Overview

Request 1193293 accepted

- update to 8.0.1:
* A change introduced in Forgejo v1.21 allows a Forgejo user with write
permission on a repository description to inject a client-side script into
the web page viewed by the visitor. This XSS allows for href in anchor
elements to be set to a javascript: URI in the repository description,
which will execute the specified script upon clicking (and not upon
loading). AllowStandardURLs is now called for the repository description
policy, which ensures that URIs in anchor elements are mailto:, http://
or https:// and thereby disallowing the javascript: URI.
* Do not include trailing EOL character when counting lines
* Add background to reactions on hover
* Prevent uppercase in header of dashboard context selector
* Fix page layout in admin settings
* Ensure all filters are persistent in issue filters
* Allow 4 charachter SHA in /src/commit
- update to 8.0.0:
full changelog at https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#8-0-0
Highlights:
* remove Microsoft SQL Server support
* introduce a branch/tag dropdown in the code search page
* added support for fuzzy searching in /user/repo/issues and /user/repo/pulls
* API endpoints for managing tag protection.
* add Reviewed-on and Reviewed-by variables to the merge template
* display an error when an issue comment is edited simultaneously by
two users instead of silently overriding one of them
* when installing Forgejo through the built-in installer, open
(self-) registration is now disabled by default
* add support for the reddit and Hubspot OAuth providers.
* CERT management was improved when ENABLE_ACME=true
* language detection in the repository got additional languages (forwarded request 1193292 from rrahl0)

Loading...
Request History
Richard Rahl's avatar

rrahl0 created request

- update to 8.0.1:
* A change introduced in Forgejo v1.21 allows a Forgejo user with write
permission on a repository description to inject a client-side script into
the web page viewed by the visitor. This XSS allows for href in anchor
elements to be set to a javascript: URI in the repository description,
which will execute the specified script upon clicking (and not upon
loading). AllowStandardURLs is now called for the repository description
policy, which ensures that URIs in anchor elements are mailto:, http://
or https:// and thereby disallowing the javascript: URI.
* Do not include trailing EOL character when counting lines
* Add background to reactions on hover
* Prevent uppercase in header of dashboard context selector
* Fix page layout in admin settings
* Ensure all filters are persistent in issue filters
* Allow 4 charachter SHA in /src/commit
- update to 8.0.0:
full changelog at https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#8-0-0
Highlights:
* remove Microsoft SQL Server support
* introduce a branch/tag dropdown in the code search page
* added support for fuzzy searching in /user/repo/issues and /user/repo/pulls
* API endpoints for managing tag protection.
* add Reviewed-on and Reviewed-by variables to the merge template
* display an error when an issue comment is edited simultaneously by
two users instead of silently overriding one of them
* when installing Forgejo through the built-in installer, open
(self-) registration is now disabled by default
* add support for the reddit and Hubspot OAuth providers.
* CERT management was improved when ENABLE_ACME=true
* language detection in the repository got additional languages (forwarded request 1193292 from rrahl0)


Factory Auto's avatar

factory-auto added opensuse-review-team as a reviewer

Please review sources


Factory Auto's avatar

factory-auto accepted review

Check script succeeded


Staging Bot's avatar

staging-bot added openSUSE:Factory:Staging:adi:27 as a reviewer

Being evaluated by staging project "openSUSE:Factory:Staging:adi:27"


Staging Bot's avatar

staging-bot accepted review

Picked "openSUSE:Factory:Staging:adi:27"


Saul Goodman's avatar

licensedigger accepted review

The legal review is accepted preliminary. The package may require actions later on.


Dominique Leuenberger's avatar

dimstar accepted review


Dominique Leuenberger's avatar

dimstar_suse accepted review

Staging Project openSUSE:Factory:Staging:adi:27 got accepted.


Dominique Leuenberger's avatar

dimstar_suse approved review

Staging Project openSUSE:Factory:Staging:adi:27 got accepted.


Dominique Leuenberger's avatar

dimstar_suse accepted request

Staging Project openSUSE:Factory:Staging:adi:27 got accepted.

openSUSE Build Service is sponsored by