gitea-app/CHANGELOG
2021-09-03 10:26:05 +02:00

789 lines
35 KiB
Text

[0.1.0]
* Initial package (forked from Gogs app)
[0.1.1]
* Removed reference to Gogs
[0.1.2]
* Updated description
[0.1.3]
* Updated to version 1.1.2
[1.0.0]
* Update to version 1.1.3
[1.0.1]
* Update Git to v2.7.4-0ubuntu1.2
* Fixes critical security issue that allows remote command execution in git
* https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000117.html
[1.0.2]
* Preserve SECRET_KEY across updates and restarts
[1.0.3]
* Update to version 1.1.4
[1.1.0]
* Update to version 1.2.0
* New logo!
* SECURITY: Sanitation fix from Gogs (#1461)
* Status-API
* Implement GPG api
* https://github.com/go-gitea/gitea/releases/tag/v1.2.0
[1.1.1]
* Update to version 1.2.1
* Fix PR, milestone and label functionality if issue unit is disabled (#2710) (#2714)
* Fix plain readme didn't render correctly on repo home page (#2705) (#2712)
* Fix so that user can still fork his own repository to his organizations (#2699) (#2707)
* Fix .netrc authentication (#2700) (#2708)
* Fix slice out of bounds error in mailer (#2479) (#2696)
[1.1.2]
* Update to version 1.2.2
* Add checks for commits with missing author and time (#2771) (#2785)
* Fix sending mail with a non-latin display name (#2559) (#2783)
* Sync MaxGitDiffLineCharacters with conf/app.ini (#2779) (#2780)
* Update vendor git (#2765) (#2772)
* Fix emojify image URL (#2769) (#2773)
[1.1.3]
* Update to version 1.2.3
* Only require one email when validating GPG key (#2266, #2467, #2663) (#2788)
* Fix order of comments (#2835) (#2839)
[1.2.0]
* Update to version 1.3.0
[1.3.0]
* Update to version 1.3.1
* Add documentationUrl
* Sanitize logs for mirror sync (#3057, #3082) (#3078)
* Fix missing branch in release bug (#3108) (#3117)
* Fix repo indexer and submodule bug (#3107) (#3110)
* Fix legacy URL redirects (#3100) (#3106)
* Fix redis session failed (#3086) (#3089)
* Fix issue list branch link broken (#3061) (#3070)
* Fix missing password length check when change password (#3039) (#3071)
[1.3.1]
* Update Gitea to 1.3.2
* Fix run web with -p push failed (#3154) (#3179)
* Fix source download link when no code unit allowed (#3166) (#3169)
* Allow adding collaborators with (fullname) (#3103) (#3168)
* Fix repo links (#3093) (#3163)
* Fix Uninitialized variable in ParsePatch (#3156) (#3162)
* Fix migration order v1.3 (#3157)
* Fix avatar URLs (#3069) (#3143)
[1.4.0]
* Fix email sending (use SMTPS)
[1.4.1]
* Update Gitea to 1.3.3
* Security fixes
* Fix escaping changed title in comments (#3530) (#3535)
* Escape search query display (#3486) (#3489)
* Bug fixes
* Fix repo-transfer-and-team-repo-count bug (#3241) (#3244)
* Open external tracker in blank window, consistently with wiki (#3227) (#3228)
* Change SSL Mode from checkbox to string in admin page (#3208) (#3211)
[1.5.0]
* Update Gitea to 1.4.0
[1.5.1]
* Update Gitea to 1.4.1
* Add “error” as reserved username (#3882) (#3886)
* Do not allow inactive users to access repositories using private key (#3887) (#3889)
* Fix path cleanup in file editor, when initilizing new repository and LFS oids (#3871) (#3873)
* Remove unnecessary allowed safe HTML (#3778) (#3779)
* Correctly check http git access rights for reverse proxy authorized users (#3721) (#3743)
* Fix to use only needed columns from tables to get repository git paths (#3870) (#3883)
* Fix GPG expire time display when time is zero (#3584) (#3884)
* Fix to update only issue last update time when adding a comment (#3855) (#3860)
* Fix repository star count after deleting user (#3781) (#3783)
* Use the active branch for the code tab (#3720) (#3776)
* Set default branch name on first push (#3715) (#3723)
* Show clipboard button if disable HTTP of git protocol (#3773) (#3774)
[1.5.2]
* Update Gitea to 1.4.2
* Adjust z-index for floating labels (#3939) (#3950)
* Add missing token validation on application settings page (#3976) #3978
* Webhook and hook_task clean up (#4006)
* Fix webhook bug of response info is not displayed in UI (#4023)
* Fix writer cannot read bare repo guide (#4033) (#4039)
* Don't force due date to current time (#3830) (#4057)
* Fix wiki redirects (#3919) (#4065)
* Fix attachment ENABLED (#4064) (#4066)
* Added deletion of an empty line at the end of file (#4054) (#4074)
* Use ResolveReference instead of path.Join (#4073)
* Fix #4081 Check for leading / in base before removing it (#4083)
