zeripath
Thu Feb 3, 2022 by zeripath
We are proud to present the release of Gitea version 1.16.1, (and 1.16.0)
We have merged 19 pull requests to release version 1.16.1 and 617 to release version 1.16.0.
You can download one of our pre-built binaries from our downloads page - make sure to select the correct platform! For further details on how to install, follow our installation guide.
We would also like to thank all of our supporters on Open Collective who are helping to sustain us financially.
Have you heard? We now have a swag shop! 👕 🍵
Now on to the changes!
For security reasons, the webhook should only send requests to allowed hosts.
This PR introduced ALLOWED_HOST_LIST
with default value of external meaning that Webhooks by default can only call external hosts for security reasons.
Although ALLOWED_HOST_LIST
was backported to 1.15 the default value is different between 1.15 and 1.16 and is more strict. If you need to allow Webhooks to call local network hosts you must explicitly allow those IPs/Hosts.
We no longer store the vendored directory within git. Users building directly from git checkouts should run make vendor
on pulls or when changing branches.
We have reduced the number of releases shown on the releases page from 30 to 10 and add paging.
Users may change the default value by setting
[repository.release]
DEFAULT_PAGING_NUM=10
Too many docker users are caught out by the default location for the
app.ini file being environment dependent so that when they docker exec
into the container the gitea commands do not work properly and require
additional -c
arguments to correctly pick up the configuration.
This PR simply shadows the gitea binary using variants of the FHS compatible script to make the command gitea have the default locations by default.
Although this PR should be non-breaking for most configurations and
should make things simpler for docker users in general, there was a
slightly unforeseen issue in that SSH passthrough configurations that
rely on the path of the gitea binary being /app/gitea/gitea
will
need to update this to /usr/local/bin/gitea
(likely including moving
their host shim from /app/gitea/gitea
to /usr/local/bin/gitea
)
Users should use /usr/local/bin/gitea
in preference to
/app/gitea/gitea
when executing on the docker as this will
automatically set the correct paths and environment for them.
U2F support has been deprecated by major browsers and therefore we’ve had to migrate to WebAuthn. We’ve attempted to create a backwards compatible migration however, the website relying party ID used for webauthentication is not the same as that used by U2F.
In order to support old u2f keys previously registered Gitea will use the app_id extension and will send the contents of [U2F] APP_ID as this app_id. This will need to match your original u2f configuration.
agit workflow is a new feature of new Git version. ref: https://git-repo.info/en/2020/03/agit-flow-and-git-repo/
Thanks to @a1012112796
Adds another download type for repositories bundle.
Thanks to @jolheiser
Suport corporate WeChat webhooks.
Thanks to @lengyuqu
Add RSS/Atom feed support for user actions.
Thanks to @6543
Support to migrate issues/comments/pull requests and etc. from OneDev, GitBucket and CodeBase.
Thanks to @KN4CK3R
Support unprotected file patterns in a protected branch.
Thanks to @jpraet
Users commonly want to be able to use their AzureAD or MicrosoftOnline accounts with Gitea.
Thanks to @zeripath
Add proxy supports which should be applied to every request to external http/https URL.
Thanks to @lunny
The change history of an issue or comment could be review now.
Thanks to @wxiaoguang
Thanks to @techknowlogick
Thanks to @silverwind
Detection of vendored, generated and language detection using .gitattributes is now supported on the blame, diff and render pages.
Thanks to @zeripath
Large diffs (more than MAX_GIT_DIFF_LINES
long) are suppressed by default in Gitea. This PR now adds a load button to allow
these to be loaded and rendered. Similarly for incomplete diffs.
Thanks to @zeripath
One of the biggest reasons for slow repository browsing is that we used to wait until the last commit information was generated for all files in the repository.
This PR means that Gitea now defers this generation to a new POST endpoint that does the look up outside of the main page request.
Thanks to @zeripath
This feature needs git 2.34+ and openssh 8.1+. You can sign/verify your commits with your SSH keys.
Thanks to @42wim
Now team permission setting allow different unit has different permission.
Thanks to @lunny
Since major web browser will drop support to U2F, so we now support webauthn instead of U2F.
