Changes since 1.16.8:
SECURITY
* Add write check for creating Commit status (#20332) (#20334)
* Check for permission when fetching user controlled issues (#20133) (#20196)
BUGFIXES
* Hide notify mail setting ui if not enabled (#20138) (#20337)
* Add write check for creating Commit status (#20332) (#20334)
* Only show Followers that current user can access (#20220) (#20253)
* Release page show all tags in compare dropdown (#20070) (#20071)
* Fix permission check for delete tag (#19985) (#20001)
* Only log non ErrNotExist errors in git.GetNote (#19884) (#19905)
* Use exact search instead of fuzzy search for branch filter dropdown (#19885) (#19893)
* Set Setpgid on child git processes (#19865) (#19881)
* Import git from alpine 3.16 repository as 2.30.4 is needed for safe.directory = '*' to work but alpine 3.13 has 2.30.3 (#19876)
* Ensure responses are context.ResponseWriters (#19843) (#19859)
* Fix incorrect usage of Count function (#19850)
* Fix raw endpoint PDF file headers (#19825) (#19826)
* Make WIP prefixes case insensitive, e.g. allow Draft as a WIP prefix (#19780) (#19811)
* Don’t return 500 on NotificationUnreadCount (#19802)
* Prevent NPE when cache service is disabled (#19703) (#19783)
* Detect truncated utf-8 characters at the end of content as still representing utf-8 (#19773) (#19774)
* Fix doctor pq: syntax error at or near “.” quote user table name (#19765) (#19770)
* Fix bug with assigneees (#19757)
This is a security update:
* CVE-2022-30781
* CVE-2022-27313
* and more security issues fixed but without CVEs - see below
XXX pull-up to pkgsrc-2022Q1
Tested on NetBSD/amd64.
Changes in 1.16.8:
ENHANCEMENTS
* Add doctor check/fix for bogus action rows (#19656) (#19669)
* Make .cs highlighting legible on dark themes (#19604) (#19605)
BUGFIXES
* Fix oauth setting list bug (#19681)
* Delete user related oauth stuff on user deletion too (#19677) (#19680)
* Fix new release from tags list UI (#19670) (#19673)
* Prevent NPE when checking repo units if the user is nil (#19625) (#19630)
* GetFeeds must always discard actions with dangling repo_id (#19598) (#19629)
* Call MultipartForm.RemoveAll when request finishes (#19606) (#19607)
* Avoid MoreThanOne error when creating a branch whose name conflicts with other ref names (#19557) (#19591)
* Fix sending empty notifications (#19589) (#19590)
* Ignore DNS error when doing migration allow/block check (#19566) (#19567)
* Fix issue overview for teams (#19652) (#19653)
Changes in 1.16.7:
SECURITY
* Escape git fetch remote (#19487) (#19490) CVE-2022-30781
BUGFIXES
* Don't overwrite err with nil (#19572) (#19574)
* On Migrations, only write commit-graph if wiki clone was successful (#19563) (#19568)
* Respect DefaultUserIsRestricted system default when creating new user (#19310) (#19560)
* Don't error when branch's commit doesn't exist (#19547) (#19548)
* Support hostname:port to pass host matcher's check (#19543) (#19544)
* Prevent intermittent race in attribute reader close (#19537) (#19539)
* Fix 64-bit atomic operations on 32-bit machines (#19531) (#19532)
* Prevent dangling archiver goroutine (#19516) (#19526)
* Fix migrate release from github (#19510) (#19523)
* When view _Siderbar or _Footer, just display once (#19501) (#19522)
* Fix blame page select range error and some typos (#19503)
* Fix name of doctor fix "authorized-keys" in hints (#19464) (#19484)
* User specific repoID or xorm builder conditions for issue search (#19475) (#19476)
* Prevent dangling cat-file calls (goroutine alternative) (#19454) (#19466)
* RepoAssignment ensure to close before overwrite (#19449) (#19460)
* Set correct PR status on 3way on conflict checking (#19457) (#19458)
* Mark TemplateLoading error as "UnprocessableEntity" (#19445) (#19446)
Changes in 1.16.6:
ENHANCEMENTS
* Only request write when necessary (#18657) (#19422)
* Disable service worker by default (#18914) (#19342)
BUGFIXES
* When dumping trim the standard suffices instead of a random suffix (#19440) (#19447)
* Fix DELETE request for non-existent public key (#19443) (#19444)
* Don't panic on ErrEmailInvalid (#19441) (#19442)
* Add uploadpack.allowAnySHA1InWant to allow --filter=blob:none with older git clients (#19430) (#19438)
* Warn on SSH connection for incorrect configuration (#19317) (#19437)
* Search Issues via API, dont show 500 if filter result in empty list (#19244) (#19436)
* When updating mirror repo intervals by API reschedule next update too (#19429) (#19433)
* Fix nil error when some pages are rendered outside request context (#19427) (#19428)
* Fix double blob-hunk on diff page (#19404) (#19405)
* Don't allow merging PR's which are being conflict checked (#19357) (#19358)
* Fix middleware function's placements (#19377) (#19378)
* Fix invalid CSRF token bug, make sure CSRF tokens can be up-to-date (#19338)
* Restore user autoregistration with email addresses (#19261) (#19312)
* Move checks for pulls before merge into own function (#19271) (#19277)
* Granular webhook events in editHook (#19251) (#19257)
* Only send webhook events to active system webhooks and only deliver to active hooks (#19234) (#19248)
* Use full output of git show-ref --tags to get tags for PushUpdateAddTag (#19235) (#19236)
* Touch mirrors on even on fail to update (#19217) (#19233)
* Hide sensitive content on admin panel progress monitor (#19218 & #19226) (#19231)
* Fix clone url JS error for the empty repo page (#19209)
* Bump goldmark to v1.4.11 (#19201) (#19203)
TESTING
* Prevent intermittent failures in RepoIndexerTest (#19225#19229) (#19228)
BUILD
* Revert the minimal golang version requirement from 1.17 to 1.16 and add a warning in Makefile (#19319)
MISC
* Performance improvement for add team user when org has more than 1000 repositories (#19227) (#19289)
* Check go and nodejs version by go.mod and package.json (#19197) (#19254)
Changes in 1.16.5:
BREAKING
* Bump to build with go1.18 (#19120 et al) (#19127)
SECURITY
* Prevent redirect to Host (2) (#19175) (#19186)
* Try to prevent autolinking of displaynames by email readers (#19169) (#19183)
* Clean paths when looking in Storage (#19124) (#19179)
* Do not send notification emails to inactive users (#19131) (#19139)
* Do not send activation email if manual confirm is set (#19119) (#19122)
ENHANCEMENTS
* Use the new/choose link for New Issue on project page (#19172) (#19176)
BUGFIXES
* Fix showing issues in your repositories (#18916) (#19191)
* Fix compare link in active feeds for new branch (#19149) (#19185)
* Redirect .wiki/* ui link to /wiki (#18831) (#19184)
* Ensure deploy keys with write access can push (#19010) (#19182)
* Ensure that setting.LocalURL always has a trailing slash (#19171) (#19177)
* Cleanup protected branches when deleting users & teams (#19158) (#19174)
* Use IterateBufferSize whilst querying repositories during adoption check (#19140) (#19160)
* Fix NPE /repos/issues/search when not signed in (#19154) (#19155)
* Use custom favicon when viewing static files if it exists (#19130) (#19152)
* Fix the editor height in review box (#19003) (#19147)
* Ensure isSSH is set whenever DISABLE_HTTP_GIT is set (#19028) (#19146)
* Fix wrong scopes caused by empty scope input (#19029) (#19145)
* Make migrations SKIP_TLS_VERIFY apply to git too (#19132) (#19141)
* Handle email address not exist (#19089) (#19121)
MISC
* Update json-iterator to allow compilation with go1.18 (#18644) (#19100)
* Update golang.org/x/crypto (#19097) (#19098)
Changes in 1.16.4:
SECURITY
* Restrict email address validation (#17688) (#19085)
* Fix lfs bug (#19072) (#19080)
ENHANCEMENTS
* Improve SyncMirrors logging (#19045) (#19050)
BUGFIXES
* Refactor mirror code & fix StartToMirror (#18904) (#19075)
* Update the webauthn_credential_id_sequence in Postgres (#19048) (#19060)
* Prevent 500 when there is an error during new auth source post (#19041) (#19059)
* If rendering has failed due to a net.OpError stop rendering (attempt 2) (#19049) (#19056)
* Fix flag validation (#19046) (#19051)
* Add pam account authorization check (#19040) (#19047)
* Ignore missing comment for user notifications (#18954) (#19043)
* Set rel="nofollow noindex" on new issue links (#19023) (#19042)
* Upgrading binding package (#19034) (#19035)
* Don't show context cancelled errors in attribute reader (#19006) (#19027)
* Fix update hint bug (#18996) (#19002)
MISC
* Fix potential assignee query for repo (#18994) (#18999)
Changes in 1.16.3:
SECURITY
* Git backend ignore replace objects (#18979) (#18980) CVE-2022-27313
ENHANCEMENTS
* Adjust error for already locked db and prevent level db lock on malformed connstr (#18923) (#18938)
BUGFIXES
* Set max text height to prevent overflow (#18862) (#18977)
* Fix newAttachmentPaths deletion for DeleteRepository() (#18973) (#18974)
* Accounts with WebAuthn only (no TOTP) now exist ... fix code to handle that case (#18897) (#18964)
* Send 404 on /{org}.gpg (#18959) (#18962)
* Fix admin user list pagination (#18957) (#18960)
* Fix lfs management setting (#18947) (#18946)
* Fix login with email panic when email is not exist (#18942)
* Update go-org to v1.6.1 (#18932) (#18933)
* Fix <strong> html in translation (#18929) (#18931)
* Fix page and missing return on unadopted repos API (#18848) (#18927)
* Allow adminstrator teams members to see other teams (#18918) (#18919)
* Don't treat BOM escape sequence as hidden character. (#18909) (#18910)
* Correctly link URLs to users/repos with dashes, dots or underscores (⊠(#18908)
* Fix redirect when using lowercase repo name (#18775) (#18902)
* Fix migration v210 (#18893) (#18892)
* Fix team management UI (#18887) (18886)
* BeforeSourcePath should point to base commit (#18880) (#18799)
TRANSLATION
* Backport locales from master (#18944)
MISC
* Don't update email for organisation (#18905) (#18906)
Changes in 1.16.2:
ENHANCEMENTS
* Show fullname on issue edits and gpg/ssh signing info (#18828)
* Immediately Hammer if second kill is sent (#18823) (#18826)
* Allow mermaid render error to wrap (#18791)
BUGFIXES
* Fix ldap user sync missed email in email_address table (#18786) (#18876)
* Update assignees check to include any writing team and change org sidebar (#18680) (#18873)
* Don't report signal: killed errors in serviceRPC (#18850) (#18865)
* Fix bug where certain LDAP settings were reverted (#18859)
* Update go-org to 1.6.0 (#18824) (#18839)
* Fix login with email for ldap users (#18800) (#18836)
* Fix bug for get user by email (#18834)
* Fix panic in EscapeReader (#18820) (#18821)
* Fix ldap loginname (#18789) (#18804)
* Remove redundant call to UpdateRepoStats during migration (#18591) (#18794)
* In disk_channel queues synchronously push to disk on shutdown (#18415) (#18788)
* Fix template bug of LFS lock (#18784) (#18787)
* Attempt to fix the webauthn migration again - part 3 (#18770) (#18771)
* Send mail to issue/pr assignee/reviewer also when OnMention is set (#18707) (#18765)
* Fix a broken link in commits_list_small.tmpl (#18763) (#18764)
* Increase the size of the webauthn_credential credential_id field (#18739) (#18756)
* Prevent dangling GetAttribute calls (#18754) (#18755)
* Fix isempty detection of git repository (#18746) (#18750)
* Fix source code line highlighting on external tracker (#18729) (#18740)
* Prevent double encoding of branch names in delete branch (#18714) (#18738)
* Always set PullRequestWorkInProgressPrefixes in PrepareViewPullInfo (#18713) (#18737)
* Fix forked repositories missed tags (#18719) (#18735)
* Fix release typo (#18728) (#18731)
* Separate the details links of commit-statuses in headers (#18661) (#18730)
* Update object repo with the migrated repository (#18684) (#18726)
* Fix bug for version update hint (#18701) (#18705)
* Fix issue with docker-rootless shimming script (#18690) (#18699)
* Let MinUnitAccessMode return correct perm (#18675) (#18689)
* Prevent security failure due to bad APP_ID (#18678) (#18682)
* Restart zero worker if there is still work to do (#18658) (#18672)
* If rendering has failed due to a net.OpError stop rendering (#18642) (#18645)
TESTING
* Ensure git tag tests and others create test repos in tmpdir (#18447) (#18767)
BUILD
* Reduce CI go module downloads, add make targets (#18708, #18475, #18443) (#18741)
MISC
* Put buttons back in org dashboard (#18817) (#18825)
* Various Mermaid improvements (#18776) (#18780)
* C preprocessor colors improvement (#18671) (#18696)
* Fix the missing i18n key for update checker (#18646) (#18665)
This sets the working directory to / before issuing commands to Gitea.