* Respository's home page not updated after first push (#4075)
[1.5.2-1]
* Rebuild Gitea package because of https://github.com/go-gitea/gitea/issues/4167
* Adjust z-index for floating labels (#3939) (#3950)
* Add missing token validation on application settings page (#3976) #3978
* Webhook and hook_task clean up (#4006)
* Fix webhook bug of response info is not displayed in UI (#4023)
* Fix writer cannot read bare repo guide (#4033) (#4039)
* Don't force due date to current time (#3830) (#4057)
* Fix wiki redirects (#3919) (#4065)
* Fix attachment ENABLED (#4064) (#4066)
* Added deletion of an empty line at the end of file (#4054) (#4074)
* Use ResolveReference instead of path.Join (#4073)
* Fix #4081 Check for leading / in base before removing it (#4083)
* Respository's home page not updated after first push (#4075)
[1.5.3]
* Update Gitea to 1.4.3
* SECURITY
* HTML-escape plain-text READMEs (#4192) (#4214)
* Fix open redirect vulnerability on login screen (#4312) (#4312)
* BUGFIXES
* Fix broken monitoring page when running processes are shown (#4203) (#4208)
* Fix delete comment bug (#4216) (#4228)
* Delete reactions added to issues and comments when deleting repository (#4232) (#4237)
* Fix wiki URL encoding bug (#4091) (#4254)
* Fix code tab link when viewing tags (#3908) (#4263)
* Fix webhook type conflation (#4285) (#4285)
[1.5.4]
* Allow customization using gitea's custom data directory
[1.6.0]
* Update Gitea to 1.5.0
* Security
* Check that repositories can only be migrated to own user or organizations (#4366) (#4370)
* Limit uploaded avatar image-size to 4096px x 3072px by default (#4353)
* Do not allow to reuse TOTP passcode (#3878)
* Features
* Add cli commands to regen hooks & keys (#3979)
* Add support for FIDO U2F (#3971)
* Added user language setting (#3875)
* Add topic support (#3711)
* Multiple assignees (#3705)
* Add protected branch whitelists for merging (#3689)
* Global code search support (#3664)
* Add label descriptions (#3662)
* Add issue search via API (#3612)
* Add repository setting to enable/disable health checks (#3607)
* Emoji Autocomplete (#3433)
* Implements generator cli for secrets (#3531)
[1.6.1]
* Update Gitea to 1.5.1
* Security
* Don't disclose emails of all users when sending out emails (#4784)
* Improve URL validation for external wiki and external issues (#4710) (#4740)
* Make cookies HttpOnly and obey COOKIE_SECURE flag (#4706) (#4707)
* Bugfixes
* Fix missing release title in webhook (#4783) (#4800)
* Make sure to reset commit count in the cache on mirror syncing (#4770)
* Fixed bug where team with admin privelege type doesn't get any unit (#4759)
* Fix failure on creating pull request with assignees (#4583) (#4727)
* Hide org/create menu item in Dashboard if user has no rights (#4678) (#4686)
[1.7.0]
* Update base image
[1.7.1]
* Update Gitea to 1.5.2
[1.7.2]
* Update Gitea to 1.5.3
* Security
* Fix remote command execution vulnerability in upstream library (#5177) (#5196)
[1.8.0]
* Update Gitea to 1.6.0
[1.8.1]
* Update Gitea to 1.6.1
[1.8.2]
* Update Gitea to 1.6.2
* SECURITY
* Sanitize uploaded file names (#5571) (#5573)
* HTMLEncode user added text (#5570) (#5575)
* BUGFIXES
* Fix indexer reindex bug when gitea restart (#5563) (#5564)
* Fix bug when a read perm user to edit his issue (#5516) (#5534)
* Detect force push failure on deletion of protected branches (#5522) (#5531)
* Fix forgot deletion of notification when delete repository (#5506) (#5514)
* Fix undeleted content when deleting user (#5429) (#5509)
* Fix empty wiki (#5504) (#5508)
[1.8.3]
* Update Gitea to 1.6.3
* SECURITY: Prevent DeleteFilePost doing arbitrary deletion (#5631)
* BUGFIX: Fix wrong text getting saved on editing second comment on an issue (#5608)
[1.8.4]
* Update Gitea to 1.6.4
* Fix SSH key now can be reused as public key after deleting as deploy key (#5671) (#5685)
* When redirecting clean the path to avoid redirecting to external site (#5669) (#5703)
* Fix to use correct value for "MSpan Structures Obtained" (#5706) (#5715)
[1.9.0]
* Update Gitea to 1.7.0
[1.9.1]
* Update Gitea to 1.7.1
* [Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.7.1)
* Disable redirect for i18n (#5910) (#5916)
* Only allow local login if password is non-empty (#5906) (#5908)
* Fix go-get URL generation (#5905) (#5907)
* Fix TLS errors when using acme/autocert for local connections (#5820) (#5826)