Thanks to @e3b0c442, @lunny, @zeripath
Thanks to @nitul1991, @qwerty287, @romdum
GetUserTeams
(#18499) (#18531)ImagedProvider
for gplus oauth2 provider (#18504) (#18505)PULL_LIMIT
and PUSH_LIMIT
to cron.update_mirror task (#17568)rebase
(#16125)/email2user
endpoint (#18127)
elements to underline on hover (#17898)bind
error more readable (#17750)*PushUpdateOptions
as receiver (#17724)user
paramater (#17723)data-path
once for each file in diff pages (#17657)> .content
(#17582)extendDefaultPlugins
method of svgo (#17399)index.js
(#17386)index.js
to separate files (#17315)index.js
to components
dir, and remove unused codes. (#17301)models
to models.avatars
, remove duplicated code (#17123)AbsoluteListOptions
(#17028)list.List
with slices (#16311)/user/settings/security
(#18386) (#17859)
- Make Co-committed-by and co-authored-by trailers optional (#17848)
- Fix value of User.IsRestricted when oauth2 user registration (#17839)
- Use new OneDev /milestones endpoint (#17782)
- Prevent deadlock in TestPersistableChannelQueue (#17717)
- Simplify code for writing SHA to name-rev (#17696)
- Fix database deadlock when update issue labels (#17649)
- Add warning for BIDI characters in page renders and in diffs (#17562)
- Fix ipv6 parsing for builtin ssh server (#17561)
- Multiple Escaping Improvements (#17551)
- Fixes #16559 - Do not trim leading spaces for tab delimited (#17442)
- Show client-side error if wiki page is empty (#17415)
- Fix context popup error (#17398)
- Stop sanitizing full name in API (#17396)
- Fix issue close/comment buttons on mobile (#17317)
- Fix navbar UI (#17235)
- Fix problem when database id is not increment as expected (#17229)
- Open the DingTalk link in browser (#17084)
- Remove heads pointing to missing old refs (#17076)
- Fix commit status index problem (#17061)
- Handle broken references in mirror sync (#17013)
- Fix for create repo page layout (#17012)
- Improve LDAP synchronization efficiency (#16994)
- Add repo_id for attachment (#16958)
- Clean-up HookPreReceive and restore functionality for pushing non-standard refs (#16705)
- Remove duplicate csv import in modules/csv/csv.go (#16631)
- Improve SMTP authentication and Fix user creation bugs (#16612)
- Fixed emoji alias not parsed in links (#16221)
- Calculate label URL on API (#16186)
- TRANSLATION
- BUILD
- MISC
- Update JS dependencies (#17611)
Thanks
This release would not have been possible without the pull requests from the following people:
- @42wim
- @6543
- @99rgosse
- @ABNER-1
- @BLumia
- @Dexus
- @DuckDuckWhale
- @Exagone313
- @Garionion
- @Gusted
- @Hakermann420
- @Jonher937
- @Juneezee
- @KN4CK3R
- @MrGussio
- @PotatoesFall
- @Tchoupinax
- @Theta-Dev
- @Tiscs
- @a1012112796
- @aaribaud
- @amenzhinsky
- @anbraten
- @arkamar
- @axifive
- @bagasme
- @capvor
- @clarfonthey
- @coolaj86
- @crapStone
- @delvh
- @dependabot[bot]
- @dvejmz
- @eeyrjmr
- @finga
- @fnetX
- @gwymor
- @ibigbug
- @ijaureguialzo
- @jolheiser
- @jpraet
- @justusbunsi
- @kdomanski
- @kolaente
- @kvaster
- @larshp
- @lengyuqu
- @lunny
- @mashirozx
- @maweil
- @michaelgrigoryan25
- @mscherer
- @n194
- @nitul1991
- @noerw
- @odahoda
- @pboguslawski
- @petergardfjall
- @prasadkatti
- @pricly-yellow
- @qwerty287
- @realaravinth
- @richmahn
- @rinsuki
- @rjnienaber
- @rmsc
- @romdum
- @saitho
- @sebastian-sauer
- @silverwind
- @singuliere
- @stanthetiger
- @tech-meppem
- @techknowlogick
- @thetechnick
- @typeless
- @velengel
- @wxiaoguang
- @yarg-kane
- @zeripath
- @zpericic
Gitea_1.15.11_is_released
zeripath
Gitea 1.15.11 is released
Sun Jan 30, 2022
by
zeripath
We are proud to present the release of Gitea version 1.15.11.
