Overview Repositories Revisions Requests Users Attributes Meta

Revisions of forgejo

Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1197495 from Richard Rahl's avatar Richard Rahl (rrahl0) (revision 14) 
- update to 8.0.2:
  * Overflow for images on project cards.
  * Allow unreacting from comment popover.
  * The scope of application tokens is not verified when writing
    containers or Conan packages.
  * When a Forgejo Actions workflow includes a workflow_dispatch with
    inputs and other events (for instance push), it is silently ignored
    because of a parsing error.
  * Automerge on AGit pull requests is ignored.
  * Show lock owner instead of repo owner on LFS setting page.
  * Render plain text file if the LFS object doesn't exist.
  * Panic of ssh public key page after deletion of an auth source.
  * Add missing repository type filter parameters to pager.
  * Reverted a change from Gitea which prevented allow/reject reviews on
    merged or closed PRs. This change was not considered by the Forgejo
    UI team and there is a consensus that it feels like a regression,
    since it interferes with workflows known to be used by Forgejo users
    without providing a tangible benefit.
  * Run full PR checks on AGit push.
  * Updated translations (forwarded request 1197494 from rrahl0)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1193293 from Richard Rahl's avatar Richard Rahl (rrahl0) (revision 13) 
- update to 8.0.1:
  * A change introduced in Forgejo v1.21 allows a Forgejo user with write
    permission on a repository description to inject a client-side script into
    the web page viewed by the visitor. This XSS allows for href in anchor
    elements to be set to a javascript: URI in the repository description,
    which will execute the specified script upon clicking (and not upon
    loading). AllowStandardURLs is now called for the repository description
    policy, which ensures that URIs in anchor elements are mailto:, http:// 
    or https:// and thereby disallowing the javascript: URI.
  * Do not include trailing EOL character when counting lines
  * Add background to reactions on hover
  * Prevent uppercase in header of dashboard context selector
  * Fix page layout in admin settings
  * Ensure all filters are persistent in issue filters
  * Allow 4 charachter SHA in /src/commit
- update to 8.0.0:
  full changelog at https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#8-0-0
  Highlights:
    * remove Microsoft SQL Server support
    * introduce a branch/tag dropdown in the code search page
    * added support for fuzzy searching in /user/repo/issues and /user/repo/pulls
    * API endpoints for managing tag protection.
    * add Reviewed-on and Reviewed-by variables to the merge template
    * display an error when an issue comment is edited simultaneously by
      two users instead of silently overriding one of them
    * when installing Forgejo through the built-in installer, open
      (self-) registration is now disabled by default
    * add support for the reddit and Hubspot OAuth providers.
    * CERT management was improved when ENABLE_ACME=true
    * language detection in the repository got additional languages (forwarded request 1193292 from rrahl0)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1181170 from Richard Rahl's avatar Richard Rahl (rrahl0) (revision 8) 
- update to 7.0.4:
  * Fixed: CVE-2024-24789: the archive/zip package's handling of certain types
    of invalid zip files differs from the behavior of most zip implementations.
    This misalignment could be exploited to create an zip file with contents that
    vary depending on the implementation reading the file.
  * the OAuth2 implementation does not always require authentication for public
    clients, a requirement of RFC 6749 Section 10.2
  * forgejo migrate-storage --type actions-artifacts always fails because it picks the wrong path.
  * avatar files can be found in storage while they do not exist in the database.
  * repository admins are always denied the right to force merge and instance admins
    are subject to restrictions to merge that must only apply to repository admins.
  * non conformance with the Nix tarball fetcher immutable link protocol.
  * migrated activities (such as reviews) are mapped to the user who initiated the
    migration rather than the Ghost user, if the external user cannot be mapped to a
    local one. This mapping mismatch leads to internal server errors in some cases.
  *  a v7.0.0 regression causes [admin].SEND_NOTIFICATION_EMAIL_ON_NEW_USER=true to always be ignored.
  * using a subquery for user deletion is a performance bottleneck when using mariadb 10
    because only mariadb 11 takes advantage of the available index.
  * a v7.0.3 regression causes the expanding diffs in pull requests to fail with a 404 error.
  * SourceHut Builds webhook fail when the triggers field is used.
  * the label list rendering in the issue and pull request timeline is displayed on
    multiple lines instead of a single one.
  * Git hooks of this repository seem to be broken." warning when pushing more than one branch at a time.
  * automerge does not happen when the approval count reaches the required threshold.
  * the FORCE_PRIVATE=true setting is not consistently enforced.
  * CSRF validation errors when OAuth is not enabled.
  * headlines in rendered org-mode do not have a margin on the top (forwarded request 1181169 from rrahl0)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1171483 from Richard Rahl's avatar Richard Rahl (rrahl0) (revision 6) 
- update to 7.0.2:
  * regression where subscribing to or unsubscribing from an issue in a
    repository with no code produced an internal server error.
  * regression makes all the refs sent in Gitea webhooks to be full refs and
    might break Woodpecker CI pipelines triggered on tag (CI_COMMIT_TAG
    contained the full ref). This issue has been fixed in the main branch of
    Woodpecker CI as well.
  *  the webhook branch filter wrongly applied the match on the full ref for
     branch creation and deletion (wrongly skipping events).
  * toggling the WIP state of a pull request is possible from the sidebar,
    but not from the footer.
  * when mentioning a user, the markup post-processor does not handle the case
    where the mentioned user does not exist: it tries to skip to the next node,
    which in turn, ended up skipping the rest of the line.
  * excessive and unnecessary database queries when a user with no repositories
    is viewing their dashboard.
  * duplicate status check contexts show in the branch protection settings.
  * profile info fails to render german singular translation.
  * inline attachments of incoming emails (as they occur for example with Apple
    Mail) are not attached to comments. (forwarded request 1171482 from rrahl0)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1170483 from Richard Rahl's avatar Richard Rahl (rrahl0) (revision 5) 
Forwarded request #1170482 from rrahl0

- update to 7.0.1:
  * LFS data corruption when running the forgejo doctor check --fix CLI command
    or setting [cron.gc_lfs].ENABLED=true (the default is false)
  * non backward compatible change in the forgejo admin user create CLI command
  * error 500 because of an incorrect evaluation of the template when visiting
    the LFS settings of a repository
  * GET /repos/{owner}/{name} API endpoint always returns an empty string for
    the object_format_name field
  * fuzzy search may fail with bleve
Displaying all 15 revisions
openSUSE Build Service is sponsored by
Places