* Request for public keys only if LDAP attribute is set (#5816) (#5819)
* Fix delete correct temp directory (#5840) (#5839)
* Fix an error while adding a dependency via UI (#5862) (#5876)
* Fix null pointer in attempt to Sudo if not logged in (#5872) (#5884)
* When creating new repository fsck option should be enabled (#5817) (#5885)
* Prevent nil dereference in mailIssueCommentToParticipants (#5891) (#5895) (#5894)
* Fix bug when read public repo lfs file (#5913) (#5912)
* Respect value of REQUIRE_SIGNIN_VIEW (#5901) (#5915)
* Fix compare button on upstream repo leading to 404 (#5877) (#5914)
[1.9.2]
* Update Gitea to 1.7.2
* Remove all CommitStatus when a repo is deleted (#5940) (#5941)
* Fix notifications on pushing with deploy keys by setting hook environment variables (#5935) (#5944)
* Silence console logger in gitea serv (#5887) (#5943)
* Handle milestone webhook events for issues and PR (#5947) (#5955)
* Show user who created the repository instead of the organization in action feed (#5948) (#5956)
* Fix ssh deploy and user key constraints (#1357) (#5939) (#5966)
* Fix bug when deleting a linked account will removed all (#5989) (#5990)
* Fix empty ssh key importing in ldap (#5984) (#6009)
* Fix metrics auth token detection (#6006) (#6017)
* Create repository on organisation by default on its dashboard (#6026) (#6048)
* Make sure labels are actually returned in API (#6053) (#6059)
* Switch to more recent build of xgo (#6070) (#6072)
* In basic auth check for tokens before call UserSignIn (#5725) (#6083)
[1.9.3]
* Update Gitea to 1.7.3
* Fix server 500 when trying to migrate to an already existing repository (#6188) (#6197)
* Load Issue attributes for API /repos/{owner}/{repo}/issues/{index} (#6122) (#6185)
* Fix bug whereby user could change private repository to public when force private enabled. (#6156) (#6165)
* Fix bug when update owner team then visit team's repo return 404 (#6119) (#6166)
* Fix heatmap and repository menu display in Internet Explorer 9+ (#6117) (#6137)
* Fix prohibit login check on authorization (#6106) (#6115)
* Fix LDAP protocol error regression by moving to ldap.v3 (#6105) (#6107)
* Fix deadlock in webhook PullRequest (#6102) (#6104)
* Fix redirect loop when password change is required and Gitea is installed as a suburl (#5965) (#6101)
* Fix compare button regression (#5929) (#6098)
* Recover panic in orgmode.Render if bad orgfile (#4982) (#5903) (#6097)
[1.9.4]
* Update Gitea to 1.7.4
* Fix potential XSS vulnerability in repository description. (#6306) (#6308)
* Fix wrong release commit id (#6224) (#6300)
* Fix panic on empty signed commits (#6292) (#6300)
* Fix organization dropdown not being scrollable when using mouse wheel (#5988) (#6246)
* Fix displaying dashboard even if required to change password (#6214) (#6215)
[1.9.5]
* Update Gitea to 1.7.5
* unitTypeCode not being used in accessLevelUnit (#6419) (#6423)
* ParsePatch function to work with quoted diff --git strings (#6323) (#6332)
[1.9.6]
* Update Gitea to 1.7.6
* Prevent remote code execution vulnerability with mirror repo URL settings (#6593) (#6595)
* Allow resend of confirmation email when logged in (#6482) (#6487)
[1.10.0]
* Update Gitea to 1.8.0
* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.8.0)
* Prevent remote code execution vulnerability with mirror repo URL settings (#6593) (#6594)
* Resolve 2FA bypass on API (#6676) (#6674)
* Prevent the creation of empty sessions for non-logged in users (#6690) (#6677)
* Expose issue stopwatch toggling via API (#5970)
* Pull request conflict files detection (#5951)
* Implement "conversation lock" for issue comments (#5073)
* Feature: Archive repos (#5009)
* Allow to set organization visibility (public, internal, private) (#1763)
* Added URL mapping for Release attachments like on github.com (#1707)
[1.10.1]
* Update Gitea to 1.8.1
[1.10.2]
* Update Gitea to 1.8.2
[1.11.0]
* better custom app.ini integration
* optional sso support
[1.12.0]
* Update Gitea to 1.8.3
* Update manifest to v2
[1.13.0]
* Update Gitea to 1.9.0
[1.13.1]
* Update Gitea to 1.9.1
[1.13.2]
* Make sessions persist restarts
[1.13.3]
* Update Gitea to 1.9.2
* Fix wrong sender when send slack webhook (#7918) (#7924)
* Upload support text/plain; charset=utf8 (#7899)
* Lfs/lock: round locked_at timestamp to second (#7872) (#7875)
* Fix non existent milestone with 500 error (#7867) (#7873)
* SECURITY