We highly encourage users to update to this version for some important bug-fixes and a security upgrade to the MermaidJS library.
We have merged 8 pull requests to release this version.
You can download one of our pre-built binaries from our downloads page - make sure to select the correct platform! For further details on how to install, follow our installation guide.
We would also like to thank all of our supporters on Open Collective who are helping to sustain us financially.
Have you heard? We now have a swag shop! 👕 🍵
Changelog
1.15.11 - 2022-01-29
- SECURITY
- Only view milestones from current repo (#18414) (#18418)
- BUGFIXES
- Fix broken when no commits and default branch is not master (#18422) (#18424)
- Fix commit’s time (#18375) (#18409)
- Fix restore without topic failure (#18387) (#18401)
- Fix mermaid import in 1.15 (it uses ESModule now) (#18382)
- Update to go/text 0.3.7 (#18336)
- MISC
- Upgrade EasyMDE to 2.16.1 (#18278) (#18279)
Gitea_1.15.10_is_released
zeripath
Gitea 1.15.10 is released
Fri Jan 14, 2022
by
zeripath
We are proud to present the release of Gitea version 1.15.10.
We highly encourage users to update to this version for some important bug-fixes and a security upgrade to the MermaidJS library.
We have merged 8 pull requests to release this version.
You can download one of our pre-built binaries from our downloads page - make sure to select the correct platform! For further details on how to install, follow our installation guide.
We would also like to thank all of our supporters on Open Collective who are helping to sustain us financially.
Have you heard? We now have a swag shop! 👕 🍵
Changelog
1.15.10 - 2022-01-14
- BUGFIXES
- Fix inconsistent PR comment counts (#18260) (#18261)
- Fix release link broken (#18252) (#18253)
- Fix update user from site administration page bug (#18250) (#18251)
- Set HeadCommit when creating tags (#18116) (#18173)
- Use correct translation key for error messages due to max repo limits (#18135 & #18153) (#18152)
- Fix purple color in suggested label colors (#18241) (#18242)
- SECURITY
- Bump mermaid from 8.10.1 to 8.13.8 (#18198) (#18206)
Gitea_1.15.9_is_released
6543
Gitea 1.15.9 is released
Sun Jan 2, 2022
by
6543
We are proud to present the release of Gitea version 1.15.9.
We highly encourage users to update to this version for some important bug-fixes.
We have merged 15 pull requests to release this version.
You can download one of our pre-built binaries from our downloads page - make sure to select the correct platform! For further details on how to install, follow our installation guide.
We would also like to thank all of our supporters on Open Collective who are helping to sustain us financially.
Have you heard? We now have a swag shop! 👕 🍵
Changelog
1.15.9 - 2022-01-02
- BUGFIXES
- Fix wrong redirect on org labels (#18128) (#18134)
- Fix: unstable sort skips/duplicates issues across pages (#18094) (#18095)
- Revert “Fix delete u2f keys bug (#18042)” (#18107)
- Migrating wiki don’t require token, so we should move it out of the require form (#17645) (#18104)
- Prevent NPE if gitea uploader fails to open url (#18080) (#18101)
- Reset locale on login (#17734) (#18100)
- Correctly handle failed migrations (#17575) (#18099)
- Instead of using routerCtx just escape the url before routing (#18086) (#18098)
- Quote references to the user table in consistency checks (#18072) (#18073)
- Add NotFound handler (#18062) (#18067)
- Ensure that git repository is closed before transfer (#18049) (#18057)
- Use common sessioner for API and web routes (#18114)
- TRANSLATION
- Fix code search result hint on zh-CN (#18053)
Gitea_1.15.8_is_released
lunny
Gitea 1.15.8 is released
Wed Dec 22, 2021
by
lunny
We are proud to present the release of Gitea version 1.15.8.
We highly encourage users to update to this version for some important bug-fixes.
We have merged 16 pull requests to release this version.