Fix from the pgsql script; it addresses the following issue when
managing Gitea:
# /etc/rc.d/gitea restart
Stopping gitea.
sh: Cannot determine current working directory
Starting gitea.
sh: Cannot determine current working directory
(and then Gitea not starting again)
Bumps PKGREVISION.
During freeze, but leaf package AFAICT.
Tested on NetBSD/amd64.
Changing the the maintainership and providing latest version including frontend.
Changes since 1.13.4:
* SECURITY
* Update JS dependencies, fix lint (#18389) (#18540)
* ENHANCEMENTS
* Add dropdown icon to label set template dropdown (#18564) (#18571)
* BUGFIXES
* comments on migrated issues/prs must link to the comment ID (#18630) (#18637)
* Stop logging an error when notes are not found (#18626) (#18635)
* Ensure that blob-excerpt links work for wiki (#18587) (#18624)
* Only attempt to flush queue if the underlying worker pool is not finished (#18593) (#18620)
* Ensure commit-statuses box is sized correctly in headers (#18538) (#18606)
* Prevent merge messages from being sorted to the top of email chains (#18566) (#18588)
* Prevent panic on prohibited user login with oauth2 (#18562) (#18563)
* Collaborator trust model should trust collaborators (#18539) (#18557)
* Detect conflicts with 3way merge (#18536) (#18537)
* In docker rootless use $GITEA_APP_INI if provided (#18524) (#18535)
* Add `GetUserTeams` (#18499) (#18531)
* Fix review excerpt (#18502) (#18530)
* Fix for AvatarURL database type (#18487) (#18529)
* Use `ImagedProvider` for gplus oauth2 provider (#18504) (#18505)
* Fix OAuth Source Edit Page (#18495) (#18503)
* Use "read" value for General Access (#18496) (#18500)
* Prevent NPE on partial match of compare URL and allow short SHA1 compare URLs (#18472) (#18473)
* BUILD
* Make docker gitea/gitea:v1.16-dev etc refer to the latest build on that branch (#18551) (#18569)
* DOCS
* Update 1.16.0 changelog to set #17846 as breaking (#18533) (#18534)
* BREAKING
* Remove golang vendored directory (#18277)
* Paginate releases page & set default page size to 10 (#16857)
* Use shadowing script for docker (#17846)
* Only allow webhook to send requests to allowed hosts (#17482)
* SECURITY
* Disable content sniffing on `PlainTextBytes` (#18359) (#18365)
* Only view milestones from current repo (#18414) (#18417)
* Sanitize user-input on file name (#17666)
* Use `hostmatcher` to replace `matchlist` to improve blocking of bad hosts in Webhooks (#17605)
* FEATURES
* Add/update SMTP auth providers via cli (#18197)
* Support webauthn (#17957)
* Team permission allow different unit has different permission (#17811)
* Implement Well-Known URL for password change (#17777)
* Add support for ssh commit signing (#17743)
* Allow Loading of Diffs that are too large (#17739)
* Add copy button to markdown code blocks (#17638)
* Add .gitattribute assisted language detection to blame, diff and render (#17590)
* Add `PULL_LIMIT` and `PUSH_LIMIT` to cron.update_mirror task (#17568)
* Add Reindex buttons to repository settings page (#17494)
* Make SSL cipher suite configurable (#17440)
* Add groups scope/claim to OIDC/OAuth2 Provider (#17367)
* Add simple update checker to Gitea (#17212)
* Migrated Repository will show modifications when possible (#17191)
* Create pub/priv keypair for federation (#17071)
* Make LDAP be able to skip local 2FA (#16954)
* Add nodeinfo endpoint for federation purposes (#16953)
* Save and view issue/comment content history (#16909)
* Use git attributes to determine generated and vendored status for language stats and diffs (#16773)
* Add migrate from Codebase (#16768)
* Add migration from GitBucket (#16767)
* Add OAuth2 introspection endpoint (#16752)
* Add proxy settings and support for migration and webhook (#16704)
* Add microsoft oauth2 providers (#16544)
* Send registration email on user autoregistration (#16523)
* Defer Last Commit Info (#16467)
* Support unprotected file patterns (#16395)
* Add migrate from OneDev (#16356)
* Add option to update pull request by `rebase` (#16125)
* Add RSS/Atom feed support for user actions (#16002)
* Add support for corporate WeChat webhooks (#15910)
* Add a simple way to rename branch like gh (#15870)
* Add bundle download for repository (#14538)
* Add agit flow support in gitea (#14295)
* API
* Add MirrorUpdated field to Repository API type (#18267)
* Adjust Fork API to allow setting a custom repository name (#18066)
* Add API to manage repo tranfers (#17963)
* Add API to get file commit history (#17652)
* Add API to get issue/pull comments and events (timeline) (#17403)
* Add API to get/edit wiki (#17278)
* Add API for get user org permissions (#17232)
* Add HTML urls to notification API (#17178)
* Add API to get commit diff/patch (#17095)
* Respond with updated notifications in API (#17064)
* Add API to fetch git notes (#16649)
* Generalize list header for API (#16551)
* Add API Token Cache (#16547)
* Allow Token API calls be authorized using the reverse-proxy header (#15119)
* ENHANCEMENTS
* Make the height of the editor in Review Box smaller (4 lines as GitHub) (#18319)
* Return nicer error if trying to pull from non-existent user (#18288)
* Show pull link for agit pull request also (#18235)
* Enable partial clone by default (#18195)
* Added replay of webhooks (#18191)
* Show OAuth callback error message (#18185)
* Increase Salt randomness (#18179)
* Add MP4 as default allowed attachment type (#18170)
* Include folders into size cost (#18158)
* Remove `/email2user` endpoint (#18127)
* Handle invalid issues (#18111)
* Load EasyMDE/CodeMirror dynamically, remove RequireEasyMDE (#18069)
* Support open compare page directly (#17975)
* Prefer "Hiragino Kaku Gothic ProN" in system-ui-ja (#17954)
* Clean legacy SimpleMDE code (#17926)
* Refactor install page (db type) (#17919)
* Improve interface when comparing a branch which has created a pull request (#17911)
* Allow default branch to be inferred on compare page (#17908)
* Display issue/comment role even if repo archived (#17907)
* Always set a message-id on mails (#17900)
* Change `<a>` elements to underline on hover (#17898)
* Render issue references in file table (#17897)
* Handle relative unix socket paths (#17836)
* Move accessmode into models/perm (#17828)
* Fix some org style problems (#17807)
* Add List-Unsubscribe header (#17804)
* Create menus for organization pages (#17802)
* Switch archive URL code back to href attributes (#17796)
* Refactor "refs/*" string usage by using constants (#17784)
* Allow forks to org if you can create repos (#17783)
* Improve install code to avoid low-level mistakes. (#17779)
* Improve ellipsis buttons (#17773)
* Add restrict and no-user-rc to authorized_keys (#17772)
* Add copy Commit ID button in commits list (#17759)
* Make `bind` error more readable (#17750)
* Fix navbar on project view (#17749)
* More pleasantly handle broken or missing git repositories (#17747)
* Use `*PushUpdateOptions` as receiver (#17724)
* Remove unused `user` paramater (#17723)
* Better builtin avatar generator (#17707)
* Cleanup and use global style on popups (#17674)
* Move user/org deletion to services (#17673)
* Added comment for changing issue ref (#17672)
* Allow admins to change user avatars (#17661)
* Only set `data-path` once for each file in diff pages (#17657)
* Add icon to vscode clone link (#17641)
* Add download button for file viewer (#17640)
* Add pagination to fork list (#17639)
* Use a standalone struct name for Organization (#17632)
* Minor readability patch. (#17627)
* Add context support for GetUserByID (#17602)
* Move merge-section to `> .content` (#17582)
* Remove NewSession method from db.Engine interface (#17577)
* Move unit into models/unit/ (#17576)
* Restrict GetDeletedBranchByID to the repositories deleted branches (#17570)
* Refactor commentTags functionality (#17558)
* Make Repo Code Indexer an Unique Queue (#17515)
* Simplify Gothic to use our session store instead of creating a different store (#17507)
* Add settings to allow different SMTP envelope from address (#17479)
* Properly determine CSV delimiter (#17459)
* Hide label comments if labels were added and removed immediately (#17455)
* Tune UI alignment for nav bar notification icon, avatar image, issue label (#17438)
* Add appearance section in settings (#17433)
* Move key forms before list and add cancel button (#17432)
* When copying executables to the docker chmod them (#17423)
* Remove deprecated `extendDefaultPlugins` method of svgo (#17399)
* Fix the click behavior for <tr> and <td> with [data-href] (#17388)
* Refactor update checker to use AppState (#17387)
* Improve async/await usage, and sort init calls in `index.js` (#17386)
* Use a variable but a function for IsProd because of a slight performance increment (#17368)
* Frontend refactor, PascalCase to camelCase, remove unused code (#17365)
* Hide command line merge instructions when user can't push (#17339)
* Move session to models/login (#17338)
* Sync gitea app path for git hooks and authorized keys when starting (#17335)
* Make the Mirror Queue a queue (#17326)
* Add "Copy branch name" button to pull request page (#17323)
* Fix repository summary on mobile (#17322)
* Split `index.js` to separate files (#17315)
* Show direct match on top for user search (#17303)
* Frontend refactor: move Vue related code from `index.js` to `components` dir, and remove unused codes. (#17301)
* Upgrade chi to v5 (#17298)
* Disable form autofill (#17291)
* Improve behavior of "Fork" button (#17288)
* Open markdown image links in new window (#17287)
* Add hints for special Wiki pages (#17283)
* Move add deploy key form before the list and add a cancel button (#17228)
* Allow adding multiple issues to a project (#17226)
* Add metrics to get issues by repository (#17225)
* Add specific event type to header (#17222)
* Redirect on project after issue created (#17211)
* Reference in new issue modal: dont pre-populate issue title (#17208)
* Always set a unique Message-ID header (#17206)
* Add projects and project boards in exposed metrics (#17202)
* Add metrics to get issues by label (#17201)
* Add protection to disable Gitea when run as root (#17168)
* Don't return binary file changes in raw PR diffs by default (#17158)
* Support sorting for project board issuses (#17152)
* Force color-adjust for markdown checkboxes (#17146)
* Add option to copy line permalink (#17145)
* Move twofactor to models/login (#17143)
* Multiple tokens support for migrating from github (#17134)
* Unify issue and PR subtitles (#17133)
* Make Requests Processes and create process hierarchy. Associate OpenRepository with context. (#17125)
* Fix problem when database id is not increment as expected (#17124)
