forgejo/release-notes-published/7.0.8.md

This is a security release. See the documentation for more information on the [upgrade procedure](https://forgejo.org/docs/v7.0/admin/upgrade/).

- Security bug fixes
  [The scope of application tokens was not verified](https://codeberg.org/forgejo/forgejo/pulls/5149) when writing containers or Conan packages. This is of no consequence when the user associated with the application token does not have write access to packages. If the user has write access to packages, such a token can be used to write containers and Conan packages. An application token that was used to write containers or Conan packages without the `package:write` scope will now fail with an unauthorized error. It must be re-created to include the `package:write` scope.


<!--start release-notes-assistant-->

<!--URL:https://codeberg.org/forgejo/forgejo-->
- User Interface bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5029) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5033)): <!--number 5033 --><!--line 0 --><!--description W1BPUlRdIEZpeCBvdmVyZmxvdyBmb3IgaW1hZ2VzIG9uIHByb2plY3QgY2FyZHMgKGdpdGVhIzMxNjgzKQ==-->Overflow for images on project cards.<!--description-->
- Bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5149) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5150)): <!--number 5150 --><!--line 0 --><!--description VGhlIHNjb3BlIG9mIGFwcGxpY2F0aW9uIHRva2VucyBpcyBub3QgdmVyaWZpZWQgd2hlbiB3cml0aW5nIGNvbnRhaW5lcnMgb3IgQ29uYW4gcGFja2FnZXMuIFRoaXMgaXMgb2Ygbm8gY29uc2VxdWVuY2Ugd2hlbiB0aGUgdXNlciBhc3NvY2lhdGVkIHdpdGggdGhlIGFwcGxpY2F0aW9uIHRva2VuIGRvZXMgbm90IGhhdmUgd3JpdGUgYWNjZXNzIHRvIHBhY2thZ2VzLiBJZiB0aGUgdXNlciBoYXMgd3JpdGUgYWNjZXNzIHRvIHBhY2thZ2VzLCBzdWNoIGEgdG9rZW4gY2FuIGJlIHVzZWQgdG8gd3JpdGUgY29udGFpbmVycyBhbmQgQ29uYW4gcGFja2FnZXMu-->The scope of application tokens is not verified when writing containers or Conan packages.<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4885) ([backported](https://codeberg.org/forgejo/forgejo/pulls/4950)): <!--number 4950 --><!--line 0 --><!--description Zml4OiBSdW4gZnVsbCBQUiBjaGVja3Mgb24gYWdpdCBwdXNo-->Run full PR checks on AGit push.<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3264) ([backported](https://codeberg.org/forgejo/forgejo/pulls/4999)): <!--number 4999 --><!--line 4 --><!--description LSBmaXg6IFtjb21taXRdKGh0dHBzOi8vY29kZWJlcmcub3JnL2Zvcmdlam8vZm9yZ2Vqby9jb21taXQvMzY0OTIyYzZlNGYyODI2NGFkZDllMjUwMWEzNTJjMjVhZDZhMDk5Mykgd2hlbiBhIHJlcG9zaXRvcnkgaXMgYWRvcHRlZCwgaXRzIG9iamVjdCBmb3JtYXQgaXMgbm90IHNldCBpbiB0aGUgZGF0YWJhc2Uu-->- [commit](https://codeberg.org/forgejo/forgejo/commit/364922c6e4f28264add9e2501a352c25ad6a0993) When a repository is adopted, its object format is not set in the database.<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3264) ([backported](https://codeberg.org/forgejo/forgejo/pulls/4999)): <!--number 4999 --><!--line 5 --><!--description LSBmaXg6IFtjb21taXRdKGh0dHBzOi8vY29kZWJlcmcub3JnL2Zvcmdlam8vZm9yZ2Vqby9jb21taXQvZTdmMzMyYTU1ZDZhNDhhM2YzYjRmMmJmYTQzZDE4NDU1YWMwMGFjYykgZHVyaW5nIGEgbWlncmF0aW9uIGZyb20gYml0YnVja2V0LCBMRlMgZG93bmxvYWRzIGZhaWwu-->- [commit](https://codeberg.org/forgejo/forgejo/commit/e7f332a55d6a48a3f3b4f2bfa43d18455ac00acc) During a migration from bitbucket, LFS downloads fail.<!--description-->
- Localization
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4889) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5138)): <!--number 5138 --><!--line 0 --><!--description QmFja3BvcnRzIG9mICM0ODg5IGFuZCAjNDk4NCB0byB2Nw==-->Backports of #4889 and #4984 to v7<!--description-->
chore(release-notes): keep release notes in release-notes-published As of Forgejo 8.0.1 the release notes were only available in the description of the corresponding milestone which is problematic for: - searching - safekeeping The release-notes-published directory is created to remedy those problems: - a copy of all those release notes from the milestones descriptions is added. - a reference is added to the RELEASE-NOTES.md file which will no longer be used. - a symbolic link to the RELEASE-NOTES.md is added for completeness. - the release process will be updated to populate release-notes-published. The RELEASE-NOTES.md file is kept where it is because it is referenced by a number of URLs. The release-notes directory would have been a better name but it is already used for in flight release notes waiting for the next release. Renaming this directory or changing it is rather involved. 2024-12-05 19:33:52 +03:00			`This is a security release. See the documentation for more information on the [upgrade procedure](https://forgejo.org/docs/v7.0/admin/upgrade/).`

			`- Security bug fixes`
			[The scope of application tokens was not verified](https://codeberg.org/forgejo/forgejo/pulls/5149) when writing containers or Conan packages. This is of no consequence when the user associated with the application token does not have write access to packages. If the user has write access to packages, such a token can be used to write containers and Conan packages. An application token that was used to write containers or Conan packages without the `package:write` scope will now fail with an unauthorized error. It must be re-created to include the `package:write` scope.


