Gitea 1.14.3

Gitea is a painless self-hosted Git service. It is similar to GitHub, Bitbucket, and GitLab. Gitea is a fork of Gogs. See the Gitea Announcement blog post to read about the justification for a fork. Purpose The goal of this project is to provide the easiest, fastest, and most painless way of setting up a self-hosted Git service. With Go, this can be done with an independent binary distribution across all platforms and architectures that Go supports. This support includes Linux, macOS, and Windows, on architectures like amd64, i386, ARM, PowerPC, and others.

Tags git go
License MITL
State stable

Recent Releases

1.14.319 Jun 2021 18:45 minor feature: SECURITY Encrypt migration credentials at rest Only check access tokens if they are likely to be tokens Add missing SameSite settings for the i_like_gitea cookie setting of SameSite on cookies . Encrypt migration credentials at rest. Only check access tokens if they are likely to be tokens. Add missing SameSite settings for the i_like_gitea cookie. setting of SameSite on cookies. API Repository object only count releases as releases EditOrg respect RepoAdminChangeTeamAccess option overly strict edit pr permissions . Repository object only count releases as releases. EditOrg respect RepoAdminChangeTeamAccess option. overly strict edit pr permissions. Run processors on whole of text Class -keyword is being incorrectly stripped off spans language switch for install page on getIDsByRepoID Set self-adjusting deadline for connection writing http path data URI scramble Merge all deleteBranch as one function and also when delete branch don't related PRs git migration: don't prompt interactively for clone credentials case change in ownernames Don't manipulate input params in email notification Remove branch URL before RefURL layout of milestone view GitHub Migration, migrate draft releases too the gitrepo when deleting the repository Upgrade xorm to v1.1.0 blame row height alignment error message when saving generated LOCAL_ROOT_URL config Backport LFS commit finder not working Stop calling WriteHeader in Write Add timeout to writing to responses Return go-get info on subdirs Restore PAM user autocreation functionality truncate utf8 string bound address/port for caddy's certmagic library Upgrade unrolled/render to v1.1.1 Queue manager FlushAll can loop rapidly - add delay Tagger can be empty, as can Commit and Author - tolerate this Set autocomplete off on branches selector Add missing error to Doctor log Move restore repo to internal router and invoke from command to avoid open the same db file or que
1.14.210 May 2021 23:25 minor feature: API Make change repo settings work on empty repos Add pull "merged" notification subject status to API . Make change repo settings work on empty repos. Add pull "merged" notification subject status to API. Ensure that ctx.Written is checked after (...) calls Use pulls in commit graph unless pulls are disabled Set GIT_DIR correctly if it is not set where repositories appear unadopted Not show ref-in-new-pop when was disabled Drop back to use IsAnInteractiveSession for SVC setting version table in dump button change on delete in simplemde area Defer closing the gitrepo until the end of the wrapped context functions some ui about draft release Only log Error on getLastCommitStatus error to let pull list still be visible Move tooltip down to allow selection of Remove File on error setting redis db path DB session cleanup several activation Delete references if repository gets deleted orphaned objects deletion Delete protected branch if repository gets removed Remove spurious set name from eventsource.sharedworker.js Not update updated uinx for git gc commit graph author link webhook timeout Resolve panic on failed interface conversion in migration v156 missing storage init If the default branch is not present do not report error on stats indexing lfs management find NPE on view commit with notes on commit graph Send size to /avatars if requested Prevent migration 156 failure if tag commit missing . Ensure that ctx.Written is checked after (...) calls. Use pulls in commit graph unless pulls are disabled. Set GIT_DIR correctly if it is not set. where repositories appear unadopted. Not show ref-in-new-pop when was disabled. Drop back to use IsAnInteractiveSession for SVC. setting version table in dump. button change on delete in simplemde area. Defer closing the gitrepo until the end of the wrapped context functions. some ui about draft release. Only log Error on getLastCommitStatus error to let pull list stil