* Avatar refactor, move avatar code from `models` to `models.avatars`, remove duplicated code (#17123)
* Re-allow clipboard copy on non-https sites (#17118)
* DBContext is just a Context (#17100)
* Move login related structs and functions to models/login (#17093)
* Add SkipLocal2FA option to pam and smtp sources (#17078)
* Move db related basic functions to models/db (#17075)
* Fixes username tagging in "Reference in new issue" (#17074)
* Use light/dark theme based on system preference (#17051)
* Always emit the configuration path (#17036)
* Add `AbsoluteListOptions` (#17028)
* Use common sessioner for API and Web (#17027)
* Fix overflow label in small view (#17020)
* Report the associated filter if there is an error in LDAP (#17014)
* Add "new issue" btn on project (#17001)
* Add doctor dbconsistency check for release and attachment (#16978)
* Disable Fomantic's CSS tooltips (#16974)
* Add Cache-Control to avatar redirects (#16973)
* Make mirror feature more configurable (#16957)
* Add skip and limit to git.GetTags (#16897)
* Remove ParseQueueConnStr as it is unused (#16878)
* Remove unused Fomantic sidebar module (#16853)
* Allow LDAP Sources to provide Avatars (#16851)
* Remove Dashboard/Home button from the navbar (#16844)
* Use conditions but not repo ids as query condition (#16839)
* Add user settings key/value DB table (#16834)
* Add buttons to allow loading of incomplete diffs (#16829)
* Add information for migrate failure (#16803)
* Add EdDSA JWT signing algorithm (#16786)
* Add user status filter to admin user management page (#16770)
* Add Option to synchronize Admin & Restricted states from OIDC/OAuth2 along with Setting Scopes (#16766)
* Do not use thin scrollbars on Firefox (#16738)
* Download LFS in git and web workflow from minio/s3 directly (SERVE_DIRECT) (#16731)
* Compute proper foreground color for labels (#16729)
* Add edit button to wiki sidebar and footer (#16719)
* Fix migration svg color (#16715)
* Add link to vscode to repo header (#16664)
* Add filter by owner and team to issue/pulls search endpoint (#16662)
* Kanban colored boards (#16647)
* Allow setting X-FRAME-OPTIONS (#16643)
* Separate open and closed issue in metrics (#16637)
* Support direct comparison (git diff a..b) as well merge comparison (a…b) (#16635)
* Add setting to OAuth handlers to skip local 2FA authentication (#16594)
* Make PR merge options more intuitive (#16582)
* Show correct text when comparing commits on empty pull request (#16569)
* Pre-fill suggested New File 'name' and 'content' with Query Params (#16556)
* Add an abstract json layout to make it's easier to change json library (#16528)
* Make Mermaid.js limit configurable (#16519)
* Improve 2FA autofill (#16473)
* Add modals to Organization and Team remove/leave (#16471)
* Show tag name on dashboard items list (#16466)
* Change default cron schedules from @every 24h to @midnight (#16431)
* Prevent double sanitize (#16386)
* Replace `list.List` with slices (#16311)
* Add configuration option to restrict users by default (#16256)
* Move login out of models (#16199)
* Support pagination of organizations on user settings pages (#16083)
* Switch migration icon to svg (#15954)
* Add left padding for chunk header of split diff view (#13397)
* Allow U2F 2FA without TOTP (#11573)
* BUGFIXES
* GitLab reviews may not have the updated_at field set (#18450) (#18461)
* Fix detection of no commits when the default branch is not master (#18422) (#18423)
* Fix broken oauth2 authentication source edit page (#18412) (#18419)
* Place inline diff comment dialogs on split diff in 4th and 8th columns (#18403) (#18404)
* Fix restore without topic failure (#18387) (#18400)
* Fix commit's time (#18375) (#18392)
* Fix partial cloning a repo (#18373) (#18377)
* Stop trimming preceding and suffixing spaces from editor filenames (#18334)
* Prevent showing webauthn error for every time visiting `/user/settings/security` (#18386)
* Fix mime-type detection for HTTP server (#18370) (#18371)
* Stop trimming preceding and suffixing spaces from editor filenames (#18334)
* Restore propagation of ErrDependenciesLeft (#18325)
* Fix PR comments UI (#18323)
* Use indirect comparison when showing pull requests (#18313)
* Replace satori/go.uuid with gofrs/uuid (#18311)
* Fix commit links on compare page (#18310)
* Don't show double error response in git hook (#18292)
* Handle missing default branch better in owner/repo/branches page (#18290)
* Fix CheckRepoStats and reuse it during migration (#18264)
* Prevent underline hover on cards (#18259)
* Don't delete branch if other PRs with this branch are open (#18164)
* Require codereview to have content (#18156)
* Allow admin to associate missing LFS objects for repositories (#18143)
* When attempting to subscribe other user to issue report why access denied (#18091)
* Add option to convert CRLF to LF line endings for sendmail (#18075)
* Only create pprof files for gitea serv if explicitly asked for (#18068)
* Abort merge if head has been updated before pressing merge (#18032)
* Improve TestPatch to use git read-tree -m and implement git-merge-one-file functionality (#18004)
* Use JSON module instead of stdlib json (#18003)
* Fixed issue merged/closed wording (#17973)
* Return nicer error for ForcePrivate (#17971)
* Fix overflow in commit graph (#17947)
* Prevent services/mailer/mailer_test.go tests from deleteing data directory (#17941)
* Use disable_form_autofill on Codebase and Gitbucket (#17936)
* Fix a panic in NotifyCreateIssueComment (caused by string truncation) (#17928)
* Fix markdown URL parsing (#17924)
* Apply CSS Variables to all message elements (#17920)
* Improve checkBranchName (#17901)
* Update chi/middleware to chi/v5/middleware (#17888)
* Fix position of label color picker colors (#17866)
* Fix ListUnadoptedRepositories incorrect total count (#17865)
* Remove whitespace inside rendered code `<td>` (#17859)
* Make Co-committed-by and co-authored-by trailers optional (#17848)
* Fix value of User.IsRestricted when oauth2 user registration (#17839)
* Use new OneDev /milestones endpoint (#17782)
* Prevent deadlock in TestPersistableChannelQueue (#17717)
* Simplify code for writing SHA to name-rev (#17696)
* Fix database deadlock when update issue labels (#17649)
* Add warning for BIDI characters in page renders and in diffs (#17562)
* Fix ipv6 parsing for builtin ssh server (#17561)
* Multiple Escaping Improvements (#17551)
* Fixes#16559 - Do not trim leading spaces for tab delimited (#17442)
* Show client-side error if wiki page is empty (#17415)
* Fix context popup error (#17398)
* Stop sanitizing full name in API (#17396)
* Fix issue close/comment buttons on mobile (#17317)
* Fix navbar UI (#17235)
* Fix problem when database id is not increment as expected (#17229)
* Open the DingTalk link in browser (#17084)
* Remove heads pointing to missing old refs (#17076)
* Fix commit status index problem (#17061)
* Handle broken references in mirror sync (#17013)
* Fix for create repo page layout (#17012)
* Improve LDAP synchronization efficiency (#16994)
* Add repo_id for attachment (#16958)
* Clean-up HookPreReceive and restore functionality for pushing non-standard refs (#16705)
* Remove duplicate csv import in modules/csv/csv.go (#16631)
* Improve SMTP authentication and Fix user creation bugs (#16612)
* Fixed emoji alias not parsed in links (#16221)
* Calculate label URL on API (#16186)
* TRANSLATION
* Fix mispelling of starred as stared (#17465)
* Re-separate the color translation strings (#17390)
* Enable Malayalam, Greek, Persian, Hungarian & Indonesian by default (#16998)
* BUILD
* Add lockfile-check (#18285)
* Don't store assets modified time into generated files (#18193)
* MISC
* Update JS dependencies (#17611)
* SECURITY
* Only view milestones from current repo (#18414) (#18418)
* BUGFIXES
* Fix broken when no commits and default branch is not master (#18422) (#18424)
* Fix commit's time (#18375) (#18409)
* Fix restore without topic failure (#18387) (#18401)
* Fix mermaid import in 1.15 (it uses ESModule now) (#18382)
* Update to go/text 0.3.7 (#18336)
* MISC
* Upgrade EasyMDE to 2.16.1 (#18278) (#18279)
* BUGFIXES
* Fix inconsistent PR comment counts (#18260) (#18261)
* Fix release link broken (#18252) (#18253)
* Fix update user from site administration page bug (#18250) (#18251)
* Set HeadCommit when creating tags (#18116) (#18173)
* Use correct translation key for error messages due to max repo limits (#18135 & #18153) (#18152)
* Fix purple color in suggested label colors (#18241) (#18242)
* SECURITY
* Bump mermaid from 8.10.1 to 8.13.8 (#18198) (#18206)
* BUGFIXES
* Fix wrong redirect on org labels (#18128) (#18134)
* Fix: unstable sort skips/duplicates issues across pages (#18094) (#18095)
* Revert "Fix delete u2f keys bug (#18042)" (#18107)
* Migrating wiki don't require token, so we should move it out of the require form (#17645) (#18104)
* Prevent NPE if gitea uploader fails to open url (#18080) (#18101)
* Reset locale on login (#17734) (#18100)
* Correctly handle failed migrations (#17575) (#18099)
* Instead of using routerCtx just escape the url before routing (#18086) (#18098)
* Quote references to the user table in consistency checks (#18072) (#18073)
* Add NotFound handler (#18062) (#18067)
* Ensure that git repository is closed before transfer (#18049) (#18057)
* Use common sessioner for API and web routes (#18114)
* TRANSLATION
* Fix code search result hint on zh-CN (#18053)
* BUGFIXES
* Move POST /{username}/action/{action} to simply POST /{username} (#18045) (#18046)
* Fix delete u2f keys bug (#18040) (#18042)
* Reset Session ID on login (#18018) (#18041)
* Prevent off-by-one error on comments on newly appended lines (#18029) (#18035)
* Stop printing 03d after escaped characters in logs (#18030) (#18034)
* Reset locale on login (#18023) (#18025)
* Fix reset password email template (#17025) (#18022)
* Fix outType on gitea dump (#18000) (#18016)
* Ensure complexity, minlength and isPwned are checked on password setting (#18005) (#18015)
* Fix rename notification bug (#18011)
* Prevent double decoding of % in url params (#17997) (#18001)
* Prevent hang in git cat-file if the repository is not a valid repository (Partial #17991) (#17992)
* Prevent deadlock in create issue (#17970) (#17982)
* TESTING
* Use non-expiring key. (#17984) (#17985)
* ENHANCEMENTS
* Only allow webhook to send requests to allowed hosts (#17482) (#17510)
* Fix login redirection links (#17451) (#17473)
* BUGFIXES
* Fix database inconsistent when admin change user email (#17549) (#17840)
* Use correct user on releases (#17806) (#17818)
* Fix commit count in tag view (#17698) (#17790)
* Fix close issue but time watcher still running (#17643) (#17761)
* Fix Migrate Description (#17692) (#17727)
