Changelog

• BREAKING
• Require go1.18 for Gitea 1.17 (#19918)
• Make AppDataPath absolute against the AppWorkPath if it is not (#19815)
• Nuke the incorrect permission report on /api/v1/notifications (#19761)
• Refactor git module, make Gitea use internal git config (#19732)
• Remove RequireHighlightJS field, update plantuml example. (#19615)
• Increase minimal required git version to 2.0 (#19577)
• Add a directory prefix gitea-src-VERSION to release-tar-file (#19396)
• Use "main" as default branch name (#19354)
• Make cron task no notice on success (#19221)
• Add pam account authorization check (#19040)
• Show messages for users if the ROOT_URL is wrong, show JavaScript errors (#18971)
• Refactor mirror code & fix StartToMirror (#18904)
• Remove deprecated SSH ciphers from default (#18697)
• Add the possibility to allow the user to have a favicon which differs from the main logo (#18542)
• Update reserved usernames list (#18438)
• Support custom ACME provider (#18340)
• Change initial TrustModel to committer (#18335)
• Update HTTP status codes (#18063)
• Upgrade Alpine from 3.13 to 3.15 (#18050)
• Restrict email address validation (#17688)
• Refactor Router Logger (#17308)
• SECURITY
• Use git.HOME_PATH for Git HOME directory (#20114) (#20293)
• Add write check for creating Commit Statuses (#20332) (#20333)
• Remove deprecated SSH ciphers from default (#18697)
• FEDERATION
• Return statistic information for nodeinfo (#19561)
• Add Webfinger endpoint (#19462)
• Store the foreign ID of issues during migration (#18446)
• FEATURES
• Automatically render wiki TOC (#19873)
• Adding button to link accounts from user settings (#19792)
• Allow set default merge style while creating repo (#19751)
• Auto merge pull requests when all checks succeeded (#9307 & #19648)
• Improve reviewing PR UX (#19612)
• Add support for rendering console output with colors (#19497)
• Add Helm Chart registry (#19406)
• Add Goroutine stack inspector to admin/monitor (#19207)
• RSS/Atom support for Orgs & Repos (#17714 & #19055)
• Add button for issue deletion (#19032)
• Allow to mark files in a PR as viewed (#19007)
• Add Index to comment for migrations and mirroring (#18806)
• Add health check endpoint (#18465)
• Add packagist webhook (#18224)
• Add "Allow edits from maintainer" feature (#18002)
• Add apply-patch, basic revert and cherry-pick functionality (#17902)
• Add Package Registry (#16510)
• Add LDAP group sync to Teams (#16299)
• Pause queues (#15928)
• Added auto-save whitespace behavior if it changed manually (#15566)
• Find files in repo (#15028)
• Provide configuration to allow camo-media proxying (#12802)
• API
• Add endpoint to serve blob or LFS file content (#19689)
• Add endpoint to check if team has repo access (#19540)
• More commit info (#19252)
• Allow to create file on empty repo (#19224)
• Allow removing issues (#18879)
• Add endpoint to query collaborators permission for a repository (#18761)
• Return primary language and repository language stats API URL (#18396)
• Implement http signatures support for the API (#17565)
• ENHANCEMENTS
• Make notification bell more prominent on mobile (#20108, #20236, #20251) (#20269)
• Adjust max-widths for the repository file table (#20243) (#20247)
• Display full name (#20171) (#20246)
• Add dbconsistency checks for Stopwatches (#20010)
• Add fetch.writeCommitGraph to gitconfig (#20006)
• Add fgprof pprof profiler (#20005)
• Move agit dependency (#19998)
• Empty log queue on flush and close (#19994)
• Remove tab/TabName usage where it's not needed (#19973)
• Improve file header on mobile (#19945)
• Move issues related files into models/issues (#19931)
• Add breaking email restrictions checker in doctor (#19903)
• Improve UX on modal for deleting an access token (#19894)
• Add alt text to logo (#19892)
• Move some code into models/git (#19879)
• Remove customized (unmaintained) dropdown, improve aria a11y for dropdown (#19861)
• Make user profile image show full image on mobile (#19840)
• Replace blue button and label classes with primary (#19763)
• Remove fomantic progress module (#19760)
• Allows repo search to match against "owner/repo" pattern strings (#19754)
• Move org functions (#19753)
• Move almost all functions' parameter db.Engine to context.Context (#19748)
• Show source/target branches on PR's list (#19747)
• Use http.StatusTemporaryRedirect(307) when serve avatar directly (#19739)
