mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-27 14:13:52 +03:00
8dbd2da593
As of Forgejo 8.0.1 the release notes were only available in the description of the corresponding milestone which is problematic for: - searching - safekeeping The release-notes-published directory is created to remedy those problems: - a copy of all those release notes from the milestones descriptions is added. - a reference is added to the RELEASE-NOTES.md file which will no longer be used. - a symbolic link to the RELEASE-NOTES.md is added for completeness. - the release process will be updated to populate release-notes-published. The RELEASE-NOTES.md file is kept where it is because it is referenced by a number of URLs. The release-notes directory would have been a better name but it is already used for in flight release notes waiting for the next release. Renaming this directory or changing it is rather involved.
33 lines
9.9 KiB
Markdown
33 lines
9.9 KiB
Markdown
<!--start release-notes-assistant-->
|
|
|
|
## Release notes
|
|
<!--URL:https://codeberg.org/forgejo/forgejo-->
|
|
- Security bug fixes
|
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5719) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5724)): <!--number 5724 --><!--line 0 --><!--description Rm9yZ2VqbyBnZW5lcmF0ZXMgYSB0b2tlbiB3aGljaCBpcyB1c2VkIHRvIGF1dGhlbnRpY2F0ZSB3ZWIgZW5kcG9pbnRzIHRoYXQgYXJlIG9ubHkgbWVhbnQgdG8gYmUgdXNlZCBpbnRlcm5hbGx5LCBmb3IgaW5zdGFuY2Ugd2hlbiB0aGUgU1NIIGRhZW1vbiBpcyB1c2VkIHRvIHB1c2ggYSBjb21taXQgd2l0aCBHaXQuIFRoZSB2ZXJpZmljYXRpb24gb2YgdGhpcyB0b2tlbiB3YXMgbm90IGRvbmUgaW4gY29uc3RhbnQgdGltZSBhbmQgd2FzIHN1c2NlcHRpYmxlIHRvIFt0aW1pbmcgYXR0YWNrc10oaHR0cHM6Ly9lbi53aWtpcGVkaWEub3JnL3dpa2kvVGltaW5nX2F0dGFjaykuIEEgcHJlLWNvbmRpdGlvbiBmb3Igc3VjaCBhbiBhdHRhY2sgaXMgdGhlIHByZWNpc2UgbWVhc3VyZW1lbnRzIG9mIHRoZSB0aW1lIGZvciBlYWNoIG9wZXJhdGlvbi4gU2luY2UgaXQgcmVxdWlyZXMgb2JzZXJ2aW5nIHRoZSB0aW1pbmcgb2YgbmV0d29yayBvcGVyYXRpb25zLCB0aGUgaXNzdWUgaXMgbWl0aWdhdGVkIHdoZW4gYSBGb3JnZWpvIGluc3RhbmNlIGlzIGFjY2Vzc2VkIG92ZXIgdGhlIGludGVybmV0IGJlY2F1c2UgdGhlIElTUCBpbnRyb2R1Y2UgdW5wcmVkaWN0YWJsZSByYW5kb20gZGVsYXlzLg==-->Forgejo generates a token which is used to authenticate web endpoints that are only meant to be used internally, for instance when the SSH daemon is used to push a commit with Git. The verification of this token was not done in constant time and was susceptible to [timing attacks](https://en.wikipedia.org/wiki/Timing_attack). A pre-condition for such an attack is the precise measurements of the time for each operation. Since it requires observing the timing of network operations, the issue is mitigated when a Forgejo instance is accessed over the internet because the ISP introduce unpredictable random delays.<!--description-->
|
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5718) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5721)): <!--number 5721 --><!--line 0 --><!--description QmVjYXVzZSBvZiBhIG1pc3NpbmcgcGVybWlzc2lvbiBjaGVjaywgdGhlIGJyYW5jaCB1c2VkIHRvIHByb3Bvc2UgYSBwdWxsIHJlcXVlc3QgdG8gYSByZXBvc2l0b3J5IGNhbiBhbHdheXMgYmUgZGVsZXRlZCBieSB0aGUgdXNlciBwZXJmb3JtaW5nIHRoZSBtZXJnZS4gSXQgd2FzIGZpeGVkIHNvIHRoYXQgc3VjaCBhIGRlbGV0aW9uIGlzIG9ubHkgYWxsb3dlZCBpZiB0aGUgdXNlciBwZXJmb3JtaW5nIHRoZSBtZXJnZSBoYXMgd3JpdGUgcGVybWlzc2lvbiB0byB0aGUgcmVwb3NpdG9yeSBmcm9tIHdoaWNoIHRoZSBwdWxsIHJlcXVlc3Qgd2FzIG1hZGUu-->Because of a missing permission check, the branch used to propose a pull request to a repository can always be deleted by the user performing the merge. It was fixed so that such a deletion is only allowed if the user performing the merge has write permission to the repository from which the pull request was made.<!--description-->