* Fix bug when project board get open issue number (#17703) (#17726)
* Return 400 but not 500 when request archive with wrong format (#17691) (#17700)
* Fix bug when read mysql database max lifetime (#17682) (#17690)
* Fix database deadlock when update issue labels (#17649) (#17665)
* Fix bug on detect issue/comment writer (#17592)
* Remove appSubUrl from pasted images (#17572) (#17588)
* Make `ParsePatch` more robust (#17573) (#17580)
* Fix stats upon searching issues (#17566) (#17578)
* Escape issue titles in comments list (#17555) (#17556)
* Fix zero created time bug on commit api (#17546) (#17547)
* Fix database keyword quote problem on migration v161 (#17522) (#17523)
* Fix email with + when active (#17518) (#17520)
* Stop double encoding blame commit messages (#17498) (#17500)
* Quote the table name in CountOrphanedObjects (#17487) (#17488)
* Run Migrate in Install rather than just SyncTables (#17475) (#17486)
* BUILD
* Fix golangci-lint warnings (#17598 et al) (#17668)
* MISC
* Preserve color when inverting emojis (#17797) (#17799)
* BUGFIXES
* Prevent panic in serv.go with Deploy Keys (#17434) (#17435)
* Fix CSV render error (#17406) (#17431)
* Read expected buffer size (#17409) (#17430)
* Ensure that restricted users can access repos for which they are members (#17460) (#17464)
* Make commit-statuses popup show correctly (#17447) (#17466)
* TESTING
* Add integration tests for private.NoServCommand and private.ServCommand (#17456) (#17463)
* SECURITY
* Upgrade Bluemonday to v1.0.16 (#17372) (#17374)
* Ensure correct SSH permissions check for private and restricted users (#17370) (#17373)
* BUGFIXES
* Prevent NPE in CSV diff rendering when column removed (#17018) (#17377)
* Offer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH (#17281) (#17376)
* Don't panic if we fail to parse U2FRegistration data (#17304) (#17371)
* Ensure popup text is aligned left (backport for 1.15) (#17343)
* Ensure that git daemon export ok is created for mirrors (#17243) (#17306)
* Disable core.protectNTFS (#17300) (#17302)
* Use pointer for wrappedConn methods (#17295) (#17296)
* AutoRegistration is supposed to be working with disabled registration (backport) (#17292)
* Handle duplicate keys on GPG key ring (#17242) (#17284)
* Fix SVG side by side comparison link (#17375) (#17391)
* BUGFIXES
* Raw file API: don't try to interpret 40char filenames as commit SHA (#17185) (#17272)
* Don't allow merged PRs to be reopened (#17192) (#17271)
* Fix incorrect repository count on organization tab of dashboard (#17256) (#17266)
* Fix unwanted team review request deletion (#17257) (#17264)
* Fix broken Activities link in team dashboard (#17255) (#17258)
* API pull's head/base have correct permission(#17214) (#17245)
* Fix strange behavior of DownloadPullDiffOrPatch in incorrect index (#17223) (#17227)
* Upgrade xorm to v1.2.5 (#17177) (#17188)
* Fix missing repo link in issue/pull assigned emails (#17183) (#17184)
* Fix bug of get context user (#17169) (#17172)
* Nicely handle missing user in collaborations (#17049) (#17166)
* Add Horizontal scrollbar to inner menu on Chrome (#17086) (#17164)
* Fix wrong i18n keys (#17150) (#17153)
* Fix Archive Creation: correct transaction ending (#17151)
* Prevent panic in Org mode HighlightCodeBlock (#17140) (#17141)
* Create doctor command to fix repo_units broken by dumps from 1.14.3-1.14.6 (#17136) (#17137)
* ENHANCEMENT
* Check user instead of organization when creating a repo from a template via API (#16346) (#17195)
* TRANSLATION
* v1.15 fix Sprintf format 'verbs' in locale files (#17187)
* ENHANCEMENTS
* Add fluid to ui container class to remove margin (#16396) (#16976)
* Add caller to cat-file batch calls (#17082) (#17089)
* BUGFIXES
* Render full plain readme. (#17083) (#17090)
* Upgrade xorm to v1.2.4 (#17059)
* Fix bug of migrate comments which only fetch one page (#17055) (#17058)
* Do not show issue context popup on external issues (#17050) (#17054)
* Decrement Fork Num when converting from Fork (#17035) (#17046)
* Correctly rollback in ForkRepository (#17034) (#17045)
* Fix missing close in WalkGitLog (#17008) (#17009)
* Add prefix to SVG id/class attributes (#16997) (#17000)
* Fix bug of migrated repository not index (#16991) (#16996)
* Skip AllowedUserVisibilityModes validation on update user if it is an organisation (#16988) (#16990)
* Fix storage Iterate bug and Add storage doctor to delete garbage attachments (#16971) (#16977)
* Fix issue with issue default mail template (#16956) (#16975)
* Ensure that rebase conflicts are handled in updates (#16952) (#16960)
* Prevent panic on diff generation (#16950) (#16951)
* BUGFIXES
* Add unique constraint back into issue_index (#16938)
* Close storage objects before cleaning (#16934) (#16942)
* BUGFIXES
* Allow BASIC authentication access to /:owner/:repo/releases/download/* (#16916) (#16923)
* Prevent leave changes dialogs due to autofill fields (#16912) (#16920)
* Ignore review comment when ref commit is missed (#16905) (#16919)
* Fix wrong attachment removal (#16915) (#16917)
* Gitlab Migrator: dont ignore reactions of last request (#16903) (#16913)
* Correctly return the number of Repositories for Organizations (#16807) (#16911)
* Test if LFS object is accessible (#16865) (#16904)
* Fix git.Blob.DataAsync(): close pipe since we return a NopCloser (#16899) (#16900)
* Fix dump and restore respository (#16698) (#16898)
* Repare and Improve GetDiffRangeWithWhitespaceBehavior (#16894) (#16895)
* Fix wiki raw commit diff/patch view (#16891) (#16892)
* Ensure wiki repos are all closed (#16886) (#16888)
* List limited and private orgs if authenticated on API (#16866) (#16879)
* Simplify split diff view generation and remove JS dependency (#16775) (#16863)
* Ensure that the default visibility is set on the user create page (#16845) (#16862)
* In Render tolerate not being passed a context (#16842) (#16858)
* Upgrade xorm to v1.2.2 (#16663) & Add test to ensure that dumping of login sources remains correct (#16847) (#16848)
* Report the correct number of pushes on the feeds (#16811) (#16822)
* Add primary_key to issue_index (#16813) (#16820)
* Prevent NPE on empty commit (#16812) (#16819)
* Fix branch pagination error (#16805) (#16816)
* Add missing return to handleSettingRemoteAddrError (#16794) (#16795)
* Remove spurious / from issues.opened_by (#16793)
* Ensure that template compilation panics are sent to the logs (#16788) (#16792)
* Update caddyserver/certmagic (#16789) (#16790)
* BREAKING
* Make app.ini permissions more restrictive (#16266)
* Refactor Webhook + Add X-Hub-Signature (#16176)
* Add asymmetric JWT signing (#16010)
* Clean-up the settings hierarchy for issue_indexer queue (#16001)
* Change default queue settings to be low go-routines (#15964)
* Improve assets handler middleware (#15961)
* Rename StaticUrlPrefix to AssetUrlPrefix (#15779)
* Use a generic markup class to display externally rendered files and diffs (#15735)
* Add frontend testing, require node 12 (#15315)
* Move (custom) assets into subpath `/assets` (#15219)
* Use level config in log section when sub log section not set level (#15176)
* Links in markdown should be absolute to the repository not the server (#15088)
* Upgrade to the latest version of golang-jwt (#16590) (#16606)
* Set minimum supported version of go to 1.16 (#16710)
* SECURITY
* Encrypt LDAP bind password in db with SECRET_KEY (#15547)
* Remove random password in Dockerfiles (#15362)
* Upgrade to the latest version of golang-jwt and increase minimum go to 1.15 (#16590) (#16606)
* Correctly create of git-daemon-export-ok files (#16508) (#16514)
* Don't show private user's repo in explore view (#16550) (#16554)
* Update node tar dependency to 6.1.6 (#16622) (#16623)
* FEATURES
* Update Go-Git to take advantage of LargeObjectThreshold (#16316)
* Support custom mime type mapping for text files (#16304)
* Link to previous blames in file blame page (#16259)
* Add LRU mem cache implementation (#16226)
* Localize Email Templates (#16200)
* Make command in authorized keys a template (#16003)
* Add possibility to make branch in branch page (#15960)
* Add email headers (#15939)
* Make tasklist checkboxes clickable (#15791)
* Add selecting tags on the compare page (#15723)
* Add cron job to delete old actions from database (#15688)
* On open repository open common cat file batch and batch-check (#15667)
* Add tag protection (#15629)
* Add push to remote mirror repository (#15157)
* Add Image Diff for SVG files (#14867)
* Add dashboard milestone search and repo milestone search by name. (#14866)
* Add LFS Migration and Mirror (#14726)
* Improve notifications for WIP draft PR's (#14663)
* Disable Stars config option (#14653)
* GPG Key Ownership verification with Signed Token (#14054)
* OAuth2 auto-register (#5123)
* API
* Return updated repository when changing repository using API (#16420)
* Let branch/tag name be a valid ref to get CI status (#16400)
* Add endpoint to get commits of PR (#16300)
* Allow COMMENT reviews to not specify a body (#16229)
* Add subject-type filter to list notification API endpoints (#16177)
* ListReleases add filter for draft and pre-releases (#16175)
* ListIssues add more filters (#16174)
* Issue Search Add filter for MilestoneNames (#16173)
* GET / SET User Settings (#16169)
* Expose repo.GetReviewers() & repo.GetAssignees() (#16168)
* User expose counters (#16167)
* Add repoGetTag (#16166)
* Add repoCreateTag (#16165)
* Creating a repo from a template repo via API (#15958)
* Add Active and ProhibitLogin to API (#15689)
* Add Location, Website and Description to API (#15675)
* Expose resolver via API (#15167)
* Swagger AccessToken fixes (#16574) (#16597)
* Set AllowedHeaders on API CORS handler (#16524) (#16618)
* ENHANCEMENTS
* Support HTTP/2 in Let's Encrypt (#16371)
* Introduce NotifySubjectType (#16320)
* Add forge emojies (#16296)
* Implemented head_commit for webhooks (#16282)
* Upgrade Gliderlabs SSH to 0.3.3 and add FailedConnectionCallback (#16278)
* Add previous/next buttons to review comments (#16273)
* Review comments: break-word for long file names (#16272)
* Add configuration to restrict allowed user visibility modes (#16271)
* Add scroll-margin-top to account for sticky header (#16269)
* Add --quiet and --verbose to gitea web to control initial logging (#16260)
* Use gitea logging module for git module (#16243)
* Add tests for all webhooks (#16214)
* Add button to delete undeleted repositories from failed migrations (#16197)
* Speed up git diff highlight generation (#16180)
* Add OpenID claims "profile" and "email". (#16141)
* Reintroduce squash merge default comment as a config setting (#16134)
* Add sanitizer rules per renderer (#16110)