* Fix No PGP signature on 1.9.1 tag (#7874)
* Release built with go 1.12.9 to fix security fixes in golang std lib, ref: https://groups.google.com/forum/#!msg/golang-announce/oeMaeUnkvVE/a49yvTLqAAAJ
* ENHANCEMENT
* Fix pull creation with empty changes (#7920) (#7926)
* BUILD
* Drone/docker: prepare multi-arch release + provide arm64 image (#7571) (#7884)
[1.13.4]
* Update Gitea to 1.9.3
* Fix go get from a private repository with Go 1.13 (#8100)
* Strict name matching for Repository.GetTagID() (#8082)
* Avoid ambiguity of branch/directory names for the git-diff-tree command (#8070)
* Add change title notification for issues (#8064)
* Run CORS handler first for /api routes (#7967) (#8053)
* Evaluate emojis in commit messages in list view (#8044)
* Fix failed to synchronize tags to releases for repository (#7990) (#7994)
* Fix adding default Telegram webhook (#7972) (#7992)
* Abort synchronization from LDAP source if there is some error (#7965)
* Fix deformed emoji in commit message (#8071)
* Keep blame view buttons sequence consistent with normal view when viewing a file (#8007) (#8009)
[1.13.5]
* Update Gitea to 1.9.4
* Highlight issue references (#8101) (#8404)
* Fix bug when migrating a private repository #7917 (#8403)
* Change general form binding to gogs form (#8334) (#8402)
* Fix editor commit to new branch if PR disabled (#8375) (#8401)
* Fix milestone num_issues (#8221) (#8400)
* Allow users with explicit read access to give approvals (#8398)
* Fix commit status in PR #8316 and PR #8321 (#8339)
* Fix API for edit and delete release attachment (#8290)
* Fix assets on release webhook (#8283)
* Fix release API URL generation (#8239)
* Allow registration when button is hidden (#8238)
* MS Teams webhook misses commit messages (backport v1.9) (#8225)
[1.13.6]
* Update Gitea to 1.9.5
* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.9.5)
* Hide some user information via API if user doesn't have enough permission (#8655) (#8658)
* Fix milestone close timestamp (#8728) (#8731)
* Fix deadline on update issue or PR via API (#8699)
* Fix 'New Issue Missing Milestone Comment' (#8678) (#8682)
* Fix 500 when getting user as unauthenticated user (#8653) (#8662)
* Use AppSubUrl for more redirections (#8647) (#8652)
* Add SubURL to redirect path (#8632) (#8634) (#8640)
* Fix #8582 by handling empty repos (#8587) (#8593)
* Fix bug on pull requests when transfer head repository (#8571)
* Add missed close in ServeBlobLFS (#8527) (#8543)
* Return false if provided branch name is empty for IsBranchExist (#8485) (#8492)
* Create .ssh dir as necessary (#8369) (#8486) (#8489)
* Restore functionality for early gits (#7775) (#8476)
* Add check for empty set when dropping indexes during migration (#8475)
* Ensure Request Body Readers are closed in LFS server (#8454) (#8459)
* Ensure that LFS files are relative to the LFS content path (#8455) (#8458)
* Ignore mentions for users with no access (#8395) (#8484)
[1.14.0]
* Update Gitea to 1.10.0
* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.10.0)
[1.14.1]
* Update Gitea to 1.10.1
* Fix max length check and limit in multiple repo forms (#9148) (#9204)
* Properly fix displaying virtual session provider in admin panel (#9137) (#9203)
* Upgrade levelqueue to 0.1.0 (#9192) (#9199)
* Fix panic when diff (#9187) (#9193)
* Smtp logger configuration sendTos should be an array (#9154) (#9157)
* Always Show Password Field on Link Account Sign-in Page (#9150)
* Create PR on Current Repository by Default (#8670) (#9141)
* Fix race on indexer (#9136) (#9139)
* Fix reCAPTCHA URL (#9119)
* Hide migrated credentials (#9098)
* Update golang.org/x/crypto vendor to use acme v2 (#9056) (#9085)
* Fix password checks on admin create/edit user (#9076) (#9081)
* Fix add search as a reserved username (#9063) (#9065)
* Fix permission checks for close/reopen from commit (#8875) (#9033)
* Ensure Written is set in GZIP ProxyResponseWriter (#9018) (#9025)
* Fix broken link to branch from issue list (#9003) (#9021)
* Fix wrong system notice when repository is empty (#9020)
* Shadow password correctly for session config (#8984) (#9002)
[1.14.2]
* Update Gitea to 1.10.2
* Allow only specific Columns to be updated on Issue via API (#9539) (#9580)
* Add ErrReactionAlreadyExist error (#9550) (#9564)
* Fix bug when migrate from API (#8631) (#9563)
* Use default avatar for ghost user (#9536) (#9537)