1.14.116 Apr 2021 17:05 minor feature: SECURITY Respect approved email domain list for externally validated user registration Add reverse proxy configuration support for remote IP address detection Ensure validation occurs on clone addresses too . Respect approved email domain list for externally validated user registration. Add reverse proxy configuration support for remote IP address detection. Ensure validation occurs on clone addresses too. BREAKING double 'push tag' action feed Remove possible resource leak Handle unauthorized user events gracefully Restore Access.log following migration to Chi framework (Stops access logging of /api/internal routes) Migrate from Macaron to Chi framework Deprecate building for mips Consolidate Logos and update README header Inline manifest.json Store repository data in data path if not previously set Rename "gitea" png to "logo" Standardise logging of failed authentication attempts in internal SSH Add markdown support in organization description Improve users management through the CLI . double 'push tag' action feed. Remove possible resource leak. Handle unauthorized user events gracefully. Restore Access.log following migration to Chi framework (Stops access logging of /api/internal routes). Migrate from Macaron to Chi framework. Deprecate building for mips. Consolidate Logos and update README header. Inline manifest.json. Store repository data in data path if not previously set. Rename "gitea" png to "logo". Standardise logging of failed authentication attempts in internal SSH. Add markdown support in organization description. Improve users management through the CLI. FEATURES Create a new with reference to lines of code from file view Repository transfer has to be confirmed, if user can not create repo for new owner Allow blocking some email domains from registering an account Create a new based on reference to an comment Add support to migrate from gogs Add pager to the branches page Minimal OpenID Connect implementation Display curre
1.14.012 Apr 2021 16:25 minor feature: SECURITY Respect approved email domain list for externally validated user registration Add reverse proxy configuration support for remote IP address detection Ensure validation occurs on clone addresses too . Respect approved email domain list for externally validated user registration. Add reverse proxy configuration support for remote IP address detection. Ensure validation occurs on clone addresses too. BREAKING double 'push tag' action feed Remove possible resource leak Handle unauthorized user events gracefully Restore Access.log following migration to Chi framework (Stops access logging of /api/internal routes) Migrate from Macaron to Chi framework Deprecate building for mips Consolidate Logos and update README header Inline manifest.json Store repository data in data path if not previously set Rename "gitea" png to "logo" Standardise logging of failed authentication attempts in internal SSH Add markdown support in organization description Improve users management through the CLI . double 'push tag' action feed. Remove possible resource leak. Handle unauthorized user events gracefully. Restore Access.log following migration to Chi framework (Stops access logging of /api/internal routes). Migrate from Macaron to Chi framework. Deprecate building for mips. Consolidate Logos and update README header. Inline manifest.json. Store repository data in data path if not previously set. Rename "gitea" png to "logo". Standardise logging of failed authentication attempts in internal SSH. Add markdown support in organization description. Improve users management through the CLI. FEATURES Create a new with reference to lines of code from file view Repository transfer has to be confirmed, if user can not create repo for new owner Allow blocking some email domains from registering an account Create a new based on reference to an comment Add support to migrate from gogs Add pager to the branches page Minimal OpenID Connect implementation Display curre
1.13.708 Apr 2021 10:45 minor feature: SECURITY Update to bluemonday-1.0.6 Clusterfuzz found another way . Update to bluemonday-1.0.6. Clusterfuzz found another way. API wrong user returned in API . wrong user returned in API. Add 'fonts' into 'KnownPublicEntries' Speed up enry.IsVendor Response 404 for diff/patch of a commit that not exist Prevent NPE in CommentMustAsDiff if no hunk header . Add 'fonts' into 'KnownPublicEntries'. Speed up enry.IsVendor. Response 404 for diff/patch of a commit that not exist. Prevent NPE in CommentMustAsDiff if no hunk header. MISC Add size to Save function . Add size to Save function.
1.14.0-rc226 Mar 2021 01:45 minor feature: SECURITY on avatar middleware Another clusterfuzz identified . on avatar middleware. Another clusterfuzz identified. API Nil exeption for get pull reviews API #15104 . Nil exeption for get pull reviews API #15104. Markdown rendering in milestone content . Markdown rendering in milestone content.