• Add doctor orphan check for orphaned pull requests without an existing base repo (#19731)
• Make Ctrl+Enter (quick submit) work for issue comment and wiki editor (#19729)
• Update go-chi/cache to utilize Ping() (#19719)
• Improve commit list/view on mobile (#19712)
• Move some repository related code into sub package (#19711)
• Use a better OlderThan for DeleteInactiveUsers (#19693)
• Introduce eslint-plugin-jquery (#19690)
• Tidy up <head> template (#19678)
• Calculate filename hash only once (#19654)
• Simplify IsVendor (#19626)
• Add "Reference" section to Issue view sidebar (#19609)
• Only set CanColorStdout / CanColorStderr to true if the stdout/stderr is a terminal (#19581)
• Use for a repo action one database transaction (#19576)
• Simplify loops to copy (#19569)
• Added X-Mailer header to outgoing emails (#19562)
• use middleware to open gitRepo (#19559)
• Mute link in diff header (#19556)
• Improve UI on mobile (#19546)
• Fix Pull Request comment filename word breaks (#19535)
• Permalink files In PR diff (#19534)
• PullService lock via pullID (#19520)
• Make repository file list useable on mobile (#19515)
• more context for models (#19511)
• Refactor readme file renderer (#19502)
• By default force vertical tabs on mobile (#19486)
• Github style following followers (#19482)
• Improve action table indices (#19472)
• Use horizontal tabs for repo header on mobile (#19468)
• pass gitRepo down since its used for main repo and wiki (#19461)
• Admin should not delete himself (#19423)
• Use queue instead of memory queue in webhook send service (#19390)
• Simplify the code to get issue count (#19380)
• Add commit status popup to issuelist (#19375)
• Add RSS Feed buttons to Repo, User and Org pages (#19370)
• Add logic to switch between source/rendered on Markdown (#19356)
• Move some helper files out of models (#19355)
• Move access and repo permission to models/perm/access (#19350)
• Disallow selecting the text of buttons (#19330)
• Allow custom redirect for landing page (#19324)
• Remove dependent on session auth for api/v1 routers (#19321)
• Never use /api/v1 from Gitea UI Pages (#19318)
• Remove legacy unmaintained packages, refactor to support change default locale (#19308)
• Move milestone to models/issues/ (#19278)
• Configure OpenSSH log level via Environment in Docker (#19274)
• Move reaction to models/issues/ (#19264)
• Make git.OpenRepository accept Context (#19260)
• Move some issue methods as functions (#19255)
• Show last cron messages on monitor page (#19223)
• New cron task: delete old system notices (#19219)
• Add Redis Sentinel Authentication Support (#19213)
• Add auto logging of goroutine pid label (#19212)
• Set OpenGraph title to DisplayName in profile pages (#19206)
• Add pprof labels in processes and for lifecycles (#19202)
• Let web and API routes have different auth methods group (#19168)
• Move init repository related functions to modules (#19159)
• Feeds: render markdown to html (#19058)
• Allow users to self-request a PR review (#19030)
• Allow render HTML with css/js external links (#19017)
• Fix script compatiable with OpenWrt (#19000)
• Support ignore all santize for external renderer (#18984)
• Add note to GPG key response if user has no keys (#18961)
• Improve Stopwatch behavior (#18930)
• Improve mirror iterator (#18928)
• Uncapitalize errors (#18915)
• Prevent Stats Indexer reporting error if repo dir missing (#18870)
• Refactor SecToTime() function (#18863)
• Replace deprecated String.prototype.substr() with String.prototype.slice() (#18796)
• Move deletebeans into models/db (#18781)
• Fix display time of milestones (#18753)
• Add config option to disable "Update branch by rebase" (#18745)
• Display template path of current page in dev mode (#18717)
• Add number in queue status to monitor page (#18712)
• Change git.cmd to RunWithContext (#18693)
• Refactor i18n, use Locale to provide i18n/translation related functions (#18648)
• Delete old git.NewCommand() and use it as git.NewCommandContext() (#18552)
• Move organization related structs into sub package (#18518)
• Warn at startup if the provided SCRIPT_TYPE is not on the PATH (#18467)
• Use CryptoRandomBytes instead of CryptoRandomString (#18439)
• Use explicit jQuery import, remove unused eslint globals (#18435)
• Allow to filter repositories by language in explore, user and organization repositories lists (#18430)