* Fix repository issues pagination bug when there are more than one label filter (#9512) (#9528)
* Fix deleted branch not removed when push the branch again (#9516) (#9524)
* Fix missing repository status when migrating repository via API (#9511)
* Trigger webhook when deleting a branch after merging a PR (#9510)
* Fix paging on /repos/{owner}/{repo}/git/trees/{sha} API endpoint (#9482)
* Fix NewCommitStatus (#9434) (#9435)
* Use OriginalURL instead of CloneAddr in migration logging (#9418) (#9420)
* Fix Slack webhook payload title generation to work with Mattermost (#9404)
* DefaultBranch needs to be prefixed by BranchPrefix (#9356) (#9359)
* Fix issue indexer not triggered when migrating a repository (#9333)
* Fix bug that release attachment files not deleted when deleting repository (#9322) (#9329)
* Fix migration releases (#9319) (#9326) (#9328)
* Fix File Edit: Author/Committer interchanged (#9297) (#9300)
[1.14.3]
* Update Gitea to 1.10.3
* Hide credentials when submitting migration (#9102) (#9704)
* Never allow an empty password to validate (#9682) (#9684)
* Prevent redirect to Host (#9678) (#9680)
* Hide public repos owned by private orgs (#9609) (#9616)
* Allow assignee on Pull Creation when Issue Unit is deactivated (#9836) (#9838)
* Fix download file wrong content-type (#9825) (#9835)
* Fix wrong identify poster on a migrated pull request when submit review (#9827) (#9831)
* Fix dump non-exist log directory (#9818) (#9820)
* Fix compare (#9808) (#9815)
* Fix missing msteam webhook on organization (#9781) (#9795)
* Fix add team on collaborator page when same name as organization (#9783)
* Fix cache problem on dashboard (#9358) (#9703)
* Send tag create and push webhook when release created on UI (#8671) (#9702)
* Branches not at ref commit ID should not be listed as Merged (#9614) (#9639)
[1.15.0]
* Update Gitea to 1.11.0
[1.15.1]
* Update Gitea to 1.11.1
* Repo name added to automatically generated commit message when merging (#9997) (#10285)
* Fix Workerpool deadlock (#10283) (#10284)
* Divide GetIssueStats query in smaller chunks (#10176) (#10282)
* Fix reply on code review (#10257)
* Stop hanging issue indexer initialisation from preventing shutdown (#10243) (#10249)
* Fix filter label emoji width (#10241) (#10244)
* Fix issue sidebar menus having an infinite height (#10239) (#10240)
* Fix commit between two commits calculation if there is only last commit (#10225) (#10226)
* Only check for conflicts/merging if the PR has not been merged in the interim (#10132) (#10206)
* Blacklist manifest.json & milestones user (#10292) (#10293)
[1.15.2]
* Update Gitea to 1.11.2
[1.15.3]
* Update Gitea to 1.11.3
[1.15.4]
* Update Gitea to 1.11.4
[1.16.0]
* Update Gitea to [1.11.5](https://github.com/go-gitea/gitea/releases/tag/v1.11.5)
* Update base image to 2.0.0
[1.16.1]
* Update Gitea to 1.11.6
* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.11.6)
* Fix missing authorization check on pull for public repos of private/limited org (#11656) (#11683)
* Use session for retrieving org teams (#11438) (#11439)
* Return json on 500 error from API (#11574) (#11660)
* Fix wrong milestone in webhook message (#11596) (#11612)
* Prevent (caught) panic on login (#11590) (#11598)
* Fix commit page js error (#11527)
[1.17.0]
* Update Gitea to 1.12.1
* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.12.0)
[1.18.0]
* Add forumUrl and update tags and screenshots
[1.18.1]
* Update Gitea to 1.12.2
* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.12.2)
[1.18.2]
* Update Gitea to 1.12.3
* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.12.3)
* Don't change creation date when updating Release (#12343) (#12351)
* Show 404 page when release not found (#12328) (#12332)
* Fix emoji detection in certain cases (#12320) (#12327)
* Reduce emoji size (#12317) (#12327)
* Fix double-indirection bug in logging IDs (#12294) (#12308)
* Link to pull list page on sidebar when view pr (#12256) (#12263)
* Extend Notifications API and return pinned notifications by default (#12164) (#12232)
[1.18.3]
* Update Gitea to 1.12.4
* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.12.4)
* Escape provider name in oauth2 provider redirect (#12648) (#12650)
* Escape Email on password reset page (#12610) (#12612)
* When reading expired sessions - expire them (#12686) (#12690)
* StaticRootPath configurable at compile time (#12371) (#12652)