1.15.0-dev21 Mar 2021 06:45 minor feature: SECURITY Popups . Popups. Race in LFS ContentStore.Put(...) a couple of with a feeds When transfering repository and database transaction failed, rollback the renames Race in local storage on pull view page if user is not loged in . Race in LFS ContentStore.Put(...). a couple of with a feeds. When transfering repository and database transaction failed, rollback the renames. Race in local storage. on pull view page if user is not loged in. DOCS How lfs data path is set . How lfs data path is set.
1.13.409 Mar 2021 14:05 minor feature: SECURITY Popups . Popups. Race in LFS ContentStore.Put(...) a couple of with a feeds When transfering repository and database transaction failed, rollback the renames Race in local storage on pull view page if user is not loged in . Race in LFS ContentStore.Put(...). a couple of with a feeds. When transfering repository and database transaction failed, rollback the renames. Race in local storage. on pull view page if user is not loged in. DOCS How lfs data path is set . How lfs data path is set.
1.13.305 Mar 2021 14:25 minor feature: BREAKING SECURITY Turn default hash password algorithm back to pbkdf2 from argon2 until we find a better one . Turn default hash password algorithm back to pbkdf2 from argon2 until we find a better one. paging of file commit logs Print useful error if SQLite is used in settings but not supported display since time round When Deleting Repository only explicitly PRs whose base is not this repository Set HCaptchaSiteKey on Link Account pages a couple of CommentAsPatch. Disable broken OAuth2 providers at startup Repo Transfer permission checks double alert in oauth2 application edit view broken spans in diffs Prevent race in PersistableChannelUniqueQueue.Has HasPreviousCommit causes recursive load of commits unnecessarily Do not assume all 40 char strings are SHA1s Allow org labels to be set with templates Accept multiple SSH keys in single LDAP SSHPublicKey attribute about ListOptions and stars/watchers pagnation GPG key deletion during account deletion . paging of file commit logs. Print useful error if SQLite is used in settings but not supported. display since time round. When Deleting Repository only explicitly PRs whose base is not this repository. Set HCaptchaSiteKey on Link Account pages. a couple of CommentAsPatch.. Disable broken OAuth2 providers at startup. Repo Transfer permission checks. double alert in oauth2 application edit view. broken spans in diffs. Prevent race in PersistableChannelUniqueQueue.Has. HasPreviousCommit causes recursive load of commits unnecessarily. Do not assume all 40 char strings are SHA1s. Allow org labels to be set with templates. Accept multiple SSH keys in single LDAP SSHPublicKey attribute. about ListOptions and stars/watchers pagnation. GPG key deletion during account deletion.
1.13.202 Feb 2021 12:05 minor feature: SECURITY Prevent panic on fuzzer provided string Add secure/httpOnly attributes to the lang cookie . Prevent panic on fuzzer provided string. Add secure/httpOnly attributes to the lang cookie. API If release publisher is deleted use ghost user . If release publisher is deleted use ghost user. Internal ssh server respect Ciphers, MACs and KeyExchanges settings Set the name Mapper in migrations wiki preview Update code.gitea.io/sdk/gitea v0.13.1 - v0.13.2 ChangeUserName: rename user files back on DB lfs preview Ensure timeout error is shown on u2f timeout Deadlock Delete affected reactions on comment deletion Use path not filepath in routers/editor Check if label template exist first migration v141 Use Request.URL.RequestURI() for fcgi Use ServerError provided by Context edit-label form init mailCommentBatch for pull request Render links for commit hashes followed by comma Send notifications for mentions in pulls,, (code-)comments avatar Ensure that schema search path is set with every connection on postgres dashboard labels filter When visit /favicon.ico but the static file is not exist return 404 but not continue to handle the route branch selector on new page Check for notExist on profile repository page . Internal ssh server respect Ciphers, MACs and KeyExchanges settings. Set the name Mapper in migrations. wiki preview. Update code.gitea.io/sdk/gitea v0.13.1 - v0.13.2. ChangeUserName: rename user files back on DB. lfs preview. Ensure timeout error is shown on u2f timeout. Deadlock Delete affected reactions on comment deletion. Use path not filepath in routers/editor. Check if label template exist first. migration v141. Use Request.URL.RequestURI() for fcgi. Use ServerError provided by Context. edit-label form init. mailCommentBatch for pull request. Render links for commit hashes followed by comma. Send notifications for mentions in pulls,, (code-)comments. avatar. Ensure that schema search path is set with ever