			`<!--start release-notes-assistant-->`

			`<!--URL:https://codeberg.org/forgejo/forgejo-->`
			`- User Interface bug fixes`
			`- [PR](https://codeberg.org/forgejo/forgejo/pulls/5029) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5033)): <!--number 5033 --><!--line 0 --><!--description W1BPUlRdIEZpeCBvdmVyZmxvdyBmb3IgaW1hZ2VzIG9uIHByb2plY3QgY2FyZHMgKGdpdGVhIzMxNjgzKQ==-->Overflow for images on project cards.<!--description-->`
			`- Bug fixes`
			- [PR](https://codeberg.org/forgejo/forgejo/pulls/5149) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5150)): <!--number 5150 --><!--line 0 --><!--description VGhlIHNjb3BlIG9mIGFwcGxpY2F0aW9uIHRva2VucyBpcyBub3QgdmVyaWZpZWQgd2hlbiB3cml0aW5nIGNvbnRhaW5lcnMgb3IgQ29uYW4gcGFja2FnZXMuIFRoaXMgaXMgb2Ygbm8gY29uc2VxdWVuY2Ugd2hlbiB0aGUgdXNlciBhc3NvY2lhdGVkIHdpdGggdGhlIGFwcGxpY2F0aW9uIHRva2VuIGRvZXMgbm90IGhhdmUgd3JpdGUgYWNjZXNzIHRvIHBhY2thZ2VzLiBJZiB0aGUgdXNlciBoYXMgd3JpdGUgYWNjZXNzIHRvIHBhY2thZ2VzLCBzdWNoIGEgdG9rZW4gY2FuIGJlIHVzZWQgdG8gd3JpdGUgY29udGFpbmVycyBhbmQgQ29uYW4gcGFja2FnZXMu-->The scope of application tokens is not verified when writing containers or Conan packages.<!--description-->
			`- [PR](https://codeberg.org/forgejo/forgejo/pulls/4885) ([backported](https://codeberg.org/forgejo/forgejo/pulls/4950)): <!--number 4950 --><!--line 0 --><!--description Zml4OiBSdW4gZnVsbCBQUiBjaGVja3Mgb24gYWdpdCBwdXNo-->Run full PR checks on AGit push.<!--description-->`
			- [PR](https://codeberg.org/forgejo/forgejo/pulls/3264) ([backported](https://codeberg.org/forgejo/forgejo/pulls/4999)): <!--number 4999 --><!--line 4 --><!--description LSBmaXg6IFtjb21taXRdKGh0dHBzOi8vY29kZWJlcmcub3JnL2Zvcmdlam8vZm9yZ2Vqby9jb21taXQvMzY0OTIyYzZlNGYyODI2NGFkZDllMjUwMWEzNTJjMjVhZDZhMDk5Mykgd2hlbiBhIHJlcG9zaXRvcnkgaXMgYWRvcHRlZCwgaXRzIG9iamVjdCBmb3JtYXQgaXMgbm90IHNldCBpbiB0aGUgZGF0YWJhc2Uu-->- [commit](https://codeberg.org/forgejo/forgejo/commit/364922c6e4f28264add9e2501a352c25ad6a0993) When a repository is adopted, its object format is not set in the database.<!--description-->
			- [PR](https://codeberg.org/forgejo/forgejo/pulls/3264) ([backported](https://codeberg.org/forgejo/forgejo/pulls/4999)): <!--number 4999 --><!--line 5 --><!--description LSBmaXg6IFtjb21taXRdKGh0dHBzOi8vY29kZWJlcmcub3JnL2Zvcmdlam8vZm9yZ2Vqby9jb21taXQvZTdmMzMyYTU1ZDZhNDhhM2YzYjRmMmJmYTQzZDE4NDU1YWMwMGFjYykgZHVyaW5nIGEgbWlncmF0aW9uIGZyb20gYml0YnVja2V0LCBMRlMgZG93bmxvYWRzIGZhaWwu-->- [commit](https://codeberg.org/forgejo/forgejo/commit/e7f332a55d6a48a3f3b4f2bfa43d18455ac00acc) During a migration from bitbucket, LFS downloads fail.<!--description-->
			`- Localization`
			`- [PR](https://codeberg.org/forgejo/forgejo/pulls/4889) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5138)): <!--number 5138 --><!--line 0 --><!--description QmFja3BvcnRzIG9mICM0ODg5IGFuZCAjNDk4NCB0byB2Nw==-->Backports of #4889 and #4984 to v7<!--description-->`