fix(Dockerfile.rootless): revert to default path for app.ini

The current path of the `$GITEA_APP_INI` configuration file makes the forgejo application reset every time the container is restarted, unless a specific volume for this file is created. Consider the following: * This quirk is not documented * All configuration data resides in `/var/lib/gitea` * The custom configuration path defaults to `/var/lib/gitea/custom/conf` (see `forgejo -h`) * Containers mounting the volume `-v /foo/bar:/var/lib/gitea` already have this file available to modify. Another volume shouldn't be required * Containers using named volumes can use `docker cp` to modify the file inside the volume, if desired For these reasons, it makes more sense to use the default path for `$GITEA_APP_INI` rather than require users to create a dedicated volume for the file. Revert it back to its default while maintaining backwards compatibility (users can update by simply moving the file to the new path).
Merge pull request 'Drop Gitea-specific columns from two tables' (#3475 ) from algernon/forgejo:wiki-branch-wars-episode-iii-a-new-migration into forgejo
2024-05-08 15:12:44 +00:00 · 2024-04-26 21:30:10 +02:00 · 2024-04-26 10:21:28 +00:00 · 2024-04-26 10:15:23 +00:00 · 2024-04-26 09:22:09 +00:00 · 2024-04-26 08:37:20 +00:00
136 changed files with 2987 additions and 746 deletions
--- a/.air.toml
+++ b/.air.toml
@ -2,9 +2,10 @@ root = "."
 tmp_dir = ".air"

 [build]
+pre_cmd = ["killall -9 gitea 2>/dev/null || true"] # kill off potential zombie processes from previous runs
 cmd = "make --no-print-directory backend"
 bin = "gitea"
-delay = 1000
+delay = 2000
 include_ext = ["go", "tmpl"]
 include_file = ["main.go"]
 include_dir = ["cmd", "models", "modules", "options", "routers", "services"]
--- a/.deadcode-out
+++ b/.deadcode-out
@ -65,6 +65,7 @@ package "code.gitea.io/gitea/models/migrations/base"
 	func MainTest

 package "code.gitea.io/gitea/models/organization"
+	func GetTeamNamesByID
 	func UpdateTeamUnits
 	func (SearchMembersOptions).ToConds
 	func UsersInTeamsCount
@ -130,6 +131,7 @@ package "code.gitea.io/gitea/models/user"
 	func GetUserAllSettings
 	func DeleteUserSetting
 	func GetUserEmailsByNames
+	func GetUserNamesByIDs

 package "code.gitea.io/gitea/modules/activitypub"
 	func CurrentTime
--- a/.eslintrc.yaml
+++ b/.eslintrc.yaml
@ -4,6 +4,7 @@ reportUnusedDisableDirectives: true
 ignorePatterns:
  - /web_src/js/vendor
  - /web_src/fomantic
+  - /public/assets/js

 parserOptions:
  sourceType: module
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@ -22,7 +22,7 @@ jobs:

    runs-on: docker
    container:
-      image: ghcr.io/visualon/renovate:37.305.0
+      image: ghcr.io/visualon/renovate:37.323.3

    steps:
      - name: Load renovate repo cache
--- a/.forgejo/workflows/testing.yml
+++ b/.forgejo/workflows/testing.yml
@ -140,6 +140,8 @@ jobs:
        env:
          MINIO_ROOT_USER: 123456
          MINIO_ROOT_PASSWORD: 12345678
+      ldap:
+        image: docker.io/gitea/test-openldap:latest
      pgsql:
        image: 'docker.io/postgres:15'
        env:
@ -176,6 +178,7 @@ jobs:
          TAGS: bindata
          RACE_ENABLED: true
          USE_REPO_TEST_DIR: 1
+          TEST_LDAP: 1
  test-sqlite:
    if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
    runs-on: docker
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -4,21 +4,4 @@ The Forgejo project is run by a community of people who are expected to follow t

 Sensitive security-related issues should be reported to [security@forgejo.org](mailto:security@forgejo.org) using [encryption](https://keyoxide.org/security@forgejo.org).

-## For everyone involved
-
- [Documentation](https://forgejo.org/docs/next/)
- [Code of Conduct](https://forgejo.org/docs/latest/developer/coc/)
- [Bugs, features, security and others discussions](https://forgejo.org/docs/latest/developer/discussions/)
- [Governance](https://forgejo.org/docs/latest/developer/governance/)
- [Sustainability and funding](https://codeberg.org/forgejo/sustainability/src/branch/main/README.md)
-
-## For contributors
-
- [Developer Certificate of Origin (DCO)](https://forgejo.org/docs/latest/developer/dco/)
- [Development workflow](https://forgejo.org/docs/latest/developer/workflow/)
- [Compiling from source](https://forgejo.org/docs/latest/developer/from-source/)
-
-## For maintainers
-
- [Release management](https://forgejo.org/docs/latest/developer/release/)
- [Secrets](https://forgejo.org/docs/latest/developer/secrets/)
+You can find links to the different aspects of Developer documentation on this page: [Forgejo developer guide](https://forgejo.org/docs/next/developer/).
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@ -100,8 +100,11 @@ ENV GITEA_CUSTOM /var/lib/gitea/custom
 ENV GITEA_TEMP /tmp/gitea
 ENV TMPDIR /tmp/gitea

-#TODO add to docs the ability to define the ini to load (useful to test and revert a config)
-ENV GITEA_APP_INI /etc/gitea/app.ini
+# Legacy config file for backwards compatibility
+# TODO: remove on next major version release
+ENV GITEA_APP_INI_LEGACY /etc/gitea/app.ini
+
+ENV GITEA_APP_INI ${GITEA_CUSTOM}/conf/app.ini
 ENV HOME "/var/lib/gitea/git"
 VOLUME ["/var/lib/gitea", "/etc/gitea"]
 WORKDIR /var/lib/gitea
--- a/9
+++ b/9
@ -121,7 +121,6 @@ LDFLAGS := $(LDFLAGS) -X "main.ReleaseVersion=$(RELEASE_VERSION)" -X "main.MakeV
 LINUX_ARCHS ?= linux/amd64,linux/386,linux/arm-5,linux/arm-6,linux/arm64

 ifeq ($(HAS_GO), yes)
-	GO_PACKAGES ?= $(filter-out code.gitea.io/gitea/tests/integration/migration-test code.gitea.io/gitea/tests code.gitea.io/gitea/tests/integration code.gitea.io/gitea/tests/e2e,$(shell $(GO) list ./... | grep -v /vendor/))
 	GO_TEST_PACKAGES ?= $(filter-out $(shell $(GO) list code.gitea.io/gitea/models/migrations/...) $(shell $(GO) list code.gitea.io/gitea/models/forgejo_migrations/...) code.gitea.io/gitea/tests/integration/migration-test code.gitea.io/gitea/tests code.gitea.io/gitea/tests/integration code.gitea.io/gitea/tests/e2e,$(shell $(GO) list ./... | grep -v /vendor/))
 endif

@ -155,9 +154,9 @@ TAR_EXCLUDES := .git data indexers queues log node_modules $(EXECUTABLE) $(FOMAN
 GO_DIRS := build cmd models modules routers services tests
 WEB_DIRS := web_src/js web_src/css

-ESLINT_FILES := web_src/js tools *.config.js tests/e2e
+ESLINT_FILES := web_src/js tools *.js tests/e2e
 STYLELINT_FILES := web_src/css web_src/js/components/*.vue
-SPELLCHECK_FILES := $(GO_DIRS) $(WEB_DIRS) docs/content templates options/locale/locale_en-US.ini .github
+SPELLCHECK_FILES := $(GO_DIRS) $(WEB_DIRS) docs/content templates options/locale/locale_en-US.ini .github $(wildcard *.go *.js *.md *.yml *.yaml *.toml)

 GO_SOURCES := $(wildcard *.go)
 GO_SOURCES += $(shell find $(GO_DIRS) -type f -name "*.go" ! -path modules/options/bindata.go ! -path modules/public/bindata.go ! -path modules/templates/bindata.go)
@ -453,7 +452,7 @@ lint-go-windows:
 .PHONY: lint-go-vet
 lint-go-vet:
 	@echo "Running go vet..."
-	@$(GO) vet $(GO_PACKAGES)
+	@$(GO) vet ./...

 .PHONY: lint-editorconfig
 lint-editorconfig:
@ -768,7 +767,7 @@ generate-backend: $(TAGS_PREREQ) generate-go
 .PHONY: generate-go
 generate-go: $(TAGS_PREREQ)
 	@echo "Running go generate..."
-	@CC= GOOS= GOARCH= $(GO) generate -tags '$(TAGS)' $(GO_PACKAGES)
+	@CC= GOOS= GOARCH= $(GO) generate -tags '$(TAGS)' ./...

 .PHONY: merge-locales
 merge-locales:
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@ -1,8 +1,467 @@
 # Release Notes

-A Forgejo release is published shortly after a Gitea release is published and they have [matching release numbers](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/CONTRIBUTING/RELEASE.md#release-numbering). Additional Forgejo releases may be published to address urgent security issues or bug fixes.
+A minor or major Forgejo release is published every [three months](https://forgejo.org/docs/latest/user/versions/), with more patch releases in between depending on the severity of the bug and security fixes it contains.