* Fix to show an issue that is related to a deleted issue (#12651) (#12692)
* Expire time acknowledged for cache (#12605) (#12611)
* Fix diff path unquoting (#12554) (#12575)
* Improve HTML escaping helper (#12562)
* models: break out of loop (#12386) (#12561)
* Default empty merger list to those with write permissions (#12535) (#12560)
* Skip SSPI authentication attempts for /api/internal (#12556) (#12559)
* Prevent NPE on commenting on lines with invalidated comments (#12549) (#12550)
* Remove hardcoded ES indexername (#12521) (#12526)
* Fix bug preventing transfer to private organization (#12497) (#12501)
* Keys should not verify revoked email addresses (#12486) (#12495)
* Do not add prefix on http/https submodule links (#12477) (#12479)
* Fix ignored login on compare (#12476) (#12478)
* Fix incorrect error logging in Stats indexer and OAuth2 (#12387) (#12422)
* Upgrade google/go-github to v32.1.0 (#12361) (#12390)
* Render emoji's of Commit message on feed-page (#12373)
* Fix handling of diff on unrelated branches when Git 2.28 used (#12370)
[1.18.4]
* Update Gitea to 1.12.5
* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.12.5)
* Allow U2F with default settings for gitea in subpath (#12990) (#13001)
* Prevent empty div when editing comment (#12404) (#12991)
* On mirror update also update address in DB (#12964) (#12967)
* Allow extended config on cron settings (#12939) (#12943)
* Open transaction when adding Avatar email-hash pairs to the DB (#12577) (#12940)
* Fix internal server error from ListUserOrgs API (#12910) (#12915)
* Update only the repository columns that need updating (#12900) (#12912)
* Fix panic when adding long comment (#12892) (#12894)
* Add size limit for content of comment on action ui (#12881) (#12890)
* Convert User expose ID each time (#12855) (#12883)
* Support slashes in release tags (#12864) (#12882)
* Add missing information to CreateRepo API endpoint (#12848) (#12867)
* On Migration respect old DefaultBranch (#12843) (#12858)
* Fix notifications page links (#12838) (#12853)
* Stop cloning unnecessarily on PR update (#12839) (#12852)
* Escape more things that are passed through str2html (#12622) (#12850)
* Remove double escape on labels addition in comments (#12809) (#12810)
* Fix "only mail on mention" bug (#12775) (#12789)
* Fix yet another bug with diff file names (#12771) (#12776)
* RepoInit Respect AlternateDefaultBranch (#12746) (#12751)
* Fix Avatar Resize (resize algo NearestNeighbor -> Bilinear) (#12745) (#12750)
[1.18.5]
* Update Gitea to 1.12.6
* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.12.6)
* Prevent git operations for inactive users (#13527) (#13537)
* Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13525)
* API should only return Json (#13511) (#13564)
* Fix before and since query arguments at API (#13559) (#13560)
* Prevent panic on git blame by limiting lines to 4096 bytes at most (#13470) (#13492)
* Fix link detection in repository description with tailing '_' (#13407) (#13408)
* Remove obsolete change of email on profile page (#13341) (#13348)
* Fix permission check on get Reactions API endpoints (#13344) (#13346)
* Add migrated pulls to pull request task queue (#13331) (#13335)
* API deny wrong pull creation options (#13308) (#13327)
* Fix initial commit page & binary munching problem (#13249) (#13259)
* Fix diff parsing (#13157) (#13136) (#13139)
* Return error 404 not 500 from API if team does not exist (#13118) (#13119)
* Prohibit automatic downgrades (#13108) (#13111)
* Fix GitLab Migration Option AuthToken (#13101)
* GitLab Label Color Normalizer (#12793) (#13100)
* Log the underlying panic in runMigrateTask (#13096) (#13098)
* Fix attachments list in edit comment (#13036) (#13097)
* Fix deadlock when deleting team user (#13093)
* Fix error create comment on outdated file (#13041) (#13042)
* Fix repository create/delete event webhooks (#13008) (#13027)
* Fix internal server error on README in submodule (#13006) (#13016)
[1.19.0]
* Update Gitea to 1.13.0
* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.13.0)
[1.19.1]
* Update Gitea to 1.13.1
* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.13.1)
* Security: Hide private participation in Orgs (#13994) (#14031)
* Security: Fix escaping issue in diff (#14153) (#14154)
[1.19.2]
* Update Gitea to 1.13.2
* Prevent panic on fuzzer provided string (#14405) (#14409)
