Gitea - v1.18.0

Security

Changelog

  • SECURITY
  • Remove ReverseProxy authentication from the API (#22219) (#22251)
  • Support Go Vulnerability Management (#21139)
  • Forbid HTML string tooltips (#20935)
  • BREAKING
  • Rework mailer settings (#18982)
  • Remove U2F support (#20141)
  • Refactor i18n to locale (#20153)
  • Enable contenthash in filename for dynamic assets (#20813)
  • FEATURES
  • Add color previews in markdown (#21474)
  • Allow package version sorting (#21453)
  • Add support for Chocolatey/NuGet v2 API (#21393)
  • Add API endpoint to get changed files of a PR (#21177)
  • Add filetree on left of diff view (#21012)
  • Support Issue forms and PR forms (#20987)
  • Add support for Vagrant packages (#20930)
  • Add support for npm unpublish (#20688)
  • Add badge capabilities to users (#20607)
  • Add issue filter for Author (#20578)
  • Add KaTeX rendering to Markdown. (#20571)
  • Add support for Pub packages (#20560)
  • Support localized README (#20508)
  • Add support mCaptcha as captcha provider (#20458)
  • Add team member invite by email (#20307)
  • Added email notification option to receive all own messages (#20179)
  • Switch Unicode Escaping to a VSCode-like system (#19990)
  • Add user/organization code search (#19977)
  • Only show relevant repositories on explore page (#19361)
  • User keypairs and HTTP signatures for ActivityPub federation using go-ap (#19133)
  • Add sitemap support (#18407)
  • Allow creation of OAuth2 applications for orgs (#18084)
  • Add system setting table with cache and also add cache supports for user setting (#18058)
  • Add pages to view watched repos and subscribed issues/PRs (#17156)
  • Support Proxy protocol (#12527)
  • Implement sync push mirror on commit (#19411)
  • API
  • Allow empty assignees on pull request edit (#22150) (#22214)
  • Make external issue tracker regexp configurable via API (#21338)
  • Add name field for org api (#21270)
  • Show teams with no members if user is admin (#21204)
  • Add latest commit's SHA to content response (#20398)
  • Add allow_rebase_update, default_delete_branch_after_merge to repository api response (#20079)
  • Add new endpoints for push mirrors management (#19841)
  • ENHANCEMENTS
  • Add setting to disable the git apply step in test patch (#22130) (#22170)
  • Multiple improvements for comment edit diff (#21990) (#22007)
  • Fix button in branch list, avoid unexpected page jump before restore branch actually done (#21562) (#21928)
  • Fix flex layout for repo list icons (#21896) (#21920)
  • Fix vertical align of committer avatar rendered by email address (#21884) (#21918)
  • Fix setting HTTP headers after write (#21833) (#21877)
  • Color and Style enhancements (#21784, #21799) (#21868)
  • Ignore line anchor links with leading zeroes (#21728) (#21776)
  • Quick fixes monaco-editor error: "vs.editor.nullLanguage" (#21734) (#21738)
  • Use CSS color-scheme instead of invert (#21616) (#21623)
  • Respect user's locale when rendering the date range in the repo activity page (#21410)
  • Change commits-table column width (#21564)
  • Refactor git command arguments and make all arguments to be safe to be used (#21535)
  • CSS color enhancements (#21534)
  • Add link to user profile in markdown mention only if user exists (#21533, #21554)
  • Add option to skip index dirs (#21501)
  • Diff file tree tweaks (#21446)
  • Localize all timestamps (#21440)
  • Add code highlighting in issue titles (#21432)
  • Use Name instead of DisplayName in LFS Lock (#21415)
  • Consolidate more CSS colors into variables (#21402)
  • Redirect to new repository owner (#21398)
  • Use ISO date format instead of hard-coded English date format for date range in repo activity page (#21396)
  • Use weighted algorithm for string matching when finding files in repo (#21370)
  • Show private data in feeds (#21369)
  • Refactor parseTreeEntries, speed up tree list (#21368)
  • Add GET and DELETE endpoints for Docker blob uploads (#21367)
  • Add nicer error handling on template compile errors (#21350)
  • Add stat to ToCommit function for speed (#21337)
  • Support instance-wide OAuth2 applications (#21335)
  • Record OAuth client type at registration (#21316)
  • Add new CSS variables --color-accent and --color-small-accent (#21305)
  • Improve error descriptions for unauthorized_client (#21292)
  • Case-insensitive "find files in repo" (#21269)
  • Consolidate more CSS rules, fix inline code on arc-green (#21260)
  • Log real ip of requests from ssh (#21216)
  • Save files in local storage as group readable (#21198)
  • Enable fluid page layout on medium size viewports (#21178)
  • File header tweaks (#21175)
  • Added missing headers on user packages page (#21172)
  • Display image digest for container packages (#21170)
  • Skip dirty check for team forms (#21154)
  • Keep path when creating a new branch (#21153)
  • Remove fomantic image module (#21145)
  • Make labels clickable in the comments section. (#21137)
  • Sort branches and tags by date descending (#21136)
  • Better repo API unit checks (#21130)
  • Improve commit status icons (#21124)
  • Limit length of repo description and repo url input fields (#21119)
  • Show .editorconfig errors in frontend (#21088)
  • Allow poster to choose reviewers (#21084)
  • Remove black labels and CSS cleanup (#21003)