-The Forgejo admin should carefully read the required manual actions before upgrading. A point release (e.g. v1.21.1-0 or v1.21.2-0) does not require manual actions but others might (e.g. v1.20, v1.21).
+A [patch or minor release](https://semver.org/spec/v2.0.0.html) (e.g. upgrading from v7.0.0 to v7.0.1 or v7.1.0) does not require manual intervention. But [major releases](https://semver.org/spec/v2.0.0.html#spec-item-8) where the first version number changes (e.g. upgrading from v1.21 to v7.0) contain breaking changes and the release notes explain how to deal with them.
+
+## Upcoming releases (not available yet)
+
+- [8.0.0](/release-notes/8.0.0/)
+
+## 7.0.0
+
+The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v7.0/forgejo) included in the `Forgejo v7.0.0` release can be reviewed from the command line with:
+
+```shell
+$ git clone https://codeberg.org/forgejo/forgejo/
+$ git -C forgejo log --oneline --no-merges origin/v1.21/forgejo..origin/v7.0/forgejo
+```
+
+* **Regressions and workarounds:**
+  * Running the [`forgejo doctor check --fix`](https://forgejo.org/docs/v7.0/admin/command-line/#doctor-check) CLI command or setting [`[cron.gc_lfs].ENABLED=true`](https://forgejo.org/docs/v7.0/admin/config-cheat-sheet/#cron---garbage-collect-lfs-pointers-in-repositories-crongc_lfs) (the default is `false`) will corrupt the LFS storage. The workaround is to not run the doctor CLI command and disable the `cron.gc_lfs`. This regression will be [fixed in 7.0.1](https://codeberg.org/forgejo/forgejo/issues/3438).
+  * The [`fogejo admin user create`](https://forgejo.org/docs/v7.0/admin/command-line/#admin-user-create) CLI command [requires a password](https://codeberg.org/forgejo/forgejo/commit/b122c6ef8b9254120432aed373cbe075331132ac) change by default when creating the first user and the `--admin` flag is not specified. The `--must-change-password=false` argument must be given to not require a password change. This regression will be [fixed in 7.0.1](https://codeberg.org/forgejo/forgejo/issues/3399).
+* **Breaking changes requiring manual intervention:**
+  * [MySQL 8.0 or PostgreSQL 12](https://codeberg.org/forgejo/forgejo/commit/e94f9fcafdcf284561e7fb33f60156a69c4ad6a5) are the minimum supported versions. The database must be migrated before upgrading. The requirements regarding SQLite did not change.
+  * The `per_page` parameter is [no longer a synonym for `limit`](https://codeberg.org/forgejo/forgejo/commit/0aab2d38a7d91bc8caff332e452364468ce52d9a) in the [/repos/{owner}/{repo}/releases](https://code.forgejo.org/api/swagger/#/repository/repoListReleases) API endpoint.
+  * The date format of the `created` and `last_update` fields of the [`/repos/{owner}/{repo}/push_mirrors`](https://code.forgejo.org/api/swagger/#/repository/repoListPushMirrors) and [/repos/{owner}/{repo}/push_mirrors](https://code.forgejo.org/api/swagger/#/repository/repoAddPushMirror) API endpoint changed [to be timestamps instead of numbers](https://codeberg.org/forgejo/forgejo/commit/0ee7cbf725f45650136be45f8e0f74d395f73b5c).
+  * Labels used [by pprof endpoint](https://forgejo.org/docs/v7.0/admin/config-cheat-sheet/#server-server) have been changed:
+    * `graceful-lifecycle` to `gracefulLifecycle`
+    * `process-type` to `processType`
+    * `process-description` to `processDescription`
+    This allows for those endpoints to be scraped by services requiring prometheus style labels such as [grafana-agent](https://grafana.com/docs/agent/latest/).
+  * The repository description [imposes additional restrictions on what it contains](https://codeberg.org/forgejo/forgejo/commit/1075ff74b5050f671c5f9824ae39390230b3c85d) to prevent abuse. You may use [the v7.0 test instance](https://v7.next.forgejo.org/) to check how it will be modified.
+  * The [Gitea themes were renamed](https://codeberg.org/forgejo/forgejo/commit/023e937141dd891bce3370c869d4db2c60f971ed) and the `[ui].THEMES` setting must be changed as follows: 
+    * `gitea` is replaced by `gitea-light`
+    * `arc-green` is replaced by `gitea-dark`
+    * `auto` is replaced by `gitea-auto`
+* **Breaking changes in the user interface:**
+  Note that the modifications related to CSS, templates or assets (images, fonts, etc.) are not documented here.
+  Although they can be extracted and modified, Forgejo does not provide any guarantee that such changes
+  will be portable from one version to another (even a patch version). See also
+  [the developer documentation about interface customization](https://forgejo.org/docs/v1.21/developer/customization/).
+  * [Update checker setting might change](https://codeberg.org/forgejo/forgejo/pulls/2925). The documentation was listing it as enabled by default, however, for a while it was disabled unless it was explicitly specified in the config or on the installation page. Instances migrated from Gitea also had it disabled due to different default value. Since then Forgejo got a privacy-friendly DNS-based update checking mechanism which is now being enabled by default unless explicitly specified [in the config](https://forgejo.org/docs/v7.0/admin/config-cheat-sheet/#cron---check-for-new-forgejo-versions-cronupdate_checker).
+  * Language statistics for repositories that use `linguist` attributes in `.gitattributes` *may* show different statistics than previously, because Forgejo recognizes more [linguist attributes](https://forgejo.org/docs/v7.0/user/language-detection/) now.
+  * It is [no longer possible to replace the default web editor](https://codeberg.org/forgejo/forgejo/pulls/2916) used to write comments or issues and pull requests with the EasyMDE editor. It is however still available as an alternative to edit releases and wiki pages.
+  * [The list of all repositories and the `New Issue` button are no longer available in the user dashboard](https://codeberg.org/forgejo/forgejo/commit/beb71f5ef6e8074dc744ac995c15f7b5947a3f2e) for issues and pull requests.
+* **Migration warning**
+  * If the logs show a line like the following, [run doctor convert](https://forgejo.org/docs/v7.0/admin/command-line/#doctor-convert) to fix it.
+    ```
+    [W] Current database is using a case-insensitive collation "utf8mb4_general_ci"
+    ```
+  * Large instances may experience slow migrations when the database is upgraded to support SHA-256 git repositories. For instance, here are the logs from a test migration of the https://codeberg.org production database:
+    ```
+    [I] Migration[286]: Add support for SHA256 git repositories
+    [W] [Slow SQL Query] ALTER TABLE `commit_status` MODIFY COLUMN `context_hash` VARCHAR(64) [] - 3m41.647738396s
+    [W] [Slow SQL Query] ALTER TABLE `comment` MODIFY COLUMN `commit_sha` VARCHAR(64) [] - 1m5.500234133s
+    [W] [Slow SQL Query] ALTER TABLE `release` MODIFY COLUMN `sha1` VARCHAR(64) [] - 22.06241145s
+    ```
+* **Features and enhancements**
+  * Repository settings have been refactored, lifting out the repository unit-related settings to their own page. ([#2221](https://codeberg.org/forgejo/forgejo/pulls/2221))
+    - When additional units can be enabled, an "Add more..." link will be displayed for repository admins. This can be turned off. ([#2533](https://codeberg.org/forgejo/forgejo/pulls/2533))
+  * Repository administrators can [allow anyone to edit the wiki](https://forgejo.org/docs/v7.0/user/wiki/#activation-and-permissions) in the repository Settings. ([#2001](https://codeberg.org/forgejo/forgejo/pulls/2001))
+  * Instance administrators can enable [repository badges](https://forgejo.org/docs/v7.0/user/readme-badges/) in the [configuration file](https://forgejo.org/docs/v7.0/admin/config-cheat-sheet/#badges-badges). This feature depends on a shield generator service such as shields.io, and is disabled by default. ([#2070](https://codeberg.org/forgejo/forgejo/pulls/2070))
+  * Instance administrators can configure the additional clone methods displayed on the repository home view. ([gitea#29320](https://github.com/go-gitea/gitea/pull/29320))
+  * Instance administrators can [assign custom flags to repositories](https://codeberg.org/forgejo/forgejo/pulls/2079). This is disabled by default, and currently requires custom templates to do anything useful with the flags. ([#2079](https://codeberg.org/forgejo/forgejo/pulls/2079) & [#2097](https://codeberg.org/forgejo/forgejo/pulls/2097))
+  * Fallback for [basic repo search using git-grep](https://forgejo.org/docs/v7.0/user/code-search/)  when code indexer is disabled ([gitea#29998](https://github.com/go-gitea/gitea/pull/29998))
+  * Repository administrators can disable forking instance-wide by setting the new `[repository].DISABLE_FORKS` setting. ([#2445](https://codeberg.org/forgejo/forgejo/pulls/2445))
+  * Render permalinks to files with a line range by an inline preview in all places where markup is allowed ([#2669](https://codeberg.org/forgejo/forgejo/pulls/2669))
+  * A user can now optionally set their preferred pronouns ([#1518](https://codeberg.org/forgejo/forgejo/pulls/1518)).
+  * [Always enable caches](https://codeberg.org/forgejo/forgejo/commit/e7cb8da2a8310ac167b6f613b283caa3316a7154).
+  * Forgejo now recognizes more [linguist attributes](https://forgejo.org/docs/v7.0/user/language-detection/), making it possible to include documentation in the repository language statistics, for example. ([#2088](https://codeberg.org/forgejo/forgejo/pulls/2088))
+  * When displaying the message to open a pull request from a recently pushed branch, the recently pushed branch now links to the appropriate branch. ([#2141](https://codeberg.org/forgejo/forgejo/pulls/2141))
+  * Users who signed up, but have not activated their accounts yet, are now able to [change their email before activation](https://codeberg.org/forgejo/forgejo/pulls/1891). ([#1891](https://codeberg.org/forgejo/forgejo/pulls/1891))
+  * The "You pushed on branch ...." banner is now displayed for repositories you have a fork of with recently pushed branches too ([#2195](https://codeberg.org/forgejo/forgejo/pulls/2195)), and it will no longer consider branches that share no history with the default branch. ([#2196](https://codeberg.org/forgejo/forgejo/pulls/2196))
+  * Forgejo will now highlight signed tags in a similar way it highlights signed commits. ([#2534](https://codeberg.org/forgejo/forgejo/pulls/2534))
+  * Forgejo gained support for the more recent GitHub-style alert blocks. ([#2348](https://codeberg.org/forgejo/forgejo/pulls/2348))
+    - The older style remains supported too.
+  * [[ACTIONS] Add vars context to cron jobs](https://codeberg.org/forgejo/forgejo/pulls/3059)
+  * [[ACTIONS] Allow viewing the latest Action Run on the web](https://codeberg.org/forgejo/forgejo/pulls/1900)
+  * [[AGIT] Automatically fill in the description](https://codeberg.org/forgejo/forgejo/pulls/2344)
+  * [[API] Add API to get PR by base/head](https://codeberg.org/forgejo/forgejo/pulls/2481)
+  * [[API] commentAssignment() to verify the id belongs](https://codeberg.org/forgejo/forgejo/pulls/2126)
+  * [[API] DELETE /repos/{owner}/{repo}/pulls/{index}/reviews/{id}/comments/{comment}](https://codeberg.org/forgejo/forgejo/pulls/2157)
+  * [[API] endpoint for adding comments to reviews](https://codeberg.org/forgejo/forgejo/pulls/2122)
+  * [[API] GET /repos/{owner}/{repo}/pulls/{index}/reviews/{id}/comments/{comment}](https://codeberg.org/forgejo/forgejo/pulls/2127)
+  * [[API] support for repository flags](https://codeberg.org/forgejo/forgejo/pulls/2097)
+  * [[I18N] Clarify description in deletion modal](https://codeberg.org/forgejo/forgejo/pulls/2488)
+  * [[I18N] Clarify the description of SSH Keys](https://codeberg.org/forgejo/forgejo/pulls/2393)
+  * [[I18N] Data size unit localization](https://codeberg.org/forgejo/forgejo/pulls/2528)
+  * [[I18N] Improve branch select list ui in go templates (gitea#29729)](https://codeberg.org/forgejo/forgejo/pulls/2744)
+  * [[I18N] Improve localization of repo summary](https://codeberg.org/forgejo/forgejo/pulls/2756)
+  * [[I18N] Improve registration / password reset emails](https://codeberg.org/forgejo/forgejo/pulls/2529)
+  * [[I18N] Use correct translations for pull request](https://codeberg.org/forgejo/forgejo/pulls/2260)
+  * [[I18N] Improve translatability of activity heatmap](https://codeberg.org/forgejo/forgejo/pulls/2612)
+  * [[I18N] Improve English locale for admin settings](https://codeberg.org/forgejo/forgejo/pulls/2583)
+  * [I18N] Add plural support: [1](https://codeberg.org/forgejo/forgejo/pulls/2614), [2](https://codeberg.org/forgejo/forgejo/pulls/2695), [3](https://codeberg.org/forgejo/forgejo/pulls/2954), [4](https://codeberg.org/forgejo/forgejo/pulls/3031)
+  * [I18N] General improvements to English locale: [1](https://codeberg.org/forgejo/forgejo/pulls/2307), [2](https://codeberg.org/forgejo/forgejo/pulls/2437), [3](https://codeberg.org/forgejo/forgejo/pulls/2492), [4](https://codeberg.org/forgejo/forgejo/pulls/2610), [5](https://codeberg.org/forgejo/forgejo/pulls/2703), [6](https://codeberg.org/forgejo/forgejo/pulls/2941).
+  * [[I18N] Allow custom repo size format](https://codeberg.org/forgejo/forgejo/pulls/2974)
+  * [[PACKAGES] nuget basic manifest download](https://codeberg.org/forgejo/forgejo/pulls/2222)
+  * [[UI] Add label filters in organization issues dashboard](https://codeberg.org/forgejo/forgejo/pulls/2944)
+  * [[UI] Allow users to hide all "Add more units..." hints](https://codeberg.org/forgejo/forgejo/pulls/2533)
+  * [[UI] Display tag name as title for a tag with no release [gitea]](https://codeberg.org/forgejo/forgejo/pulls/2547)
+  * [[UI] Enable ambiguous character detection in configured contexts](https://codeberg.org/forgejo/forgejo/pulls/2427)
+  * [[UI] Improve display of 404/500 error pages](https://codeberg.org/forgejo/forgejo/pulls/2466)
+  * [[UI] Improve look of user profiles](https://codeberg.org/forgejo/forgejo/pulls/2875)
+  * [[UI] Include a branch link in the recently pushed banner](https://codeberg.org/forgejo/forgejo/pulls/2141)
+  * [[UI] Offer to remove WIP: prefix in sidebar](https://codeberg.org/forgejo/forgejo/pulls/2660)
+  * [[UI] Port console colors](https://codeberg.org/forgejo/forgejo/pulls/2419)
+  * [[UI] pulls "Edit File" button in "Files Changed" tab](https://codeberg.org/forgejo/forgejo/pulls/1992)
+  * [[UI] Remove add organization on dashboard switcher](https://codeberg.org/forgejo/forgejo/pulls/2895)
+  * [[UI] Restrict file size of blame operation](https://codeberg.org/forgejo/forgejo/pulls/2395)
+  * [[UI] Show follow symlink button](https://codeberg.org/forgejo/forgejo/pulls/2530)
+  * [[UI] split code conversations in diff tab](https://codeberg.org/forgejo/forgejo/pulls/2306)
+  * [[UI] Update look of repo/org tabs on homepage](https://codeberg.org/forgejo/forgejo/pulls/2593)
+  * [[UI] Visual separation between types of attachments](https://codeberg.org/forgejo/forgejo/pulls/2899)
+  * [[UI] [AGIT] Add AGit label to AGit-created PRs](https://codeberg.org/forgejo/forgejo/pulls/2444)
+  * [[UI] [AGIT] Add link to docs and tooltip to label](https://codeberg.org/forgejo/forgejo/pulls/2499)
+  * [Implement commit mail selection for other Git operations](https://codeberg.org/forgejo/forgejo/pulls/2383)
+  * [Improved Linguist compatibility](https://codeberg.org/forgejo/forgejo/pulls/2088)
+  * [improve nuget nuspec api](https://codeberg.org/forgejo/forgejo/pulls/2996)
+  * [Log SQL queries when the database return error](https://codeberg.org/forgejo/forgejo/pulls/2140)
+  * [New doctor check: fix-push-mirrors-without-git-remote](https://codeberg.org/forgejo/forgejo/pulls/1853)
+  * [New route to view latest run of specific workflows](https://codeberg.org/forgejo/forgejo/pulls/2304)
+  * [Check for Commit in opengraph](https://codeberg.org/forgejo/forgejo/pulls/2094)
+  * [Check if commit is already present in target branch](https://codeberg.org/forgejo/forgejo/pulls/2450)
+  * [Configure if protected branch rule should apply to admins](https://codeberg.org/forgejo/forgejo/pulls/2867)
+  * [Count downloads for tag archives](https://codeberg.org/forgejo/forgejo/pulls/2976)
+  * [depguard sha256-simd](https://codeberg.org/forgejo/forgejo/pulls/2234)
+  * [Don't consider orphan branches as recently pushed](https://codeberg.org/forgejo/forgejo/pulls/2196)
+  * [extend webfinger to respond to profile page URIs](https://codeberg.org/forgejo/forgejo/pulls/2883)
+  * [Highlight signed tags like signed commits](https://codeberg.org/forgejo/forgejo/pulls/2534)
+  * [Allow changing the email address before activation](https://codeberg.org/forgejo/forgejo/pulls/1891)
+  * [Allow changing the repo Wiki branch to main](https://codeberg.org/forgejo/forgejo/pulls/2264)
+  * [Allow forking without a repo ID](https://codeberg.org/forgejo/forgejo/pulls/2310)
+  * [Allow instance-wide disabling of forking](https://codeberg.org/forgejo/forgejo/pulls/2445)
+  * [Allow non-explicit push options](https://codeberg.org/forgejo/forgejo/pulls/2984)
+  * [Allow to exclude files in dump](https://codeberg.org/forgejo/forgejo/pulls/2876)
+  * [add bucket lookup type](https://codeberg.org/forgejo/forgejo/pulls/2482)
+  * [Add download URL for executable files](https://codeberg.org/forgejo/forgejo/pulls/1839)
+  * [Add gitignore template for Janet projects](https://codeberg.org/forgejo/forgejo/pulls/2557)
+  * [add optional storage init to doctor commands](https://codeberg.org/forgejo/forgejo/pulls/3034)
+  * [Add rel="nofollow" to issue filter links](https://codeberg.org/forgejo/forgejo/pulls/2367)
+  * [Add support for shields.io-based badges](https://codeberg.org/forgejo/forgejo/pulls/2070)
+  * [Add Zig gitignore](https://codeberg.org/forgejo/forgejo/pulls/2352)
+  * [Recognize SSH signed tags too](https://codeberg.org/forgejo/forgejo/pulls/2520)
+  * [Repository flags](https://codeberg.org/forgejo/forgejo/pulls/2079)
+  * [support `.forgejo` dir for issue and PR templates](https://codeberg.org/forgejo/forgejo/pulls/2290)
+  * [Support Include/Exclude Filters for Grep](https://codeberg.org/forgejo/forgejo/pulls/3058)
+  * [Use 'Text' instead of 'Plaintext'](https://codeberg.org/forgejo/forgejo/pulls/2833)
+  * [Render code tags in commit messages](https://codeberg.org/forgejo/forgejo/commit/3ccb0c2512cb551943945aaa3f2bd0b1e2abd3b8).
+  * [Refactor markdown attention render](https://codeberg.org/forgejo/forgejo/commit/ec2201a3da5f18e55bfc0a54114ac935804f4ef8).
+  * [Add default board to new projects, remove uncategorized pseudo-board](https://codeberg.org/forgejo/forgejo/commit/8ffb9c6fb1571a1221978440f108911057df25db).
+  * [Add more stats tables](https://codeberg.org/forgejo/forgejo/commit/926367fe1d778fe7c9f5bc6b8e8c514b619ef038).
+  * [Improve branch select list ui in go templates](https://codeberg.org/forgejo/forgejo/commit/729849a2fd026adbb91e3ff3259290f61bd919f0).
+  * [Update allowed attachment types](https://codeberg.org/forgejo/forgejo/commit/04b79bb48b490644c46e58da46af4b62a40e5e03).
+  * [Completely style the webkit autofill](https://codeberg.org/forgejo/forgejo/commit/9916f3ed64a715fb9a31a0fcad6452276e275615).
+  * [Set user's 24h preference from their current OS locale](https://codeberg.org/forgejo/forgejo/commit/427ab550a6a35e7369bc1b33a188bb3030c32ec0).
+  * [Make wiki default branch name changeable](https://codeberg.org/forgejo/forgejo/commit/7ea8993a0e342e7a30cb2da03216697b4819935a).
+  * [Make admin pages wider because of left sidebar added and some tables become too narrow](https://codeberg.org/forgejo/forgejo/commit/145bebc829c03cbb078e518d7364d27bcf60d96c).
+  * [Make PR form use toast to show error message](https://codeberg.org/forgejo/forgejo/commit/221a28436a080447f429fa2089d264e56f4980e2).
+  * [Rename Action.GetDisplayName to GetActDisplayName](https://codeberg.org/forgejo/forgejo/commit/be9189eddc84e942710b16b1c8c54c10aad01b63).
+  * [Unify search boxes](https://codeberg.org/forgejo/forgejo/commit/847f03b6a65ee251bf764f54f6114737346a43b6).
+  * [Detect broken git hooks](https://codeberg.org/forgejo/forgejo/commit/963df8290784d82385f7e8ad9f5c9abfd2fa2860).
+  * [Filter for default-branch selection](https://codeberg.org/forgejo/forgejo/commit/1090734255d70deb9886de2c1a8bb971096223ee).
+  * [Include resource state events in Gitlab downloads](https://codeberg.org/forgejo/forgejo/commit/bc7a247b9ea68643e3c59d4b4376dea097ffcc68).
+  * [Properly migrate target branch change GitLab comment](https://codeberg.org/forgejo/forgejo/commit/f0acc71ba13713f07602294b4a33028125343d47).
+  * [Recolor dark theme to blue shade](https://codeberg.org/forgejo/forgejo/commit/ff581d5a2415f7a3321fa6ba656ae0e972674d6c).
+  * [Unify organizations header](https://codeberg.org/forgejo/forgejo/commit/4b494d341f3142c066bc5b2b3cfd50f924d64fd3).
+  * [Auto-update the system status in admin dashboard](https://codeberg.org/forgejo/forgejo/commit/4f050f358a15dd51903e01b330a5419b2ac06693).
+  * [Show more settings for empty repositories](https://codeberg.org/forgejo/forgejo/commit/b03af9efb275f935bb265c7f031225caaafefaff).
+  * [Downscale pasted PNG images based on metadata](https://codeberg.org/forgejo/forgejo/commit/b3f2447bc4b6a7220da748cc6eb24bd5568bee7c).
+  * [Show `View at this point in history` for every commit](https://codeberg.org/forgejo/forgejo/commit/27bc2b9d9597de89d2c6b68581c6729bb16a4572).
+  * [Drop "@" from email sender to avoid spam filters](https://codeberg.org/forgejo/forgejo/commit/9a1d5c549cb6d32219647ea1a771b8a82d5ac89f).
+  * [Allow non-admin users to delete review requests](https://codeberg.org/forgejo/forgejo/commit/77c56e29ded5665bdc09d0a568159aa7127b44b1).
+  * [Some performance optimization on dashboard and issues page](https://codeberg.org/forgejo/forgejo/commit/d996c5d5179c99855e69156a034eca055e9329a4).
+  * [Improve user search display name](https://codeberg.org/forgejo/forgejo/commit/c3e462921ee31536e59b37e654ed20e92a37ffe6).
+  * [Fix UI Spacing Errors in mirror settings](https://codeberg.org/forgejo/forgejo/commit/64faecefe10613840709a68c1b8b708115d69d6e).
+  * [Include username in email headers](https://codeberg.org/forgejo/forgejo/commit/360b3fd17c3315ad9ad9c4e6ac02eda73f48d8ae).
+  * [Also match weakly validated ETags](https://codeberg.org/forgejo/forgejo/commit/28fe3db1fb0f89bcb55829ced33c1282f85f6e97).
+  * [Propagate install_if and provider_priority to APKINDEX](https://codeberg.org/forgejo/forgejo/commit/2da233ad8be107de29190720f1c30199410fe0cd).
+  * [Fix display latest sync time for pull mirrors on the repo page](https://codeberg.org/forgejo/forgejo/commit/4674aea25b54baf08594c54f061dee9e44190f02).
+  * [Remove trust model selection from repository creation on web page because it can be changed in settings later](https://codeberg.org/forgejo/forgejo/commit/c08d263a1900aa5ee92f56af8ad1c7a2697d02e1).
+  * [Add ability to see open and closed issues at the same time](https://codeberg.org/forgejo/forgejo/commit/2c3da59e275b69ebf984bb70954f42a7bcb0b49d).
+  * [Move sign in labels to be above inputs](https://codeberg.org/forgejo/forgejo/commit/4af0944b2604dd2b2e413864492135faea097298).
+  * [Move the captcha script loader to the template which really needs it](https://codeberg.org/forgejo/forgejo/commit/a04f8c0f81f55a8b927ce0fad8127db39396f892).
+  * [Display latest sync time for pull mirrors on the repo page](https://codeberg.org/forgejo/forgejo/commit/2d343f8987025015f5b61e328cc9e45082e6d3f2).
+  * [Show in Web UI if file is vendored and generated](https://codeberg.org/forgejo/forgejo/commit/7ed18566e10b298309dcc99d97447cb1932ae09a).
+  * [Add orphaned topic consistency check](https://codeberg.org/forgejo/forgejo/commit/e02095c5b6e04f70ae6562f5aee169f7ee93cf7a).
+  * [Convert to url auth to header auth in tests](https://codeberg.org/forgejo/forgejo/commit/838db2f8911690fa2115c6827ed73687db71bef1).
+  * [Add option to set language in admin user view](https://codeberg.org/forgejo/forgejo/commit/318634ef74dc0a9c285991692e72d3df90b8583c).
+  * [Fix incorrect run order of action jobs](https://codeberg.org/forgejo/forgejo/commit/f4561c44b1cad700bf41537eb4db487fff34f6c9).
+  * [Add missing exclusive in advanced label options](https://codeberg.org/forgejo/forgejo/commit/77506c6f6cbfa5c15d8373743415f47b2adb404d).
+  * [Add combined index for issue_user.uid and issue_id](https://codeberg.org/forgejo/forgejo/commit/e08f1a9cbd582c73918e401eeba36261627f44a7).
+  * [Add edit option for README.md](https://codeberg.org/forgejo/forgejo/commit/08552f0076204b99258f9135c77a962c302521dc).
+  * [Fix link to `Code` tab on wiki commits](https://codeberg.org/forgejo/forgejo/commit/709a376c518d0cfde10bb911b32fd0ea82c67b52).
+  * [Remove autofocus in search box](https://codeberg.org/forgejo/forgejo/commit/eae555ff2395cc1ad178f3a977d83742ae73e1d9).
+  * [Allow to set explore page default sort](https://codeberg.org/forgejo/forgejo/commit/16ba16dbe951763cfc026b7351e26009d1a25fdc).
+  * [Improve PR diff view on mobile](https://codeberg.org/forgejo/forgejo/commit/49dddd87b19aebe83e1c54a455e62529a19f61b4).
+  * [Properly migrate automatic merge GitLab comments](https://codeberg.org/forgejo/forgejo/commit/542badbb76408c17ce6692e99fff680bee69face).
+  * [Display issue task list on project cards](https://codeberg.org/forgejo/forgejo/commit/4776fde9e1caa7cee5671715144a668e19a0323c).
+  * [Add Index to pull_auto_merge.doer_id](https://codeberg.org/forgejo/forgejo/commit/c8602a8dfa05f653e7de8ed2e677c8967b8688f5).
+  * [Fix display member unit in the menu bar if there are no hidden members in public org](https://codeberg.org/forgejo/forgejo/commit/0e021cd33ee3eb3d8f204bd075e2597b7ec8b391).
+  * [List all Debian package versions in `Packages`](https://codeberg.org/forgejo/forgejo/commit/b36e2ca4195298d2e4516e3022b953543f62f470).
+  * [Allow pull requests Manually Merged option to be used by non-admins](https://codeberg.org/forgejo/forgejo/commit/1756e30e102d079f8425aa2061ef80fd36c2e57d).
+  * [Only show diff file tree when more than one file changed](https://codeberg.org/forgejo/forgejo/commit/572f0963edc71239634ee782a3c69213479f34ba).
+  * [Show placeholder email in privacy popup](https://codeberg.org/forgejo/forgejo/commit/31f8880bc252a25075f8752e2722b316c6e46ec7).
+  * [Revamp repo header](https://codeberg.org/forgejo/forgejo/commit/7d62615513b8985360de497e9a051b51ca0faaf2).
+  * [Add link to members and repositories at teams page](https://codeberg.org/forgejo/forgejo/commit/4f4ddcf3c593b474846d40e47b4351d3deb39202).
+  * [Add link for repositories README file](https://codeberg.org/forgejo/forgejo/commit/7210f23fa0f11da093b307029d7ab91ed40807fb).
+  * [Add `must-change-password` cli parameter](https://codeberg.org/forgejo/forgejo/commit/9bea276055edc9527e3d6d66df3bbf0d20326f8b).
+  * [Unify password changing and invalidate auth tokens](https://codeberg.org/forgejo/forgejo/commit/688d4a1f719d2df4d2626453f4bc042c1874a375).
+  * [Add slow SQL query warning](https://codeberg.org/forgejo/forgejo/commit/664192767c41b9d0759bcc3915c7bd6ccecc52ae).
+  * [Pre-register OAuth application for tea](https://codeberg.org/forgejo/forgejo/commit/a825cc0f3423f0a5c8157c436a0c7b489ef536c1).
+  * [Differentiate between `push` and `pull` `mirror sync in progress`](https://codeberg.org/forgejo/forgejo/commit/e709bc199fe33456c4ecd1cd28029bd31b529832).
+  * [Cargo package - Fix missing domain in cargo sparse url](https://codeberg.org/forgejo/forgejo/commit/a112cf34d391cc04770021f9ffaa29e383cb9d51).
+  * [Link to file from its history](https://codeberg.org/forgejo/forgejo/commit/33de64cb21505259338e393ef0d15ccb0f757475).
+  * [Add a shortcut to user's profile page to admin user details](https://codeberg.org/forgejo/forgejo/commit/e96e440b8bde5516ffc7bba42691e26084a96588).
+  * [Doctor: delete action entries without existing user](https://codeberg.org/forgejo/forgejo/commit/15fa0383fb5dd9ad1702dbc34ba7100c0cdbcc8c).
+  * [Add anchor to review types](https://codeberg.org/forgejo/forgejo/commit/89c9a498fdd6184df8afda8b5b488462e65b9e71).
+  * [Show total TrackedTime on issue/pull/milestone lists](https://codeberg.org/forgejo/forgejo/commit/adbc995c347e158a56264f2488997d7d59a4dd8b).
+  * [Improve commit record's ui in comment list](https://codeberg.org/forgejo/forgejo/commit/ed1798f66d30e3755f01e24f8cb4aa5e8b6628a0).
+  * [Don't show new pr button when page is not compare pull](https://codeberg.org/forgejo/forgejo/commit/b693611b35c5ae17cfc820bc3e731608a5251464).
+  * [Add `Hide/Show all checks` button to commit status check](https://codeberg.org/forgejo/forgejo/commit/dcb648ee71853073d54e8a6e107b764212ede58e).
+  * [Improvements of releases list and tags list](https://codeberg.org/forgejo/forgejo/commit/3fcad582c9b9bfe66f4a346652f82b1aaf18430d).