* Add secure/httpOnly attributes to the lang cookie (#14279) (#14280)
* If release publisher is deleted use ghost user (#14375)
* Internal ssh server respect Ciphers, MACs and KeyExchanges settings (#14523) (#14530)
* Set the name Mapper in migrations (#14526) (#14529)
* Fix wiki preview (#14515)
* Update code.gitea.io/sdk/gitea v0.13.1 -> v0.13.2 (#14497)
* ChangeUserName: rename user files back on DB issue (#14447)
* Fix lfs preview bug (#14428) (#14433)
* Ensure timeout error is shown on u2f timeout (#14417) (#14431)
* Fix Deadlock & Delete affected reactions on comment deletion (#14392) (#14425)
* Use path not filepath in routers/editor (#14390) (#14396)
* Check if label template exist first (#14384) (#14389)
* Fix migration v141 (#14387) (#14388)
* Use Request.URL.RequestURI() for fcgi (#14347)
* Use ServerError provided by Context (#14333) (#14345)
* Fix edit-label form init (#14337)
* Fix mailIssueCommentBatch for pull request (#14252) (#14296)
* Render links for commit hashes followed by comma (#14224) (#14227)
* Send notifications for mentions in pulls, issues, (code-)comments (#14218) (#14221)
* Fix avatar bugs (#14217) (#14220)
* Ensure that schema search path is set with every connection on postgres (#14131) (#14216)
* Fix dashboard issues labels filter bug (#14210) (#14214)
* When visit /favicon.ico but the static file is not exist return 404 but not continue to handle the route (#14211) (#14213)
* Fix branch selector on new issue page (#14194) (#14207)
* Check for notExist on profile repository page (#14197) (#14203)
[1.20.0]
* Use base image v3
[1.20.1]
* Update Gitea to 1.13.3
* Turn default hash password algorithm back to pbkdf2 from argon2 until we find a better one (#14673) (#14675)
* Fix paging of file commit logs (#14831) (#14879)
* Print useful error if SQLite is used in settings but not supported (#14476) (#14874)
* Fix display since time round (#14226) (#14873)
* When Deleting Repository only explicitly close PRs whose base is not this repository (#14823) (#14842)
* Set HCaptchaSiteKey on Link Account pages (#14834) (#14839)
* Fix a couple of CommentAsPatch issues. (#14804) (#14820)
* Disable broken OAuth2 providers at startup (#14802) (#14811)
* Repo Transfer permission checks (#14792) (#14794)
* Fix double alert in oauth2 application edit view (#14764) (#14768)
* Fix broken spans in diffs (#14678) (#14683)
* Prevent race in PersistableChannelUniqueQueue.Has (#14651) (#14676)
* HasPreviousCommit causes recursive load of commits unnecessarily (#14598) (#14649)
* Do not assume all 40 char strings are SHA1s (#14624) (#14648)
* Allow org labels to be set with issue templates (#14593) (#14647)
* Accept multiple SSH keys in single LDAP SSHPublicKey attribute (#13989) (#14607)
* Fix bug about ListOptions and stars/watchers pagnation (#14556) (#14573)
* Fix GPG key deletion during account deletion (#14561) (#14569)
[1.20.2]
* Update Gitea to 1.13.4
* Fix issue popups (#14898) (#14899)
* Fix race in LFS ContentStore.Put(...) (#14895) (#14913)
* Fix a couple of issues with a feeds (#14897) (#14903)
* When transfering repository and database transaction failed, rollback the renames (#14864) (#14902)
* Fix race in local storage (#14888) (#14901)
* Fix 500 on pull view page if user is not loged in (#14885) (#14886)
[1.20.3]
* Update Gitea to 1.13.5
* Update to goldmark 1.3.3 (#15059) (#15061)
* Another clusterfuzz spotted issue (#15032) (#15034)
* Fix set milestone on PR creation (#14981) (#15001)
* Prevent panic when editing forked repos by API (#14960) (#14963)
* Fix bug when upload on web (#15042) (#15055)
* Delete Labels & IssueLabels on Repo Delete too (#15039) (#15051)
* Fix postgres ID sequences broken by recreate-table (#15015) (#15029)
* Fix several render issues (#14986) (#15013)
* Make sure sibling images get a link too (#14979) (#14995)
* Fix Anchor jumping with escaped query components (#14969) (#14977)
* Fix release mail html template (#14976)
* Fix excluding more than two labels on issues list (#14962) (#14973)
* Don't mark each comment poster as OP (#14971) (#14972)
* Add "captcha" to list of reserved usernames (#14930)
* Re-enable import local paths after reversion from #13610 (#14925) (#14927)
[1.20.4]
* Update Gitea to 1.13.6
* Fix bug on avatar middleware (#15124) (#15125)
* Fix another clusterfuzz identified issue (#15096) (#15114)
* Fix nil exeption for get pull reviews API #15104 (#15106)