❗ We remind users that a bug was discovered with gitea dump
in 1.14.3–1.14.6 and 1.15.0. Database dumps from these versions cause
broken fields in the repo_unit
and login_source
tables causing the issue identified in #16961.
Users on 1.14.x must upgrade to 1.14.7 before running gitea dump
. If this is not possible and you are affected #17137
provides a new gitea doctor
command to fix the repo_unit
issue:
gitea doctor --fix --run fix-broken-repo-units
You can download one of our pre-built binaries from our downloads page - make sure to select the correct platform! For further details on how to install, follow our installation guide.
We would also like to thank all of our supporters on Open Collective who are helping to sustain us financially.
Have you heard? We now have a swag shop! 👕 🍵
Changelog
1.15.8 - 2021-12-20
- BUGFIXES
- Move POST /{username}/action/{action} to simply POST /{username} (#18045) (#18046)
- Fix delete u2f keys bug (#18040) (#18042)
- Reset Session ID on login (#18018) (#18041)
- Prevent off-by-one error on comments on newly appended lines (#18029) (#18035)
- Stop printing 03d after escaped characters in logs (#18030) (#18034)
- Reset locale on login (#18023) (#18025)
- Fix reset password email template (#17025) (#18022)
- Fix outType on gitea dump (#18000) (#18016)
- Ensure complexity, minlength and isPwned are checked on password setting (#18005) (#18015)
- Fix rename notification bug (#18011)
- Prevent double decoding of % in url params (#17997) (#18001)
- Prevent hang in git cat-file if the repository is not a valid repository (Partial #17991) (#17992)
- Prevent deadlock in create issue (#17970) (#17982)
- TESTING
Gitea_1.15.7_is_released
lunny
Gitea 1.15.7 is released
Fri Dec 3, 2021
by
lunny
We are proud to present the release of Gitea version 1.15.7.
We highly encourage users to update to this version for some important bug-fixes.
We have merged 28 pull requests to release this version.
❗ We remind users that a bug was discovered with gitea dump
in 1.14.3–1.14.6 and 1.15.0. Database dumps from these versions cause
broken fields in the repo_unit
and login_source
tables causing the issue identified in #16961.
Users on 1.14.x must upgrade to 1.14.7 before running gitea dump
. If this is not possible and you are affected #17137
provides a new gitea doctor
command to fix the repo_unit
issue:
gitea doctor --fix --run fix-broken-repo-units
You can download one of our pre-built binaries from our downloads page - make sure to select the correct platform! For further details on how to install, follow our installation guide.
We would also like to thank all of our supporters on Open Collective who are helping to sustain us financially.
Have you heard? We now have a swag shop! 👕 🍵
Changelog
1.15.7 - 2021-12-03
- ENHANCEMENTS
- BUGFIXES
- Fix database inconsistent when admin change user email (#17549) (#17840)
- Use correct user on releases (#17806) (#17818)
- Fix commit count in tag view (#17698) (#17790)
- Fix close issue but time watcher still running (#17643) (#17761)
- Fix Migrate Description (#17692) (#17727)
- Fix bug when project board get open issue number (#17703) (#17726)
- Return 400 but not 500 when request archive with wrong format (#17691) (#17700)
- Fix bug when read mysql database max lifetime (#17682) (#17690)
- Fix database deadlock when update issue labels (#17649) (#17665)
- Fix bug on detect issue/comment writer (#17592)
- Remove appSubUrl from pasted images (#17572) (#17588)
- Make
ParsePatch
more robust (#17573) (#17580)
- Fix stats upon searching issues (#17566) (#17578)
- Escape issue titles in comments list (#17555) (#17556)
- Fix zero created time bug on commit api (#17546) (#17547)
- Fix database keyword quote problem on migration v161 (#17522) (#17523)
- Fix email with + when active (#17518) (#17520)
- Stop double encoding blame commit messages (#17498) (#17500)
- Quote the table name in CountOrphanedObjects (#17487) (#17488)
- Run Migrate in Install rather than just SyncTables (#17475) (#17486)
- BUILD
- Fix golangci-lint warnings (#17598 et al) (#17668)
- MISC
Gitea_1.15.6_is_released
zeripath
Gitea 1.15.6 is released
Thu Oct 28, 2021
by
zeripath
We are proud to present the release of Gitea version 1.15.6.