+  * [Support pasting URLs over markdown text](https://codeberg.org/forgejo/forgejo/commit/45112876766cb81ed7edd2b72a3ab93e6deab8bb).
+  * [Customizable "Open with" applications for repository clone](https://codeberg.org/forgejo/forgejo/commit/44221a3cd747a01d55093b15a12bf053b534da35).
+  * [Allow options to disable user deletion from the interface on app.ini](https://codeberg.org/forgejo/forgejo/commit/767e9634d3d02acab27f05e1783391c9c7f6292e).
+  * [Extend issue template yaml engine](https://codeberg.org/forgejo/forgejo/commit/ff8f7a7a0d1d0f57113a6ad8b499f7c1094288f5).
+  * [Filter Repositories by type](https://codeberg.org/forgejo/forgejo/commit/83e04328dfff3b09e5d28dd972ebee0865f96b0e).
+  * [Implement code frequency graph](https://codeberg.org/forgejo/forgejo/commit/f097799953c5f510b7e3314f1e3e115761f207d0).
+  * [Implement recent commits graph](https://codeberg.org/forgejo/forgejo/commit/428008ac19185125b7cb1e3d379254d7b1932529).
+  * [Show commit status for releases](https://codeberg.org/forgejo/forgejo/commit/369fe5696697cef33a188d9b985ac4b9824a4bdf).
+  * [Actions Artifacts v4 backend](https://codeberg.org/forgejo/forgejo/commit/66632c4958041abdffe6adafc278d34ef515c44f).
+  * [Add merge style `fast-forward-only`](https://codeberg.org/forgejo/forgejo/commit/83123b493f3ae25d07d81c86b1a78afe1c17db53).
+  * [Retarget depending pulls when the parent branch is deleted](https://codeberg.org/forgejo/forgejo/commit/49eb16867728913d1eb2ced96e0b0b0a358f6ebe).
+  * [Add global setting how timestamps should be rendered](https://codeberg.org/forgejo/forgejo/commit/cdc33b29a012e61b42f192d79f9486fa8e21b2ed).
+  * [Add skip ci functionality](https://codeberg.org/forgejo/forgejo/commit/816e46ee7ce4b2649479554a940ecbe1cc505a3d)
+  * [Show latest commit for file](https://codeberg.org/forgejo/forgejo/commit/885cc32b14584ee2d01009768895b7a776441504).
+  * [Allow to sync tags from admin dashboard](https://codeberg.org/forgejo/forgejo/commit/4567a3a1ad0490d9077102e0e7b5de35790e5803).
+  * [Add Profile Readme for Organisations](https://codeberg.org/forgejo/forgejo/commit/603573366a203efae06f818a0b220be964cdac21).
+  * [Implement contributors graph](https://codeberg.org/forgejo/forgejo/commit/e9be8b25ae57189c4b29eaa393a397cf634d21d7).
+  * [Artifact deletion in actions ui](https://codeberg.org/forgejo/forgejo/commit/c551d3f3ab13379b0740fc45bc4dfc8f2fb84e16).
+  * [Add API routes to get runner registration token](https://codeberg.org/forgejo/forgejo/commit/baf0d402d9cb47849394202fcfc7c2e23b0faac3).
+  * [Add support for forking single branch](https://codeberg.org/forgejo/forgejo/commit/5e02e3b7ee8294e2ec94968ece9af56bf1aa1534).
+  * [Add support for sha256 repositories](https://codeberg.org/forgejo/forgejo/commit/d68a613ba8fd860863a3465b5b5945b191b87b25).
+  * [Add admin API route for managing user's badges](https://codeberg.org/forgejo/forgejo/commit/82b7de1360870db7a8b368a3f80ede887e32e128).
+* **Bug fixes:**
+  * The repository home view will no longer redirect to external units. ([#2064](https://codeberg.org/forgejo/forgejo/pulls/2064))
+  * User and Organization `.profile` repositories now search for a `README.md` file case insensitively. ([#2090](https://codeberg.org/forgejo/forgejo/pulls/2090))
+  * When viewing a file, the RSS feed link is only displayed when there is an RSS feed provided for the context: when viewing a file on a branch. ([#2103](https://codeberg.org/forgejo/forgejo/pulls/2103))
+  * Repository topic searches are now correctly paged, which should make topic management on larger instances orders of magnitudes faster. ([#2060](https://codeberg.org/forgejo/forgejo/pulls/2060))
+  * Mentioning a user in a comment or similar place ignores apostrophes now. ([#2485](https://codeberg.org/forgejo/forgejo/pulls/2485))
+  * Setting the `[repository].DISABLE_STARS` setting to `true` disables the functionality completely, rather than just hiding it from the user interface.
+  * Forking a repository is now available at a predictable URL, and does not require knowing the repository id. ([#2310](https://codeberg.org/forgejo/forgejo/pulls/2310))
+  * Issue and pull request templates can now be placed in a `.forgejo` directory, like workflows. ([#2290](https://codeberg.org/forgejo/forgejo/pulls/2290))
+  * [[A11Y] Fix accessibility and translatability of repo explore counters](https://codeberg.org/forgejo/forgejo/pulls/2862)
+  * [[A11Y] Focus styling and fix Watch/Unwatch buttons](https://codeberg.org/forgejo/forgejo/pulls/2379)
+  * [[A11Y] Label Stars/Forks links in repo explore](https://codeberg.org/forgejo/forgejo/pulls/2634)
+  * [[A11Y] Taborder in repo explore](https://codeberg.org/forgejo/forgejo/pulls/2636)
+  * [[ACTIONS] add proper payload to scheduled events](https://codeberg.org/forgejo/forgejo/pulls/2015)
+  * [[ACTIONS] Do not update PRs based on events that happened before they existed](https://codeberg.org/forgejo/forgejo/pulls/2932)
+  * [[ACTIONS] GetScheduledMergeByPullID may involve a system user](https://codeberg.org/forgejo/forgejo/pulls/1908)
+  * [[ACTIONS] Link to Workflow in View](https://codeberg.org/forgejo/forgejo/pulls/1866)
+  * [[ACTIONS] the ref of a scheduled action is always the default branch](https://codeberg.org/forgejo/forgejo/pulls/1941)
+  * [[API] Adjust name of operation](https://codeberg.org/forgejo/forgejo/pulls/2189)
+  * [[API] `/api/v1/{owner}/{repo}/issue_templates`](https://codeberg.org/forgejo/forgejo/pulls/2292)
+  * [[API] Document correct status code for creating a tag](https://codeberg.org/forgejo/forgejo/pulls/2201)
+  * [[API] /api/forgejo/v1/version auth check](https://codeberg.org/forgejo/forgejo/pulls/2582)
+  * [[API] inconsistencies](https://codeberg.org/forgejo/forgejo/pulls/2182)
+  * [[API] /issues/search endpoint](https://codeberg.org/forgejo/forgejo/pulls/2020)
+  * [[API] Make HTTPS schema default for Swagger](https://codeberg.org/forgejo/forgejo/pulls/1896)
+  * [[I18N] Add missing translation for more_items](https://codeberg.org/forgejo/forgejo/pulls/2828)
+  * [[I18N] Eliminate wrapping quotes in English locale](https://codeberg.org/forgejo/forgejo/pulls/2467)
+  * [[I18N] English fixes and improvements](https://codeberg.org/forgejo/forgejo/pulls/2631)
+  * [[I18N] Fix milestone sorting translation keys](https://codeberg.org/forgejo/forgejo/pulls/2644)
+  * [[I18N] Use correct translation on closed milestones](https://codeberg.org/forgejo/forgejo/pulls/2957)
+  * [[I18N] Use new translation key](https://codeberg.org/forgejo/forgejo/pulls/2760)
+  * [[PACKAGES] Delete redundant snap packaging recipe](https://codeberg.org/forgejo/forgejo/pulls/2693)
+  * [[PACKAGES] Fix Alpine Registry packages with noarch not being found](https://codeberg.org/forgejo/forgejo/pulls/2285)
+  * [[PACKAGES] Generate install if condition for Alpine](https://codeberg.org/forgejo/forgejo/pulls/2176)
+  * [[PACKAGES] Packagist webhook: support all events](https://codeberg.org/forgejo/forgejo/pulls/2646)
+  * [[PACKAGES] Fix for PyPi Registry PEP 503 Compliance](https://codeberg.org/forgejo/forgejo/pulls/3197)
+  * [[UI] Adjust the signed tag verification line](https://codeberg.org/forgejo/forgejo/pulls/2966)
+  * [[UI] Better color for labels/counters](https://codeberg.org/forgejo/forgejo/pulls/2935)
+  * [[UI] Better number for UserCards pagination](https://codeberg.org/forgejo/forgejo/pulls/2584)
+  * [[UI] Center icon and callout text](https://codeberg.org/forgejo/forgejo/pulls/3010)
+  * [[UI] Consistent styling for Sort filter](https://codeberg.org/forgejo/forgejo/pulls/2920)
+  * [[UI] Disable the RSS feed in file view for non-branches](https://codeberg.org/forgejo/forgejo/pulls/2103)
+  * [[UI] Disable 'View at this point in history' for wikis](https://codeberg.org/forgejo/forgejo/pulls/2999)
+  * [[UI] Display error message if doer is unable to fork](https://codeberg.org/forgejo/forgejo/pulls/2649)
+  * [[UI] Don't use `<br />` in alert block](https://codeberg.org/forgejo/forgejo/pulls/2741)
+  * [[UI] Fix admin layout](https://codeberg.org/forgejo/forgejo/pulls/3087)
+  * [[UI] Fix crash in issue forms](https://codeberg.org/forgejo/forgejo/pulls/3012)
+  * [[UI] Fix Ctrl+Enter on submitting review comment](https://codeberg.org/forgejo/forgejo/pulls/2370)
+  * [[UI] Fix diff patch operation in web UI](https://codeberg.org/forgejo/forgejo/pulls/2449)
+  * [[UI] Fixes for project selector in sidebar](https://codeberg.org/forgejo/forgejo/pulls/2608)
+  * [[UI] Fix must-change-password help dialog](https://codeberg.org/forgejo/forgejo/pulls/2676)
+  * [[UI] Fix relative links on orgmode](https://codeberg.org/forgejo/forgejo/pulls/2385)
+  * [[UI] Fix selector inner radius](https://codeberg.org/forgejo/forgejo/pulls/2860)
+  * [[UI] Fix tone of callout boxes for Forgejo dark](https://codeberg.org/forgejo/forgejo/pulls/3085)
+  * [[UI] Fix tooltip for 1000+ stars/forks](https://codeberg.org/forgejo/forgejo/pulls/3147)
+  * [[UI] include hostname in admin panel URL in new user emails](https://codeberg.org/forgejo/forgejo/pulls/1940)
+  * [[UI] Increase contrast of code block](https://codeberg.org/forgejo/forgejo/pulls/2874)
+  * [[UI] Limit amount of javascript errors being shown](https://codeberg.org/forgejo/forgejo/pulls/2175)
+  * [[UI] Make settings tab not active when on repository "Add units" tab](https://codeberg.org/forgejo/forgejo/pulls/2524)
+  * [[UI] Make write and preview tabs interactive](https://codeberg.org/forgejo/forgejo/pulls/2681)
+  * [[UI] New issue button position consistency](https://codeberg.org/forgejo/forgejo/pulls/2845)
+  * [[UI] Fix orgmode link resolver for text descriptions](https://codeberg.org/forgejo/forgejo/pulls/2276)
+  * [[UI] Preview: set font-size on preview content](https://codeberg.org/forgejo/forgejo/pulls/2349)
+  * [[UI] Fix primary button background inconsistency](https://codeberg.org/forgejo/forgejo/pulls/3002)
+  * [[UI] Fix regression of issue edit not working](https://codeberg.org/forgejo/forgejo/pulls/3043)
+  * [[UI] Fix relative links rendering](https://codeberg.org/forgejo/forgejo/pulls/2166)
+  * [[UI] Remember topic only in repo search](https://codeberg.org/forgejo/forgejo/pulls/2575)
+  * [[UI] Remove min-height from wiki elements](https://codeberg.org/forgejo/forgejo/pulls/2080)
+  * [[UI] Render emojis in labels in issue info popup](https://codeberg.org/forgejo/forgejo/pulls/2888)
+  * [[UI] Render correct label link](https://codeberg.org/forgejo/forgejo/pulls/3187)
+  * [[UI] Render inline file permalinks](https://codeberg.org/forgejo/forgejo/pulls/2669)
+  * [[UI] Fix repo badges when the label or text contains dashes](https://codeberg.org/forgejo/forgejo/pulls/2711)
+  * [[UI] Fix repo unarchivation button](https://codeberg.org/forgejo/forgejo/pulls/2550)
+  * [[UI] Restrict when to make link absolute in markdown](https://codeberg.org/forgejo/forgejo/pulls/2403)
+  * [[UI] Revert darker tone on labels](https://codeberg.org/forgejo/forgejo/pulls/2881)
+  * [[UI] Simplify converting struct to map in admin stats](https://codeberg.org/forgejo/forgejo/pulls/2442)
+  * [[UI] Fix the Fork button in repo headers](https://codeberg.org/forgejo/forgejo/pulls/2495)
+  * [[UI] Use correct logout URL](https://codeberg.org/forgejo/forgejo/pulls/2475)
+  * [[UI] Use separate keys for tabs on login screen](https://codeberg.org/forgejo/forgejo/pulls/2630)
+  * [[UI] "view file" button in diff compare view](https://codeberg.org/forgejo/forgejo/pulls/3046)
+  * [add Cache-Control header for health-check](https://codeberg.org/forgejo/forgejo/pulls/3060)
+  * [add max idle time setting for db connections](https://codeberg.org/forgejo/forgejo/pulls/2418)
+  * [Allow `'s` in mentions](https://codeberg.org/forgejo/forgejo/pulls/2485)
+  * [Avoid `WHERE IN` for comment migration query](https://codeberg.org/forgejo/forgejo/pulls/1961)
+  * [Cleanup characters forbidden on Windows from test fixture filenames](https://codeberg.org/forgejo/forgejo/pulls/2178)
+  * [Correct changed files for CODEOWNERS](https://codeberg.org/forgejo/forgejo/pulls/2507)
+  * [Correct default licenses to work as desired](https://codeberg.org/forgejo/forgejo/pulls/1888)
+  * [Detect protected branch on branch rename](https://codeberg.org/forgejo/forgejo/pulls/2811)
+  * [Disabling Stars should disable the routes too](https://codeberg.org/forgejo/forgejo/pulls/2471)
+  * [doctor: Don't say All done when no checks were run](https://codeberg.org/forgejo/forgejo/pulls/1907)
+  * [Do not allow deletion of internal references](https://codeberg.org/forgejo/forgejo/pulls/2834)
+  * [Don't color dot literal color names](https://codeberg.org/forgejo/forgejo/pulls/2905)
+  * [Don't delete inactive emails explicitly](https://codeberg.org/forgejo/forgejo/pulls/2880)
+  * [Don't overwrite protected branch accidentally](https://codeberg.org/forgejo/forgejo/pulls/2473)
+  * [Don't redirect the repo to external units](https://codeberg.org/forgejo/forgejo/pulls/2064)
+  * [Don't remove builtin OAuth2 applications](https://codeberg.org/forgejo/forgejo/pulls/3067)
+  * [Ensure `HasIssueContentHistory` takes into account `comment_id`](https://codeberg.org/forgejo/forgejo/pulls/2518)
+  * [Find README.md for user profiles case insensitively](https://codeberg.org/forgejo/forgejo/pulls/2090)
+  * [Fix header name in swagger response](https://codeberg.org/forgejo/forgejo/pulls/2526)
+  * [Fix pull request reopen conditions](https://codeberg.org/forgejo/forgejo/pulls/2373)
+  * [Fix unblock action](https://codeberg.org/forgejo/forgejo/pulls/3086)
+  * [Fix VSCode settings](https://codeberg.org/forgejo/forgejo/pulls/1881)
+  * [Gracefully handle missing branches on a repos branches page](https://codeberg.org/forgejo/forgejo/pulls/2139)
+  * [Initialize Git for hook regeneration](https://codeberg.org/forgejo/forgejo/pulls/2416)
+  * [Internal Server Error when resolving comments](https://codeberg.org/forgejo/forgejo/pulls/2282)
+  * [Load `AllUnitsEnabled` when necessary](https://codeberg.org/forgejo/forgejo/pulls/2420)
+  * [Makefile: check git diff exitCode](https://codeberg.org/forgejo/forgejo/pulls/2651)
+  * [Make pprof labels conformant with prometheus spec](https://codeberg.org/forgejo/forgejo/pulls/2933)
+  * [Make reference URL absolute](https://codeberg.org/forgejo/forgejo/pulls/2100)
+  * [misleading comparisons when comparing branches](https://codeberg.org/forgejo/forgejo/pulls/2194)
+  * [Block issue creation when blocked by repo owner](https://codeberg.org/forgejo/forgejo/pulls/2052)
+  * [NPE in `ToPullReviewList`](https://codeberg.org/forgejo/forgejo/pulls/2057)
+  * [NPE in `UsernameSubRoute`](https://codeberg.org/forgejo/forgejo/pulls/1981)
+  * [Only pass selected repository IDs to pagination](https://codeberg.org/forgejo/forgejo/pulls/1848)
+  * [panic in `canSoftDeleteContentHistory`](https://codeberg.org/forgejo/forgejo/pulls/2134)
+  * [prevent removing session cookie when redirect_uri query contains ://](https://codeberg.org/forgejo/forgejo/pulls/2590)
+  * [pull_request_template branch link](https://codeberg.org/forgejo/forgejo/pulls/2232)
+  * [Rate limit pre-activation email change separately](https://codeberg.org/forgejo/forgejo/pulls/2043)
+  * [Refactor LFS GC functions](https://codeberg.org/forgejo/forgejo/pulls/3056)
+  * [Reflect Cargo index state in settings](https://codeberg.org/forgejo/forgejo/pulls/2698)
+  * [Remember topic only in repo search](https://codeberg.org/forgejo/forgejo/pulls/2489)
+  * [Require Latex code to have a end sequence](https://codeberg.org/forgejo/forgejo/pulls/1822)
+  * [Respond with JSON Resource Descriptor Content-Type per RFC7033](https://codeberg.org/forgejo/forgejo/pulls/2882)
+  * [Fix session generation for database](https://codeberg.org/forgejo/forgejo/pulls/2045)
+  * [Sort file list case insensitively](https://codeberg.org/forgejo/forgejo/pulls/2522)
+  * [Fix the topic search paging](https://codeberg.org/forgejo/forgejo/pulls/2060)
+  * [Typo fix & clarify RegistrationToken](https://codeberg.org/forgejo/forgejo/pulls/2191)
+  * [Update checker setting updates](https://codeberg.org/forgejo/forgejo/pulls/2925)
+  * [Use correct format for attr-check error log](https://codeberg.org/forgejo/forgejo/pulls/2866)
+  * [Use correct head commit for CODEOWNER](https://codeberg.org/forgejo/forgejo/pulls/2658)
+  * [Use correct template for commitmail error](https://codeberg.org/forgejo/forgejo/pulls/2973)
+  * [Workaround borked Git version](https://codeberg.org/forgejo/forgejo/pulls/2335)
+  * [Remove scheduled action tasks if the repo is archived](https://codeberg.org/forgejo/forgejo/commit/87870ade49eb76ff57a8593ba35df10e0d617aa5).
+  * [Relax generic package filename restrictions](https://codeberg.org/forgejo/forgejo/commit/ea4755be6dfc8fc1f3c794eeaa2e2322b97d192e).
+  * [Prevent re-review and dismiss review actions on closed and merged PRs](https://codeberg.org/forgejo/forgejo/commit/23676bfea7ccbbe166a554115ea1f5f02800e379).
+  * [Add a warning for disallowed email domains](https://codeberg.org/forgejo/forgejo/commit/2559c80bec27a41967b355d214253a83b9ee5dad).
+  * [Skip email domain check when admins edit user emails](https://codeberg.org/forgejo/forgejo/commit/e7afba21ce2b02eb4230ba03752bd8b937f3e6ef).
+  * [Skip email domain check when admin users adds user manually](https://codeberg.org/forgejo/forgejo/commit/b6057a34db38e563473db00543a1e39fd743ca34).
+  * [Add support for API blob upload of release attachments](https://codeberg.org/forgejo/forgejo/commit/47a913d40d3417858f2ee51a7dbed64ca84eff60).
+  * [Allow options to disable user gpg keys configuration from the interface on app.ini](https://codeberg.org/forgejo/forgejo/commit/ee6ff937c0782b9cdc7ae1bc62b7eda83982d40f).
+  * [Allow options to disable user ssh keys configuration from the interface on app.ini](https://codeberg.org/forgejo/forgejo/commit/bb09ad2b63570c80418b4b9a10f7dbbb349448ab).
+  * [Fix content size does not match error when uploading lfs file](https://codeberg.org/forgejo/forgejo/commit/fb137d1e49c0436f1db093e2dc0a2350d63e1e29).
+  * [Add API to get merged PR of a commit](https://codeberg.org/forgejo/forgejo/commit/1608ef0ce9ce2ea1c87aef715d111cf441637d01).
+  * [Add API to get PR by base/head](https://codeberg.org/forgejo/forgejo/commit/feb189554e758ed27d1e309e5ec309d663e8f338).
+  * [Add attachment support for code review comments](https://codeberg.org/forgejo/forgejo/commit/f95fb8cc44d790e0ae71d3f879124a6ee9b07f66).
+  * [Add support for action artifact serve direct](https://codeberg.org/forgejo/forgejo/commit/1f8ad34e4391673a2eda434ea5e48ea084cdc814).
+  * [Show whether a PR is WIP inside popups](https://codeberg.org/forgejo/forgejo/commit/50f55f11c4f785b72a39e59b0fc12ae70ab8d8b5).
+  * [Add artifacts v4 jwt to job message and accept it](https://codeberg.org/forgejo/forgejo/commit/a9bc590d5d10b97bd8aa050ffb720e141a600064).
+  * [Fix some RPM registry flaws](https://codeberg.org/forgejo/forgejo/commit/461d8b53c2e51a8a6a1715ba40ac61d7e9f93971).
+  * [Add branch protection setting for ignoring stale approvals](https://codeberg.org/forgejo/forgejo/commit/5d3fdd121279c758f247a76e020799aa5e548feb).
+  * [Added instance-level variables](https://codeberg.org/forgejo/forgejo/commit/d0f24ff4cad05c1145afeca791e7d02fe146d46a).
+  * [Fix the wrong HTTP response status code for duplicate packages](https://codeberg.org/forgejo/forgejo/commit/5b6258a0b94737ec3db1ce418d0c933512a71f78).
+  * [Don't run push mirrors for archived repos](https://codeberg.org/forgejo/forgejo/commit/f3ba3e922dde7d12999a90d6cee15805a56cc7ff).
+  * [Support for grouping RPMs using paths](https://codeberg.org/forgejo/forgejo/commit/ba4d0b8ffbd78473273800f586ae8bde55cda6c5).
+  * [Fixes #27605: inline math blocks can't be preceded/followed by alphanumerical characters](https://codeberg.org/forgejo/forgejo/commit/2adc3a45fbd60126c0eab66b9cdd177a63bd4704).
+  * [Fix GPG subkey verify](https://codeberg.org/forgejo/forgejo/commit/5a674dd02ed3ea2853afa02dc15dcdadba069a6e).
+  * [Include encoding in signature payload](https://codeberg.org/forgejo/forgejo/commit/6925c0eee43980133896f9e4ee7e48e5751e9417).
+  * [Fix milestoneID filter bug in issue list](https://codeberg.org/forgejo/forgejo/commit/0da787f23737d252e6c80aa1a1f665e09dba0ea9).
+  * [Fix Citation modal responsiveness and clipboard copy](https://codeberg.org/forgejo/forgejo/commit/ca39d743636c9732f4422e130bac974555fb43c2).
+  * [Fix incorrect locale Tr for gpg command](https://codeberg.org/forgejo/forgejo/commit/071d871dcf8dd8097dc0af6d4baf304a2fbbe4e2).
+  * [Improve a11y document and dropdown item](https://codeberg.org/forgejo/forgejo/commit/1d4bf7e211db0866774fa3f6f563e15ffadac1f6).
+  * [Determine fuzziness of bleve indexer by keyword length](https://codeberg.org/forgejo/forgejo/commit/ab5f0b7558229b3ab5c3946a51e58b4caae775b0).
+  * [Fix ellipsis button not working if the last commit loading is deferred](https://codeberg.org/forgejo/forgejo/commit/1e29bccddbeb29eec3ceb507612851021ab4d60d).
+  * [Fix incorrect diff expander for deletion of last lines in a file](https://codeberg.org/forgejo/forgejo/commit/85bf170ff0d54471fe88903009a3fec4ef3e6e8c).
+  * [Do not exceed display for the PR page buttons on smaller screens](https://codeberg.org/forgejo/forgejo/commit/e7297d423f566a383c8861c4aaee028606591038).
+  * [Move citation button to proper place](https://codeberg.org/forgejo/forgejo/commit/eb4061babacfee2b72f4a33412530eb9f0de3b25).
+  * [Expire artifacts before deleting them physically](https://codeberg.org/forgejo/forgejo/commit/7f64e4d2a3f20b7d7de6542de5e0856c643e821f).
+  * [Fix can not select team reviewers when reviewers is empty](https://codeberg.org/forgejo/forgejo/commit/df439b6a983865ba559e517e5e93f5f1a53a97a0).
+  * [Fix default avatar image size in PR diff page](https://codeberg.org/forgejo/forgejo/commit/3aed8ae03475a430c0dc8e33f42fa9269a4844bd).
+  * [Fix branch list bug which displayed default branch twice](https://codeberg.org/forgejo/forgejo/commit/0e6fd0d1c1e31d22707e6f06124d5bf76361eaab).
+  * [Set the `isPermaLink` attribute to `false` in the `guid` sub-element](https://codeberg.org/forgejo/forgejo/commit/5574968ecbc34908dfa17b28bfc79c3490eaa685).
+  * [Fix long package version names overflowing](https://codeberg.org/forgejo/forgejo/commit/3d474110c181df7854576d78e46209908f7e1b52).
+  * [Fix wrong link in user and organization profile when using relative url](https://codeberg.org/forgejo/forgejo/commit/42149ff1a816501643ec2407ed61a83bf5b65059).
+  * [Fix session key conflict with database keyword](https://codeberg.org/forgejo/forgejo/commit/4c29c75968f520123f125e8305b2c29198664251).
+  * [Fix commit status in repo list](https://codeberg.org/forgejo/forgejo/commit/0abb5633e34fd14c2d49de0b4c98f7ba7d98a37e).
+  * [Fix incorrect action duration time when rerun the job before executed once](https://codeberg.org/forgejo/forgejo/commit/07ba4d9f87cf21b7ce87158ae5651cae3bb35604).
+  * [Fix missing mail reply address](https://codeberg.org/forgejo/forgejo/commit/3081e7e1536356346f73fb4a0d00101863b2cf05).
+  * [Filter inactive auth sources](https://codeberg.org/forgejo/forgejo/commit/e378545f3083990eb36ff5d72477662d9787280d).
+  * [Refactor Find Sources and fix bug when view a user who belongs to an inactive auth source](https://codeberg.org/forgejo/forgejo/commit/1bf5527eac6b947010c8faf408f6747de2a2384f).
+  * [Fix issue not showing on default board and add test](https://codeberg.org/forgejo/forgejo/commit/1eae2aadae0583ab092d6ed857bb727829aa52b7).
+  * [Improve file history UI and fix URL escaping bug](https://codeberg.org/forgejo/forgejo/commit/d1527dac3d1e68caf5a6f54c08144e28256e5c47).
+  * [Fix ldap admin privileges update bug](https://codeberg.org/forgejo/forgejo/commit/7ad31567cdc8206e0080b851a9b880729266b084).
+* **other**
+  * [[PERFORMANCE] git check-attr on bare repo if supported](https://codeberg.org/forgejo/forgejo/pulls/2763)
+  * [[REFACTOR] [AGIT] Refactor the AGit code](https://codeberg.org/forgejo/forgejo/pulls/2386)
+  * [[REFACTOR] generation of JWT secret](https://codeberg.org/forgejo/forgejo/pulls/2227)
+  * [[REFACTOR] PKT protocol](https://codeberg.org/forgejo/forgejo/pulls/2868)
+  * [Remove .exe suffix when cross-compiling on Windows](https://codeberg.org/forgejo/forgejo/commit/6acce16ee3a03df1cc06c46398f594009a0e31b9).
+  * [Refactor repo header/list](https://codeberg.org/forgejo/forgejo/commit/65e190ae8bd6c72d8701a58d67b256c87b92c189).
+  * [Update register application URL for GitLab](https://codeberg.org/forgejo/forgejo/commit/64fcf0cb64d455d5ca1420aa832aa057cf61e6dd).
+  * [Update golang links to use https](https://codeberg.org/forgejo/forgejo/commit/8ef53c871bcb5c007b3640a347c7868585c9e4de).
+  * [Teams: new View button](https://codeberg.org/forgejo/forgejo/commit/e3afe4a248ac3a961f332e2ba221bedafa3dfb7e).
+  * [Commit-Dropdown: Show Author of commit if available](https://codeberg.org/forgejo/forgejo/commit/300c8dedfd01ba0ea63486b644e93aa2be6785b2).
+  * [Refactor dropzone](https://codeberg.org/forgejo/forgejo/commit/c1ac3e5891a49bedc5e54ed5811cb2c0e058c43c).
+  * [When the title in the issue has a value, set the text cursor at the end of the text.](https://codeberg.org/forgejo/forgejo/commit/8c2559a72603e07fe682efddd698e1fc190b2728).
+  * [Load citation JS only when needed](https://codeberg.org/forgejo/forgejo/commit/f2fc2dcfc9305a42242421c718ee3673bd1c851c).
+  * [Refactor markdown attention render](https://codeberg.org/forgejo/forgejo/commit/ec2201a3da5f18e55bfc0a54114ac935804f4ef8).
+  * [Light theme color enhancements](https://codeberg.org/forgejo/forgejo/commit/23e2ace77d1612cda09bc0d08690314e7321cca3).
+  * [Dark theme color enhancements](https://codeberg.org/forgejo/forgejo/commit/704a59e59584041f95939e3d90260173906f946a).
+  * [Refactor markup/csv: don't read all to memory](https://codeberg.org/forgejo/forgejo/commit/d413a8fcacc81b6f7039371408034c9c2fc6c15f).
+  * [Move all login and account creation page labels to be above inputs](https://codeberg.org/forgejo/forgejo/commit/3acea02eb66ea09248ff29eb6b9cefce29fcea37).
+  * [Fix Gitpod logic of setting ROOT_URL](https://codeberg.org/forgejo/forgejo/commit/e52d87758272c417bb9b30e944f9b0bd33d28cb7).
+  * [Fix broken following organization](https://codeberg.org/forgejo/forgejo/commit/fd3b4afa2b3621ece2d7d1587fd4b017142d75a0).
+  * [Don't do a full page load when clicking `Watch` or `Star`](https://codeberg.org/forgejo/forgejo/commit/6992ef98fc227a60cf06e0a06b9ae2492b3d61be).
+  * [Fix non-alphabetic sorting of repo topics](https://codeberg.org/forgejo/forgejo/commit/a240d5dfa7e261f2fb703cf24b1ba4dc6aa47bfd).
+  * [Make cross-reference issue links work in markdown documents again](https://codeberg.org/forgejo/forgejo/commit/12c0487e01d3fd9fe289345c53e8a220be55e864).
+  * [Fix tooltip of variable edit button](https://codeberg.org/forgejo/forgejo/commit/361839fb1c8bdfb8291bbcf9bd650b21a605bbd7).
+  * [Disable query token param in integration tests](https://codeberg.org/forgejo/forgejo/commit/33439b733a4f69640350b9cda370963ebe9d1e0a).
+  * [Add merge arrow direction and update styling](https://codeberg.org/forgejo/forgejo/commit/e522e774cae2240279fc48c349fc513c9d3353ee).
+  * [Add links to owner home page in explore](https://codeberg.org/forgejo/forgejo/commit/dd5693387e0642e1aba05b01eeb18139ce90ef5e).
+  * [Render PyPi long description as document](https://codeberg.org/forgejo/forgejo/commit/876a0cb3d652f42545abdb33dc4fd71a7c3343bf).
+  * [Ignore temporary files for directory size](https://codeberg.org/forgejo/forgejo/commit/cb8298b7178f5dde302604bfe34c658b725f16f8).
+  * [Make pushUpdate error verbose](https://codeberg.org/forgejo/forgejo/commit/1bfcdeef4cca0f5509476358e5931c13d37ed1ca).
+  * [Add download URL for executable files](https://codeberg.org/forgejo/forgejo/commit/9341b37520e5626352bf2df52e8dbace2985c0d7).
+  * [Improve profile for Organizations](https://codeberg.org/forgejo/forgejo/commit/089ac06969030b0886d4e20bf8f7a757f785f158).
+  * [Fix Show/hide filetree button on small displays](https://codeberg.org/forgejo/forgejo/commit/e31c6cfe6e30341c502302d1c0a03138f8bf5c9f).
+  * [Fix merge base commit for fast-forwarded GitLab PRs](https://codeberg.org/forgejo/forgejo/commit/02dae3f84b80047bef391960eea1350d551e4d72).
+  * [Align ISSUE_TEMPLATE with the new label system](https://codeberg.org/forgejo/forgejo/commit/248b7ee850ecdb538b22ddcfbe80b6f91be32b70).
+  * [Improve the list header in milestone page](https://codeberg.org/forgejo/forgejo/commit/8abc1aae4ab5b03be0bcbdd390bb903b54ccd21a).