* Improve performance of dashboard list orgs (#16099)
* Refactor assert statements in tests (#16089)
* Add sso.Group, context.Auth, context.APIAuth to allow auth special routes (#16086)
* Remove unnecessary goroutine (#16080)
* Add attachments for PR reviews (#16075)
* Make the github migration less rate limit waiting to get comment per page from repository but not per issue (#16070)
* Add Visible modes function from Organisation to Users too (#16069)
* Add checkbox to delete pull branch after successful merge (#16049)
* Make commit info cancelable (#16032)
* Make modules/context.Context a context.Context (#16031)
* Unified custom config creation (#16012)
* Make sshd_config more flexible regarding connections (#16009)
* Append to existing trailers in generated squash commit message (#15980)
* Always store primary email address into email_address table and also the state (#15956)
* Load issue/PR context popup data only when needed (#15955)
* Remove remaining fontawesome usage in templates (#15952)
* Remove fomantic accordion module (#15951)
* Small refactoring of modules/private (#15947)
* Double the avatar size factor (#15941)
* Add curl to rootless docker image (#15908)
* Replace clipboard.js with async clipboard api (#15899)
* Allow custom highlight mapping beyond file extensions (#15808)
* Add trace logging to SSO methods (#15803)
* Refactor routers directory (#15800)
* Allow only internal registration (#15795)
* Add a new internal hook to save ssh log (#15787)
* Respect default merge message syntax when parsing item references (#15772)
* OAuth2 login: Set account link to "login" as default behavior (#15768)
* Use single shared random string generation function (#15741)
* Hold the event source when there are no listeners (#15725)
* Code comments improvements (#15722)
* Provide OIDC compliant user info endpoint (#15721)
* Fix webkit calendar icon color on arc-green (#15713)
* Improve Light Chroma style (#15699)
* Only use boost workers for leveldb shadow queues (#15696)
* Add compare tag dropdown to releases page (#15695)
* Add caret styling CSS (#15651)
* Remove x-ua-compatible meta tag (#15640)
* Refactor of link creation (#15619)
* Add a new table issue_index to store the max issue index so that issue could be deleted with no duplicated index (#15599)
* Rewrite of the LFS server (#15523)
* Display more repository type on admin repository management (#15440)
* Remove usage of some JS globals (#15378)
* SHA in merged commit comment should be rendered ui sha (#15376)
* Add well-known config for OIDC (#15355)
* Use route rather than use thus reducing the number of stack frames (#15301)
* Code Formats, Nits & Unused Func/Var deletions (#15286)
* Let package git depend on setting but not opposite (#15241)
* Fixed sanitize errors (#15240)
* response simple text message for not html request when 404 (#15229)
* Remove file-loader dependency (#15196)
* Refactor renders (#15175)
* Add mimetype mapping settings (#15133)
* Add Status Updates whilst Gitea migrations are occurring (#15076)
* Reload locales in initialisation if needed by utilizing i18n.Reset (#15073)
* Counterwork seemingly unclickable repo button labels (#15064)
* Add DefaultMergeStyle option to repository (#14789)
* Added support for gopher URLs. (#14749)
* Rework repository archive (#14723)
* Add links to toggle WIP status (#14677)
* Add Tabular Diff for CSV files (#14661)
* Use milestone deadline when sorting issues (#14551)
* BUGFIXES
* Fix invalid params and typo of email templates (#16394)
* Fix activation of primary email addresses (#16385)
* Fix calculation for finalPage in repo-search component (#16382)
* Specify user in rootless container numerically (#16361)
* Detect encoding changes while parsing diff (#16330)
* Fix U2F error reasons always hidden (#16327)
* Prevent zombie processes (#16314)
* Escape reference to `user` table in models.SearchEmails (#16313)
* Fix default push instructions on empty repos (#16302)
* Fix modified files list in webhooks when there is a space (#16288)
* Fix webhook commits wrong hash on HEAD reset (#16283)
* Fuzzer finds an NPE due to incorrect URLPrefix (#16249)
* Don't WARN log UserNotExist errors on ExternalUserLogin failure (#16238)
* Do not show No match found for tribute (#16231)
* Fix "Copy Link" for pull requests (#16230)
* Fix diff expansion is missing final line in a file (#16222)
* Fix private repo permission problem (#16142)
* Fix not able to update local created non-urlencoded wiki pages (#16139)
* More efficiently parse shas for shaPostProcessor (#16101)
* Fix `doctor --run check-db-consistency --fix` with label fix (#16094)
* Prevent webhook action buttons from shifting (#16087)
* Change default TMPDIR path in rootless containers (#16077)
* Fix typo and add TODO notice (#16064)
* Use git log name-status in get last commit (#16059)
* Fix 500 Error with branch and tag sharing the same name (#16040)
* Fix get tag when migration (#16014)
* Add custom emoji support (#16004)
* Use filepath.ToSlash and Join in indexer defaults and queues (#15971)
* Add permission check for ``GenerateRepository`` (#15946)
* Ensure settings for Service and Mailer are read on the install page (#15943)
* Fix layout of milestone view (#15927)
* Unregister non-matching serviceworkers (#15834)
* Multiple Queue improvements: LevelDB Wait on empty, shutdown empty shadow level queue, reduce goroutines etc (#15693)
* Attachment support repository route (#15580)
* Fix missing icons and colorpicker when mounted on suburl (#15501)
* Create a session on ReverseProxy and ensure that ReverseProxy users cannot change username (#15304)
* Prevent double-login for Git HTTP and LFS and simplify login (#15303)
* Resolve Object { type: "error", data: undefined } in stopwatch.js (#15278)
* Fix heatmap activity (#15252)
* Remove vendored copy of fomantic-dropdown (#15193)
* Update repository size on cron gc task (#15177)
* Add NeedPostProcess for Parser interface to improve performance of csv parser and some external parser (#15153)
* Add code block highlight to orgmode back (#14222)
* Remove User.GetOrganizations() (#14032)
* Restore Accessibility for Dropdown (#16576) (#16617)
* Pass down SignedUserName down to AccessLogger context (#16605) (#16616)
* Fix table alignment in markdown (#16596) (#16602)
* Fix 500 on first wiki page (#16586) (#16598)
* Lock goth/gothic and Re-attempt OAuth2 registration on login if registration failed at startup (#16564) (#16570)
* Upgrade levelqueue to v0.4.0 (#16560) (#16561)
* Handle too long PR titles correctly (#16517) (#16549)
* Fix data race in bleve indexer (#16474) (#16509)
* Restore CORS on git smart http protocol (#16496) (#16506)
* Fix race in log (#16490) (#16505)
* Fix prepareWikiFileName to respect existing unescaped files (#16487) (#16498)
* Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end (#16479) (#16480)
* Update notification table with only latest data (#16445) (#16469)
* Fix crash following ldap authentication update (#16447) (#16448)
* Fix direct creation of external users on admin page (partial #16612) (#16613)
* Prevent 500 on draft releases without tag (#16634) (#16636)
* Restore creation of git-daemon-export-ok files (#16508) (#16514)
* Fix data race in bleve indexer (#16474) (#16509)
* Restore CORS on git smart http protocol (#16496) (#16506)
* Fix race in log (#16490) (#16505)
* Fix prepareWikiFileName to respect existing unescaped files (#16487) (#16498)
* Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end (#16479) (#16480)
* Update notification table with only latest data (#16445) (#16469)
* Fix crash following ldap authentication update (#16447) (#16448)
* Restore compatibility with SQLServer 2008 R2 in migrations (#16638)
* Fix direct creation of external users on admin page (#16613)
* Fix go-git implementation of GetNote when passed a non-existent commit (#16658) (#16659)
* Fix NPE in fuzzer (#16680) (#16682)
* Set issue_index when finishing migration (#16685) (#16687)
* Skip patch download when no patch file exists (#16356) (#16681)
* Ensure empty lines are copiable and final new line too (#16678) (#16692)
* Fix wrong user in OpenID response (#16736) (#16741)
* Do not use thin scrollbars on Firefox (#16738) (#16745)
* Recreate Tables should Recreate indexes on MySQL (#16718) (#16739)
* Keep attachments on tasklist update (#16750) (#16757)
* TESTING
* Bump `postgres` and `mysql` versions (#15710)
* Add tests for clone from wiki (#15513)
* Fix Benchmark tests, remove a broken one & add two new (#15250)
* Create Proper Migration tests (#15116)
* TRANSLATION
* Use a special name for update default branch on repository setting (#15893)
* Fix mirror_lfs source string in en-US locale (#15369)
* BUILD
* Upgrade xorm to v1.1.1 (#16339)
* Disable legal comments in esbuild (#15929)
* Switch to Node 16 to build fronted (#15804)
* Use esbuild to minify CSS (#15756)
* Use binary version of revive linter (#15739)
* Fix: npx webpack make: *** [Makefile:699: public/js/index.js] Error -… (#15465)
* Stop packaging node_modules in release tarballs (#15273)
* Introduce esbuild on webpack (#14578)
* DOCS
* Update queue workers documentation (#15999)
* Comment out app.example.ini (#15807)
* Improve logo customization docs (#15754)
* Add some response status on api docs (#15399)
* Rework Token API comments (#15162)
* Add better errors for disabled account recovery (#15117)
* MISC
* Remove utf8 option from installation page (#16126)
* Use Wants= over Requires= in systemd file (#15897)
* BUGFIXES
* Add missing gitRepo close at GetDiffRangeWithWhitespaceBehavior (Partial #16894) (#16896)
* Fix wiki raw commit diff/patch view (#16891) (#16893)
* Ensure wiki repos are all closed (#16886) (#16889)
* Upgrade xorm to v1.2.2 (#16663) & Add test to ensure that dumping of login sources remains correct (#16847) (#16849)
* Recreate Tables should Recreate indexes on MySQL (#16718) (#16740)
* SECURITY
* Bump github.com/markbates/goth from v1.67.1 to v1.68.0 (#16538) (#16540)
* Switch to maintained JWT lib (#16532) (#16535)
* Upgrade to latest version of golang-jwt (as forked for 1.14) (#16590) (#16607)
* BUGFIXES
* Add basic edit ldap auth test & actually fix#16252 (#16465) (#16495)
* Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end (#16479) (#16481)
* SECURITY
* Hide mirror passwords on repo settings page (#16022) (#16355)
* Update bluemonday to v1.0.15 (#16379) (#16380)
* BUGFIXES
* Retry rename on lock induced failures (#16435) (#16439)
* Validate issue index before querying DB (#16406) (#16410)
* Fix crash following ldap authentication update (#16447) (#16449)
* ENHANCEMENTS
* Redirect on bad CSRF instead of presenting bad page (#14937) (#16378)
* BUGFIXES