  • Make e-mail sanity check more precise (#20991)
  • Use native inputs in whitespace dropdown (#20980)
  • Enhance package date display (#20928)
  • Display total blob size of a package version (#20927)
  • Show language name on hover (#20923)
  • Show instructions for all generic package files (#20917)
  • Refactor AssertExistsAndLoadBean to use generics (#20797)
  • Move the official website link at the footer of gitea (#20777)
  • Add support for full name in reverse proxy auth (#20776)
  • Remove useless JS operation for relative time tooltips (#20756)
  • Replace some icons with SVG (#20741)
  • Change commit status icons to SVG (#20736)
  • Improve single repo action for issue and pull requests (#20730)
  • Allow multiple files in generic packages (#20661)
  • Add option to create new issue from /issues page (#20650)
  • Background color of private list-items updated (#20630)
  • Added search input field to issue filter (#20623)
  • Increase default item listing size ISSUE_PAGING_NUM to 20 (#20547)
  • Modify milestone search keywords to be case insensitive again (#20513)
  • Show hint to link package to repo when viewing empty repo package list (#20504)
  • Add Tar ZSTD support (#20493)
  • Make code review checkboxes clickable (#20481)
  • Add "X-Gitea-Object-Type" header for GET /raw/ & /media/ API (#20438)
  • Display project in issue list (#20434)
  • Prepend commit message to template content when opening a new PR (#20429)
  • Replace fomantic popup module with tippy.js (#20428)
  • Allow to specify colors for text in markup (#20363)
  • Allow access to the Public Organization Member lists with minimal permissions (#20330)
  • Use default values when provided values are empty (#20318)
  • Vertical align navbar avatar at middle (#20302)
  • Delete cancel button in repo creation page (#21381)
  • Include login_name in adminCreateUser response (#20283)
  • fix: icon margin in user/settings/repos (#20281)
  • Remove blue text on migrate page (#20273)
  • Modify milestone search keywords to be case insensitive (#20266)
  • Move some files into models' sub packages (#20262)
  • Add tooltip to repo icons in explore page (#20241)
  • Remove deprecated licenses (#20222)
  • Webhook for Wiki changes (#20219)
  • Share HTML template renderers and create a watcher framework (#20218)
  • Allow enable LDAP source and disable user sync via CLI (#20206)
  • Adds a checkbox to select all issues/PRs (#20177)
  • Refactor i18n to locale (#20153)
  • Disable status checks in template if none found (#20088)
  • Allow manager logging to set SQL (#20064)
  • Add order by for assignee no sort issue (#20053)
  • Take a stab at porting existing components to Vue3 (#20044)
  • Add doctor command to write commit-graphs (#20007)
  • Add support for authentication based on reverse proxy email (#19949)
  • Enable spellcheck for EasyMDE, use contenteditable mode (#19776)
  • Allow specifying SECRET_KEY_URI, similar to INTERNAL_TOKEN_URI (#19663)
  • Rework mailer settings (#18982)
  • Add option to purge users (#18064)
  • Add author search input (#21246)
  • Make rss/atom identifier globally unique (#21550)
  • BUGFIXES
  • Auth interface return error when verify failure (#22119) (#22259)
  • Use complete SHA to create and query commit status (#22244) (#22257)
  • Update bleve and zapx to fix unaligned atomic (#22031) (#22218)
  • Prevent panic in doctor command when running default checks (#21791) (#21807)
  • Load GitRepo in API before deleting issue (#21720) (#21796)
  • Ignore line anchor links with leading zeroes (#21728) (#21776)
  • Set last login when activating account (#21731) (#21755)
  • Fix UI language switching bug (#21597) (#21749)
  • Quick fixes monaco-editor error: "vs.editor.nullLanguage" (#21734) (#21738)
  • Allow local package identifiers for PyPI packages (#21690) (#21727)
  • Deal with markdown template without metadata (#21639) (#21654)
  • Fix opaque background on mermaid diagrams (#21642) (#21652)
  • Fix repository adoption on Windows (#21646) (#21650)
  • Sync git hooks when config file path changed (#21619) (#21626)
  • Fix 500 on PR files API (#21602) (#21607)
  • Fix Timestamp.IsZero (#21593) (#21603)
  • Fix viewing user subscriptions (#21482)
  • Fix mermaid-related bugs (#21431)
  • Fix branch dropdown shifting on page load (#21428)
  • Fix default theme-auto selector when nologin (#21346)
  • Fix and improve incorrect error messages (#21342)
  • Fix formatted link for PR review notifications to matrix (#21319)
  • Center-aligning content of WebAuthN page (#21127)
  • Remove follow from commits by file (#20765)
  • Fix commit status popup (#20737)
  • Fix init mail render logic (#20704)
  • Use correct page size for link header pagination (#20546)
  • Preserve unix socket file (#20499)
  • Use tippy.js for context popup (#20393)
  • Add missing parameter for error in log message (#20144)
  • Do not allow organisation owners add themselves as collaborator (#20043)
  • Rework file highlight rendering and fix yaml copy-paste (#19967)
  • Improve code diff highlight, fix incorrect rendered diff result (#19958)
  • TESTING
  • Improve OAuth integration tests (#21390)
  • Add playwright tests (#20123)
  • BUILD
  • Switch to building with go1.19 (#20695)
  • Update JS dependencies, adjust eslint (#20659)
  • Add more linters to improve code readability (#19989)

