Overview
Request 1193293 accepted
- update to 8.0.1:
* A change introduced in Forgejo v1.21 allows a Forgejo user with write
permission on a repository description to inject a client-side script into
the web page viewed by the visitor. This XSS allows for href in anchor
elements to be set to a javascript: URI in the repository description,
which will execute the specified script upon clicking (and not upon
loading). AllowStandardURLs is now called for the repository description
policy, which ensures that URIs in anchor elements are mailto:, http://
or https:// and thereby disallowing the javascript: URI.
* Do not include trailing EOL character when counting lines
* Add background to reactions on hover
* Prevent uppercase in header of dashboard context selector
* Fix page layout in admin settings
* Ensure all filters are persistent in issue filters
* Allow 4 charachter SHA in /src/commit
- update to 8.0.0:
full changelog at https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#8-0-0
Highlights:
* remove Microsoft SQL Server support
* introduce a branch/tag dropdown in the code search page
* added support for fuzzy searching in /user/repo/issues and /user/repo/pulls
* API endpoints for managing tag protection.
* add Reviewed-on and Reviewed-by variables to the merge template
* display an error when an issue comment is edited simultaneously by
two users instead of silently overriding one of them
* when installing Forgejo through the built-in installer, open
(self-) registration is now disabled by default
* add support for the reddit and Hubspot OAuth providers.
* CERT management was improved when ENABLE_ACME=true
* language detection in the repository got additional languages (forwarded request 1193292 from rrahl0)
Request History
rrahl0 created request
- update to 8.0.1:
* A change introduced in Forgejo v1.21 allows a Forgejo user with write
permission on a repository description to inject a client-side script into
the web page viewed by the visitor. This XSS allows for href in anchor
elements to be set to a javascript: URI in the repository description,
which will execute the specified script upon clicking (and not upon
loading). AllowStandardURLs is now called for the repository description
policy, which ensures that URIs in anchor elements are mailto:, http://
or https:// and thereby disallowing the javascript: URI.
* Do not include trailing EOL character when counting lines
* Add background to reactions on hover
* Prevent uppercase in header of dashboard context selector
* Fix page layout in admin settings
* Ensure all filters are persistent in issue filters
* Allow 4 charachter SHA in /src/commit
- update to 8.0.0:
full changelog at https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#8-0-0
Highlights:
* remove Microsoft SQL Server support
* introduce a branch/tag dropdown in the code search page
* added support for fuzzy searching in /user/repo/issues and /user/repo/pulls
* API endpoints for managing tag protection.
* add Reviewed-on and Reviewed-by variables to the merge template
* display an error when an issue comment is edited simultaneously by
two users instead of silently overriding one of them
* when installing Forgejo through the built-in installer, open
(self-) registration is now disabled by default
* add support for the reddit and Hubspot OAuth providers.
* CERT management was improved when ENABLE_ACME=true
* language detection in the repository got additional languages (forwarded request 1193292 from rrahl0)
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
staging-bot added openSUSE:Factory:Staging:adi:27 as a reviewer
Being evaluated by staging project "openSUSE:Factory:Staging:adi:27"
staging-bot accepted review
Picked "openSUSE:Factory:Staging:adi:27"
licensedigger accepted review
The legal review is accepted preliminary. The package may require actions later on.
dimstar accepted review
dimstar_suse accepted review
Staging Project openSUSE:Factory:Staging:adi:27 got accepted.
dimstar_suse approved review
Staging Project openSUSE:Factory:Staging:adi:27 got accepted.
dimstar_suse accepted request
Staging Project openSUSE:Factory:Staging:adi:27 got accepted.