 ## 1.21.11-1

@ -1025,7 +1484,7 @@ This stable release contains security fixes.

 * Security fixes

-  * [An additional verification](https://codeberg.org/forgejo/forgejo/commit/a259a928a) was implemented to prevent [open redirects](https://en.wikipedia.org/wiki/Open_redirect). 
+  * [An additional verification](https://codeberg.org/forgejo/forgejo/commit/a259a928a) was implemented to prevent [open redirects](https://en.wikipedia.org/wiki/Open_redirect).

 * Bug fixes

--- a/cmd/admin_user_change_password.go
+++ b/cmd/admin_user_change_password.go
@ -36,6 +36,7 @@ var microcmdUserChangePassword = &cli.Command{
 		&cli.BoolFlag{
 			Name:  "must-change-password",
 			Usage: "User must change password",
+			Value: true,
 		},
 	},
 }
@ -57,23 +58,18 @@ func runChangePassword(c *cli.Context) error {
 		return err
 	}

-	var mustChangePassword optional.Option[bool]
-	if c.IsSet("must-change-password") {
-		mustChangePassword = optional.Some(c.Bool("must-change-password"))
-	}
-
 	opts := &user_service.UpdateAuthOptions{
 		Password:           optional.Some(c.String("password")),
-		MustChangePassword: mustChangePassword,
+		MustChangePassword: optional.Some(c.Bool("must-change-password")),
 	}
 	if err := user_service.UpdateAuth(ctx, user, opts); err != nil {
 		switch {
 		case errors.Is(err, password.ErrMinLength):
-			return fmt.Errorf("Password is not long enough. Needs to be at least %d", setting.MinPasswordLength)
+			return fmt.Errorf("password is not long enough, needs to be at least %d characters", setting.MinPasswordLength)
 		case errors.Is(err, password.ErrComplexity):
-			return errors.New("Password does not meet complexity requirements")
+			return errors.New("password does not meet complexity requirements")
 		case errors.Is(err, password.ErrIsPwned):
-			return errors.New("The password you chose is on a list of stolen passwords previously exposed in public data breaches. Please try again with a different password.\nFor more details, see https://haveibeenpwned.com/Passwords")
+			return errors.New("the password is in a list of stolen passwords previously exposed in public data breaches, please try again with a different password, to see more details: https://haveibeenpwned.com/Passwords")
 		default:
 			return err
 		}
--- a/cmd/admin_user_create.go
+++ b/cmd/admin_user_create.go
@ -8,6 +8,7 @@ import (
 	"fmt"

 	auth_model "code.gitea.io/gitea/models/auth"
+	"code.gitea.io/gitea/models/db"
 	user_model "code.gitea.io/gitea/models/user"
 	pwd "code.gitea.io/gitea/modules/auth/password"
 	"code.gitea.io/gitea/modules/optional"
@ -46,9 +47,10 @@ var microcmdUserCreate = &cli.Command{
 			Usage: "Generate a random password for the user",
 		},
 		&cli.BoolFlag{
-			Name:  "must-change-password",
-			Usage: "Set this option to false to prevent forcing the user to change their password after initial login",
-			Value: true,
+			Name:               "must-change-password",
+			Usage:              "Set this option to false to prevent forcing the user to change their password after initial login",
+			Value:              true,
+			DisableDefaultText: true,
 		},
 		&cli.IntFlag{
 			Name:  "random-password-length",
@ -72,10 +74,10 @@ func runCreateUser(c *cli.Context) error {
 	}

 	if c.IsSet("name") && c.IsSet("username") {
-		return errors.New("Cannot set both --name and --username flags")
+		return errors.New("cannot set both --name and --username flags")
 	}
 	if !c.IsSet("name") && !c.IsSet("username") {
-		return errors.New("One of --name or --username flags must be set")
+		return errors.New("one of --name or --username flags must be set")
 	}

 	if c.IsSet("password") && c.IsSet("random-password") {
@ -111,12 +113,21 @@ func runCreateUser(c *cli.Context) error {
 		return errors.New("must set either password or random-password flag")
 	}

-	changePassword := c.Bool("must-change-password")
-
-	// If this is the first user being created.
-	// Take it as the admin and don't force a password update.
-	if n := user_model.CountUsers(ctx, nil); n == 0 {
-		changePassword = false
+	isAdmin := c.Bool("admin")
+	mustChangePassword := true // always default to true
+	if c.IsSet("must-change-password") {
+		// if the flag is set, use the value provided by the user
+		mustChangePassword = c.Bool("must-change-password")
+	} else {
+		// check whether there are users in the database
+		hasUserRecord, err := db.IsTableNotEmpty(&user_model.User{})
+		if err != nil {
+			return fmt.Errorf("IsTableNotEmpty: %w", err)
+		}
+		if !hasUserRecord {
+			// if this is the first admin being created, don't force to change password (keep the old behavior)
+			mustChangePassword = false
+		}
 	}

 	restricted := optional.None[bool]()
@ -132,8 +143,8 @@ func runCreateUser(c *cli.Context) error {
 		Name:               username,
 		Email:              c.String("email"),
 		Passwd:             password,
-		IsAdmin:            c.Bool("admin"),
-		MustChangePassword: changePassword,
+		IsAdmin:            isAdmin,
+		MustChangePassword: mustChangePassword,
 		Visibility:         visibility,
 	}

--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@ -407,8 +407,8 @@ USER = root
 ;; Database connection max life time, default is 0 or 3s mysql (See #6804 & #7071 for reasoning)
 ;CONN_MAX_LIFETIME = 3s
 ;;
-;; Database maximum number of open connections, default is 0 meaning no maximum
-;MAX_OPEN_CONNS = 0
+;; Database maximum number of open connections, default is 100 which is the lowest default from Postgres (MariaDB + MySQL default to 151). Ensure you only increase the value if you configured your database server accordingly.
+;MAX_OPEN_CONNS = 100
 ;;
 ;; Whether execute database models migrations automatically
 ;AUTO_MIGRATION = true
@ -2394,22 +2394,6 @@ LEVEL = Info
 ;; Enable issue by repository metrics; default is false
 ;ENABLED_ISSUE_BY_REPOSITORY = false

-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[task]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;
-;; Task queue type, could be `channel` or `redis`.
-;QUEUE_TYPE = channel
-;;
-;; Task queue length, available only when `QUEUE_TYPE` is `channel`.
-;QUEUE_LENGTH = 1000
-;;
-;; Task queue connection string, available only when `QUEUE_TYPE` is `redis`.
-;; If there is a password of redis, use `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s` or `redis+cluster://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s` for `redis-clsuter`.
-;QUEUE_CONN_STR = "redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s"
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[migrations]
--- a/docker/rootless/usr/local/bin/docker-entrypoint.sh
+++ b/docker/rootless/usr/local/bin/docker-entrypoint.sh
@ -13,5 +13,10 @@ fi
 if [ $# -gt 0 ]; then
    exec "$@"
 else
+    # TODO: remove on next major version release
+    # Honour legacy config file if existing
+    if [ -f ${GITEA_APP_INI_LEGACY} ]; then
+        GITEA_APP_INI=${GITEA_APP_INI_LEGACY}
+    fi
    exec /usr/local/bin/gitea -c ${GITEA_APP_INI} web
 fi
--- a/docker/rootless/usr/local/bin/docker-setup.sh
+++ b/docker/rootless/usr/local/bin/docker-setup.sh
@ -11,6 +11,18 @@ mkdir -p ${GITEA_CUSTOM} && chmod 0700 ${GITEA_CUSTOM}
 mkdir -p ${GITEA_TEMP} && chmod 0700 ${GITEA_TEMP}
 if [ ! -w ${GITEA_TEMP} ]; then echo "${GITEA_TEMP} is not writable"; exit 1; fi

+# TODO: remove on next major version release
+# Honour legacy config file if existing, but inform the user
+if [ -f ${GITEA_APP_INI_LEGACY} ] && [ ${GITEA_APP_INI} != ${GITEA_APP_INI_LEGACY} ]; then
+    GITEA_APP_INI_DEFAULT=/var/lib/gitea/custom/conf/app.ini
+    echo -e \
+      "\033[33mWARNING\033[0m: detected configuration file in deprecated default path ${GITEA_APP_INI_LEGACY}." \
+      "The new default is ${GITEA_APP_INI_DEFAULT}. To remove this warning, choose one of the options:\n" \
+      "* Move ${GITEA_APP_INI_LEGACY} to ${GITEA_APP_INI_DEFAULT} (or to \$GITEA_APP_INI if you want to override this variable)\n" \
+      "* Explicitly override GITEA_APP_INI=${GITEA_APP_INI_LEGACY} in the container environment"
+    GITEA_APP_INI=${GITEA_APP_INI_LEGACY}
+fi
+
 #Prepare config file
 if [ ! -f ${GITEA_APP_INI} ]; then

--- a/models/activities/action_list.go
+++ b/models/activities/action_list.go
@ -83,6 +83,9 @@ func (actions ActionList) loadRepoOwner(ctx context.Context, userMap map[int64]*
 		_, alreadyLoaded := userMap[action.Repo.OwnerID]
 		return action.Repo.OwnerID, !alreadyLoaded
 	})
+	if len(missingUserIDs) == 0 {
+		return nil
+	}

 	if err := db.GetEngine(ctx).
 		In("id", missingUserIDs).
@ -129,6 +132,9 @@ func (actions ActionList) LoadComments(ctx context.Context) error {
 			commentIDs = append(commentIDs, action.CommentID)
 		}
 	}
+	if len(commentIDs) == 0 {
+		return nil
+	}

 	commentsMap := make(map[int64]*issues_model.Comment, len(commentIDs))
 	if err := db.GetEngine(ctx).In("id", commentIDs).Find(&commentsMap); err != nil {
--- a/models/auth/source.go
+++ b/models/auth/source.go
@ -33,6 +33,7 @@ const (
 	DLDAP       // 5
 	OAuth2      // 6
 	SSPI        // 7
+	Remote      // 8
 )

 // String returns the string name of the LoginType
@ -53,6 +54,7 @@ var Names = map[Type]string{
 	PAM:    "PAM",
 	OAuth2: "OAuth2",
 	SSPI:   "SPNEGO with SSPI",
+	Remote: "Remote",
 }

 // Config represents login config as far as the db is concerned
@ -181,6 +183,10 @@ func (source *Source) IsSSPI() bool {
 	return source.Type == SSPI
 }

+func (source *Source) IsRemote() bool {
+	return source.Type == Remote
+}
+
 // HasTLS returns true of this source supports TLS.
 func (source *Source) HasTLS() bool {
 	hasTLSer, ok := source.Cfg.(HasTLSer)
--- a/models/db/engine.go
+++ b/models/db/engine.go
@ -293,8 +293,8 @@ func MaxBatchInsertSize(bean any) int {
 }

 // IsTableNotEmpty returns true if table has at least one record
-func IsTableNotEmpty(tableName string) (bool, error) {
-	return x.Table(tableName).Exist()
+func IsTableNotEmpty(beanOrTableName any) (bool, error) {
+	return x.Table(beanOrTableName).Exist()
 }

 // DeleteAllRecords will delete all the records of this table
--- a/models/fixtures/lfs_meta_object.yml
+++ b/models/fixtures/lfs_meta_object.yml
@ -9,7 +9,7 @@

 -

-  id: 2
+  id: 2 # this is an LFS orphan object
  oid: 2eccdb43825d2a49d99d542daa20075cff1d97d9d2349a8977efe9c03661737c
  size: 107
  repository_id: 54
--- a/models/forgejo_migrations/migrate.go
+++ b/models/forgejo_migrations/migrate.go
@ -62,6 +62,10 @@ var migrations = []*Migration{
 	NewMigration("Add the `created` column to the `issue` table", forgejo_v1_22.AddCreatedToIssue),
 	// v12 -> v13
 	NewMigration("Add repo_archive_download_count table", forgejo_v1_22.AddRepoArchiveDownloadCount),
+	// v13 -> v14
+	NewMigration("Add `hide_archive_links` column to `release` table", AddHideArchiveLinksToRelease),
+	// v14 -> v15
+	NewMigration("Remove Gitea-specific columns from the repository and badge tables", RemoveGiteaSpecificColumnsFromRepositoryAndBadge),
 }

 // GetCurrentDBVersion returns the current Forgejo database version.
--- a/models/forgejo_migrations/v13.go
+++ b/models/forgejo_migrations/v13.go
@ -0,0 +1,15 @@
+// Copyright 2024 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package forgejo_migrations //nolint:revive
+
+import "xorm.io/xorm"
+
+func AddHideArchiveLinksToRelease(x *xorm.Engine) error {
+	type Release struct {
+		ID               int64 `xorm:"pk autoincr"`
+		HideArchiveLinks bool  `xorm:"NOT NULL DEFAULT false"`
+	}
+
+	return x.Sync(&Release{})
+}
--- a/models/forgejo_migrations/v14.go
+++ b/models/forgejo_migrations/v14.go
@ -0,0 +1,43 @@
+// Copyright 2024 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package forgejo_migrations //nolint:revive
+
+import (
+	"code.gitea.io/gitea/models/migrations/base"
+
+	"xorm.io/xorm"
+)
+
+func RemoveGiteaSpecificColumnsFromRepositoryAndBadge(x *xorm.Engine) error {
+	// Make sure the columns exist before dropping them
+	type Repository struct {
+		ID                int64
+		DefaultWikiBranch string
+	}
+	if err := x.Sync(&Repository{}); err != nil {
+		return err
+	}
+
+	type Badge struct {
+		ID   int64 `xorm:"pk autoincr"`
+		Slug string
+	}
+	err := x.Sync(new(Badge))
+	if err != nil {
+		return err
+	}
+
+	sess := x.NewSession()
+	defer sess.Close()
+	if err := sess.Begin(); err != nil {
+		return err
+	}
+	if err := base.DropTableColumns(sess, "repository", "default_wiki_branch"); err != nil {
+		return err
+	}
+	if err := base.DropTableColumns(sess, "badge", "slug"); err != nil {
+		return err
+	}
+	return sess.Commit()
+}
--- a/models/packages/package_version.go
+++ b/models/packages/package_version.go
@ -287,9 +287,10 @@ func (opts *PackageSearchOptions) configureOrderBy(e db.Engine) {
 // SearchVersions gets all versions of packages matching the search options
 func SearchVersions(ctx context.Context, opts *PackageSearchOptions) ([]*PackageVersion, int64, error) {
 	sess := db.GetEngine(ctx).
-		Where(opts.ToConds()).
+		Select("package_version.*").
 		Table("package_version").
-		Join("INNER", "package", "package.id = package_version.package_id")
+		Join("INNER", "package", "package.id = package_version.package_id").
+		Where(opts.ToConds())

 	opts.configureOrderBy(sess)

@ -304,19 +305,18 @@ func SearchVersions(ctx context.Context, opts *PackageSearchOptions) ([]*Package

 // SearchLatestVersions gets the latest version of every package matching the search options
 func SearchLatestVersions(ctx context.Context, opts *PackageSearchOptions) ([]*PackageVersion, int64, error) {
-	cond := opts.ToConds().
-		And(builder.Expr("pv2.id IS NULL"))
-
-	joinCond := builder.Expr("package_version.package_id = pv2.package_id AND (package_version.created_unix < pv2.created_unix OR (package_version.created_unix = pv2.created_unix AND package_version.id < pv2.id))")
-	if opts.IsInternal.Has() {
-		joinCond = joinCond.And(builder.Eq{"pv2.is_internal": opts.IsInternal.Value()})
-	}
+	in := builder.
+		Select("MAX(package_version.id)").
+		From("package_version").
+		InnerJoin("package", "package.id = package_version.package_id").
+		Where(opts.ToConds()).
+		GroupBy("package_version.package_id")

 	sess := db.GetEngine(ctx).
+		Select("package_version.*").
 		Table("package_version").
-		Join("LEFT", "package_version pv2", joinCond).
 		Join("INNER", "package", "package.id = package_version.package_id").
-		Where(cond)
+		Where(builder.In("package_version.id", in))

 	opts.configureOrderBy(sess)