Thanks to our Contributors

@42wim, @6543, @a1012112796, @aceArt-GmbH, @ajgon, @akshaymankar, @algernon, @andrewimeson, @appleboy, @arkamar, @balanceofcowards, @balki, @bianjp, @BlenderDefender, @BLumia, @catdevnull, @cboylan, @chrullrich, @CLanguagePurist, @clarfonthey, @CodeDoctorDE, @danog, @delvh, @dependabot, @dhruvmanila, @eeyrjmr, @eleith, @Enrico204, @f0086, @fantashley, @fitithw, @frankli0324, @gabriel-vasile, @Gusted, @harryzcy, @HeySora, @hickford, @jackv24, @JakobDev, @jedi7, @joecarl, @johanvdw, @jolheiser, @jpokan, @jpraet, @Juneezee, @justusbunsi, @kdumontnu, @KiaraGrouwstra, @kimbj95, @KN4CK3R, @kolaente, @lafriks, @lhsazevedo, @lukeawyatt, @lunny, @luzpaz, @MaeIsBad, @mhlakhani, @mohsek, @nagos, @neel1996, @neonn, @noerw, @oliverpool, @parnic, @pboguslawski, @petergardfjall, @plsnp, @qwerty287, @Racer159, @RainboWu, @RaymondKroon, @realaravinth, @renbaoshuo, @ridnlee, @Ryuno-Ki, @sebastian-sauer, @sergemedvid, @s-hamann, @silverwind, @soulseekah, @soumyadey, @SteveTheEngineer, @Ta180m, @techknowlogick, @tyroneyeh, @viceice, @willnorris, @wolfogre, @wxiaoguang, @xin-u, @xpy865934, @yardenshoham, @zenofile, @zeripath


Security

Security wording was detected, but no CVEs were found.

Details

date
Dec. 29, 2022, 7:52 p.m.
name
v1.18.0
type
Minor
👇
Register or login to:
  • 🔍View and search all Gitea releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or