• Use base32 for 2FA scratch token (#18384)
• Unexport var git.GlobalCommandArgs (#18376)
• Don't underline commit status icon on hover (#18372)
• Always use git command but not os.Command (#18363)
• Switch to non-deprecation setting (#18358)
• Set the LastModified header for raw files (#18356)
• Refactor jwt.StandardClaims to RegisteredClaims (#18344)
• Enable deprecation error for v1.17.0 (#18341)
• Refactor httplib (#18338)
• Limit max-height of CodeMirror editors for issue comment and wiki (#18271)
• Validate migration files (#18203)
• Format with gofumpt (#18184)
• Allow custom default merge message with .gitea/default_merge_message/_TEMPLATE.md (#18177)
• Prettify number of issues (#17760)
• Add a "admin user generate-access-token" subcommand (#17722)
• Custom regexp external issues (#17624)
• Add smtp password to install page (#17564)
• Add config options to hide issue events (#17414)
• Prevent double click new issue/pull/comment button (#16157)
• Show issue assignee on project board (#15232)
• BUGFIXES
• WebAuthn CredentialID field needs to be increased in size (#20530) (#20555)
• Ensure that all unmerged files are merged when conflict checking (#20528) (#20536)
• Stop logging EOFs and exit(1)s in ssh handler (#20476) (#20529)
• Add labels to two buttons that were missing them (#20419) (#20524)
• Fix ROOT_URL detection for URLs without trailing slash (#20502) (#20503)
• Dismiss prior pull reviews if done via web in review dismiss (#20197) (#20407)
• Allow RSA 2047 bit keys (#20272) (#20396)
• Add missing return for when topic isn't found (#20351) (#20395)
• Fix commit status icon when in subdirectory (#20285) (#20385)
• Initialize cron last (#20373) (#20384)
• Set target on create release with existing tag (#20381) (#20382)
• Update xorm.io/xorm to fix a interpreting db column sizes issue on 32bit systems (#20371) (#20372)
• Make sure repo_dir is an empty directory or doesn't exist before 'dump-repo' (#20205) (#20370)
• Prevent context deadline error propagation in GetCommitsInfo (#20346) (#20361)
• Correctly handle draft releases without a tag (#20314) (#20335)
• Prevent "empty" scrollbars on Firefox (#20294) (#20308)
• Refactor SSH init code, fix directory creation for TrustedUserCAKeys file (#20299) (#20306)
• Bump goldmark to v1.4.13 (#20300) (#20301)
• Do not create empty ".ssh" directory when loading config (#20289) (#20298)
• Fix NPE when using non-numeric (#20277) (#20278)
• Store read access in access for team repositories (#20275) (#20276)
• EscapeFilter the group dn membership (#20200) (#20254)
• Only show Followers that current user can access (#20220) (#20252)
• Update Bluemonday to v1.0.19 (#20199) (#20209)
• Refix indices on actions table (#20158) (#20198)
• Check if project has the same repository id with issue when assign project to issue (#20133) (#20188)
• Fix remove file on initial comment (#20127) (#20128)
• Catch the error before the response is processed by goth (#20000) (#20102)
• Dashboard feed respect setting.UI.FeedPagingNum again (#20094) (#20099)
• Alter hook_task TEXT fields to LONGTEXT (#20038) (#20041)
• Respond with a 401 on git push when password isn't changed yet (#20026) (#20027)
• Return 404 when tag is broken (#20017) (#20024)
• Alter hook_task TEXT fields to LONGTEXT (#20038) (#20041)
• Respond with a 401 on git push when password isn't changed yet (#20026) (#20027)
• Return 404 when tag is broken (#20017) (#20024)
• Write Commit-Graphs in RepositoryDumper (#20004)
• Use DisplayName() instead of FullName in Oauth Provider (#19991)
• Don't buffer doctor logger (#19982)
• Always try to fetch repo for mirrors (#19975)
• Uppercase first languages letters (#19965)
• Fix cli command restore-repo: "units" should be parsed as StringSlice (#19953)
• Ensure minimum mirror interval is reported on settings page (#19895)
• Exclude Archived repos from Dashboard Milestones (#19882)
• gitconfig: set safe.directory = * (#19870)
• Prevent NPE on update mirror settings (#19864)
• Only return valid stopwatches to the EventSource (#19863)
• Prevent NPE whilst migrating if there is a team request review (#19855)
• Fix inconsistency in doctor output (#19836)
• Fix release tag for webhook (#19830)
• Add title attribute to dependencies in sidebar (#19807)
• Estimate Action Count in Statistics (#19775)
• Do not update user stars numbers unless fix is specified (#19750)