--- a/models/repo/release.go
+++ b/models/repo/release.go
@ -78,6 +78,7 @@ type Release struct {
 	TargetBehind         string `xorm:"-"` // to handle non-existing or empty target
 	Title                string
 	Sha1                 string `xorm:"VARCHAR(64)"`
+	HideArchiveLinks     bool   `xorm:"NOT NULL DEFAULT false"`
 	NumCommits           int64
 	NumCommitsBehind     int64                            `xorm:"-"`
 	Note                 string                           `xorm:"TEXT"`
--- a/models/user/fixtures/user.yml
+++ b/models/user/fixtures/user.yml
@ -0,0 +1,36 @@
+-
+  id: 1041
+  lower_name: remote01
+  name: remote01
+  full_name: Remote01
+  email: remote01@example.com
+  keep_email_private: false
+  email_notifications_preference: onmention
+  passwd: ZogKvWdyEx:password
+  passwd_hash_algo: dummy
+  must_change_password: false
+  login_source: 1001
+  login_name: 123
+  type: 5
+  salt: ZogKvWdyEx
+  max_repo_creation: -1
+  is_active: true
+  is_admin: false
+  is_restricted: false
+  allow_git_hook: false
+  allow_import_local: false
+  allow_create_organization: true
+  prohibit_login: true
+  avatar: avatarremote01
+  avatar_email: avatarremote01@example.com
+  use_custom_avatar: false
+  num_followers: 0
+  num_following: 0
+  num_stars: 0
+  num_repos: 0
+  num_teams: 0
+  num_members: 0
+  visibility: 0
+  repo_admin_change_team_access: false
+  theme: ""
+  keep_activity_private: false
--- a/models/user/search.go
+++ b/models/user/search.go
@ -45,7 +45,11 @@ type SearchUserOptions struct {

 func (opts *SearchUserOptions) toSearchQueryBase(ctx context.Context) *xorm.Session {
 	var cond builder.Cond
-	cond = builder.Eq{"type": opts.Type}
+	if opts.Type == UserTypeIndividual {
+		cond = builder.In("type", UserTypeIndividual, UserTypeRemoteUser)
+	} else {
+		cond = builder.Eq{"type": opts.Type}
+	}
 	if opts.IncludeReserved {
 		if opts.Type == UserTypeIndividual {
 			cond = cond.Or(builder.Eq{"type": UserTypeUserReserved}).Or(
@ -140,7 +144,7 @@ func SearchUsers(ctx context.Context, opts *SearchUserOptions) (users []*User, _

 	sessQuery := opts.toSearchQueryBase(ctx).OrderBy(opts.OrderBy.String())
 	defer sessQuery.Close()
-	if opts.Page != 0 {
+	if opts.PageSize > 0 {
 		sessQuery = db.SetSessionPagination(sessQuery, opts)
 	}

--- a/models/user/user.go
+++ b/models/user/user.go
@ -216,7 +216,7 @@ func (u *User) GetEmail() string {
 // GetAllUsers returns a slice of all individual users found in DB.
 func GetAllUsers(ctx context.Context) ([]*User, error) {
 	users := make([]*User, 0)
-	return users, db.GetEngine(ctx).OrderBy("id").Where("type = ?", UserTypeIndividual).Find(&users)
+	return users, db.GetEngine(ctx).OrderBy("id").In("type", UserTypeIndividual, UserTypeRemoteUser).Find(&users)
 }

 // GetAllAdmins returns a slice of all adminusers found in DB.
@ -416,6 +416,10 @@ func (u *User) IsBot() bool {
 	return u.Type == UserTypeBot
 }

+func (u *User) IsRemote() bool {
+	return u.Type == UserTypeRemoteUser
+}
+
 // DisplayName returns full name if it's not empty,
 // returns username otherwise.
 func (u *User) DisplayName() string {
@ -918,7 +922,8 @@ func GetUserByName(ctx context.Context, name string) (*User, error) {
 	if len(name) == 0 {
 		return nil, ErrUserNotExist{Name: name}
 	}
-	u := &User{LowerName: strings.ToLower(name), Type: UserTypeIndividual}
+	// adding Type: UserTypeIndividual is a noop because it is zero and discarded
+	u := &User{LowerName: strings.ToLower(name)}
 	has, err := db.GetEngine(ctx).Get(u)
 	if err != nil {
 		return nil, err
--- a/models/user/user_test.go
+++ b/models/user/user_test.go
@ -21,6 +21,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/timeutil"
+	"code.gitea.io/gitea/tests"

 	"github.com/stretchr/testify/assert"
 )
@ -33,6 +34,35 @@ func TestOAuth2Application_LoadUser(t *testing.T) {
 	assert.NotNil(t, user)
 }

+func TestGetUserByName(t *testing.T) {
+	defer tests.AddFixtures("models/user/fixtures/")()
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	{
+		_, err := user_model.GetUserByName(db.DefaultContext, "")
+		assert.True(t, user_model.IsErrUserNotExist(err), err)
+	}
+	{
+		_, err := user_model.GetUserByName(db.DefaultContext, "UNKNOWN")
+		assert.True(t, user_model.IsErrUserNotExist(err), err)
+	}
+	{
+		user, err := user_model.GetUserByName(db.DefaultContext, "USER2")
+		assert.NoError(t, err)
+		assert.Equal(t, user.Name, "user2")
+	}
+	{
+		user, err := user_model.GetUserByName(db.DefaultContext, "org3")
+		assert.NoError(t, err)
+		assert.Equal(t, user.Name, "org3")
+	}
+	{
+		user, err := user_model.GetUserByName(db.DefaultContext, "remote01")
+		assert.NoError(t, err)
+		assert.Equal(t, user.Name, "remote01")
+	}
+}
+
 func TestGetUserEmailsByNames(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

@ -61,7 +91,24 @@ func TestCanCreateOrganization(t *testing.T) {
 	assert.False(t, user.CanCreateOrganization())
 }

+func TestGetAllUsers(t *testing.T) {
+	defer tests.AddFixtures("models/user/fixtures/")()
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	users, err := user_model.GetAllUsers(db.DefaultContext)
+	assert.NoError(t, err)
+
+	found := make(map[user_model.UserType]bool, 0)
+	for _, user := range users {
+		found[user.Type] = true
+	}
+	assert.True(t, found[user_model.UserTypeIndividual], users)
+	assert.True(t, found[user_model.UserTypeRemoteUser], users)
+	assert.False(t, found[user_model.UserTypeOrganization], users)
+}
+
 func TestSearchUsers(t *testing.T) {
+	defer tests.AddFixtures("models/user/fixtures/")()
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	testSuccess := func(opts *user_model.SearchUserOptions, expectedUserOrOrgIDs []int64) {
 		users, _, err := user_model.SearchUsers(db.DefaultContext, opts)
@ -102,13 +149,13 @@ func TestSearchUsers(t *testing.T) {
 	}

 	testUserSuccess(&user_model.SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1}},
-		[]int64{1, 2, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 20, 21, 24, 27, 28, 29, 30, 32, 34, 37, 38, 39, 40})
+		[]int64{1, 2, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 20, 21, 24, 27, 28, 29, 30, 32, 34, 37, 38, 39, 40, 1041})

 	testUserSuccess(&user_model.SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsActive: optional.Some(false)},
 		[]int64{9})

 	testUserSuccess(&user_model.SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1}, IsActive: optional.Some(true)},
-		[]int64{1, 2, 4, 5, 8, 10, 11, 12, 13, 14, 15, 16, 18, 20, 21, 24, 27, 28, 29, 30, 32, 34, 37, 38, 39, 40})
+		[]int64{1, 2, 4, 5, 8, 10, 11, 12, 13, 14, 15, 16, 18, 20, 21, 24, 27, 28, 29, 30, 32, 34, 37, 38, 39, 40, 1041})

 	testUserSuccess(&user_model.SearchUserOptions{Keyword: "user1", OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1}, IsActive: optional.Some(true)},
 		[]int64{1, 10, 11, 12, 13, 14, 15, 16, 18})
@ -124,7 +171,7 @@ func TestSearchUsers(t *testing.T) {
 		[]int64{29})

 	testUserSuccess(&user_model.SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsProhibitLogin: optional.Some(true)},
-		[]int64{37})
+		[]int64{1041, 37})

 	testUserSuccess(&user_model.SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsTwoFactorEnabled: optional.Some(true)},
 		[]int64{24})
--- a/modules/git/commit.go
+++ b/modules/git/commit.go
@ -462,7 +462,7 @@ func parseCommitFileStatus(fileStatus *CommitFileStatus, stdout io.Reader) {
 		_, _ = rd.Discard(1)
 	}
 	for {
-		modifier, err := rd.ReadSlice('\x00')
+		modifier, err := rd.ReadString('\x00')
 		if err != nil {
 			if err != io.EOF {
 				log.Error("Unexpected error whilst reading from git log --name-status. Error: %v", err)
--- a/modules/git/object_format.go
+++ b/modules/git/object_format.go
@ -6,6 +6,7 @@ package git
 import (
 	"crypto/sha1"
 	"crypto/sha256"
+	"hash"
 	"regexp"
 	"strconv"
 )
@ -33,6 +34,15 @@ type ObjectFormat interface {
 	ComputeHash(t ObjectType, content []byte) ObjectID
 }

+func computeHash(dst []byte, hasher hash.Hash, t ObjectType, content []byte) []byte {
+	_, _ = hasher.Write(t.Bytes())
+	_, _ = hasher.Write([]byte(" "))
+	_, _ = hasher.Write([]byte(strconv.Itoa(len(content))))
+	_, _ = hasher.Write([]byte{0})
+	_, _ = hasher.Write(content)
+	return hasher.Sum(dst)
+}
+
 /* SHA1 Type */
 type Sha1ObjectFormatImpl struct{}

@ -65,16 +75,9 @@ func (Sha1ObjectFormatImpl) MustID(b []byte) ObjectID {

 // ComputeHash compute the hash for a given ObjectType and content
 func (h Sha1ObjectFormatImpl) ComputeHash(t ObjectType, content []byte) ObjectID {
-	hasher := sha1.New()
-	_, _ = hasher.Write(t.Bytes())
-	_, _ = hasher.Write([]byte(" "))
-	_, _ = hasher.Write([]byte(strconv.FormatInt(int64(len(content)), 10)))
-	_, _ = hasher.Write([]byte{0})
-
-	// HashSum generates a SHA1 for the provided hash
-	var sha1 Sha1Hash
-	copy(sha1[:], hasher.Sum(nil))
-	return &sha1
+	var obj Sha1Hash
+	computeHash(obj[:0], sha1.New(), t, content)
+	return &obj
 }

 /* SHA256 Type */
@ -111,16 +114,9 @@ func (Sha256ObjectFormatImpl) MustID(b []byte) ObjectID {

 // ComputeHash compute the hash for a given ObjectType and content
 func (h Sha256ObjectFormatImpl) ComputeHash(t ObjectType, content []byte) ObjectID {
-	hasher := sha256.New()
-	_, _ = hasher.Write(t.Bytes())
-	_, _ = hasher.Write([]byte(" "))
-	_, _ = hasher.Write([]byte(strconv.FormatInt(int64(len(content)), 10)))
-	_, _ = hasher.Write([]byte{0})
-
-	// HashSum generates a SHA256 for the provided hash
-	var sha256 Sha1Hash
-	copy(sha256[:], hasher.Sum(nil))
-	return &sha256
+	var obj Sha256Hash
+	computeHash(obj[:0], sha256.New(), t, content)
+	return &obj
 }

 var (
--- a/modules/git/object_id_test.go
+++ b/modules/git/object_id_test.go
@ -18,4 +18,8 @@ func TestIsValidSHAPattern(t *testing.T) {
 	assert.False(t, h.IsValid("abc"))
 	assert.False(t, h.IsValid("123g"))
 	assert.False(t, h.IsValid("some random text"))
+
+	assert.Equal(t, "79ee38a6416c1ede423ec7ee0a8639ceea4aad22", ComputeBlobHash(Sha1ObjectFormat, []byte("some random blob")).String())
+	assert.Equal(t, "d5c6407415d85df49592672aa421aed39b9db5e3", ComputeBlobHash(Sha1ObjectFormat, []byte("same length blob")).String())
+	assert.Equal(t, "df0b5174ed06ae65aea40d43316bcbc21d82c9e3158ce2661df2ad28d7931dd6", ComputeBlobHash(Sha256ObjectFormat, []byte("some random blob")).String())
 }
--- a/modules/git/pipeline/lfs_common.go
+++ b/modules/git/pipeline/lfs_common.go
@ -0,0 +1,32 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package pipeline
+
+import (
+	"fmt"
+	"time"
+
+	"code.gitea.io/gitea/modules/git"
+)
+
+// LFSResult represents commits found using a provided pointer file hash
+type LFSResult struct {
+	Name           string
+	SHA            string
+	Summary        string
+	When           time.Time
+	ParentHashes   []git.ObjectID
+	BranchName     string
+	FullCommitName string
+}
+
+type lfsResultSlice []*LFSResult
+
+func (a lfsResultSlice) Len() int           { return len(a) }
+func (a lfsResultSlice) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
+func (a lfsResultSlice) Less(i, j int) bool { return a[j].When.After(a[i].When) }
+
+func lfsError(msg string, err error) error {
+	return fmt.Errorf("LFS error occurred, %s: err: %w", msg, err)
+}
--- a/modules/git/pipeline/lfs_gogit.go
+++ b/modules/git/pipeline/lfs_gogit.go
@ -7,12 +7,10 @@ package pipeline

 import (
 	"bufio"
-	"fmt"
 	"io"
 	"sort"
 	"strings"
 	"sync"
-	"time"

 	"code.gitea.io/gitea/modules/git"

@ -21,23 +19,6 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/object"
 )

-// LFSResult represents commits found using a provided pointer file hash
-type LFSResult struct {
-	Name           string
-	SHA            string
-	Summary        string
-	When           time.Time
-	ParentHashes   []git.ObjectID
-	BranchName     string
-	FullCommitName string
-}
-
-type lfsResultSlice []*LFSResult
-
-func (a lfsResultSlice) Len() int           { return len(a) }
-func (a lfsResultSlice) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
-func (a lfsResultSlice) Less(i, j int) bool { return a[j].When.After(a[i].When) }
-
 // FindLFSFile finds commits that contain a provided pointer file hash
 func FindLFSFile(repo *git.Repository, objectID git.ObjectID) ([]*LFSResult, error) {
 	resultsMap := map[string]*LFSResult{}
@ -51,7 +32,7 @@ func FindLFSFile(repo *git.Repository, objectID git.ObjectID) ([]*LFSResult, err
 		All:   true,
 	})
 	if err != nil {
-		return nil, fmt.Errorf("Failed to get GoGit CommitsIter. Error: %w", err)
+		return nil, lfsError("failed to get GoGit CommitsIter", err)
 	}

 	err = commitsIter.ForEach(func(gitCommit *object.Commit) error {
@ -85,7 +66,7 @@ func FindLFSFile(repo *git.Repository, objectID git.ObjectID) ([]*LFSResult, err
 		return nil
 	})
 	if err != nil && err != io.EOF {
-		return nil, fmt.Errorf("Failure in CommitIter.ForEach: %w", err)
+		return nil, lfsError("failure in CommitIter.ForEach", err)
 	}

 	for _, result := range resultsMap {
@ -156,7 +137,7 @@ func FindLFSFile(repo *git.Repository, objectID git.ObjectID) ([]*LFSResult, err
 	select {
 	case err, has := <-errChan:
 		if has {
-			return nil, fmt.Errorf("Unable to obtain name for LFS files. Error: %w", err)
+			return nil, lfsError("unable to obtain name for LFS files", err)
 		}
 	default:
 	}
--- a/modules/git/pipeline/lfs_nogogit.go
+++ b/modules/git/pipeline/lfs_nogogit.go
@ -8,33 +8,14 @@ package pipeline
 import (
 	"bufio"
 	"bytes"
-	"fmt"
 	"io"
 	"sort"
 	"strings"
 	"sync"
-	"time"

 	"code.gitea.io/gitea/modules/git"
 )

-// LFSResult represents commits found using a provided pointer file hash
-type LFSResult struct {
-	Name           string
-	SHA            string
-	Summary        string
-	When           time.Time
-	ParentIDs      []git.ObjectID
-	BranchName     string
-	FullCommitName string
-}
-
-type lfsResultSlice []*LFSResult
-
-func (a lfsResultSlice) Len() int           { return len(a) }
-func (a lfsResultSlice) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
-func (a lfsResultSlice) Less(i, j int) bool { return a[j].When.After(a[i].When) }
-
 // FindLFSFile finds commits that contain a provided pointer file hash
 func FindLFSFile(repo *git.Repository, objectID git.ObjectID) ([]*LFSResult, error) {
 	resultsMap := map[string]*LFSResult{}
@ -137,11 +118,11 @@ func FindLFSFile(repo *git.Repository, objectID git.ObjectID) ([]*LFSResult, err
 					n += int64(count)
 					if bytes.Equal(binObjectID, objectID.RawValue()) {
 						result := LFSResult{
-							Name:      curPath + string(fname),
-							SHA:       curCommit.ID.String(),
-							Summary:   strings.Split(strings.TrimSpace(curCommit.CommitMessage), "\n")[0],
-							When:      curCommit.Author.When,
-							ParentIDs: curCommit.Parents,
+							Name:         curPath + string(fname),
+							SHA:          curCommit.ID.String(),
+							Summary:      strings.Split(strings.TrimSpace(curCommit.CommitMessage), "\n")[0],
+							When:         curCommit.Author.When,
+							ParentHashes: curCommit.Parents,
 						}
 						resultsMap[curCommit.ID.String()+":"+curPath+string(fname)] = &result
 					} else if string(mode) == git.EntryModeTree.String() {
@ -183,7 +164,7 @@ func FindLFSFile(repo *git.Repository, objectID git.ObjectID) ([]*LFSResult, err

 	for _, result := range resultsMap {
 		hasParent := false
-		for _, parentID := range result.ParentIDs {
+		for _, parentID := range result.ParentHashes {
 			if _, hasParent = resultsMap[parentID.String()+":"+result.Name]; hasParent {
 				break
 			}
@ -241,7 +222,7 @@ func FindLFSFile(repo *git.Repository, objectID git.ObjectID) ([]*LFSResult, err
 	select {
 	case err, has := <-errChan:
 		if has {
-			return nil, fmt.Errorf("Unable to obtain name for LFS files. Error: %w", err)
+			return nil, lfsError("unable to obtain name for LFS files", err)
 		}
 	default:
 	}
--- a/modules/indexer/code/bleve/bleve.go
+++ b/modules/indexer/code/bleve/bleve.go
@ -41,6 +41,8 @@ const (
 	maxBatchSize         = 16
 	// fuzzyDenominator determines the levenshtein distance per each character of a keyword
 	fuzzyDenominator = 4
+	// see https://github.com/blevesearch/bleve/issues/1563#issuecomment-786822311
+	maxFuzziness = 2
 )

 func addUnicodeNormalizeTokenFilter(m *mapping.IndexMappingImpl) error {
@ -246,7 +248,7 @@ func (b *Indexer) Search(ctx context.Context, opts *internal.SearchOptions) (int
 	phraseQuery.Analyzer = repoIndexerAnalyzer
 	keywordQuery = phraseQuery
 	if opts.IsKeywordFuzzy {
-		phraseQuery.Fuzziness = len(opts.Keyword) / fuzzyDenominator
+		phraseQuery.Fuzziness = min(maxFuzziness, len(opts.Keyword)/fuzzyDenominator)
 	}

 	if len(opts.RepoIDs) > 0 {
--- a/modules/indexer/code/indexer_test.go
+++ b/modules/indexer/code/indexer_test.go
@ -49,6 +49,12 @@ func testIndexer(name string, t *testing.T, indexer internal.Indexer) {
 				IDs:     []int64{},
 				Langs:   0,
 			},
+			{
+				RepoIDs: nil,
+				Keyword: "Description for",
+				IDs:     []int64{repoID},
+				Langs:   1,
+			},
 			{
 				RepoIDs: nil,
 				Keyword: "repo1",
--- a/modules/indexer/issues/bleve/bleve.go
+++ b/modules/indexer/issues/bleve/bleve.go
@ -39,6 +39,8 @@ const (
 	maxBatchSize = 16
 	// fuzzyDenominator determines the levenshtein distance per each character of a keyword
 	fuzzyDenominator = 4
+	// see https://github.com/blevesearch/bleve/issues/1563#issuecomment-786822311
+	maxFuzziness = 2
 )

 // IndexerData an update to the issue indexer
@ -162,7 +164,7 @@ func (b *Indexer) Search(ctx context.Context, options *internal.SearchOptions) (
 	if options.Keyword != "" {
 		fuzziness := 0
 		if options.IsFuzzyKeyword {
-			fuzziness = len(options.Keyword) / fuzzyDenominator
+			fuzziness = min(maxFuzziness, len(options.Keyword)/fuzzyDenominator)
 		}

 		queries = append(queries, bleve.NewDisjunctionQuery([]query.Query{
--- a/modules/indexer/issues/internal/tests/tests.go
+++ b/modules/indexer/issues/internal/tests/tests.go
@ -130,6 +130,20 @@ var cases = []*testIndexerCase{
 		ExpectedIDs:   []int64{1002, 1001, 1000},
 		ExpectedTotal: 3,
 	},
+	{
+		Name: "Keyword Fuzzy",
+		ExtraData: []*internal.IndexerData{
+			{ID: 1000, Title: "hi hello world"},
+			{ID: 1001, Content: "hi hello world"},
+			{ID: 1002, Comments: []string{"hi", "hello world"}},
+		},
+		SearchOptions: &internal.SearchOptions{
+			Keyword:        "hello wrold",
+			IsFuzzyKeyword: true,
+		},
+		ExpectedIDs:   []int64{1002, 1001, 1000},
+		ExpectedTotal: 3,
+	},
 	{
 		Name: "RepoIDs",
 		ExtraData: []*internal.IndexerData{
--- a/modules/session/store.go
+++ b/modules/session/store.go
@ -6,9 +6,6 @@ package session
 import (
 	"net/http"

-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/web/middleware"
-
 	"gitea.com/go-chi/session"
 )

@ -21,10 +18,12 @@ type Store interface {

 // RegenerateSession regenerates the underlying session and returns the new store
 func RegenerateSession(resp http.ResponseWriter, req *http.Request) (Store, error) {
-	// Ensure that a cookie with a trailing slash does not take precedence over
-	// the cookie written by the middleware.
-	middleware.DeleteLegacySiteCookie(resp, setting.SessionConfig.CookieName)
-
+	for _, f := range BeforeRegenerateSession {
+		f(resp, req)
+	}
 	s, err := session.RegenerateSession(resp, req)
 	return s, err
 }
+
+// BeforeRegenerateSession is a list of functions that are called before a session is regenerated.
+var BeforeRegenerateSession []func(http.ResponseWriter, *http.Request)
--- a/modules/setting/database.go
+++ b/modules/setting/database.go
@ -83,7 +83,7 @@ func loadDBSetting(rootCfg ConfigProvider) {
 		Database.ConnMaxLifetime = sec.Key("CONN_MAX_LIFETIME").MustDuration(0)
 	}
 	Database.ConnMaxIdleTime = sec.Key("CONN_MAX_IDLETIME").MustDuration(0)
-	Database.MaxOpenConns = sec.Key("MAX_OPEN_CONNS").MustInt(0)
+	Database.MaxOpenConns = sec.Key("MAX_OPEN_CONNS").MustInt(100)

 	Database.IterateBufferSize = sec.Key("ITERATE_BUFFER_SIZE").MustInt(50)
 	Database.LogSQL = sec.Key("LOG_SQL").MustBool(false)
--- a/modules/setting/incoming_email.go
+++ b/modules/setting/incoming_email.go
@ -38,6 +38,24 @@ func loadIncomingEmailFrom(rootCfg ConfigProvider) {
 		return
 	}

