mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-27 06:03:51 +03:00
25 lines
6.9 KiB
Markdown
25 lines
6.9 KiB
Markdown
|
This is a security release. See the documentation for more information on the [upgrade procedure](https://forgejo.org/docs/v8.0/admin/upgrade/).
|
||
|
|
||
|
- Security
|
||
|
[The scope of application tokens was not verified](https://codeberg.org/forgejo/forgejo/pulls/5149) when writing containers or Conan packages. This is of no consequence when the user associated with the application token does not have write access to packages. If the user has write access to packages, such a token can be used to write containers and Conan packages. An application token that was used to write containers or Conan packages without the `package:write` scope will now fail with an unauthorized error. It must be re-created to include the `package:write` scope.
|
||
|
|
||
|
<!--start release-notes-assistant-->
|
||
|
|
||
|
<!--URL:https://codeberg.org/forgejo/forgejo-->
|
||
|
- User Interface bug fixes
|
||
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5029) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5032)): <!--number 5032 --><!--line 0 --><!--description W1BPUlRdIEZpeCBvdmVyZmxvdyBmb3IgaW1hZ2VzIG9uIHByb2plY3QgY2FyZHMgKGdpdGVhIzMxNjgzKQ==-->Overflow for images on project cards.<!--description-->
|
||
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/4798) ([backported](https://codeberg.org/forgejo/forgejo/pulls/4919)): <!--number 4919 --><!--line 0 --><!--description Zml4KHVpKTogYWxsb3cgdW5yZWFjdGluZyBmcm9tIGNvbW1lbnQgcG9wb3Zlcg==-->Allow unreacting from comment popover.<!--description-->
|
||
|
- Bug fixes
|
||
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5149) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5151)): <!--number 5151 --><!--line 0 --><!--description VGhlIHNjb3BlIG9mIGFwcGxpY2F0aW9uIHRva2VucyBpcyBub3QgdmVyaWZpZWQgd2hlbiB3cml0aW5nIGNvbnRhaW5lcnMgb3IgQ29uYW4gcGFja2FnZXMuIFRoaXMgaXMgb2Ygbm8gY29uc2VxdWVuY2Ugd2hlbiB0aGUgdXNlciBhc3NvY2lhdGVkIHdpdGggdGhlIGFwcGxpY2F0aW9uIHRva2VuIGRvZXMgbm90IGhhdmUgd3JpdGUgYWNjZXNzIHRvIHBhY2thZ2VzLiBJZiB0aGUgdXNlciBoYXMgd3JpdGUgYWNjZXNzIHRvIHBhY2thZ2VzLCBzdWNoIGEgdG9rZW4gY2FuIGJlIHVzZWQgdG8gd3JpdGUgY29udGFpbmVycyBhbmQgQ29uYW4gcGFja2FnZXMu-->The scope of application tokens is not verified when writing containers or Conan packages.<!--description-->
|
||
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5065) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5080)): <!--number 5080 --><!--line 0 --><!--description d2hlbiBhIEZvcmdlam8gQWN0aW9ucyB3b3JrZmxvdyBpbmNsdWRlcyBhIGB3b3JrZmxvd19kaXNwYXRjaGAgd2l0aCBgaW5wdXRzYCBhbmQgb3RoZXIgZXZlbnRzIChmb3IgaW5zdGFuY2UgYHB1c2hgKSwgaXQgaXMgc2lsZW50bHkgaWdub3JlZCBiZWNhdXNlIG9mIGEgcGFyc2luZyBlcnJvci4=-->When a Forgejo Actions workflow includes a `workflow_dispatch` with `inputs` and other events (for instance `push`), it is silently ignored because of a parsing error.<!--description-->
|
||
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5053): <!--number 5053 --><!--line 0 --><!--description W1BPUlRdIEZpeCBhdXRvbWVyZ2Ugb24gQUdpdCBQUnMgKGdpdGVhIzMxODgxKQ==-->Automerge on AGit pull requests is ignored.<!--description-->
|
||