We highly encourage users to update to this version for some important bug-fixes.
We have merged 9 pull requests to release this version.
❗ We remind users that a bug was discovered with gitea dump
in 1.14.3–1.14.6 and 1.15.0. Database dumps from these versions cause
broken fields in the repo_unit
and login_source
tables causing the issue identified in #16961.
Users on 1.14.x must upgrade to 1.14.7 before running gitea dump
. If this is not possible and you are affected #17137
provides a new gitea doctor
command to fix the repo_unit
issue:
gitea doctor --fix --run fix-broken-repo-units
A command to provide an automatic fix for problems with the login_source
table does not appear definitely possible and if you are affected please contact the maintainers.
You can download one of our pre-built binaries from our downloads page - make sure to select the correct platform! For further details on how to install, follow our installation guide.
We would also like to thank all of our supporters on Open Collective who are helping to sustain us financially.
Have you heard? We now have a swag shop! 👕 🍵
Changelog
1.15.6 - 2021-10-28
- BUGFIXES
- Prevent panic in serv.go with Deploy Keys (#17434) (#17435)
- Fix CSV render error (#17406) (#17431)
- Read expected buffer size (#17409) (#17430)
- Ensure that restricted users can access repos for which they are members (#17460) (#17464)
- Make commit-statuses popup show correctly (#17447) (#17466)
- TESTING
- Add integration tests for private.NoServCommand and private.ServCommand (#17456) (#17463)
Gitea_1.15.5_is_released
zeripath
Gitea 1.15.5 is released
Thu Oct 21, 2021
by
zeripath
We are proud to present the release of Gitea version 1.15.5.
We highly encourage users to update to this version for some important bug-fixes and some security fixes.
We have merged 14 pull requests to release this version.
❗ We remind users that a bug was discovered with gitea dump
in 1.14.3–1.14.6 and 1.15.0. Database dumps from these versions cause
broken fields in the repo_unit
and login_source
tables causing the issue identified in #16961.
Users on 1.14.x must upgrade to 1.14.7 before running gitea dump
. If this is not possible and you are affected #17137
provides a new gitea doctor
command to fix the repo_unit
issue:
gitea doctor --fix --run fix-broken-repo-units
A command to provide an automatic fix for problems with the login_source
table does not appear definitely possible and if you are affected please contact the maintainers.
You can download one of our pre-built binaries from our downloads page - make sure to select the correct platform! For further details on how to install, follow our installation guide.
We would also like to thank all of our supporters on Open Collective who are helping to sustain us financially.
Have you heard? We now have a swag shop! 👕 🍵
Changelog
1.15.5 - 2021-10-21
- SECURITY
- Upgrade Bluemonday to v1.0.16 (#17372) (#17374)
- Ensure correct SSH permissions check for private and restricted users (#17370) (#17373)
- BUGFIXES
- Prevent NPE in CSV diff rendering when column removed (#17018) (#17377)
- Offer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH (#17281) (#17376)
- Don’t panic if we fail to parse U2FRegistration data (#17304) (#17371)
- Ensure popup text is aligned left (backport for 1.15) (#17343)
- Ensure that git daemon export ok is created for mirrors (#17243) (#17306)
- Disable core.protectNTFS (#17300) (#17302)
- Use pointer for wrappedConn methods (#17295) (#17296)
- AutoRegistration is supposed to be working with disabled registration (backport) (#17292)
- Handle duplicate keys on GPG key ring (#17242) (#17284)
- Fix SVG side by side comparison link (#17375) (#17391)
Gitea_1.15.4_is_released
jolheiser
Gitea 1.15.4 is released
Fri Oct 8, 2021
by
jolheiser
We are proud to present the release of Gitea version 1.15.4.
We highly encourage users to update to this version for some important bug-fixes.
We have merged 20 pull requests to release this version.
❗ We remind users that a bug was discovered with gitea dump
in 1.14.3–1.14.6 and 1.15.0. Database dumps from these versions cause
broken fields in the repo_unit
and login_source
tables causing the issue identified in #16961.