+	// Handle aliases
+	sec := rootCfg.Section("email.incoming")
+	if sec.HasKey("USER") && !sec.HasKey("USERNAME") {
+		IncomingEmail.Username = sec.Key("USER").String()
+	}
+	if sec.HasKey("PASSWD") && !sec.HasKey("PASSWORD") {
+		IncomingEmail.Password = sec.Key("PASSWD").String()
+	}
+
+	// Infer Port if not set
+	if IncomingEmail.Port == 0 {
+		if IncomingEmail.UseTLS {
+			IncomingEmail.Port = 993
+		} else {
+			IncomingEmail.Port = 143
+		}
+	}
+
 	if err := checkReplyToAddress(IncomingEmail.ReplyToAddress); err != nil {
 		log.Fatal("Invalid incoming_mail.REPLY_TO_ADDRESS (%s): %v", IncomingEmail.ReplyToAddress, err)
 	}
--- a/modules/setting/incoming_email_test.go
+++ b/modules/setting/incoming_email_test.go
@ -0,0 +1,74 @@
+// Copyright 2024 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_loadIncomingEmailFrom(t *testing.T) {
+	makeBaseConfig := func() (ConfigProvider, ConfigSection) {
+		cfg, _ := NewConfigProviderFromData("")
+		sec := cfg.Section("email.incoming")
+		sec.NewKey("ENABLED", "true")
+		sec.NewKey("REPLY_TO_ADDRESS", "forge+%{token}@example.com")
+
+		return cfg, sec
+	}
+	resetIncomingEmailPort := func() func() {
+		return func() {
+			IncomingEmail.Port = 0
+		}
+	}
+
+	t.Run("aliases", func(t *testing.T) {
+		cfg, sec := makeBaseConfig()
+		sec.NewKey("USER", "jane.doe@example.com")
+		sec.NewKey("PASSWD", "y0u'll n3v3r gUess th1S!!1")
+
+		loadIncomingEmailFrom(cfg)
+
+		assert.EqualValues(t, "jane.doe@example.com", IncomingEmail.Username)
+		assert.EqualValues(t, "y0u'll n3v3r gUess th1S!!1", IncomingEmail.Password)
+	})
+
+	t.Run("Port settings", func(t *testing.T) {
+		t.Run("no port, no tls", func(t *testing.T) {
+			defer resetIncomingEmailPort()()
+			cfg, sec := makeBaseConfig()
+
+			// False is the default, but we test it explicitly.
+			sec.NewKey("USE_TLS", "false")
+
+			loadIncomingEmailFrom(cfg)
+
+			assert.EqualValues(t, 143, IncomingEmail.Port)
+		})
+
+		t.Run("no port, with tls", func(t *testing.T) {
+			defer resetIncomingEmailPort()()
+			cfg, sec := makeBaseConfig()
+
+			sec.NewKey("USE_TLS", "true")
+
+			loadIncomingEmailFrom(cfg)
+
+			assert.EqualValues(t, 993, IncomingEmail.Port)
+		})
+
+		t.Run("port overrides tls", func(t *testing.T) {
+			defer resetIncomingEmailPort()()
+			cfg, sec := makeBaseConfig()
+
+			sec.NewKey("PORT", "1993")
+			sec.NewKey("USE_TLS", "true")
+
+			loadIncomingEmailFrom(cfg)
+
+			assert.EqualValues(t, 1993, IncomingEmail.Port)
+		})
+	})
+}
--- a/modules/setting/mailer.go
+++ b/modules/setting/mailer.go
@ -134,6 +134,14 @@ func loadMailerFrom(rootCfg ConfigProvider) {
 		sec.Key("PROTOCOL").SetValue("smtp+starttls")
 	}

+	// Handle aliases
+	if sec.HasKey("USERNAME") && !sec.HasKey("USER") {
+		sec.Key("USER").SetValue(sec.Key("USERNAME").String())
+	}
+	if sec.HasKey("PASSWORD") && !sec.HasKey("PASSWD") {
+		sec.Key("PASSWD").SetValue(sec.Key("PASSWORD").String())
+	}
+
 	// Set default values & validate
 	sec.Key("NAME").MustString(AppName)
 	sec.Key("PROTOCOL").In("", []string{"smtp", "smtps", "smtp+starttls", "smtp+unix", "sendmail", "dummy"})
--- a/modules/setting/mailer_test.go
+++ b/modules/setting/mailer_test.go
@ -38,4 +38,17 @@ func Test_loadMailerFrom(t *testing.T) {
 			assert.EqualValues(t, kase.SMTPPort, MailService.SMTPPort)
 		})
 	}
+
+	t.Run("property aliases", func(t *testing.T) {
+		cfg, _ := NewConfigProviderFromData("")
+		sec := cfg.Section("mailer")
+		sec.NewKey("ENABLED", "true")
+		sec.NewKey("USERNAME", "jane.doe@example.com")
+		sec.NewKey("PASSWORD", "y0u'll n3v3r gUess th1S!!1")
+
+		loadMailerFrom(cfg)
+
+		assert.EqualValues(t, "jane.doe@example.com", MailService.User)
+		assert.EqualValues(t, "y0u'll n3v3r gUess th1S!!1", MailService.Passwd)
+	})
 }
--- a/modules/setting/repository.go
+++ b/modules/setting/repository.go
@ -162,7 +162,7 @@ var (
 		PreferredLicenses:                       []string{"Apache-2.0", "MIT"},
 		DisableHTTPGit:                          false,
 		AccessControlAllowOrigin:                "",
-		UseCompatSSHURI:                         false,
+		UseCompatSSHURI:                         true,
 		DefaultCloseIssuesViaCommitsInAnyBranch: false,
 		EnablePushCreateUser:                    false,
 		EnablePushCreateOrg:                     false,
--- a/modules/structs/release.go
+++ b/modules/structs/release.go
@ -9,18 +9,19 @@ import (

 // Release represents a repository release
 type Release struct {
-	ID           int64  `json:"id"`
-	TagName      string `json:"tag_name"`
-	Target       string `json:"target_commitish"`
-	Title        string `json:"name"`
-	Note         string `json:"body"`
-	URL          string `json:"url"`
-	HTMLURL      string `json:"html_url"`
-	TarURL       string `json:"tarball_url"`
-	ZipURL       string `json:"zipball_url"`
-	UploadURL    string `json:"upload_url"`
-	IsDraft      bool   `json:"draft"`
-	IsPrerelease bool   `json:"prerelease"`
+	ID               int64  `json:"id"`
+	TagName          string `json:"tag_name"`
+	Target           string `json:"target_commitish"`
+	Title            string `json:"name"`
+	Note             string `json:"body"`
+	URL              string `json:"url"`
+	HTMLURL          string `json:"html_url"`
+	TarURL           string `json:"tarball_url"`
+	ZipURL           string `json:"zipball_url"`
+	HideArchiveLinks bool   `json:"hide_archive_links"`
+	UploadURL        string `json:"upload_url"`
+	IsDraft          bool   `json:"draft"`
+	IsPrerelease     bool   `json:"prerelease"`
 	// swagger:strfmt date-time
 	CreatedAt time.Time `json:"created_at"`
 	// swagger:strfmt date-time
@ -33,20 +34,22 @@ type Release struct {
 // CreateReleaseOption options when creating a release
 type CreateReleaseOption struct {
 	// required: true
-	TagName      string `json:"tag_name" binding:"Required"`
-	Target       string `json:"target_commitish"`
-	Title        string `json:"name"`
-	Note         string `json:"body"`
-	IsDraft      bool   `json:"draft"`
-	IsPrerelease bool   `json:"prerelease"`
+	TagName          string `json:"tag_name" binding:"Required"`
+	Target           string `json:"target_commitish"`
+	Title            string `json:"name"`
+	Note             string `json:"body"`
+	IsDraft          bool   `json:"draft"`
+	IsPrerelease     bool   `json:"prerelease"`
+	HideArchiveLinks bool   `json:"hide_archive_links"`
 }

 // EditReleaseOption options when editing a release
 type EditReleaseOption struct {
-	TagName      string `json:"tag_name"`
-	Target       string `json:"target_commitish"`
-	Title        string `json:"name"`
-	Note         string `json:"body"`
-	IsDraft      *bool  `json:"draft"`
-	IsPrerelease *bool  `json:"prerelease"`
+	TagName          string `json:"tag_name"`
+	Target           string `json:"target_commitish"`
+	Title            string `json:"name"`
+	Note             string `json:"body"`
+	IsDraft          *bool  `json:"draft"`
+	IsPrerelease     *bool  `json:"prerelease"`
+	HideArchiveLinks *bool  `json:"hide_archive_links"`
 }
--- a/modules/structs/repo_compare.go
+++ b/modules/structs/repo_compare.go
@ -0,0 +1,10 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package structs
+
+// Compare represents a comparison between two commits.
+type Compare struct {
+	TotalCommits int       `json:"total_commits"` // Total number of commits in the comparison.
+	Commits      []*Commit `json:"commits"`       // List of commits in the comparison.
+}
--- a/modules/structs/user.go
+++ b/modules/structs/user.go
@ -19,6 +19,8 @@ type User struct {
 	// the user's authentication sign-in name.
 	// default: empty
 	LoginName string `json:"login_name"`
+	// The ID of the user's Authentication Source
+	SourceID int64 `json:"source_id"`
 	// the user's full name
 	FullName string `json:"full_name"`
 	// swagger:strfmt email
--- a/modules/web/middleware/cookie.go
+++ b/modules/web/middleware/cookie.go
@ -9,6 +9,7 @@ import (
 	"net/url"
 	"strings"

+	"code.gitea.io/gitea/modules/session"
 	"code.gitea.io/gitea/modules/setting"
 )

@ -48,12 +49,12 @@ func SetSiteCookie(resp http.ResponseWriter, name, value string, maxAge int) {
 	// Previous versions would use a cookie path with a trailing /.
 	// These are more specific than cookies without a trailing /, so
 	// we need to delete these if they exist.
-	DeleteLegacySiteCookie(resp, name)
+	deleteLegacySiteCookie(resp, name)
 }

-// DeleteLegacySiteCookie deletes the cookie with the given name at the cookie
+// deleteLegacySiteCookie deletes the cookie with the given name at the cookie
 // path with a trailing /, which would unintentionally override the cookie.
-func DeleteLegacySiteCookie(resp http.ResponseWriter, name string) {
+func deleteLegacySiteCookie(resp http.ResponseWriter, name string) {
 	if setting.SessionConfig.CookiePath == "" || strings.HasSuffix(setting.SessionConfig.CookiePath, "/") {
 		// If the cookie path ends with /, no legacy cookies will take
 		// precedence, so do nothing.  The exception is that cookies with no
@ -74,3 +75,11 @@ func DeleteLegacySiteCookie(resp http.ResponseWriter, name string) {
 	}
 	resp.Header().Add("Set-Cookie", cookie.String())
 }
+
+func init() {
+	session.BeforeRegenerateSession = append(session.BeforeRegenerateSession, func(resp http.ResponseWriter, _ *http.Request) {
+		// Ensure that a cookie with a trailing slash does not take precedence over
+		// the cookie written by the middleware.
+		deleteLegacySiteCookie(resp, setting.SessionConfig.CookieName)
+	})
+}
--- a/options/license/BSD-2-clause-first-lines
+++ b/options/license/BSD-2-clause-first-lines
@ -0,0 +1,27 @@
+Copyright (C) 2006,2007,2009 NTT (Nippon Telegraph and Telephone
+Corporation).  All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above
+   copyright notice, this list of conditions and the following
+   disclaimer as the first lines of this file unmodified.
+
+2. Redistributions in binary form must reproduce the above
+   copyright notice, this list of conditions and the following
+   disclaimer in the documentation and/or other materials provided
+   with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY NTT "AS IS" AND ANY EXPRESS OR IMPLIED
+WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/options/license/Sun-PPP-2000
+++ b/options/license/Sun-PPP-2000
@ -0,0 +1,13 @@
+Copyright (c) 2000 by Sun Microsystems, Inc.
+All rights reserved.
+
+Permission to use, copy, modify, and distribute this software and its
+documentation is hereby granted, provided that the above copyright
+notice appears in all copies.
+
+SUN MAKES NO REPRESENTATION OR WARRANTIES ABOUT THE SUITABILITY OF
+THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE, OR NON-INFRINGEMENT.  SUN SHALL NOT BE LIABLE FOR
+ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR
+DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES
--- a/options/license/pkgconf
+++ b/options/license/pkgconf
@ -0,0 +1,7 @@
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+This software is provided 'as is' and without any warranty, express or
+implied.  In no event shall the authors be liable for any damages arising
+from the use of this software.
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@ -99,6 +99,7 @@ disabled = Disabled
 locked = Locked

