command
* error 500 because of an incorrect evaluation of the template when visiting
the LFS settings of a repository
* GET /repos/{owner}/{name} API endpoint always returns an empty string for
the object_format_name field
* fuzzy search may fail with bleve
buildservice-autocommit
accepted
request 1170088
from
Richard Rahl (rrahl0)
(revision 14)
Richard Rahl (rrahl0)
(revision 14)
baserev update by copy to link target
Richard Rahl (rrahl0)
accepted
request 1170087
from
Richard Rahl (rrahl0)
(revision 13)
- update to 7.0.0:
This is only an excerpt from the full changelog, which you can find
in your RELEASE-NOTES.md or at
https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#7-0-0
* MySQL 8.0 or PostgreSQL 12 are the minimum supported versions.
The database must be migrated before upgrading.
The requirements regarding SQLite did not change.
* The per_page parameter is no longer a synonym for limit in the
/repos/{owner}/{repo}/releases API endpoint.
* The date format of the created and last_update fields of the
/repos/{owner}/{repo}/push_mirrors and /repos/{owner}/{repo}/push_mirrors
API endpoint changed to be timestamps instead of numbers.
* Labels used by pprof endpoint have been changed
* The fogejo admin user create CLI command requires a password change
by default when creating the first user
buildservice-autocommit
accepted
request 1169377
from
Richard Rahl (rrahl0)
(revision 12)
Richard Rahl (rrahl0)
(revision 12)
baserev update by copy to link target
Richard Rahl (rrahl0)
accepted
request 1169375
from
Richard Rahl (rrahl0)
(revision 11)
update to 1.21.11-1
buildservice-autocommit
accepted
request 1165706
from
Richard Rahl (rrahl0)
(revision 10)
Richard Rahl (rrahl0)
(revision 10)
baserev update by copy to link target
Richard Rahl (rrahl0)
accepted
request 1165705
from
Richard Rahl (rrahl0)
(revision 9)
- update to 1.21.10-0:
* CVE-2023-45288 which permits an attacker to cause an HTTP/2 endpoint to
read arbitrary amounts of header data
* Fix to not remove repository avatars when the doctor runs with --fix
on the repository archives.
* Detect protected branch on branch rename.
* Don't delete inactive emails explicitly.
* Fix user interface when a review is deleted without refreshing.
* Fix paths when finding files via the web interface that were not escaped.
* Respect DEFAULT_ORG_MEMBER_VISIBLE setting when adding creator to org.
* Fix duplicate migrated milestones.
* Fix inline math blocks can't be preceeded/followed by alphanumerical
characters.
Ana Guerrero (anag+factory)
accepted
request 1164515
from
Richard Rahl (rrahl0)
(revision 8)
initialized devel package after accepting 1164515
Richard Rahl (rrahl0)
accepted
request 1164510
from
Richard Rahl (rrahl0)
(revision 7)
- increase golang dep to 1.22, to imitate the CI/CD of forgejo - revise how the apparmor package gets build + add selinux
Displaying revisions 21 - 40 of 46