• Improved ref comment link when origin is body/title (#19741)
• Fix nodeinfo caching and prevent NPE if cache non-existent (#19721)
• Fix duplicate entry error when add team member (#19702)
• Fix sending empty notifications (#19589)
• Update image URL for Discord webhook (#19536)
• Don't let repo clone URL overflow (#19517)
• Allow commit status popup on /pulls page (#19507)
• Fix two UI bugs: JS error in imagediff.js, 500 error in diff/compare.tmpl (#19494)
• Fix logging of Transfer API (#19456)
• Fix panic in teams API when requesting members (#19360)
• Refactor CSRF protection modules, make sure CSRF tokens can be up-to-date. (#19337)
• An attempt to sync a non-mirror repo must give 400 (Bad Request) (#19300)
• Move checks for pulls before merge into own function (#19271)
• Fix contrib/upgrade.sh (#19222)
• Set the default branch for repositories generated from templates (#19136)
• Fix EasyMDE error when input Enter (#19004)
• Don't clean up hardcoded tmp (#18983)
• Delete related notifications on issue deletion too (#18953)
• Fix trace log to show value instead of pointers (#18926)
• Fix behavior or checkbox submission. (#18851)
• Add ContextUser (#18798)
• Fix some mirror bugs (#18649)
• Quote MAKE to prevent path expansion with space error (#18622)
• Preserve users if restoring a repository on the same Gitea instance (#18604)
• Fix non-ASCII search on database (#18437)
• Automatically pause queue if index service is unavailable (#15066)
• TESTING
• Allow postgres integration tests to run over unix pipe (#19875)
• Prevent intermittent NPE in queue tests (#19301)
• Add test for importing pull requests in gitea uploader for migrations (#18752)
• Remove redundant comparison in repo dump/restore (#18660)
• More repo dump/restore tests, including pull requests (#18621)
• Add test coverage for original author conversion during migrations (#18506)
• TRANSLATION
• Update issue_no_dependencies description (#19112)
• Refactor webhooks i18n (#18380)
• BUILD
• Use alpine 3.16 (#19797)
• Require node 14.0 (#19451)
• DOCS
• Update documents (git/fomantic/db, etc) (#19868)
• Update the ROOT documentation and error messages (#19832)
• Update document to use FHS /usr/local/bin/gitea instead of /app/... for Docker (#19794)
• Update documentation to disable duration settings with -1 instead of 0 (#19647)
• Add warning to set SENDMAIL_ARGS to -- (#19102)
• Update nginx reverse proxy docs (#18922)
• Add example to render html files (#18736)
• Make SSH passtrough documentation better (#18687)
• Changelog 1.16.0 & 1.15.11 (#18468 & #18455) (#18470)
• Update the SSH passthrough documentation (#18366)
• Add contrib/upgrade.sh (#18286)
• MISC
• Fix aria for logo (#19955)
• In code search, get code unit accessible repos in one (main) query (#19764)
• Add tooltip to pending PR comments (#19662)
• Improve sync performance for pull-mirrors (#19125)
• Improve dashboard's repo list performance (#18963)
• Avoid database lookups for DescriptionHTML (#18924)
• Remove CodeMirror dependencies (#18911)
• Disable unnecessary mirroring elements (#18527)
• Disable unnecessary OpenID/OAuth2 elements (#18491)
• Disable unnecessary GitHooks elements (#18485)
• Change some logging levels (#18421)
• Prevent showing webauthn error for every time visiting /user/settings/security (#18385)
• Use correct translation key for errors (#18342)

Thanks to our Contributors

@21h, @3l0w, @42wim, @6543, @99rgosse, @ADawesomeguy, @AHOHNMYC, @AbdulrhmnGhanem, @CommanderRoot, @Eekle, @Gusted, @IT-AlexKor, @KN4CK3R, @LecrisUT, @Mai-Lapyst, @MrGussio, @POPSuL, @Ryuno-Ki, @SteveTheEngineer, @TitaniumHocker, @a1012112796, @appleboy, @braoult, @catdevnull, @certik, @confusedsushi, @delvh, @eeyrjmr, @eladyn, @flozzone, @fnetX, @galibozek, @guoyk93, @harryzcy, @hoitih, @istiak101, @jackHay22, @je-s, @jedi7, @jklippel, @johanvdw, @jolheiser, @jonatan5524, @jpraet, @jsievenpiper, @junjieyuan, @kdumontnu, @kevinburke, @kolaente, @ktprograms, @lafriks, @lunny, @martinscholz83, @meichthys, @mohsek, @mokeyish, @mscherer, @neonn, @noerw, @oGi4i, @parnic, @pboguslawski, @petergardfjall, @pilou-, @qwerty287, @realaravinth, @rogerluo410, @rtpt-alexanderneumann, @sashamelentyev, @schorsch13, @sexybiggetje, @silentcodeg, @silverwind, @singuliere, @strk, @svenseeberg, @techknowlogick, @toddy15, @ttys3, @tyroneyeh, @viceice, @wxiaoguang, @xkcdstickfigure, @xoxys, @yutotnh, @zeripath, @zuzuviewer