 copy = Copy
+copy_generic = Copy to clipboard
 copy_url = Copy URL
 copy_hash = Copy hash
 copy_content = Copy content
@ -2599,7 +2600,7 @@ diff.comment.add_single_comment = Add single comment
 diff.comment.add_review_comment = Add comment
 diff.comment.start_review = Start review
 diff.comment.reply = Reply
-diff.review = Review
+diff.review = Finish review
 diff.review.header = Submit review
 diff.review.placeholder = Review comment
 diff.review.comment = Comment
@ -2661,6 +2662,8 @@ release.downloads = Downloads
 release.download_count_one = %s download
 release.download_count_few = %s downloads
 release.add_tag_msg = Use the title and content of release as tag message.
+release.hide_archive_links = Hide automatically generated archives
+release.hide_archive_links_helper = Hide automatically generated source code archives for this release. For example, if you are uploading your own.
 release.add_tag = Create Tag Only
 release.releases_for = Releases for %s
 release.tags_for = Tags for %s
--- a/package-lock.json
+++ b/package-lock.json
@ -34,17 +34,17 @@
        "katex": "0.16.10",
        "license-checker-webpack-plugin": "0.2.1",
        "mermaid": "10.9.0",
-        "mini-css-extract-plugin": "2.8.1",
+        "mini-css-extract-plugin": "2.9.0",
        "minimatch": "9.0.4",
        "monaco-editor": "0.47.0",
        "monaco-editor-webpack-plugin": "7.1.0",
        "pdfobject": "2.3.0",
        "postcss": "8.4.38",
        "postcss-loader": "8.1.1",
-        "postcss-nesting": "12.1.1",
+        "postcss-nesting": "12.1.2",
        "pretty-ms": "9.0.0",
        "sortablejs": "1.15.2",
-        "swagger-ui-dist": "5.13.0",
+        "swagger-ui-dist": "5.17.2",
        "tailwindcss": "3.4.3",
        "temporal-polyfill": "0.2.4",
        "throttle-debounce": "5.0.0",
@ -54,7 +54,7 @@
        "tributejs": "5.1.3",
        "uint8-to-base64": "0.2.0",
        "vanilla-colorful": "0.7.2",
-        "vue": "3.4.23",
+        "vue": "3.4.24",
        "vue-bar-graph": "2.0.0",
        "vue-chartjs": "5.3.1",
        "vue-loader": "17.4.2",
@ -78,25 +78,25 @@
        "eslint-plugin-jquery": "1.5.1",
        "eslint-plugin-no-jquery": "2.7.0",
        "eslint-plugin-no-use-extend-native": "0.5.0",
-        "eslint-plugin-regexp": "2.4.0",
+        "eslint-plugin-regexp": "2.5.0",
        "eslint-plugin-sonarjs": "0.25.1",
        "eslint-plugin-unicorn": "52.0.0",
-        "eslint-plugin-vitest": "0.4.1",
+        "eslint-plugin-vitest": "0.5.4",
        "eslint-plugin-vitest-globals": "1.5.0",
-        "eslint-plugin-vue": "9.24.0",
+        "eslint-plugin-vue": "9.25.0",
        "eslint-plugin-vue-scoped-css": "2.8.0",
-        "eslint-plugin-wc": "2.0.4",
+        "eslint-plugin-wc": "2.1.0",
        "happy-dom": "14.7.1",
        "markdownlint-cli": "0.39.0",
        "postcss-html": "1.6.0",
-        "stylelint": "16.3.1",
+        "stylelint": "16.4.0",
        "stylelint-declaration-block-no-ignored-properties": "2.8.0",
        "stylelint-declaration-strict-value": "1.10.4",
        "stylelint-value-no-unknown-custom-properties": "6.0.1",
        "svgo": "3.2.0",
        "updates": "16.0.1",
-        "vite-string-plugin": "1.1.5",
-        "vitest": "1.4.0"
+        "vite-string-plugin": "1.2.0",
+        "vitest": "1.5.2"
      },
      "engines": {
        "node": ">= 18.0.0"
@ -2545,13 +2545,13 @@
      }
    },
    "node_modules/@vitest/expect": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-1.4.0.tgz",
-      "integrity": "sha512-Jths0sWCJZ8BxjKe+p+eKsoqev1/T8lYcrjavEaz8auEJ4jAVY0GwW3JKmdVU4mmNPLPHixh4GNXP7GFtAiDHA==",
+      "version": "1.5.2",
+      "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-1.5.2.tgz",
+      "integrity": "sha512-rf7MTD1WCoDlN3FfYJ9Llfp0PbdtOMZ3FIF0AVkDnKbp3oiMW1c8AmvRZBcqbAhDUAvF52e9zx4WQM1r3oraVA==",
      "dev": true,
      "dependencies": {
-        "@vitest/spy": "1.4.0",
-        "@vitest/utils": "1.4.0",
+        "@vitest/spy": "1.5.2",
+        "@vitest/utils": "1.5.2",
        "chai": "^4.3.10"
      },
      "funding": {
@ -2559,12 +2559,12 @@
      }
    },
    "node_modules/@vitest/runner": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-1.4.0.tgz",
-      "integrity": "sha512-EDYVSmesqlQ4RD2VvWo3hQgTJ7ZrFQ2VSJdfiJiArkCerDAGeyF1i6dHkmySqk573jLp6d/cfqCN+7wUB5tLgg==",
+      "version": "1.5.2",
+      "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-1.5.2.tgz",
+      "integrity": "sha512-7IJ7sJhMZrqx7HIEpv3WrMYcq8ZNz9L6alo81Y6f8hV5mIE6yVZsFoivLZmr0D777klm1ReqonE9LyChdcmw6g==",
      "dev": true,
      "dependencies": {
-        "@vitest/utils": "1.4.0",
+        "@vitest/utils": "1.5.2",
        "p-limit": "^5.0.0",
        "pathe": "^1.1.1"
      },
@ -2600,9 +2600,9 @@
      }
    },
    "node_modules/@vitest/snapshot": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-1.4.0.tgz",
-      "integrity": "sha512-saAFnt5pPIA5qDGxOHxJ/XxhMFKkUSBJmVt5VgDsAqPTX6JP326r5C/c9UuCMPoXNzuudTPsYDZCoJ5ilpqG2A==",
+      "version": "1.5.2",
+      "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-1.5.2.tgz",
+      "integrity": "sha512-CTEp/lTYos8fuCc9+Z55Ga5NVPKUgExritjF5VY7heRFUfheoAqBneUlvXSUJHUZPjnPmyZA96yLRJDP1QATFQ==",
      "dev": true,
      "dependencies": {
        "magic-string": "^0.30.5",
@ -2626,9 +2626,9 @@
      }
    },
    "node_modules/@vitest/spy": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-1.4.0.tgz",
-      "integrity": "sha512-Ywau/Qs1DzM/8Uc+yA77CwSegizMlcgTJuYGAi0jujOteJOUf1ujunHThYo243KG9nAyWT3L9ifPYZ5+As/+6Q==",
+      "version": "1.5.2",
+      "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-1.5.2.tgz",
+      "integrity": "sha512-xCcPvI8JpCtgikT9nLpHPL1/81AYqZy1GCy4+MCHBE7xi8jgsYkULpW5hrx5PGLgOQjUpb6fd15lqcriJ40tfQ==",
      "dev": true,
      "dependencies": {
        "tinyspy": "^2.2.0"
@ -2638,9 +2638,9 @@
      }
    },
    "node_modules/@vitest/utils": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-1.4.0.tgz",
-      "integrity": "sha512-mx3Yd1/6e2Vt/PUC98DcqTirtfxUyAZ32uK82r8rZzbtBeBo+nqgnjx/LvqQdWsrvNtm14VmurNgcf4nqY5gJg==",
+      "version": "1.5.2",
+      "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-1.5.2.tgz",
+      "integrity": "sha512-sWOmyofuXLJ85VvXNsroZur7mOJGiQeM0JN3/0D1uU8U9bGFM69X1iqHaRXl6R8BwaLY6yPCogP257zxTzkUdA==",
      "dev": true,
      "dependencies": {
        "diff-sequences": "^29.6.3",
@ -2668,105 +2668,102 @@
      }
    },
    "node_modules/@vue/compiler-core": {
-      "version": "3.4.23",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.4.23.tgz",
-      "integrity": "sha512-HAFmuVEwNqNdmk+w4VCQ2pkLk1Vw4XYiiyxEp3z/xvl14aLTUBw2OfVH3vBcx+FtGsynQLkkhK410Nah1N2yyQ==",
+      "version": "3.4.24",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.4.24.tgz",
+      "integrity": "sha512-vbW/tgbwJYj62N/Ww99x0zhFTkZDTcGh3uwJEuadZ/nF9/xuFMC4693P9r+3sxGXISABpDKvffY5ApH9pmdd1A==",
      "dependencies": {
-        "@babel/parser": "^7.24.1",
-        "@vue/shared": "3.4.23",
+        "@babel/parser": "^7.24.4",
+        "@vue/shared": "3.4.24",
        "entities": "^4.5.0",
        "estree-walker": "^2.0.2",
        "source-map-js": "^1.2.0"
      }
    },
    "node_modules/@vue/compiler-dom": {
-      "version": "3.4.23",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.4.23.tgz",
-      "integrity": "sha512-t0b9WSTnCRrzsBGrDd1LNR5HGzYTr7LX3z6nNBG+KGvZLqrT0mY6NsMzOqlVMBKKXKVuusbbB5aOOFgTY+senw==",
+      "version": "3.4.24",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.4.24.tgz",
+      "integrity": "sha512-4XgABML/4cNndVsQndG6BbGN7+EoisDwi3oXNovqL/4jdNhwvP8/rfRMTb6FxkxIxUUtg6AI1/qZvwfSjxJiWA==",
      "dependencies": {
-        "@vue/compiler-core": "3.4.23",
-        "@vue/shared": "3.4.23"
+        "@vue/compiler-core": "3.4.24",
+        "@vue/shared": "3.4.24"
      }
    },
    "node_modules/@vue/compiler-sfc": {
-      "version": "3.4.23",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-sfc/-/compiler-sfc-3.4.23.tgz",
-      "integrity": "sha512-fSDTKTfzaRX1kNAUiaj8JB4AokikzStWgHooMhaxyjZerw624L+IAP/fvI4ZwMpwIh8f08PVzEnu4rg8/Npssw==",
+      "version": "3.4.24",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-sfc/-/compiler-sfc-3.4.24.tgz",
+      "integrity": "sha512-nRAlJUK02FTWfA2nuvNBAqsDZuERGFgxZ8sGH62XgFSvMxO2URblzulExsmj4gFZ8e+VAyDooU9oAoXfEDNxTA==",
      "dependencies": {
-        "@babel/parser": "^7.24.1",
-        "@vue/compiler-core": "3.4.23",
-        "@vue/compiler-dom": "3.4.23",
-        "@vue/compiler-ssr": "3.4.23",
-        "@vue/shared": "3.4.23",
+        "@babel/parser": "^7.24.4",
+        "@vue/compiler-core": "3.4.24",
+        "@vue/compiler-dom": "3.4.24",
+        "@vue/compiler-ssr": "3.4.24",
+        "@vue/shared": "3.4.24",
        "estree-walker": "^2.0.2",
-        "magic-string": "^0.30.8",
+        "magic-string": "^0.30.10",
        "postcss": "^8.4.38",
        "source-map-js": "^1.2.0"
      }
    },
    "node_modules/@vue/compiler-sfc/node_modules/magic-string": {
-      "version": "0.30.9",
-      "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.9.tgz",
-      "integrity": "sha512-S1+hd+dIrC8EZqKyT9DstTH/0Z+f76kmmvZnkfQVmOpDEF9iVgdYif3Q/pIWHmCoo59bQVGW0kVL3e2nl+9+Sw==",
+      "version": "0.30.10",
+      "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.10.tgz",
+      "integrity": "sha512-iIRwTIf0QKV3UAnYK4PU8uiEc4SRh5jX0mwpIwETPpHdhVM4f53RSwS/vXvN1JhGX+Cs7B8qIq3d6AH49O5fAQ==",
      "dependencies": {
        "@jridgewell/sourcemap-codec": "^1.4.15"
-      },
-      "engines": {
-        "node": ">=12"
      }
    },
    "node_modules/@vue/compiler-ssr": {
-      "version": "3.4.23",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.4.23.tgz",
-      "integrity": "sha512-hb6Uj2cYs+tfqz71Wj6h3E5t6OKvb4MVcM2Nl5i/z1nv1gjEhw+zYaNOV+Xwn+SSN/VZM0DgANw5TuJfxfezPg==",
+      "version": "3.4.24",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.4.24.tgz",
+      "integrity": "sha512-ZsAtr4fhaUFnVcDqwW3bYCSDwq+9Gk69q2r/7dAHDrOMw41kylaMgOP4zRnn6GIEJkQznKgrMOGPMFnLB52RbQ==",
      "dependencies": {
-        "@vue/compiler-dom": "3.4.23",
-        "@vue/shared": "3.4.23"
+        "@vue/compiler-dom": "3.4.24",
+        "@vue/shared": "3.4.24"
      }
    },
    "node_modules/@vue/reactivity": {
-      "version": "3.4.23",
-      "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.4.23.tgz",
-      "integrity": "sha512-GlXR9PL+23fQ3IqnbSQ8OQKLodjqCyoCrmdLKZk3BP7jN6prWheAfU7a3mrltewTkoBm+N7qMEb372VHIkQRMQ==",
+      "version": "3.4.24",
+      "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.4.24.tgz",
+      "integrity": "sha512-nup3fSYg4i4LtNvu9slF/HF/0dkMQYfepUdORBcMSsankzRPzE7ypAFurpwyRBfU1i7Dn1kcwpYsE1wETSh91g==",
      "dependencies": {
-        "@vue/shared": "3.4.23"
+        "@vue/shared": "3.4.24"
      }
    },
    "node_modules/@vue/runtime-core": {
-      "version": "3.4.23",
-      "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.4.23.tgz",
-      "integrity": "sha512-FeQ9MZEXoFzFkFiw9MQQ/FWs3srvrP+SjDKSeRIiQHIhtkzoj0X4rWQlRNHbGuSwLra6pMyjAttwixNMjc/xLw==",
+      "version": "3.4.24",
+      "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.4.24.tgz",
+      "integrity": "sha512-c7iMfj6cJMeAG3s5yOn9Rc5D9e2/wIuaozmGf/ICGCY3KV5H7mbTVdvEkd4ZshTq7RUZqj2k7LMJWVx+EBiY1g==",
      "dependencies": {
-        "@vue/reactivity": "3.4.23",
-        "@vue/shared": "3.4.23"
+        "@vue/reactivity": "3.4.24",
+        "@vue/shared": "3.4.24"
      }
    },
    "node_modules/@vue/runtime-dom": {
-      "version": "3.4.23",
-      "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.4.23.tgz",
-      "integrity": "sha512-RXJFwwykZWBkMiTPSLEWU3kgVLNAfActBfWFlZd0y79FTUxexogd0PLG4HH2LfOktjRxV47Nulygh0JFXe5f9A==",
+      "version": "3.4.24",
+      "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.4.24.tgz",
+      "integrity": "sha512-uXKzuh/Emfad2Y7Qm0ABsLZZV6H3mAJ5ZVqmAOlrNQRf+T5mxpPGZBfec1hkP41t6h6FwF6RSGCs/gd8WbuySQ==",
      "dependencies": {
-        "@vue/runtime-core": "3.4.23",
-        "@vue/shared": "3.4.23",
+        "@vue/runtime-core": "3.4.24",
+        "@vue/shared": "3.4.24",
        "csstype": "^3.1.3"
      }
    },
    "node_modules/@vue/server-renderer": {
-      "version": "3.4.23",
-      "resolved": "https://registry.npmjs.org/@vue/server-renderer/-/server-renderer-3.4.23.tgz",
-      "integrity": "sha512-LDwGHtnIzvKFNS8dPJ1SSU5Gvm36p2ck8wCZc52fc3k/IfjKcwCyrWEf0Yag/2wTFUBXrqizfhK9c/mC367dXQ==",
+      "version": "3.4.24",
+      "resolved": "https://registry.npmjs.org/@vue/server-renderer/-/server-renderer-3.4.24.tgz",
+      "integrity": "sha512-H+DLK4sQF6sRgzKyofmlEVBIV/9KrQU6HIV7nt6yIwSGGKvSwlV8pqJlebUKLpbXaNHugdSfAbP6YmXF69lxow==",
      "dependencies": {
-        "@vue/compiler-ssr": "3.4.23",
-        "@vue/shared": "3.4.23"
+        "@vue/compiler-ssr": "3.4.24",
+        "@vue/shared": "3.4.24"
      },
      "peerDependencies": {
-        "vue": "3.4.23"
+        "vue": "3.4.24"
      }
    },
    "node_modules/@vue/shared": {
-      "version": "3.4.23",
-      "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.4.23.tgz",
-      "integrity": "sha512-wBQ0gvf+SMwsCQOyusNw/GoXPV47WGd1xB5A1Pgzy0sQ3Bi5r5xm3n+92y3gCnB3MWqnRDdvfkRGxhKtbBRNgg=="
+      "version": "3.4.24",
+      "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.4.24.tgz",
+      "integrity": "sha512-BW4tajrJBM9AGAknnyEw5tO2xTmnqgup0VTnDAMcxYmqOX0RG0b9aSUGAbEKolD91tdwpA6oCwbltoJoNzpItw=="
    },
    "node_modules/@vue/test-utils": {
      "version": "2.4.5",
@ -3993,9 +3990,9 @@
      }
    },
    "node_modules/css-functions-list": {
-      "version": "3.2.1",
-      "resolved": "https://registry.npmjs.org/css-functions-list/-/css-functions-list-3.2.1.tgz",
-      "integrity": "sha512-Nj5YcaGgBtuUmn1D7oHqPW0c9iui7xsTsj5lIX8ZgevdfhmjFfKB3r8moHJtNJnctnYXJyYX5I1pp90HM4TPgQ==",
+      "version": "3.2.2",
+      "resolved": "https://registry.npmjs.org/css-functions-list/-/css-functions-list-3.2.2.tgz",
+      "integrity": "sha512-c+N0v6wbKVxTu5gOBBFkr9BEdBWaqqjQeiJ8QvSRIJOf+UxlJh930m8e6/WNeODIK0mYLFkoONrnj16i2EcvfQ==",
      "dev": true,
      "engines": {
        "node": ">=12 || >=16"
@ -5773,9 +5770,9 @@
      }
    },
    "node_modules/eslint-plugin-regexp": {
-      "version": "2.4.0",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-regexp/-/eslint-plugin-regexp-2.4.0.tgz",
-      "integrity": "sha512-OL2S6VPjQhs9s/NclQ0qattVq1J0GU8ox70/HIVy5Dxw+qbbdd7KQkyucsez2clEQjvdtDe12DTnPphFFUyXFg==",
+      "version": "2.5.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-regexp/-/eslint-plugin-regexp-2.5.0.tgz",
+      "integrity": "sha512-I7vKcP0o75WS5SHiVNXN+Eshq49sbrweMQIuqSL3AId9AwDe9Dhbfug65vw64LxmOd4v+yf5l5Xt41y9puiq0g==",
      "dev": true,
      "dependencies": {
        "@eslint-community/eslint-utils": "^4.2.0",
@ -5839,18 +5836,18 @@
      }
    },
    "node_modules/eslint-plugin-vitest": {
-      "version": "0.4.1",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-vitest/-/eslint-plugin-vitest-0.4.1.tgz",
-      "integrity": "sha512-+PnZ2u/BS+f5FiuHXz4zKsHPcMKHie+K+1Uvu/x91ovkCMEOJqEI8E9Tw1Wzx2QRz4MHOBHYf1ypO8N1K0aNAA==",
+      "version": "0.5.4",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-vitest/-/eslint-plugin-vitest-0.5.4.tgz",
+      "integrity": "sha512-um+odCkccAHU53WdKAw39MY61+1x990uXjSPguUCq3VcEHdqJrOb8OTMrbYlY6f9jAKx7x98kLVlIe3RJeJqoQ==",
      "dev": true,
      "dependencies": {
-        "@typescript-eslint/utils": "^7.4.0"
+        "@typescript-eslint/utils": "^7.7.1"
      },
      "engines": {
        "node": "^18.0.0 || >= 20.0.0"
      },
      "peerDependencies": {
-        "eslint": ">=8.0.0",
+        "eslint": "^8.57.0 || ^9.0.0",
        "vitest": "*"
      },
      "peerDependenciesMeta": {
@ -5868,10 +5865,110 @@
      "integrity": "sha512-ZSsVOaOIig0oVLzRTyk8lUfBfqzWxr/J3/NFMfGGRIkGQPejJYmDH3gXmSJxAojts77uzAGB/UmVrwi2DC4LYA==",
      "dev": true
    },
+    "node_modules/eslint-plugin-vitest/node_modules/@typescript-eslint/scope-manager": {
+      "version": "7.7.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.7.1.tgz",
+      "integrity": "sha512-PytBif2SF+9SpEUKynYn5g1RHFddJUcyynGpztX3l/ik7KmZEv19WCMhUBkHXPU9es/VWGD3/zg3wg90+Dh2rA==",
+      "dev": true,
+      "dependencies": {
+        "@typescript-eslint/types": "7.7.1",
+        "@typescript-eslint/visitor-keys": "7.7.1"
+      },
+      "engines": {
+        "node": "^18.18.0 || >=20.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/eslint-plugin-vitest/node_modules/@typescript-eslint/types": {
+      "version": "7.7.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.7.1.tgz",
+      "integrity": "sha512-AmPmnGW1ZLTpWa+/2omPrPfR7BcbUU4oha5VIbSbS1a1Tv966bklvLNXxp3mrbc+P2j4MNOTfDffNsk4o0c6/w==",
+      "dev": true,
+      "engines": {
+        "node": "^18.18.0 || >=20.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/eslint-plugin-vitest/node_modules/@typescript-eslint/typescript-estree": {
+      "version": "7.7.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.7.1.tgz",
+      "integrity": "sha512-CXe0JHCXru8Fa36dteXqmH2YxngKJjkQLjxzoj6LYwzZ7qZvgsLSc+eqItCrqIop8Vl2UKoAi0StVWu97FQZIQ==",
+      "dev": true,
+      "dependencies": {
+        "@typescript-eslint/types": "7.7.1",
+        "@typescript-eslint/visitor-keys": "7.7.1",
+        "debug": "^4.3.4",
+        "globby": "^11.1.0",
+        "is-glob": "^4.0.3",
+        "minimatch": "^9.0.4",
+        "semver": "^7.6.0",
+        "ts-api-utils": "^1.3.0"
+      },
+      "engines": {
+        "node": "^18.18.0 || >=20.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependenciesMeta": {
+        "typescript": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/eslint-plugin-vitest/node_modules/@typescript-eslint/utils": {
+      "version": "7.7.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.7.1.tgz",
+      "integrity": "sha512-QUvBxPEaBXf41ZBbaidKICgVL8Hin0p6prQDu6bbetWo39BKbWJxRsErOzMNT1rXvTll+J7ChrbmMCXM9rsvOQ==",
+      "dev": true,
+      "dependencies": {
+        "@eslint-community/eslint-utils": "^4.4.0",
+        "@types/json-schema": "^7.0.15",
+        "@types/semver": "^7.5.8",
+        "@typescript-eslint/scope-manager": "7.7.1",
+        "@typescript-eslint/types": "7.7.1",
+        "@typescript-eslint/typescript-estree": "7.7.1",
+        "semver": "^7.6.0"
+      },
+      "engines": {
+        "node": "^18.18.0 || >=20.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependencies": {
+        "eslint": "^8.56.0"
+      }
+    },
+    "node_modules/eslint-plugin-vitest/node_modules/@typescript-eslint/visitor-keys": {
+      "version": "7.7.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.7.1.tgz",
+      "integrity": "sha512-gBL3Eq25uADw1LQ9kVpf3hRM+DWzs0uZknHYK3hq4jcTPqVCClHGDnB6UUUV2SFeBeA4KWHWbbLqmbGcZ4FYbw==",
+      "dev": true,
+      "dependencies": {
+        "@typescript-eslint/types": "7.7.1",
+        "eslint-visitor-keys": "^3.4.3"
+      },
+      "engines": {
+        "node": "^18.18.0 || >=20.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
    "node_modules/eslint-plugin-vue": {
-      "version": "9.24.0",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-vue/-/eslint-plugin-vue-9.24.0.tgz",
-      "integrity": "sha512-9SkJMvF8NGMT9aQCwFc5rj8Wo1XWSMSHk36i7ZwdI614BU7sIOR28ZjuFPKp8YGymZN12BSEbiSwa7qikp+PBw==",
+      "version": "9.25.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-vue/-/eslint-plugin-vue-9.25.0.tgz",
+      "integrity": "sha512-tDWlx14bVe6Bs+Nnh3IGrD+hb11kf2nukfm6jLsmJIhmiRQ1SUaksvwY9U5MvPB0pcrg0QK0xapQkfITs3RKOA==",
      "dev": true,
      "dependencies": {
        "@eslint-community/eslint-utils": "^4.4.0",
@ -5887,7 +5984,7 @@
        "node": "^14.17.0 || >=16.0.0"
      },
      "peerDependencies": {
-        "eslint": "^6.2.0 || ^7.0.0 || ^8.0.0"
+        "eslint": "^6.2.0 || ^7.0.0 || ^8.0.0 || ^9.0.0"
      }
    },
    "node_modules/eslint-plugin-vue-scoped-css": {
@ -5917,9 +6014,9 @@
      }
    },
    "node_modules/eslint-plugin-wc": {
-      "version": "2.0.4",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-wc/-/eslint-plugin-wc-2.0.4.tgz",
-      "integrity": "sha512-ORu7MBv0hXIvq894EJad70m+AvHGbmrDdKT6lcgtCVVhEbuIAyxg0ilfqqqHOmsh8PfcUBeEae3y7CElKvm1KQ==",
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-wc/-/eslint-plugin-wc-2.1.0.tgz",
+      "integrity": "sha512-s/BGOtmpgQ2yifR6EC1OM9t0DwYLgg4ZAL07Kw4eXvBb5TYaPafI+65tswvnZvhH8FqcjERLbBZPPvYsvinkfg==",
      "dev": true,
      "dependencies": {
        "is-valid-element-name": "^1.0.0",
@ -8813,9 +8910,9 @@
      }
    },
    "node_modules/mini-css-extract-plugin": {
-      "version": "2.8.1",
-      "resolved": "https://registry.npmjs.org/mini-css-extract-plugin/-/mini-css-extract-plugin-2.8.1.tgz",
-      "integrity": "sha512-/1HDlyFRxWIZPI1ZpgqlZ8jMw/1Dp/dl3P0L1jtZ+zVcHqwPhGwaJwKL00WVgfnBy6PWCde9W65or7IIETImuA==",
+      "version": "2.9.0",
+      "resolved": "https://registry.npmjs.org/mini-css-extract-plugin/-/mini-css-extract-plugin-2.9.0.tgz",
+      "integrity": "sha512-Zs1YsZVfemekSZG+44vBsYTLQORkPMwnlv+aehcxK/NLKC+EGhDB39/YePYYqx/sTk6NnYpuqikhSn7+JIevTA==",
      "dependencies": {
        "schema-utils": "^4.0.0",
        "tapable": "^2.2.1"
@ -9768,9 +9865,9 @@
      }
    },
    "node_modules/postcss-nesting": {
-      "version": "12.1.1",
-      "resolved": "https://registry.npmjs.org/postcss-nesting/-/postcss-nesting-12.1.1.tgz",
-      "integrity": "sha512-qc74KvIAQNa5ujZKG1UV286dhaDW6basbUy2i9AzNU/T8C9hpvGu9NZzm1SfePe2yP7sPYgpA8d4sPVopn2Hhw==",
+      "version": "12.1.2",
+      "resolved": "https://registry.npmjs.org/postcss-nesting/-/postcss-nesting-12.1.2.tgz",
+      "integrity": "sha512-FUmTHGDNundodutB4PUBxt/EPuhgtpk8FJGRsBhOuy+6FnkR2A8RZWIsyyy6XmhvX2DZQQWIkvu+HB4IbJm+Ew==",
      "funding": [
        {
          "type": "github",
@ -11034,20 +11131,20 @@
      "dev": true
    },
    "node_modules/stylelint": {
-      "version": "16.3.1",
-      "resolved": "https://registry.npmjs.org/stylelint/-/stylelint-16.3.1.tgz",
-      "integrity": "sha512-/JOwQnBvxEKOT2RtNgGpBVXnCSMBgKOL2k7w0K52htwCyJls4+cHvc4YZgXlVoAZS9QJd2DgYAiRnja96pTgxw==",
+      "version": "16.4.0",
+      "resolved": "https://registry.npmjs.org/stylelint/-/stylelint-16.4.0.tgz",
+      "integrity": "sha512-uSx7VMuXwLuYcNSIg+0/fFNv0WinsfLAqsVVy7h7p80clKOHiGE8pfY6UjqwylTHiJrRIahTl6a8FPxGezhWoA==",
      "dev": true,
      "dependencies": {
        "@csstools/css-parser-algorithms": "^2.6.1",
        "@csstools/css-tokenizer": "^2.2.4",
        "@csstools/media-query-list-parser": "^2.1.9",
-        "@csstools/selector-specificity": "^3.0.2",
+        "@csstools/selector-specificity": "^3.0.3",
        "@dual-bundle/import-meta-resolve": "^4.0.0",
        "balanced-match": "^2.0.0",
        "colord": "^2.9.3",
        "cosmiconfig": "^9.0.0",
-        "css-functions-list": "^3.2.1",
+        "css-functions-list": "^3.2.2",
        "css-tree": "^2.3.1",
        "debug": "^4.3.4",
        "fast-glob": "^3.3.2",
@ -11076,7 +11173,7 @@
        "strip-ansi": "^7.1.0",
        "supports-hyperlinks": "^3.0.0",
        "svg-tags": "^1.0.0",
-        "table": "^6.8.1",
+        "table": "^6.8.2",
        "write-file-atomic": "^5.0.1"
      },
      "bin": {
@ -11398,9 +11495,9 @@
      }
    },
    "node_modules/swagger-ui-dist": {
-      "version": "5.13.0",
-      "resolved": "https://registry.npmjs.org/swagger-ui-dist/-/swagger-ui-dist-5.13.0.tgz",
-      "integrity": "sha512-uaWhh6j18IIs5tOX0arvIBnVINAzpTXaQXkr7qAk8zoupegJVg0UU/5+S/FgsgVCnzVsJ9d7QLjIxkswEeTg0Q=="
+      "version": "5.17.2",
+      "resolved": "https://registry.npmjs.org/swagger-ui-dist/-/swagger-ui-dist-5.17.2.tgz",
+      "integrity": "sha512-V/NqUw6QoTrjSpctp2oLQvxrl3vW29UsUtZyq7B1CF0v870KOFbYGDQw8rpKaKm0JxTwHpWnW1SN9YuKZdiCyw=="
    },
    "node_modules/sync-fetch": {
      "version": "0.4.5",
@ -12160,9 +12257,9 @@
      }
    },
    "node_modules/vite-node": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/vite-node/-/vite-node-1.4.0.tgz",
-      "integrity": "sha512-VZDAseqjrHgNd4Kh8icYHWzTKSCZMhia7GyHfhtzLW33fZlG9SwsB6CEhgyVOWkJfJ2pFLrp/Gj1FSfAiqH9Lw==",
+      "version": "1.5.2",
+      "resolved": "https://registry.npmjs.org/vite-node/-/vite-node-1.5.2.tgz",
+      "integrity": "sha512-Y8p91kz9zU+bWtF7HGt6DVw2JbhyuB2RlZix3FPYAYmUyZ3n7iTp8eSyLyY6sxtPegvxQtmlTMhfPhUfCUF93A==",
      "dev": true,
      "dependencies": {
        "cac": "^6.7.14",
@ -12182,9 +12279,9 @@
      }
    },
    "node_modules/vite-string-plugin": {
-      "version": "1.1.5",
-      "resolved": "https://registry.npmjs.org/vite-string-plugin/-/vite-string-plugin-1.1.5.tgz",
-      "integrity": "sha512-KRCIFX3PWVUuEjpi9O7EKLT9E27OqOA3RimIvVx6cziLAUxvnk2VvHQfMrP+mKkqyqqSmnnYyTig3OyDnK/zlA==",
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/vite-string-plugin/-/vite-string-plugin-1.2.0.tgz",
+      "integrity": "sha512-IijlLgTxUDUwOpLoBLZCZO2us4fZWPRpj8XWoD9OAYjjUEge8enV4gaDTOs7uEsC8EJ9+NmusdLwmgWajFO45Q==",
      "dev": true
    },
    "node_modules/vite/node_modules/@types/estree": {
@ -12242,16 +12339,16 @@
      }
    },
    "node_modules/vitest": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/vitest/-/vitest-1.4.0.tgz",
-      "integrity": "sha512-gujzn0g7fmwf83/WzrDTnncZt2UiXP41mHuFYFrdwaLRVQ6JYQEiME2IfEjU3vcFL3VKa75XhI3lFgn+hfVsQw==",
+      "version": "1.5.2",
+      "resolved": "https://registry.npmjs.org/vitest/-/vitest-1.5.2.tgz",
+      "integrity": "sha512-l9gwIkq16ug3xY7BxHwcBQovLZG75zZL0PlsiYQbf76Rz6QGs54416UWMtC0jXeihvHvcHrf2ROEjkQRVpoZYw==",
      "dev": true,
      "dependencies": {
-        "@vitest/expect": "1.4.0",
-        "@vitest/runner": "1.4.0",
-        "@vitest/snapshot": "1.4.0",
-        "@vitest/spy": "1.4.0",
-        "@vitest/utils": "1.4.0",
+        "@vitest/expect": "1.5.2",
+        "@vitest/runner": "1.5.2",
+        "@vitest/snapshot": "1.5.2",
+        "@vitest/spy": "1.5.2",
+        "@vitest/utils": "1.5.2",
        "acorn-walk": "^8.3.2",
        "chai": "^4.3.10",
        "debug": "^4.3.4",
@ -12263,9 +12360,9 @@
        "std-env": "^3.5.0",
        "strip-literal": "^2.0.0",
        "tinybench": "^2.5.1",
-        "tinypool": "^0.8.2",
+        "tinypool": "^0.8.3",
        "vite": "^5.0.0",
-        "vite-node": "1.4.0",
+        "vite-node": "1.5.2",
        "why-is-node-running": "^2.2.2"
      },
      "bin": {
@ -12280,8 +12377,8 @@
      "peerDependencies": {
        "@edge-runtime/vm": "*",
        "@types/node": "^18.0.0 || >=20.0.0",
-        "@vitest/browser": "1.4.0",
-        "@vitest/ui": "1.4.0",
+        "@vitest/browser": "1.5.2",
+        "@vitest/ui": "1.5.2",
        "happy-dom": "*",
        "jsdom": "*"
      },
@ -12307,27 +12404,24 @@
      }
    },
    "node_modules/vitest/node_modules/magic-string": {
-      "version": "0.30.9",
-      "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.9.tgz",
-      "integrity": "sha512-S1+hd+dIrC8EZqKyT9DstTH/0Z+f76kmmvZnkfQVmOpDEF9iVgdYif3Q/pIWHmCoo59bQVGW0kVL3e2nl+9+Sw==",
+      "version": "0.30.10",
+      "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.10.tgz",
+      "integrity": "sha512-iIRwTIf0QKV3UAnYK4PU8uiEc4SRh5jX0mwpIwETPpHdhVM4f53RSwS/vXvN1JhGX+Cs7B8qIq3d6AH49O5fAQ==",
      "dev": true,
      "dependencies": {
        "@jridgewell/sourcemap-codec": "^1.4.15"
-      },
-      "engines": {
-        "node": ">=12"
      }
    },
    "node_modules/vue": {
-      "version": "3.4.23",
-      "resolved": "https://registry.npmjs.org/vue/-/vue-3.4.23.tgz",
-      "integrity": "sha512-X1y6yyGJ28LMUBJ0k/qIeKHstGd+BlWQEOT40x3auJFTmpIhpbKLgN7EFsqalnJXq1Km5ybDEsp6BhuWKciUDg==",
+      "version": "3.4.24",
+      "resolved": "https://registry.npmjs.org/vue/-/vue-3.4.24.tgz",
+      "integrity": "sha512-NPdx7dLGyHmKHGRRU5bMRYVE+rechR+KDU5R2tSTNG36PuMwbfAJ+amEvOAw7BPfZp5sQulNELSLm5YUkau+Sg==",
      "dependencies": {
-        "@vue/compiler-dom": "3.4.23",
-        "@vue/compiler-sfc": "3.4.23",
-        "@vue/runtime-dom": "3.4.23",
-        "@vue/server-renderer": "3.4.23",
-        "@vue/shared": "3.4.23"
+        "@vue/compiler-dom": "3.4.24",
+        "@vue/compiler-sfc": "3.4.24",
+        "@vue/runtime-dom": "3.4.24",
+        "@vue/server-renderer": "3.4.24",
+        "@vue/shared": "3.4.24"
      },
      "peerDependencies": {
        "typescript": "*"
--- a/package.json
+++ b/package.json
@ -33,17 +33,17 @@
    "katex": "0.16.10",
    "license-checker-webpack-plugin": "0.2.1",
    "mermaid": "10.9.0",
-    "mini-css-extract-plugin": "2.8.1",
+    "mini-css-extract-plugin": "2.9.0",
    "minimatch": "9.0.4",
    "monaco-editor": "0.47.0",
    "monaco-editor-webpack-plugin": "7.1.0",
    "pdfobject": "2.3.0",
    "postcss": "8.4.38",
    "postcss-loader": "8.1.1",
-    "postcss-nesting": "12.1.1",
+    "postcss-nesting": "12.1.2",
    "pretty-ms": "9.0.0",
    "sortablejs": "1.15.2",
-    "swagger-ui-dist": "5.13.0",
+    "swagger-ui-dist": "5.17.2",
    "tailwindcss": "3.4.3",
    "temporal-polyfill": "0.2.4",
    "throttle-debounce": "5.0.0",
@ -53,7 +53,7 @@
    "tributejs": "5.1.3",
    "uint8-to-base64": "0.2.0",
    "vanilla-colorful": "0.7.2",
-    "vue": "3.4.23",
+    "vue": "3.4.24",
    "vue-bar-graph": "2.0.0",
    "vue-chartjs": "5.3.1",
    "vue-loader": "17.4.2",
@ -77,25 +77,25 @@
    "eslint-plugin-jquery": "1.5.1",
    "eslint-plugin-no-jquery": "2.7.0",
    "eslint-plugin-no-use-extend-native": "0.5.0",
-    "eslint-plugin-regexp": "2.4.0",
+    "eslint-plugin-regexp": "2.5.0",
    "eslint-plugin-sonarjs": "0.25.1",
    "eslint-plugin-unicorn": "52.0.0",
-    "eslint-plugin-vitest": "0.4.1",
+    "eslint-plugin-vitest": "0.5.4",
    "eslint-plugin-vitest-globals": "1.5.0",
-    "eslint-plugin-vue": "9.24.0",
+    "eslint-plugin-vue": "9.25.0",
    "eslint-plugin-vue-scoped-css": "2.8.0",
-    "eslint-plugin-wc": "2.0.4",
+    "eslint-plugin-wc": "2.1.0",
    "happy-dom": "14.7.1",
    "markdownlint-cli": "0.39.0",
    "postcss-html": "1.6.0",
-    "stylelint": "16.3.1",
+    "stylelint": "16.4.0",
    "stylelint-declaration-block-no-ignored-properties": "2.8.0",
    "stylelint-declaration-strict-value": "1.10.4",
    "stylelint-value-no-unknown-custom-properties": "6.0.1",
    "svgo": "3.2.0",
    "updates": "16.0.1",
-    "vite-string-plugin": "1.1.5",
-    "vitest": "1.4.0"
+    "vite-string-plugin": "1.2.0",
+    "vitest": "1.5.2"
  },
  "browserslist": ["defaults"]
 }
--- a/release-notes/8.0.0/fix/3363.md
+++ b/release-notes/8.0.0/fix/3363.md
@ -0,0 +1,6 @@
+Reverted the rootless container image path in `GITEA_APP_INI` from
+`/etc/gitea/app.ini` to its default value of
+`/var/lib/gitea/custom/conf/app.ini`. This allows container users to not have
+to mount two separate volumes (one for the configuration data and one for the
+configuration `.ini` file). A warning is issued for users with the legacy
+configuration on how to update to the new path.
--- a/release-notes/8.0.0/fix/3399.md
+++ b/release-notes/8.0.0/fix/3399.md
@ -0,0 +1 @@
+The regression in the [`fogejo admin user create`](https://forgejo.org/docs/v7.0/admin/command-line/#admin-user-create) CLI command [is fixed](https://codeberg.org/forgejo/forgejo/issues/3399) and it is backward compatible.
--- a/release-notes/8.0.0/fix/3430.md
+++ b/release-notes/8.0.0/fix/3430.md
@ -0,0 +1 @@
+Fixed a bug where the `/api/v1/repos/{owner}/{repo}/wiki` API endpoints were using a hardcoded "master" branch for the wiki, rather than the branch they really use.
--- a/release-notes/8.0.0/fix/3442.md
+++ b/release-notes/8.0.0/fix/3442.md
@ -0,0 +1 @@
+Save updated empty comments instead of skipping the update silently, [which prevented the removal of attachments of such comments](https://codeberg.org/forgejo/forgejo/issues/3424).
--- a/release-notes/8.0.0/fix/3444.md
+++ b/release-notes/8.0.0/fix/3444.md
@ -0,0 +1 @@
+Fixed bleve indexer failing when [fuzziness exceeds the maximum 2](https://codeberg.org/forgejo/forgejo/pulls/3444)
--- a/release-notes/8.0.0/fix/3451.md
+++ b/release-notes/8.0.0/fix/3451.md
@ -0,0 +1 @@
+Fixed an error 500 when visiting [the LFS settings](https://codeberg.org/forgejo/forgejo/pulls/3451) at `/{owner}/{repo}/settings/lfs/find?oid=...`.
--- a/renovate.json
+++ b/renovate.json
@ -15,8 +15,10 @@
    "helpers:pinGitHubActionDigests"
  ],
  "semanticCommits": "disabled",
+  "automergeStrategy": "merge-commit",
  "postUpdateOptions": ["gomodTidy", "gomodUpdateImportPaths", "npmDedupe"],
  "prConcurrentLimit": 5,
+  "internalChecksFilter": "strict",
  "packageRules": [
    {
      "description": "Require approval for go and python minor version",
@ -32,7 +34,11 @@
    },
    {
      "description": "Require dashboard approval for some deps",
-      "matchDepNames": ["github.com/go-ap/activitypub", "bitnami/minio"],
+      "matchDepNames": [
+        "bitnami/minio",
+        "github.com/go-ap/activitypub",
+        "github.com/nektos/act"
+      ],
      "dependencyDashboardApproval": true
    },
    {
@ -62,6 +68,21 @@
      "matchUpdateTypes": ["minor", "patch", "digest"],
      "automerge": true
    },
+    {
+      "description": "Split minor and patch updates",
+      "matchDepNames": [
+        "swagger-ui-dist"
+      ],
+      "separateMinorPatch": true
+    },
+    {
+      "description": "Automerge patch updates",
+      "matchDepNames": [
+        "swagger-ui-dist"
+      ],
+      "matchUpdateTypes": ["patch"],
+      "automerge": true
+    },
    {
      "description": "Update renovate with higher prio to come through rate limit",
      "matchDatasources": ["docker"],
@ -73,6 +94,17 @@
      "matchDepNames": ["actions/cascading-pr"],
      "matchManagers": ["github-actions"],
      "enabled": false
+    },
+    {
+      "description": "Automerge some packages when ci succeeds",
+      "extends": ["packages:linters"],
+      "matchDepNames": ["vitest"],
+      "automerge": true
+    },
+    {
+      "description": "Hold back on some package updates for a few days",
+      "matchDepNames": ["monaco-editor"],
+      "minimumReleaseAge": "30 days"
    }
  ],
  "customManagers": [
--- a/routers/api/v1/admin/user.go
+++ b/routers/api/v1/admin/user.go
@ -30,7 +30,7 @@ import (
 	user_service "code.gitea.io/gitea/services/user"
 )