1.13.130 Dec 2020 13:05 minor feature: SECURITY Hide private participation in Orgs escaping in diff . Hide private participation in Orgs. escaping in diff. of link query order on markdown render Drop long repo topics during migration Ensure that search term and page are not lost on adoption page-turn storage config implementation panic in BasicAuthDecode Always wait for the cmd to finish Don't use simpleMDE editor on mobile devices for 1.13 incorrect review comment diffs Trim the branch prefrom action.GetBranch Ensure template renderer is available before storage handler Whenever the password is updated ensure that the hash algorithm is too Enforce setting HEAD in wiki to master feishu webhook caused by API changed Quote Reply button on review diff Pull Merge when tag with same name as base branch exist mermaid chart size branch/tag notifications in mirror sync crash in short link processor Update font stack to bootstrap's latest Make sure email recipients can see Reply button is not removed when deleting a code review comment When reinitialising DBConfig reset the database use flags . of link query order on markdown render. Drop long repo topics during migration. Ensure that search term and page are not lost on adoption page-turn. storage config implementation. panic in BasicAuthDecode. Always wait for the cmd to finish. Don't use simpleMDE editor on mobile devices for 1.13. incorrect review comment diffs. Trim the branch prefrom action.GetBranch. Ensure template renderer is available before storage handler. Whenever the password is updated ensure that the hash algorithm is too. Enforce setting HEAD in wiki to master. feishu webhook caused by API changed. Quote Reply button on review diff. Pull Merge when tag with same name as base branch exist. mermaid chart size. branch/tag notifications in mirror sync. crash in short link processor. Update font stack to bootstrap's latest. Make sure email recipients can see. Reply button is not removed when deleting a code
1.13.003 Dec 2020 13:45 minor feature: SECURITY Add Allow-/Block-List for Migrate Mirrors Prevent git operations for inactive users Disallow urlencoded new lines in git protocol paths if there is a port Mitigate Security vulnerability in the git hook feature Disable DSA ssh keys by default Set TLS minimum version to 1.2 Use argon as default password hash algorithm . Add Allow-/Block-List for Migrate Mirrors. Prevent git operations for inactive users. Disallow urlencoded new lines in git protocol paths if there is a port. Mitigate Security vulnerability in the git hook feature. Disable DSA ssh keys by default. Set TLS minimum version to 1.2. Use argon as default password hash algorithm. BREAKING Set RUN_MODE prod by default Don't replace underscores in auto-generated IDs in goldmark Add Primary Key to Topic and RepoTopic tables Disable password complexity check default Change PIDFile default from /var/run/gitea.pid to /run/gitea.pid Add extension Support to Attachments (allow all types for releases) Remove IE11 Support . Set RUN_MODE prod by default. Don't replace underscores in auto-generated IDs in goldmark. Add Primary Key to Topic and RepoTopic tables. Disable password complexity check default. Change PIDFile default from /var/run/gitea.pid to /run/gitea.pid. Add extension Support to Attachments (allow all types for releases). Remove IE11 Support. FEATURES Adopt repositories Check passwords against HaveIBeenPwned Gitea 2 Gitea migration Support storing Avatars in minio Allow addition of gpg keyring with multiple keys Add email notify for new release Add Access-Control-Expose-Headers UserProfile Page: Render Description Add command to recreate tables Add mermaid JS renderer Add ssh certificate support Add spent time to referenced in commit message Initial support for push options Provide option to unlink a fork Show exact tag for commit on diff view Pause, Resume, Release Reopen, Add and Remove Logging from command line templates directory Add a storage layer for
1.12.617 Nov 2020 07:05 minor feature: SECURITY Prevent git operations for inactive users Disallow urlencoded new lines in git protocol paths if there is a port . Prevent git operations for inactive users. Disallow urlencoded new lines in git protocol paths if there is a port. API should only return Json before and since query arguments at API Prevent panic on git blame by limiting lines to 4096 bytes at most link detection in repository description with tailing '_' Remove obsolete change of email on profile page permission check on get Reactions API endpoints Add migrated pulls to pull request task queue API deny wrong pull creation options initial commit page binary munching problem diff parsing Return error 404 not 500 from API if team does not exist Prohibit automatic downgrades GitLab Migration Option AuthToken GitLab Label Color Normalizer Log the underlying panic in runMigrateTask attachments list in edit comment deadlock