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/4998) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5050)): <!--number 5050 --><!--line 0 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC83ZjFkYjFkZjNlZThkNjIwZjk5N2I4ZTcwYTQwYzJmNDhhZTk2YzBmKSBTaG93IGxvY2sgb3duZXIgaW5zdGVhZCBvZiByZXBvIG93bmVyIG9uIExGUyBzZXR0aW5nIHBhZ2Uu-->[commit](https://codeberg.org/forgejo/forgejo/commit/7f1db1df3ee8d620f997b8e70a40c2f48ae96c0f) Show lock owner instead of repo owner on LFS setting page.<!--description-->
|
||
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/4998) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5050)): <!--number 5050 --><!--line 1 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC9lYmZkYzY1OWQ4MTQ1NjFmODc4MzA5NGUyZWIyNjczOGE1NTAwZTU1KSBSZW5kZXIgcGxhaW4gdGV4dCBmaWxlIGlmIHRoZSBMRlMgb2JqZWN0IGRvZXNuJ3QgZXhpc3Qu-->[commit](https://codeberg.org/forgejo/forgejo/commit/ebfdc659d814561f8783094e2eb26738a5500e55) Render plain text file if the LFS object doesn't exist.<!--description-->
|
||
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/4998) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5050)): <!--number 5050 --><!--line 2 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC85ZTA2NmMzY2FkN2JiMWIzMGUyZGVmMzRiZDA2MDhhYWM4MjVjZjU4KSBGaXggcGFuaWMgb2Ygc3NoIHB1YmxpYyBrZXkgcGFnZSBhZnRlciBkZWxldGlvbiBvZiBhdXRoIHNvdXJjZS4=-->[commit](https://codeberg.org/forgejo/forgejo/commit/9e066c3cad7bb1b30e2def34bd0608aac825cf58) Panic of ssh public key page after deletion of an auth source.<!--description-->
|
||
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/4998) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5050)): <!--number 5050 --><!--line 3 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC9hOGUyNWU5MDdjNjYxNDA5NjFmMjhiYTkyNDAzMTc2YzgxNmRmYjYwKSBBZGQgbWlzc2luZyByZXBvc2l0b3J5IHR5cGUgZmlsdGVyIHBhcmFtZXRlcnMgdG8gcGFnZXIu-->[commit](https://codeberg.org/forgejo/forgejo/commit/a8e25e907c66140961f28ba92403176c816dfb60) Add missing repository type filter parameters to pager.<!--description-->
|
||
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/4907) ([backported](https://codeberg.org/forgejo/forgejo/pulls/4965)): <!--number 4965 --><!--line 0 --><!--description UmV2ZXJ0ZWQgYSBjaGFuZ2UgZnJvbSBHaXRlYSB3aGljaCBwcmV2ZW50ZWQgYWxsb3cvcmVqZWN0IHJldmlld3Mgb24gbWVyZ2VkIG9yIGNsb3NlZCBQUnMuIFRoaXMgY2hhbmdlIHdhcyBub3QgY29uc2lkZXJlZCBieSB0aGUgRm9yZ2VqbyBVSSB0ZWFtIGFuZCB0aGVyZSBpcyBhIGNvbnNlbnN1cyB0aGF0IGl0IGZlZWxzIGxpa2UgYSByZWdyZXNzaW9uLCBzaW5jZSBpdCBpbnRlcmZlcmVzIHdpdGggd29ya2Zsb3dzIGtub3duIHRvIGJlIHVzZWQgYnkgRm9yZ2VqbyB1c2VycyB3aXRob3V0IHByb3ZpZGluZyBhIHRhbmdpYmxlIGJlbmVmaXQu-->Reverted a change from Gitea which prevented allow/reject reviews on merged or closed PRs. This change was not considered by the Forgejo UI team and there is a consensus that it feels like a regression, since it interferes with workflows known to be used by Forgejo users without providing a tangible benefit.<!--description-->
|
||
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/4885) ([backported](https://codeberg.org/forgejo/forgejo/pulls/4951)): <!--number 4951 --><!--line 0 --><!--description Zml4OiBSdW4gZnVsbCBQUiBjaGVja3Mgb24gYWdpdCBwdXNo-->Run full PR checks on AGit push.<!--description-->
|
||
|
- Localization
|
||
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/4984) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5116)): <!--number 5116 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
|
||
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/4889) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5114)): <!--number 5114 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
|