|
|
- Bug fixes
|
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5439) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5708)): <!--number 5708 --><!--line 0 --><!--description Rml4IGJvb2xlYW4gaW5wdXRzIGluIHdvcmtmbG93X2Rpc3BhdGNo-->Fix boolean inputs in workflow_dispatch<!--description-->
|
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5634) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5636)): <!--number 5636 --><!--line 0 --><!--description cGFja2FnZSBhcmNoICBkYXRhYmFzZSBub3QgdXBkYXRpbmcgd2hlbiB1cGxvYWRpbmcgImFueSIgYXJjaGl0ZWN0dXJl-->package arch database not updating when uploading "any" architecture<!--description-->
|
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5627) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5631)): <!--number 5631 --><!--line 0 --><!--description Y29ycmVjdCBTUUwgcXVlcnkgZm9yIGFjdGl2ZSBpc3N1ZXM=-->correct SQL query for active issues<!--description-->
|
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5626) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5629)): <!--number 5629 --><!--line 0 --><!--description c3BlY2lmeSBkZWZhdWx0IHZhbHVlIGZvciBgRVhQTE9SRV9ERUZBVUxUX1NPUlRgLg==-->specify default value for `EXPLORE_DEFAULT_SORT`.<!--description-->
|
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5613) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5624)): <!--number 5624 --><!--line 0 --><!--description Zml4OiBBZGQgYHJlY2VudHVwZGF0ZWRgIGFzIHJlY29nbml6ZWQgc29ydCBvcHRpb24=-->fix: Add `recentupdated` as recognized sort option<!--description-->
|
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5616): <!--number 5616 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWVybWFpZCB0byB2MTEuMy4wICh2OS4wL2Zvcmdlam8p-->Update dependency mermaid to v11.3.0 (v9.0/forgejo)<!--description-->
|
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5587) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5588)): <!--number 5588 --><!--line 0 --><!--description RG9ja2VyZmlsZTogdXNlIGFscGluZTozLjIwIGluc3RlYWQgb2YgZ29sYW5nOjEuMjMtYWxwaW5lMy4yMA==-->Dockerfile: use alpine:3.20 instead of golang:1.23-alpine3.20<!--description-->
|
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5585) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5586)): <!--number 5586 --><!--line 0 --><!--description RG9ja2VyZmlsZTogdW5uZWNlc3NhcnkgY29udGFpbmVyIGltYWdlIGxheWVyIGR1cGxpY2F0aW9u-->Dockerfile: unnecessary container image layer duplication<!--description-->
|
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5647): <!--number 5647 --><!--line 0 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC8xOTEzMzk5ZDgxNzY5NDRmMTcwZDRmMWMwMzJkYzM3MDAzYWFhZmMwKSBBbHdheXMgdXBkYXRlIGV4cGlyYXRpb24gdGltZSB3aGVuIGNyZWF0aW5nIGFuIGFydGlmYWN0-->[commit](https://codeberg.org/forgejo/forgejo/commit/1913399d8176944f170d4f1c032dc37003aaafc0) Always update expiration time when creating an artifact<!--description-->
|
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5647): <!--number 5647 --><!--line 1 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC80ZmUzMTFlN2MwMjkyZTNhYzc5ZjhiYzA2M2YxYmNhY2VmNDQ5NGYwKSBVcGRhdGUgc2NoZWR1bGVkIHRhc2tzIGV2ZW4gaWYgY2hhbmdlcyBhcmUgcHVzaGVkIGJ5ICJBY3Rpb25zVXNlciI=-->[commit](https://codeberg.org/forgejo/forgejo/commit/4fe311e7c0292e3ac79f8bc063f1bcacef4494f0) Update scheduled tasks even if changes are pushed by "ActionsUser"<!--description-->
|