when deleting team user error create comment on outdated file repository create/delete event webhooks internal server error on README in submodule . API should only return Json. before and since query arguments at API. Prevent panic on git blame by limiting lines to 4096 bytes at most. link detection in repository description with tailing '_'. Remove obsolete change of email on profile page. permission check on get Reactions API endpoints. Add migrated pulls to pull request task queue. API deny wrong pull creation options. initial commit page binary munching problem. diff parsing. Return error 404 not 500 from API if team does not exist. Prohibit automatic downgrades. GitLab Migration Option AuthToken. GitLab Label Color Normalizer. Log the underlying panic in runMigrateTask. attachments list in edit comment. deadlock when deleting team user. error create comment on outdated file. repository create/delete event webhooks. internal server error on README in submodule.
1.13.0-rc211 Nov 2020 17:25 minor feature: Allow U2F with default settings for gitea in subpath Prevent empty div when editing comment On mirror update also update address in DB Allow extended config on cron settings Open transaction when adding Avatar email-hash pairs to the DB internal server error from ListUserOrgs API Update only the repository columns that need updating panic when adding long comment Add size limit for content of comment on action ui Convert User expose ID each time Support slashes in release tags Add missing information to CreateRepo API endpoint On Migration respect old DefaultBranch notifications page links Stop cloning unnecessarily on PR update Escape more things that are passed through str2html Remove double escape on labels addition in comments "only mail on mention". yet another with diff file names RepoInit Respect AlternateDefaultBranch Avatar Resize (resize algo NearestNeighbor - Bilinear) . Allow U2F with default settings for gitea in subpath. Prevent empty div when editing comment. On mirror update also update address in DB. Allow extended config on cron settings. Open transaction when adding Avatar email-hash pairs to the DB. internal server error from ListUserOrgs API. Update only the repository columns that need updating. panic when adding long comment. Add size limit for content of comment on action ui. Convert User expose ID each time. Support slashes in release tags. Add missing information to CreateRepo API endpoint. On Migration respect old DefaultBranch. notifications page links. Stop cloning unnecessarily on PR update. Escape more things that are passed through str2html. Remove double escape on labels addition in comments. "only mail on mention". yet another with diff file names. RepoInit Respect AlternateDefaultBranch. Avatar Resize (resize algo NearestNeighbor - Bilinear). ENHANCEMENTS gitea dump: include version Check InstallLock . gitea dump: include version Check InstallLock.
1.14.0-dev15 Oct 2020 18:25 minor feature: Allow U2F with default settings for gitea in subpath Prevent empty div when editing comment On mirror update also update address in DB Allow extended config on cron settings Open transaction when adding Avatar email-hash pairs to the DB internal server error from ListUserOrgs API Update only the repository columns that need updating panic when adding long comment Add size limit for content of comment on action ui Convert User expose ID each time Support slashes in release tags Add missing information to CreateRepo API endpoint On Migration respect old DefaultBranch notifications page links Stop cloning unnecessarily on PR update Escape more things that are passed through str2html Remove double escape on labels addition in comments "only mail on mention". yet another with diff file names RepoInit Respect AlternateDefaultBranch Avatar Resize (resize algo NearestNeighbor - Bilinear) . Allow U2F with default settings for gitea in subpath. Prevent empty div when editing comment. On mirror update also update address in DB. Allow extended config on cron settings. Open transaction when adding Avatar email-hash pairs to the DB. internal server error from ListUserOrgs API. Update only the repository columns that need updating. panic when adding long comment. Add size limit for content of comment on action ui. Convert User expose ID each time. Support slashes in release tags. Add missing information to CreateRepo API endpoint. On Migration respect old DefaultBranch. notifications page links. Stop cloning unnecessarily on PR update. Escape more things that are passed through str2html. Remove double escape on labels addition in comments. "only mail on mention". yet another with diff file names. RepoInit Respect AlternateDefaultBranch. Avatar Resize (resize algo NearestNeighbor - Bilinear). ENHANCEMENTS gitea dump: include version Check InstallLock . gitea dump: include version Check InstallLock.