* Fix markdown rendering in milestone content (#15056) (#15092)
[1.20.5]
* Update Gitea to 1.13.7
* Update to bluemonday-1.0.6 (#15294) (#15298)
* Clusterfuzz found another way (#15160) (#15169)
* Fix wrong user returned in API (#15139) (#15150)
* Add 'fonts' into 'KnownPublicEntries' (#15188) (#15317)
* Speed up enry.IsVendor (#15213) (#15246)
* Response 404 for diff/patch of a commit that not exist (#15221) (#15238)
* Prevent NPE in CommentMustAsDiff if no hunk header (#15199) (#15201)
* Add size to Save function (#15264) (#15271)
[1.21.0]
* Update Gitea to 1.14.0
* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.14.0)
[1.21.1]
* Update Gitea to 1.14.1
* Fix bug clone wiki (#15499) (#15502)
* Github Migration ignore rate limit, if not enabled (#15490) (#15495)
* Use subdir for URL (#15446) (#15493)
* Query the DB for the hash before inserting in to email_hash (#15457) (#15491)
* Ensure review dismissal only dismisses the correct review (#15477) (#15489)
* Use index of the supported tags to choose user lang (#15452) (#15488)
* Fix wrong file link in code search page (#15466) (#15486)
* Quick template fix for built-in SSH server in admin config (#15464) (#15481)
* Prevent superfluous response.WriteHeader (#15456) (#15476)
* Fix ambiguous argument error on tags (#15432) (#15474)
* Add created_unix instead of expiry to migration (#15458) (#15463)
* Fix repository search (#15428) (#15442)
* Prevent NPE on avatar direct rendering if federated avatars disabled (#15434) (#15439)
* Fix wiki clone urls (#15430) (#15431)
* Fix dingtalk icon url at webhook (#15417) (#15426)
* Standardise icon on projects PR page (#15387) (#15408)
* Add option to skip LFS/attachment files for dump (#15407) (#15492)
* Clone panel fixes (#15436)
* Use semantic dropdown for code search query type (#15276) (#15364)
[1.21.2]
* Update Gitea to 1.14.2
* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.14.2)
* Display conflict-free merge messages for pull requests (#15773) (#15796)
* Exponential Backoff for ByteFIFO (#15724) (#15793)
* Issue list alignment tweaks (#15483) (#15766)
* Implement delete release attachments and update release attachments' name (#14130) (#15666)
* Add placeholder text to deploy key textarea (#15575) (#15576)
* Project board improvements (#15429) (#15560)
* Repo branch page: label size, PR ref, new PR button alignment (#15363) (#15365)
[1.21.3]
* Update Gitea to 1.14.3
* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.14.3)
* Encrypt migration credentials at rest (#15895) (#16187)
* Only check access tokens if they are likely to be tokens (#16164) (#16171)
* Add missing SameSite settings for the i_like_gitea cookie (#16037) (#16039)
* Fix setting of SameSite on cookies (#15989) (#15991)
[1.21.4]
* Update Gitea to 1.14.4
* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.14.4)
* Fix relative links in postprocessed images (#16334) (#16340)
* Fix list_options GetStartEnd (#16303) (#16305)
* Fix API to use author for commits instead of committer (#16276) (#16277)
* Handle misencoding of login_source cfg in mssql (#16268) (#16275)
* Fixed issues not updated by commits (#16254) (#16261)
* Improve efficiency in FindRenderizableReferenceNumeric and getReference (#16251) (#16255)
* Use html.Parse rather than html.ParseFragment (#16223) (#16225)
* Fix milestone counters on new issue (#16183) (#16224)
* reqOrgMembership calls need to be preceded by reqToken (#16198) (#16219)
[1.21.5]
* Update Gitea to 1.14.5
* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.14.5)
* Hide mirror passwords on repo settings page (#16022) (#16355)
* Update bluemonday to v1.0.15 (#16379) (#16380)
* Retry rename on lock induced failures (#16435) (#16439)
* Validate issue index before querying DB (#16406) (#16410)
* Fix crash following ldap authentication update (#16447) (#16449)
* Redirect on bad CSRF instead of presenting bad page (#14937) (#16378)
[1.21.6]
* Update Gitea to 1.14.6
* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.14.6)
* SECURITY
* Bump github.com/markbates/goth from v1.67.1 to v1.68.0 (#16538) (#16540)
* Switch to maintained JWT lib (#16532) (#16535)
* Upgrade to latest version of golang-jwt (as forked for 1.14) (#16590) (#16607)
[1.22.0]
* Update Gitea to 1.15.0
* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.15.0)
[1.22.1]
* Update Gitea to 1.15.1
* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.15.1)