* Fix relative links in postprocessed images (#16334) (#16340)
* Fix list_options GetStartEnd (#16303) (#16305)
* Fix API to use author for commits instead of committer (#16276) (#16277)
* Handle misencoding of login_source cfg in mssql (#16268) (#16275)
* Fixed issues not updated by commits (#16254) (#16261)
* Improve efficiency in FindRenderizableReferenceNumeric and getReference (#16251) (#16255)
* Use html.Parse rather than html.ParseFragment (#16223) (#16225)
* Fix milestone counters on new issue (#16183) (#16224)
* reqOrgMembership calls need to be preceded by reqToken (#16198) (#16219)
* SECURITY
* Encrypt migration credentials at rest (#15895) (#16187)
* Only check access tokens if they are likely to be tokens (#16164) (#16171)
* Add missing SameSite settings for the i_like_gitea cookie (#16037) (#16039)
* Fix setting of SameSite on cookies (#15989) (#15991)
* API
* Repository object only count releases as releases (#16184) (#16190)
* EditOrg respect RepoAdminChangeTeamAccess option (#16184) (#16190)
* Fix overly strict edit pr permissions (#15900) (#16081)
* BUGFIXES
* Run processors on whole of text (#16155) (#16185)
* Class `issue-keyword` is being incorrectly stripped off spans (#16163) (#16172)
* Fix language switch for install page (#16043) (#16128)
* Fix bug on getIssueIDsByRepoID (#16119) (#16124)
* Set self-adjusting deadline for connection writing (#16068) (#16123)
* Fix http path bug (#16117) (#16120)
* Fix data URI scramble (#16098) (#16118)
* Merge all deleteBranch as one function and also fix bug when delete branch don't close related PRs (#16067) (#16097)
* git migration: don't prompt interactively for clone credentials (#15902) (#16082)
* Fix case change in ownernames (#16045) (#16050)
* Don't manipulate input params in email notification (#16011) (#16033)
* Remove branch URL before IssueRefURL (#15968) (#15970)
* Fix layout of milestone view (#15927) (#15940)
* GitHub Migration, migrate draft releases too (#15884) (#15888)
* Close the gitrepo when deleting the repository (#15876) (#15887)
* Upgrade xorm to v1.1.0 (#15869) (#15885)
* Fix blame row height alignment (#15863) (#15883)
* Fix error message when saving generated LOCAL_ROOT_URL config (#15880) (#15882)
* Backport Fix LFS commit finder not working (#15856) (#15874)
* Stop calling WriteHeader in Write (#15862) (#15873)
* Add timeout to writing to responses (#15831) (#15872)
* Return go-get info on subdirs (#15642) (#15871)
* Restore PAM user autocreation functionality (#15825) (#15867)
* Fix truncate utf8 string (#15828) (#15854)
* Fix bound address/port for caddy's certmagic library (#15758) (#15848)
* Upgrade unrolled/render to v1.1.1 (#15845) (#15846)
* Queue manager FlushAll can loop rapidly - add delay (#15733) (#15840)
* Tagger can be empty, as can Commit and Author - tolerate this (#15835) (#15839)
* Set autocomplete off on branches selector (#15809) (#15833)
* Add missing error to Doctor log (#15813) (#15824)
* Move restore repo to internal router and invoke from command to avoid open the same db file or queues files (#15790) (#15816)
* ENHANCEMENTS
* Removable media support to snap package (#16136) (#16138)
* Move sans-serif fallback font higher than emoji fonts (#15855) (#15892)
* DOCKER
* Only write config in environment-to-ini if there are changes (#15861) (#15868)
* Only offer hostcertificates if they exist (#15849) (#15853)
* API
* Make change repo settings work on empty repos (#15778) (#15789)
* Add pull "merged" notification subject status to API (#15344) (#15654)
* BUGFIXES
* Ensure that ctx.Written is checked after issues(...) calls (#15797) (#15798)
* Use pulls in commit graph unless pulls are disabled (#15734 & #15740 & #15774) (#15775)
* Set GIT_DIR correctly if it is not set (#15751) (#15769)
* Fix bug where repositories appear unadopted (#15757) (#15767)
* Not show `ref-in-new-issue` pop when issue was disabled (#15761) (#15765)
* Drop back to use IsAnInteractiveSession for SVC (#15749) (#15762)
* Fix setting version table in dump (#15753) (#15759)
* Fix close button change on delete in simplemde area (#15737) (#15747)
* Defer closing the gitrepo until the end of the wrapped context functions (#15653) (#15746)
* Fix some ui bug about draft release (#15137) (#15745)
* Only log Error on getLastCommitStatus error to let pull list still be visible (#15716) (#15715)
* Move tooltip down to allow selection of Remove File on error (#15672) (#15714)
* Fix setting redis db path (#15698) (#15708)
* Fix DB session cleanup (#15697) (#15700)
* Fixed several activation bugs (#15473) (#15685)
* Delete references if repository gets deleted (#15681) (#15684)
* Fix orphaned objects deletion bug (#15657) (#15683)
* Delete protected branch if repository gets removed (#15658) (#15676)
* Remove spurious set name from eventsource.sharedworker.js (#15643) (#15652)
* Not update updated uinx for `git gc` (#15637) (#15641)
* Fix commit graph author link (#15627) (#15630)
* Fix webhook timeout bug (#15613) (#15621)
* Resolve panic on failed interface conversion in migration v156 (#15604) (#15610)
* Fix missing storage init (#15589) (#15598)
* If the default branch is not present do not report error on stats indexing (#15546 & #15583) (#15594)
* Fix lfs management find (#15537) (#15578)
* Fix NPE on view commit with notes (#15561) (#15573)
* Fix bug on commit graph (#15517) (#15530)
* Send size to /avatars if requested (#15459) (#15528)
* Prevent migration 156 failure if tag commit missing (#15519) (#15527)
* ENHANCEMENTS
* Display conflict-free merge messages for pull requests (#15773) (#15796)
* Exponential Backoff for ByteFIFO (#15724) (#15793)
* Issue list alignment tweaks (#15483) (#15766)
* Implement delete release attachments and update release attachments' name (#14130) (#15666)
* Add placeholder text to deploy key textarea (#15575) (#15576)
* Project board improvements (#15429) (#15560)
* Repo branch page: label size, PR ref, new PR button alignment (#15363) (#15365)
* MISC
* Fix webkit calendar icon color on arc-green (#15713) (#15728)
* Performance improvement for last commit cache and show-ref (#15455) (#15701)
* Bump unrolled/render to v1.1.0 (#15581) (#15608)
* Add ETag header (#15370) (#15552)
* BUGFIXES
* Fix bug clone wiki (#15499) (#15502)
* Github Migration ignore rate limit, if not enabled (#15490) (#15495)
* Use subdir for URL (#15446) (#15493)
* Query the DB for the hash before inserting in to email_hash (#15457) (#15491)
* Ensure review dismissal only dismisses the correct review (#15477) (#15489)
* Use index of the supported tags to choose user lang (#15452) (#15488)
* Fix wrong file link in code search page (#15466) (#15486)
* Quick template fix for built-in SSH server in admin config (#15464) (#15481)
* Prevent superfluous response.WriteHeader (#15456) (#15476)
* Fix ambiguous argument error on tags (#15432) (#15474)
* Add created_unix instead of expiry to migration (#15458) (#15463)
* Fix repository search (#15428) (#15442)
* Prevent NPE on avatar direct rendering if federated avatars disabled (#15434) (#15439)
* Fix wiki clone urls (#15430) (#15431)
* Fix dingtalk icon url at webhook (#15417) (#15426)
* Standardise icon on projects PR page (#15387) (#15408)
* ENHANCEMENTS
* Add option to skip LFS/attachment files for `dump` (#15407) (#15492)
* Clone panel fixes (#15436)
* Use semantic dropdown for code search query type (#15276) (#15364)
* BUILD
* Build go-git variants for windows (#15482) (#15487)
* Lock down build-images dependencies (Partial #15479) (#15480)
* MISC
* Performance improvement for list pull requests (#15447) (#15500)
* Fix potential copy lfs records failure when fork a repository (#15441) (#15485)
* SECURITY
* Respect approved email domain list for externally validated user registration (#15014)
* Add reverse proxy configuration support for remote IP address detection (#14959)
* Ensure validation occurs on clone addresses too (#14994)
* Fix several render issues highlighted during fuzzing (#14986)
* BREAKING
* Fix double 'push tag' action feed (#15078) (#15083)
* Remove possible resource leak (#15067) (#15082)
* Handle unauthorized user events gracefully (#15071) (#15074)
* Restore Access.log following migration to Chi framework (Stops access logging of /api/internal routes) (#14475)
* Migrate from Macaron to Chi framework (#14293)
* Deprecate building for mips (#14174)
* Consolidate Logos and update README header (#14136)
* Inline manifest.json (#14038)
* Store repository data in data path if not previously set (#13991)
* Rename "gitea" png to "logo" (#13974)
* Standardise logging of failed authentication attempts in internal SSH (#13962)
* Add markdown support in organization description (#13549)
* Improve users management through the CLI (#6001) (#10492)
* FEATURES
* Create a new issue with reference to lines of code from file view (#14863)
* Repository transfer has to be confirmed, if user can not create repo for new owner (#14792)
* Allow blocking some email domains from registering an account (#14667)
* Create a new issue based on reference to an issue comment (#14366)
* Add support to migrate from gogs (#14342)
* Add pager to the branches page (#14202)
* Minimal OpenID Connect implementation (#14139)
* Display current stopwatch in navbar (#14122)
* Display SVG files as images instead of text (#14101)
* Disable SSH key deletion of externally managed Keys (#13985)
* Add support for ed25519_sk and ecdsa_sk SSH keys (#13462)
* Add support for Mastodon OAuth2 provider (#13293)
* Add gitea sendmail command (#13079)
* Create DB session provider(based on xorm) (#13031)
* Add dismiss review feature (#12674)
* Make manual merge autodetection optional and add manual merge as merge method (#12543)
* Dump github/gitlab/gitea repository data to a local directory and restore to gitea (#12244)
* Create Rootless Docker image (#10154)
* API
* Speedup issue search (#15179) (#15192)
* Get pull, return head branch sha, even if deleted (#14931)
* Export LFS & TimeTracking function status (#14753)
* Show Gitea version in swagger (#14654)
* Fix PATCH /repos/{owner}/{repo} panic (#14637)
* Add Restricted Field to User (#14630)
* Add support for ref parameter to get raw file API (#14602)
* Add affected files of commits to commit struct (#14579)
* Fix CJK fonts again and misc. font issues (#14575)
* Add delete release by tag & delete tag (#14563) & (#13358)
* Add pagination to ListBranches (#14524)
* Add signoff option in commit form (#14516)
* GetRelease by tag only return release (#14397)
* Add MirrorInterval to the API (#14163)
* Make BasicAuth Prefix case insensitive (#14106)
* Add user filter to issueTrackedTimes, enable usage for issue managers (#14081)
* Add ref to create/edit issue options & deprecated assignee (#13992)