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5715): <!--number 5715 --><!--line 0 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC83Njg0MDJjODg0MWRiNWU4YWNjOTc5MTkxNDliYTMyOWQ1MTI0ZTE3KSBGaXggZGlzYWJsZSAyZmEgYnVn-->[commit](https://codeberg.org/forgejo/forgejo/commit/768402c8841db5e8acc97919149ba329d5124e17) Fix disable 2fa bug<!--description-->
|
|
- Localization
|
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5583) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5680)): <!--number 5680 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
|
|
- Included for completeness but not worth a release note
|
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5702) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5710)): <!--number 5710 --><!--line 0 --><!--description Zml4OiB1c2UgYnVmZmVyZWQgaXRlcmF0ZSBmb3IgZGViaWFuIHNlYXJjaHBhY2thZ2Vz-->fix: use buffered iterate for debian searchpackages<!--description-->
|
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5688) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5691)): <!--number 5691 --><!--line 0 --><!--description Zml4OiBtYWtlIGJyYW5jaCBwcm90ZWN0aW9uIHdvcmsgZm9yIG5ldyBicmFuY2hlcw==-->fix: make branch protection work for new branches<!--description-->
|
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5651) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5656)): <!--number 5656 --><!--line 0 --><!--description bGluayB0byBzZWN1cml0eSBwb2xpY3kgaW4gc2VjdXJpdHkudHh0-->link to security policy in security.txt<!--description-->
|
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5653) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5655)): <!--number 5655 --><!--line 0 --><!--description Zml4OiBkb24ndCBzaG93IHRydW5jYXRlZCBjb21tZW50cyBpbiBSU1MvQXRvbSBmZWVkcw==-->fix: don't show truncated comments in RSS/Atom feeds<!--description-->
|
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5652) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5654)): <!--number 5654 --><!--line 0 --><!--description Zml4OiB0eXBvIG9uIHJlbGVhc2VzIGZvciBzb3VyY2UgY29kZSBkb3dubG9hZHM=-->fix: typo on releases for source code downloads<!--description-->
|
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5640) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5645)): <!--number 5645 --><!--line 0 --><!--description UmV2ZXJ0ICJhZGQgZ2FwIGJldHdlZW4gYnJhbmNoIGRyb3Bkb3duIGFuZCBQUiBidXR0b24i-->Revert "add gap between branch dropdown and PR button"<!--description-->
|
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5615) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5618)): <!--number 5618 --><!--line 0 --><!--description Zml4OiBEb24ndCBkb3VibGUgZXNjYXBlIGRlbGV0ZSBicmFuY2ggdGV4dA==-->fix: Don't double escape delete branch text<!--description-->
|
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5595) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5596)): <!--number 5596 --><!--line 0 --><!--description Zml4OiBBZGQgc2VydmVyIGxvZ2dpbmcgZm9yIE9BdXRoIHNlcnZlciBlcnJvcnM=-->fix: Add server logging for OAuth server errors<!--description-->
|
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5592) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5594)): <!--number 5594 --><!--line 0 --><!--description Zm9yZ2Vqby1jbGkgaXMgbm93IGEgc3ltbGluayBhbmQgY2Fubm90IGJlIHVzZWQgZm9yIHNhbml0eSBjaGVja3M=-->forgejo-cli is now a symlink and cannot be used for sanity checks<!--description-->
|
|
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5491) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5575)): <!--number 5575 --><!--line 0 --><!--description Zml4OiBjb3JyZWN0IGRvY3VtZW50YXRpb24gZm9yIG5vbiAyMDAgcmVzcG9uc2VzIGluIHN3YWdnZXI=-->fix: correct documentation for non 200 responses in swagger<!--description-->
|
|
<!--end release-notes-assistant-->
|