1.12.502 Oct 2020 10:45 minor feature: Allow U2F with default settings for gitea in subpath Prevent empty div when editing comment On mirror update also update address in DB Allow extended config on cron settings Open transaction when adding Avatar email-hash pairs to the DB internal server error from ListUserOrgs API Update only the repository columns that need updating panic when adding long comment Add size limit for content of comment on action ui Convert User expose ID each time Support slashes in release tags Add missing information to CreateRepo API endpoint On Migration respect old DefaultBranch notifications page links Stop cloning unnecessarily on PR update Escape more things that are passed through str2html Remove double escape on labels addition in comments "only mail on mention". yet another with diff file names RepoInit Respect AlternateDefaultBranch Avatar Resize (resize algo NearestNeighbor - Bilinear) . Allow U2F with default settings for gitea in subpath. Prevent empty div when editing comment. On mirror update also update address in DB. Allow extended config on cron settings. Open transaction when adding Avatar email-hash pairs to the DB. internal server error from ListUserOrgs API. Update only the repository columns that need updating. panic when adding long comment. Add size limit for content of comment on action ui. Convert User expose ID each time. Support slashes in release tags. Add missing information to CreateRepo API endpoint. On Migration respect old DefaultBranch. notifications page links. Stop cloning unnecessarily on PR update. Escape more things that are passed through str2html. Remove double escape on labels addition in comments. "only mail on mention". yet another with diff file names. RepoInit Respect AlternateDefaultBranch. Avatar Resize (resize algo NearestNeighbor - Bilinear). ENHANCEMENTS gitea dump: include version Check InstallLock . gitea dump: include version Check InstallLock.
1.12.404 Sep 2020 17:25 minor feature: SECURITY. Escape provider name in oauth2 provider redirect. Escape Email on password reset page. When reading expired sessions - expire them. ENHANCEMENTS. StaticRootPath configurable at compile time. . to show an that is related to a deleted. Expire time acknowledged for cache. diff path unquoting. Improve HTML escaping helper. models: break out of loop. Default empty merger list to those with write permissions. Skip SSPI authentication attempts for /api/internal. Prevent NPE on commenting on lines with invalidated comments. Remove hardcoded ES indexername. preventing transfer to private organization. Keys should not verify revoked email addresses. Do not add preon http/https submodule links. ignored login on compare. incorrect error logging in Stats indexer and OAuth2. Upgrade google/go-github to v32.1.0. Render emoji's of Commit message on feed-page. handling of diff on unrelated branches when Git 2.28 used.
1.12.329 Jul 2020 21:45 minor feature: . Don't change creation date when updating Release. Show 404 page when release not found. emoji detection in certain cases. Reduce emoji size. double-indirection in logging IDs. Link to pull list page on sidebar when view pr. Extend Notifications API and return pinned notifications by default.
1.12.213 Jul 2020 06:45 minor feature: When deleting repository decrese user repositry count in cache Gitea commits API again returns commit summaries, not full messages Properly set HEAD when a repo is created with a non-master default branch Ensure Subkeys are verified failing to cache last commit with key being to long Multiple small admin dashboard Remove spurious logging repository setup instructions when default branch is not master Move EventSource to SharedWorker ui in wiki commit page gitgraph branch continues after merge Set the base url when migrating from Gitlab using access token or username without password Ensure BlameReaders at end of request comments webhook panic backport . When deleting repository decrese user repositry count in cache. Gitea commits API again returns commit summaries, not full messages. Properly set HEAD when a repo is created with a non-master default branch. Ensure Subkeys are verified. failing to cache last commit with key being to long. Multiple small admin dashboard. Remove spurious logging. repository setup instructions when default branch is not master. Move EventSource to SharedWorker. ui in wiki commit page. gitgraph branch continues after merge. Set the base url when migrating from Gitlab using access token or username without password. Ensure BlameReaders at end of request. comments webhook panic backport. ENHANCEMENTS Disable dropzone's timeout . Disable dropzone's timeout.