* Add Ref to Issue (#13946)
* Expose default theme in meta and API (#13809)
* Send error message when CSRF token is missing (#13676)
* List, Check, Add & delete endpoints for repository teams (#13630)
* Admin EditUser: Make FullName, Email, Website & Location optional (#13562)
* Add more filters to issues search (#13514)
* Add review request api (#11355)
* BUGFIXES
* Fix delete nonexist oauth application 500 and prevent deadlock (#15384) (#15396)
* Always set the merge base used to merge the commit (#15352) (#15385)
* Upgrade to bluemonday 1.0.7 (#15379) (#15380)
* Turn RepoRef and RepoAssignment back into func(*Context) (#15372) (#15377)
* Move FCGI req.URL.Path fix-up to the FCGI listener (#15292) (#15361)
* Show diff on rename with diff changes (#15338) (#15339)
* Fix handling of logout event (#15323) (#15337)
* Fix CanCreateRepo check (#15311) (#15321)
* Fix xorm log stack level (#15285) (#15316)
* Fix bug in Wrap (#15302) (#15309)
* Drop the event source if we are unauthorized (#15275) (#15280)
* Backport Fix graph pagination (#15225) (#15249)
* Prevent NPE in CommentMustAsDiff if no hunk header (#15199) (#15200)
* should run RetrieveRepoMetas() for empty pr (#15187) (#15190)
* Move setting to enable closing issue via commit in non default branch to repo settings (#14965)
* Show correct issues for team dashboard (#14952)
* Ensure that new pull request button works on forked forks owned by owner of the root and reduce ambiguity (#14932)
* Only allow issue labels from owner repository or organization (#14928)
* Fix alignment of People and Teams right arrow on org homepage (#14924)
* Fix overdue marking of closed issues and milestones (#14923)
* Prevent panic when empty MilestoneID in repo/issue/list (#14911)
* Fix migration context data (#14910)
* Handle URLs with trailing slash (#14852)
* Add CORS config on to /login/oauth/access_token endpoint (#14850)
* Make searching issues by keyword case insensitive on DB (#14848)
* Prevent use of double sub-path and incorrect asset path in manifest (#14827)
* Fix link account ui (#14763)
* Fix preview status switch button on wiki editor (#14742)
* Fix github download on migration (#14703)
* Fix svg spacing (#14638)
* Prevent adding nil label to .AddedLabels or .RemovedLabels (#14623)
* Truncated organizations name (#14615)
* Exclude the current dump file from the dump (#14606)
* Use OldRef instead of CommitSHA for DeleteBranch comments (#14604)
* Ensure memcache caching works when TTL greater than 30 days (#14592)
* Remove NULs byte arrays passed to PostProcess (#14587)
* Restore detection of branches are equal on compare page (#14586)
* Fix incorrect key name so registerManualConfirm works (#14455)
* Fix close/reopen with comment (#14436)
* Allow passcode invalid error to appear (#14371)
* Escape branch names in compare url (#14364)
* Label and milestone webhooks on issue/pull creation (#14363)
* Handle NotifyCreateRef as create branch in feeds (#14245)
* Prevent clipping input text in Chrome + Segoe UI Font (#14179)
* Fix UI on edit auth source page (#14137)
* Fix git.parseTagData (#14105)
* Refactor get tag to remove unnecessary steps (#14058)
* Fix integrations test error with space in CURDIR path (#14056)
* Dropdown triangle fixes (#14028)
* Fix label of --id in admin delete user (#14005)
* Cause NotifyMigrateRepository to emit a repo create webhook (#14004)
* Update HEAD to match defaultBranch in template generation (#13948)
* Fix action avatar loading (#13909)
* Fix issue participants (#13893)
* Fix avatar template error (#13833)
* Fix review request notification email links when external issue tracker is enabled (#13723)
* Fix blame line alignment (#13542)
* Include OriginalAuthor in Reaction constraint (#13505)
* Comments on review should have the same sha (#13448)
* Fix whitespace rendering in diff (#13415)
* Fixed git args duplication (#13411)
* Fix bug on release publisherid migrations (#13410)
* Fix --port setting (#13288)
* Keep database transactions not too big (#13254)
* Git version check, ignore pre-releases constraints (#13234)
* Handle and propagate errors when checking if paths are Dirs, Files or Exist (#13186)
* Update Mirror IsEmpty status on synchronize (#13185)
* Use GO variable in go-check target (#13146) (#13147)
* ENHANCEMENTS
* UI style improvements
* Dropzone styling improvements (#15291) (#15374)
* Add size to Save function (#15264) (#15270)
* Monaco improvements (#15333) (#15345)
* Support .mailmap in code activity stats (#15009)
* Sort release attachments by name (#15008)
* Add ui.explore settings to control view of explore pages (#14094)
* Make internal SSH server host key path configurable (#14918)
* Hide resync all ssh principals when using internal ssh server (#14904)
* Add SameSite setting for cookies (#14900)
* Move Bleve and Elastic code indexers to use a common cat-file --batch (#14781)
* Add environment-to-ini to docker image (#14762)
* Add preview support for wiki editor when disable simpleMDE (#14757)
* Add easyMDE(simpleMDE) support for release content editor (#14744)
* Organization removal confirmation using name not password (#14738)
* Make branch names in PR description clickable (#14716)
* Add Password Algorithm option to install page (#14701)
* Add fullTextSearch to dropdowns by default (#14694)
* Fix truncated organization names (#14655)
* Whitespace in commits (#14650)
* Sort / move project boards (#14634)
* Make fileheader sticky in diffs (#14616)
* Add helper descriptions on new repo page (#14591)
* Move the stopwatches to the eventsource stream (#14588)
* Add Content-Length header to HEAD requests (#14542)
* Add Image Diff options in Diff view (#14450)
* Improve Description in new/ edit Project template (#14429)
* Allow ssh-keygen on Windows to detect ssh key type (#14413)
* Display error if twofaSecret cannot be retrieved (#14372)
* Sort issue search results by revelance (#14353)
* Implement ghost comment mitigation (#14349)
* Upgrade blevesearch dependency to v2.0.1 (#14346)
* Add edit, delete and reaction support to code review comments on issue page (#14339)
* Merge default and system webhooks under one menu (#14244)
* Add option for administrator to reset user 2FA (#14243)
* Add option to change username to the admin panel (#14229)
* Check for 'main' as potential default branch name (#14193)
* Project: show referenced PRs in issue cards (#14183)
* Use caddy's certmagic library for extensible/robust ACME handling (#14177)
* CLI support for OAuth sources custom icons (#14166)
* Custom icons for OAuth sources (#14161)
* Team dashboards (#14159)
* KanBan: be able to set default board (#14147)
* Disable Fomantic's custom scrollbars (#14109)
* Add UI to delete tracked times (#14100)
* Rework heatmap permissions (#14080)
* Issue and pull request filters on organization dashboard (#14072)
* Fix webhook list styling (#14001)
* Show dropdown with all statuses for commit (#13977)
* Show status check for merged PRs (#13975)
* Diff stat improvements (#13954)
* Report permissions denied in internal SSH (#13953)
* Markdown task list improvements (#13952)
* Heatmap days clickable (#13935)
* chore: use octicon-mirror for feeds display (#13928)
* Move diff split code into own template file (#13919)
* Markdown: Enable wrapping in code blocks and a color tweak (#13894)
* Do not reload page after adding comments in Pull Request reviews (#13877)
* Add pull request manually merge instruction (#13840)
* add thumbnail preview section to issue attachments (#13826)
* Move Repo APIFormat to convert package (#13787)
* Move notification APIFormat (#13783)
* Swap swagger-ui with swagger-ui-dist (#13777)
* User Settings: Ignore empty language codes & validate (#13755)
* Improve migrate page and add card CSS (#13751)
* Add block on official review requests branch protection (#13705)
* Add review requested filter on pull request overview (#13701)
* Use chronological commit order in default squash message (#13696)
* Clickable links in pull request (and issue) titles (#13695)
* Support shortened commit SHAs in URLs (#13686)
* Use native git variants by default with go-git variants as build tag (#13673)
* Don't render dropdown when only 1 merge style is available (#13670)
* Move webhook type from int to string (#13664)
* Direct avatar rendering (#13649)
* Verify password for local-account activation (#13631)
* Prevent clone protocol button flash on page load (#13626)
* Remove fetch request from heatmap (#13623)
* Refactor combine label comments with tests (#13619)
* Move metrics from macaron to chi (#13601)
* Issue and Pulls lists rework (#13594)
* HTTP cache rework and enable caching for storage assets (#13569)
* Use mount but not register for chi routes (#13555)
* Use monaco for the git hook editor (#13552)
* Make heatmap colors more distinct (#13533)
* Lazy-load issue reviewers and assignees avatars (#13526)
* Change search and filter icons to SVG (#13473)
* Create tag on ui (#13467)
* updateSize when create a repo with init commit (#13441)
* Added title and action buttons to Project view page (#13437)
* Override fomantic monospace fonts and set size (#13435)
* Rework focused comment styling (#13434)
* Tags cleanup (#13428)
* Various style tweaks (#13418)
* Refactor push update (#13381)
* Comment box tweaks and SVG dropdown triangles (#13376)
* Various style fixes (#13372)
* Change repo home page icons to SVG (#13364)
* Use CSS Vars for primary color (#13361)
* Refactor image paste code (#13354)
* Switch from SimpleMDE to EasyMDE (#13333)
* Group Label Changed Comments in timeline (#13304)
* Make the logger an interface (#13294)
* Fix PR/Issue titles on mobile (#13292)
* Rearrange the order of the merged by etc. in locale (#13284)
* Replace footer and modal icons with SVG (#13245)
* Issues overview should not show issues from archived repos (#13220)
* Show stale label for stale code comment which is marked as resolved (#13213)
* Use CSS Variables for fonts, remove postcss-loader (#13204)
* Add mentionable teams to tributeValues and change team mention rules to gh's style (#13198)
* Move install pages out of main macaron routes (#13195)
* Update outdated label to use Fomantic UI style (#13181)
* Added option to disable webhooks (#13176)
* Change order of possible-owner organizations to alphabetical (#13160)
* Log IP on SSH authentication failure for Built-in SSH server (#13150)
* Added option to disable migrations (#13114)
* New "Add Mirror" Button in the Organization view (#13105)
* Manually approve new registration (#13083)
* Cron job to cleanup hook_task table (#13080)
* Use the headline comment of pull-request as the squash commit's message (#13071)
* Clarify the suffices and prefixes of setting.AppSubURL and setting.AppURL (#12999)