Users on 1.14.x must upgrade to 1.14.7 before running gitea dump
. If this is not possible and you are affected #17137
provides a new gitea doctor
command to fix the repo_unit
issue:
gitea doctor --fix --run fix-broken-repo-units
A command to provide an automatic fix for problems with the login_source
table does not appear definitely possible and if you are affected please contact the maintainers.
You can download one of our pre-built binaries from our downloads page - make sure to select the correct platform! For further details on how to install, follow our installation guide.
We would also like to thank all of our supporters on Open Collective who are helping to sustain us financially.
Have you heard? We now have a swag shop! 👕 🍵
Changelog
1.15.4 - 2021-10-08
- BUGFIXES
- Raw file API: don’t try to interpret 40char filenames as commit SHA (#17185) (#17272)
- Don’t allow merged PRs to be reopened (#17192) (#17271)
- Fix incorrect repository count on organization tab of dashboard (#17256) (#17266)
- Fix unwanted team review request deletion (#17257) (#17264)
- Fix broken Activities link in team dashboard (#17255) (#17258)
- API pull’s head/base have correct permission(#17214) (#17245)
- Fix stange behavior of DownloadPullDiffOrPatch in incorect index (#17223) (#17227)
- Upgrade xorm to v1.2.5 (#17177) (#17188)
- Fix missing repo link in issue/pull assigned emails (#17183) (#17184)
- Fix bug of get context user (#17169) (#17172)
- Nicely handle missing user in collaborations (#17049) (#17166)
- Add Horizontal scrollbar to inner menu on Chrome (#17086) (#17164)
- Fix wrong i18n keys (#17150) (#17153)
- Fix Archive Creation: correct transaction ending (#17151)
- Prevent panic in Org mode HighlightCodeBlock (#17140) (#17141)
- Create doctor command to fix repo_units broken by dumps from 1.14.3-1.14.6 (#17136) (#17137)
- ENHANCEMENT
- TRANSLATION
- v1.15 fix Sprintf format ‘verbs’ in locale files (#17187)
Tea_0.8.0_is_released
norwin
Tea 0.8.0 is released
Thu Sep 23, 2021
by
norwin
We are proud to present the release of tea
version 0.8.0,
a CLI tool that allows you to work with pull requests, issues and more in your terminal.
You can download prebuilt binaries from dl.gitea.io/tea,
for more options look at the README.md.
This release mostly contains bugfixes and changes to consolidate flag names between commands, but also ships a major new feature:
Interaction with Notifications
-
Notifications can now be listed with more fine-grained selection filters than what Gitea’s web UI provides.
Want to get all notifications about updated PRs in this repo? Easy!
tea notifications --repo gitea/tea --types commit
Need an overview over all pinned notifications across repos?
tea notifications --mine --states pinned
Get back on that notification you accidentally marked as read?
tea notifications --states=read
-
Additionally, there are now actions to mark notifications as (un)read & to (un)pin them.
Want to mark all notifications in a single repo as read? Easy!
tea notifications read --repo gitea/tea
Changelog
v0.8.0 - 2021-09-22
- BREAKING
- FEATURES
- BUGFIXES
- Don’t skip reading the local repo when
--repo
specifies a repo slug (#398)
- Fix adding login without token on private instances (#392)
- Correctly match login by ssh host with port (#391)
- Fix printing issue deadline (#388)
- Return useful error on wrong sshkey path (#374)
- Fix parsing of
--description
for issue/pr create (#371)
- Add missing flags (#369)
- Check negative limit command parameter (#358) (#359)
- Add missing flags to org & labels subcommands (#357)
- ENHANCEMENTS
- Don’t require a body for comment PR reviews (#399)
- Accept more main branch names for login detection (#396)
- Make local repo optional for
tea pr create
(#393)
- Notifications Add State Field (#384)
- Improve error messages (#370)
- Add tab completion for fish shell (#364)
- Text editor selection: follow unix defacto standards (#356)
- BUILD
- Enable release builds for darwin/arm64 (#360)
- MISC
- Update Dependencies (#390)
Have you heard? We now have a swag shop! 👕 🍵