1.12.123 Jun 2020 15:05 minor feature: Handle multiple merges in gitgraph.js Add serviceworker.js to KnownPublicEntries For language detection do not try to analyze big files by content . Handle multiple merges in gitgraph.js. Add serviceworker.js to KnownPublicEntries. For language detection do not try to analyze big files by content. ENHANCEMENTS scrollable header on dropdowns . scrollable header on dropdowns.
1.12.019 Jun 2020 03:25 minor feature: When using API CreateRelease set created_unix to the tag commit time. Enable ENABLE_HARD_LINE_BREAK by default for rendering markdown. sanitizer config - multiple rules. Remove check on username when using AccessToken authentication for the API. Return 404 from Contents API when items don't exist. Notification API should always return a JSON object with the current count of notifications. Remove migration support from versions earlier than 1.6.0. Use -1 to disable key algorithm type in ssh.minimum_key_sizes. Improve config logging when WrappedQueue times out. Add branch delete to API. Use markdown frontmatter to provide Table of contents, language and frontmatter rendering. Add a way to mark Conversation (code comment) resolved. Handle yaml frontmatter in markdown. Cache PullRequest Divergence. Make gitea admin auth list formatting configurable. Add Matrix webhook. Add Organization Wide Labels. Allow to set protected file patterns for files that can not be changed under no conditions. Option to set default branch at repository creation. Add request review from specific reviewers feature in pull request. Add NextCloud oauth. System-wide webhooks. Relax sanitization as per https://github.com/jch/html-pipeline. Use media links for img in post-process. Add API endpoints to manage OAuth2 Application (list/create/delete). Render READMEs in docs/.gitea or.github from root. Add feishu webhook support. Cache last commit to accelerate the repository directory page visit. Implement basic app.ini and path checks to doctor cmd. Make WorkerPools and Queues flushable. Implement "embedded" command to extract static resources. Add API endpoint for repo transfer. Make archive preing configurable with a global setting. Add Unique Queue infrastructure and move TestPullRequests to this. /PR Context Popups. Add "Update Branch" button to Pull Requests. Add require signed commit for protected branch. Mark PR reviews as stale at push and allow to dismiss stale approvals. Add API notificati
1.12.0-rc209 Jun 2020 19:05 minor feature: SECURITY missing authorization check on pull for public repos of private/limited org Use session for retrieving org teams . missing authorization check on pull for public repos of private/limited org. Use session for retrieving org teams. Return json on 500 error from API wrong milestone in webhook message Prevent (caught) panic on login commit page js error Use media links for img in post-process Ensure public repositories in private organizations are visible and admin organizations list Set correct Content-Type value for Gogs/Gitea webhooks Allow all members of private orgs to see public repos Whenever the ctx.Session is updated, release it to save it before sending the redirect Forcibly clean and destroy the session on logout /api/v1/orgs/ endpoints by changing parameter to :org from :orgname. Add tracked time to doctor webpack chunk loading with STATIC_URL_PRE Remove unnecessary parentheses in wiki/revision.tmpl to allow 1.11 to build on go1.14 . Return json on 500 error from API. wrong milestone in webhook message. Prevent (caught) panic on login. commit page js error. Use media links for img in post-process. Ensure public repositories in private organizations are visible and admin organizations list. Set correct Content-Type value for Gogs/Gitea webhooks. Allow all members of private orgs to see public repos. Whenever the ctx.Session is updated, release it to save it before sending the redirect. Forcibly clean and destroy the session on logout. /api/v1/orgs/ endpoints by changing parameter to :org from :orgname. Add tracked time to doctor. webpack chunk loading with STATIC_URL_PRE. Remove unnecessary parentheses in wiki/revision.tmpl to allow 1.11 to build on go1.14.