* Slightly simplify the queue settings code to help reduce the risk of problems (#12976)
* Add precise search type for Elastic Search (#12869)
* Move APIFormat functions into convert package (#12856)
* Multiple GitGraph improvements: Exclude PR heads, Add branch/PR links, Show only certain branches, (#12766)
* Add TrN for repository limit (#12492)
* Refactor doctor (#12264)
* Add the tag list page to the release page (#12096)
* Redirect on changed user and org name (#11649)
* load U2F js only on pages which need it (#11585)
* Make archival asynchronous (#11296)
* Introduce go chi web framework as frontend of macaron, so that we can move routes from macaron to chi step by step (#7420)
* Improve vfsgen to not unzip bindata files but send to browser directly (#7109)
* Enhance release list (#6025)
* DOCS
* Swagger show models by default (#14880)
* Add missing repo.projects unit into swagger (#14876)
* Update docs and comments to remove macaron (#14491)
* Issue template addition: Are you using Gitea behind CloudFlare? (#14098)
* Generate man pages (#13901)
* Reformat/fine-tune docs (#13897)
* Added Table of Contents to long documentation pages (#13890)
* Add docs command (#13429)
* Update external-renderers.en-us.md (#13165)
* MISC
* Add builds for apple M1 (darwin arm64) (#14951)
* Migrate to use jsoniter instead of encoding/json (#14841)
* Reduce make verbosity (#13803)
* Add git command error directory on log (#13194)
* SECURITY
* Update to bluemonday-1.0.6 (#15294) (#15298)
* Clusterfuzz found another way (#15160) (#15169)
* API
* Fix wrong user returned in API (#15139) (#15150)
* BUGFIXES
* Add 'fonts' into 'KnownPublicEntries' (#15188) (#15317)
* Speed up `enry.IsVendor` (#15213) (#15246)
* Response 404 for diff/patch of a commit that not exist (#15221) (#15238)
* Prevent NPE in CommentMustAsDiff if no hunk header (#15199) (#15201)
* MISC
* Add size to Save function (#15264) (#15271)
* SECURITY
* Fix bug on avatar middleware (#15124) (#15125)
* Fix another clusterfuzz identified issue (#15096) (#15114)
* API
* Fix nil exeption for get pull reviews API #15104 (#15106)
* BUGFIXES
* Fix markdown rendering in milestone content (#15056) (#15092)
* SECURITY
* Update to goldmark 1.3.3 (#15059) (#15061)
* Another clusterfuzz spotted issue (#15032) (#15034)
* API
* Fix set milestone on PR creation (#14981) (#15001)
* Prevent panic when editing forked repos by API (#14960) (#14963)
* BUGFIXES
* Fix bug when upload on web (#15042) (#15055)
* Delete Labels & IssueLabels on Repo Delete too (#15039) (#15051)
* Fix postgres ID sequences broken by recreate-table (#15015) (#15029)
* Fix several render issues (#14986) (#15013)
* Make sure sibling images get a link too (#14979) (#14995)
* Fix Anchor jumping with escaped query components (#14969) (#14977)
* Fix release mail html template (#14976)
* Fix excluding more than two labels on issues list (#14962) (#14973)
* Don't mark each comment poster as OP (#14971) (#14972)
* Add "captcha" to list of reserved usernames (#14930)
* Re-enable import local paths after reversion from #13610 (#14925) (#14927)
This takes advantage of the introduction of the SYSCONFBASE variable.
Tested on NetBSD/amd64.
While there, also fix a couple substitutions in the default configuration file
(app.ini).
Bumps PKGREVISION.
It turns out this new version of Gitea does need newer frontend files after
all. A copy has been uploaded to ftp.netbsd.org as documented.
Bumps PKGREVISION.
This includes the following security fixes; in 1.13.0:
* Add Allow-/Block-List for Migrate & Mirrors
* Prevent git operations for inactive users
* Disallow urlencoded new lines in git protocol paths if there is a port
* Mitigate Security vulnerability in the git hook feature
* Disable DSA ssh keys by default
* Set TLS minimum version to 1.2
* Use argon as default password hash algorithm
In 1.13.1:
* Hide private participation in Orgs
* Fix escaping issue in diff
In 1.13.2:
* Prevent panic on fuzzer provided string
* Add secure/httpOnly attributes to the lang cookie
In 1.13.3:
* Turn default hash password algorithm back to pbkdf2 from argon2 until we find a better one
In 1.13.4:
* Fix issue popups
When started as a service, gitea logs directly to the console, in
addition to its own log files. This change redirects the standard output
to /dev/null.
Bumps PKGREVISION.
Fixes pkgsrc handling of the frontend artefacts, various files were previously
missing, leading to errors in the web interface.
Changes since 1.12.1:
## [1.12.6](https://github.com/go-gitea/gitea/releases/tag/v1.12.6) - 2020-11-11
* SECURITY
* Prevent git operations for inactive users (#13527) (#13537)
* Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13525)
* BUGFIXES
* API should only return Json (#13511) (#13564)
* Fix before and since query arguments at API (#13559) (#13560)
* Prevent panic on git blame by limiting lines to 4096 bytes at most (#13470) (#13492)
* Fix link detection in repository description with tailing '_' (#13407) (#13408)
* Remove obsolete change of email on profile page (#13341) (#13348)
* Fix permission check on get Reactions API endpoints (#13344) (#13346)
* Add migrated pulls to pull request task queue (#13331) (#13335)
* API deny wrong pull creation options (#13308) (#13327)
* Fix initial commit page & binary munching problem (#13249) (#13259)
* Fix diff parsing (#13157) (#13136) (#13139)
* Return error 404 not 500 from API if team does not exist (#13118) (#13119)
* Prohibit automatic downgrades (#13108) (#13111)
* Fix GitLab Migration Option AuthToken (#13101)
* GitLab Label Color Normalizer (#12793) (#13100)
* Log the underlying panic in runMigrateTask (#13096) (#13098)
* Fix attachments list in edit comment (#13036) (#13097)
* Fix deadlock when deleting team user (#13093)
* Fix error create comment on outdated file (#13041) (#13042)
* Fix repository create/delete event webhooks (#13008) (#13027)
* Fix internal server error on README in submodule (#13006) (#13016)
## [1.12.5](https://github.com/go-gitea/gitea/releases/tag/v1.12.5) - 2020-10-01
* BUGFIXES
* Allow U2F with default settings for gitea in subpath (#12990) (#13001)
* Prevent empty div when editing comment (#12404) (#12991)
* On mirror update also update address in DB (#12964) (#12967)
* Allow extended config on cron settings (#12939) (#12943)
* Open transaction when adding Avatar email-hash pairs to the DB (#12577) (#12940)
* Fix internal server error from ListUserOrgs API (#12910) (#12915)
* Update only the repository columns that need updating (#12900) (#12912)
* Fix panic when adding long comment (#12892) (#12894)
* Add size limit for content of comment on action ui (#12881) (#12890)
* Convert User expose ID each time (#12855) (#12883)
* Support slashes in release tags (#12864) (#12882)
* Add missing information to CreateRepo API endpoint (#12848) (#12867)
* On Migration respect old DefaultBranch (#12843) (#12858)
* Fix notifications page links (#12838) (#12853)
* Stop cloning unnecessarily on PR update (#12839) (#12852)
* Escape more things that are passed through str2html (#12622) (#12850)
* Remove double escape on labels addition in comments (#12809) (#12810)
* Fix "only mail on mention" bug (#12775) (#12789)
* Fix yet another bug with diff file names (#12771) (#12776)
* RepoInit Respect AlternateDefaultBranch (#12746) (#12751)
* Fix Avatar Resize (resize algo NearestNeighbor -> Bilinear) (#12745) (#12750)
* ENHANCEMENTS
* gitea dump: include version & Check InstallLock (#12760) (#12762)
## [1.12.4](https://github.com/go-gitea/gitea/releases/tag/v1.12.4) - 2020-09-02
* SECURITY
* Escape provider name in oauth2 provider redirect (#12648) (#12650)
* Escape Email on password reset page (#12610) (#12612)
* When reading expired sessions - expire them (#12686) (#12690)
* ENHANCEMENTS
* StaticRootPath configurable at compile time (#12371) (#12652)
* BUGFIXES
* Fix to show an issue that is related to a deleted issue (#12651) (#12692)
* Expire time acknowledged for cache (#12605) (#12611)
* Fix diff path unquoting (#12554) (#12575)
* Improve HTML escaping helper (#12562)
* models: break out of loop (#12386) (#12561)
* Default empty merger list to those with write permissions (#12535) (#12560)
* Skip SSPI authentication attempts for /api/internal (#12556) (#12559)
* Prevent NPE on commenting on lines with invalidated comments (#12549) (#12550)
* Remove hardcoded ES indexername (#12521) (#12526)
* Fix bug preventing transfer to private organization (#12497) (#12501)
* Keys should not verify revoked email addresses (#12486) (#12495)
* Do not add prefix on http/https submodule links (#12477) (#12479)
* Fix ignored login on compare (#12476) (#12478)
* Fix incorrect error logging in Stats indexer and OAuth2 (#12387) (#12422)
* Upgrade google/go-github to v32.1.0 (#12361) (#12390)
* Render emoji's of Commit message on feed-page (#12373)
* Fix handling of diff on unrelated branches when Git 2.28 used (#12370)
## [1.12.3](https://github.com/go-gitea/gitea/releases/tag/v1.12.3) - 2020-07-28
* BUGFIXES
* Don't change creation date when updating Release (#12343) (#12351)
* Show 404 page when release not found (#12328) (#12332)
* Fix emoji detection in certain cases (#12320) (#12327)
* Reduce emoji size (#12317) (#12327)
* Fix double-indirection bug in logging IDs (#12294) (#12308)
* Link to pull list page on sidebar when view pr (#12256) (#12263)
* Extend Notifications API and return pinned notifications by default (#12164) (#12232)
## [1.12.2](https://github.com/go-gitea/gitea/releases/tag/v1.12.2) - 2020-07-11
* BUGFIXES
* When deleting repository decrese user repository count in cache (#11954) (#12188)
* Return full commit message instead of summary in commits API (#12186) (#12187)
* Properly set HEAD when a repo is created with a default branch that is not named 'master' (#12135) (#12182)
* Ensure GPG Subkeys are verified (#12155) (#12168)
* Fix failing to cache last commit with key being to long (#12151) (#12161)
* Multiple small admin dashboard fixes (#12153) (#12156)
* Remove spurious logging of " Delete all repository archives" at startup (#12139) (#12148)
* Fix repository setup instructions when default branch is not named 'master' (#12122) (#12147)
* Move EventSource to SharedWorker (#12095) (#12130)
* Fix ui bug in wiki commit page (#12089) (#12125)
* Fix gitgraph branch continues after merge (#12044) (#12105)
* Set the base url when migrating from Gitlab using access token or username without password (#11852) (#12104)
* Ensure BlameReaders close at end of request (#12102) (#12103)
* Fix panic when adding review comment (#12058)
* ENHANCEMENTS
* Disable dropzone's timeout for file uploads (#12024) (#12032)
bsiegert
adam
jperkin
khorben
tnn
tm
nia
ryoon