-func parseAuthSource(ctx *context.APIContext, u *user_model.User, sourceID int64, loginName string) {
+func parseAuthSource(ctx *context.APIContext, u *user_model.User, sourceID int64) {
 	if sourceID == 0 {
 		return
 	}
@ -47,7 +47,6 @@ func parseAuthSource(ctx *context.APIContext, u *user_model.User, sourceID int64

 	u.LoginType = source.Type
 	u.LoginSource = source.ID
-	u.LoginName = loginName
 }

 // CreateUser create a user
@ -83,12 +82,13 @@ func CreateUser(ctx *context.APIContext) {
 		Passwd:             form.Password,
 		MustChangePassword: true,
 		LoginType:          auth.Plain,
+		LoginName:          form.LoginName,
 	}
 	if form.MustChangePassword != nil {
 		u.MustChangePassword = *form.MustChangePassword
 	}

-	parseAuthSource(ctx, u, form.SourceID, form.LoginName)
+	parseAuthSource(ctx, u, form.SourceID)
 	if ctx.Written() {
 		return
 	}
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@ -983,6 +983,8 @@ func Routes() *web.Route {
 			m.Post("/migrate", reqToken(), bind(api.MigrateRepoOptions{}), repo.Migrate)

 			m.Group("/{username}/{reponame}", func() {
+				m.Get("/compare/*", reqRepoReader(unit.TypeCode), repo.CompareDiff)
+
 				m.Combo("").Get(reqAnyRepoReader(), repo.Get).
 					Delete(reqToken(), reqOwner(), repo.Delete).
 					Patch(reqToken(), reqAdmin(), bind(api.EditRepoOption{}), repo.Edit)
--- a/routers/api/v1/repo/branch.go
+++ b/routers/api/v1/repo/branch.go
@ -437,7 +437,7 @@ func GetBranchProtection(ctx *context.APIContext) {
 		return
 	}

-	ctx.JSON(http.StatusOK, convert.ToBranchProtection(ctx, bp))
+	ctx.JSON(http.StatusOK, convert.ToBranchProtection(ctx, bp, repo))
 }

 // ListBranchProtections list branch protections for a repo
@ -470,7 +470,7 @@ func ListBranchProtections(ctx *context.APIContext) {
 	}
 	apiBps := make([]*api.BranchProtection, len(bps))
 	for i := range bps {
-		apiBps[i] = convert.ToBranchProtection(ctx, bps[i])
+		apiBps[i] = convert.ToBranchProtection(ctx, bps[i], repo)
 	}

 	ctx.JSON(http.StatusOK, apiBps)
@ -682,7 +682,7 @@ func CreateBranchProtection(ctx *context.APIContext) {
 		return
 	}

-	ctx.JSON(http.StatusCreated, convert.ToBranchProtection(ctx, bp))
+	ctx.JSON(http.StatusCreated, convert.ToBranchProtection(ctx, bp, repo))
 }

 // EditBranchProtection edits a branch protection for a repo
@ -964,7 +964,7 @@ func EditBranchProtection(ctx *context.APIContext) {
 		return
 	}

-	ctx.JSON(http.StatusOK, convert.ToBranchProtection(ctx, bp))
+	ctx.JSON(http.StatusOK, convert.ToBranchProtection(ctx, bp, repo))
 }

 // DeleteBranchProtection deletes a branch protection for a repo
--- a/routers/api/v1/repo/compare.go
+++ b/routers/api/v1/repo/compare.go
@ -0,0 +1,99 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+	"strings"
+
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/gitrepo"
+	api "code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/services/context"
+	"code.gitea.io/gitea/services/convert"
+)
+
+// CompareDiff compare two branches or commits
+func CompareDiff(ctx *context.APIContext) {
+	// swagger:operation GET /repos/{owner}/{repo}/compare/{basehead} Get commit comparison information
+	// ---
+	// summary: Get commit comparison information
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// - name: basehead
+	//   in: path
+	//   description: compare two branches or commits
+	//   type: string
+	//   required: true
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/Compare"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+
+	if ctx.Repo.GitRepo == nil {
+		gitRepo, err := gitrepo.OpenRepository(ctx, ctx.Repo.Repository)
+		if err != nil {
+			ctx.Error(http.StatusInternalServerError, "OpenRepository", err)
+			return
+		}
+		ctx.Repo.GitRepo = gitRepo
+		defer gitRepo.Close()
+	}
+
+	infoPath := ctx.Params("*")
+	infos := []string{ctx.Repo.Repository.DefaultBranch, ctx.Repo.Repository.DefaultBranch}
+	if infoPath != "" {
+		infos = strings.SplitN(infoPath, "...", 2)
+		if len(infos) != 2 {
+			if infos = strings.SplitN(infoPath, "..", 2); len(infos) != 2 {
+				infos = []string{ctx.Repo.Repository.DefaultBranch, infoPath}
+			}
+		}
+	}
+
+	_, _, headGitRepo, ci, _, _ := parseCompareInfo(ctx, api.CreatePullRequestOption{
+		Base: infos[0],
+		Head: infos[1],
+	})
+	if ctx.Written() {
+		return
+	}
+	defer headGitRepo.Close()
+
+	verification := ctx.FormString("verification") == "" || ctx.FormBool("verification")
+	files := ctx.FormString("files") == "" || ctx.FormBool("files")
+
+	apiCommits := make([]*api.Commit, 0, len(ci.Commits))
+	userCache := make(map[string]*user_model.User)
+	for i := 0; i < len(ci.Commits); i++ {
+		apiCommit, err := convert.ToCommit(ctx, ctx.Repo.Repository, ctx.Repo.GitRepo, ci.Commits[i], userCache,
+			convert.ToCommitOptions{
+				Stat:         true,
+				Verification: verification,
+				Files:        files,
+			})
+		if err != nil {
+			ctx.ServerError("toCommit", err)
+			return
+		}
+		apiCommits = append(apiCommits, apiCommit)
+	}
+
+	ctx.JSON(http.StatusOK, &api.Compare{
+		TotalCommits: len(ci.Commits),
+		Commits:      apiCommits,
+	})
+}
--- a/routers/api/v1/repo/release.go
+++ b/routers/api/v1/repo/release.go
@ -231,17 +231,18 @@ func CreateRelease(ctx *context.APIContext) {
 			form.Target = ctx.Repo.Repository.DefaultBranch
 		}
 		rel = &repo_model.Release{
-			RepoID:       ctx.Repo.Repository.ID,
-			PublisherID:  ctx.Doer.ID,
-			Publisher:    ctx.Doer,
-			TagName:      form.TagName,
-			Target:       form.Target,
-			Title:        form.Title,
-			Note:         form.Note,
-			IsDraft:      form.IsDraft,
-			IsPrerelease: form.IsPrerelease,
-			IsTag:        false,
-			Repo:         ctx.Repo.Repository,
+			RepoID:           ctx.Repo.Repository.ID,
+			PublisherID:      ctx.Doer.ID,
+			Publisher:        ctx.Doer,
+			TagName:          form.TagName,
+			Target:           form.Target,
+			Title:            form.Title,
+			Note:             form.Note,
+			IsDraft:          form.IsDraft,
+			IsPrerelease:     form.IsPrerelease,
+			HideArchiveLinks: form.HideArchiveLinks,
+			IsTag:            false,
+			Repo:             ctx.Repo.Repository,
 		}
 		if err := release_service.CreateRelease(ctx.Repo.GitRepo, rel, nil, ""); err != nil {
 			if repo_model.IsErrReleaseAlreadyExist(err) {
@ -261,6 +262,7 @@ func CreateRelease(ctx *context.APIContext) {
 		rel.Note = form.Note
 		rel.IsDraft = form.IsDraft
 		rel.IsPrerelease = form.IsPrerelease
+		rel.HideArchiveLinks = form.HideArchiveLinks
 		rel.PublisherID = ctx.Doer.ID
 		rel.IsTag = false
 		rel.Repo = ctx.Repo.Repository
@ -341,6 +343,9 @@ func EditRelease(ctx *context.APIContext) {
 	if form.IsPrerelease != nil {
 		rel.IsPrerelease = *form.IsPrerelease
 	}
+	if form.HideArchiveLinks != nil {
+		rel.HideArchiveLinks = *form.HideArchiveLinks
+	}
 	if err := release_service.UpdateRelease(ctx, ctx.Doer, ctx.Repo.GitRepo, rel, nil, nil, nil, false); err != nil {
 		ctx.Error(http.StatusInternalServerError, "UpdateRelease", err)
 		return
--- a/routers/api/v1/repo/wiki.go
+++ b/routers/api/v1/repo/wiki.go
@ -193,7 +193,7 @@ func getWikiPage(ctx *context.APIContext, wikiName wiki_service.WebPath) *api.Wi
 	}

 	// get commit count - wiki revisions
-	commitsCount, _ := wikiRepo.FileCommitsCount("master", pageFilename)
+	commitsCount, _ := wikiRepo.FileCommitsCount(ctx.Repo.Repository.GetWikiBranchName(), pageFilename)

 	// Get last change information.
 	lastCommit, err := wikiRepo.GetCommitByPath(pageFilename)
@ -432,7 +432,7 @@ func ListPageRevisions(ctx *context.APIContext) {
 	}

 	// get commit count - wiki revisions
-	commitsCount, _ := wikiRepo.FileCommitsCount("master", pageFilename)
+	commitsCount, _ := wikiRepo.FileCommitsCount(ctx.Repo.Repository.GetWikiBranchName(), pageFilename)

 	page := ctx.FormInt("page")
 	if page <= 1 {
@ -442,7 +442,7 @@ func ListPageRevisions(ctx *context.APIContext) {
 	// get Commit Count
 	commitsHistory, err := wikiRepo.CommitsByFileAndRange(
 		git.CommitsByFileAndRangeOptions{
-			Revision: "master",
+			Revision: ctx.Repo.Repository.GetWikiBranchName(),
 			File:     pageFilename,
 			Page:     page,
 		})
@ -487,7 +487,7 @@ func findWikiRepoCommit(ctx *context.APIContext) (*git.Repository, *git.Commit)
 		return nil, nil
 	}

-	commit, err := wikiRepo.GetBranchCommit("master")
+	commit, err := wikiRepo.GetBranchCommit(ctx.Repo.Repository.GetWikiBranchName())
 	if err != nil {
 		if git.IsErrNotExist(err) {
 			ctx.NotFound(err)
--- a/routers/api/v1/swagger/repo.go
+++ b/routers/api/v1/swagger/repo.go
@ -421,3 +421,9 @@ type swaggerBlockedUserList struct {
 	// in:body
 	Body []api.BlockedUser `json:"body"`
 }
+
+// swagger:response Compare
+type swaggerCompare struct {
+	// in:body
+	Body api.Compare `json:"body"`
+}
--- a/routers/common/compare.go
+++ b/routers/common/compare.go
@ -0,0 +1,21 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package common
+
+import (
+	repo_model "code.gitea.io/gitea/models/repo"
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/git"
+)
+
+// CompareInfo represents the collected results from ParseCompareInfo
+type CompareInfo struct {
+	HeadUser         *user_model.User
+	HeadRepo         *repo_model.Repository
+	HeadGitRepo      *git.Repository
+	CompareInfo      *git.CompareInfo
+	BaseBranch       string
+	HeadBranch       string
+	DirectComparison bool
+}
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@ -35,6 +35,7 @@ import (
 	"code.gitea.io/gitea/services/context"
 	"code.gitea.io/gitea/services/externalaccount"
 	"code.gitea.io/gitea/services/forms"
+	remote_service "code.gitea.io/gitea/services/remote"
 	user_service "code.gitea.io/gitea/services/user"

 	"gitea.com/go-chi/binding"
@ -1202,9 +1203,21 @@ func handleOAuth2SignIn(ctx *context.Context, source *auth.Source, u *user_model
 	ctx.Redirect(setting.AppSubURL + "/user/two_factor")
 }

-// OAuth2UserLoginCallback attempts to handle the callback from the OAuth2 provider and if successful
-// login the user
 func oAuth2UserLoginCallback(ctx *context.Context, authSource *auth.Source, request *http.Request, response http.ResponseWriter) (*user_model.User, goth.User, error) {
+	gothUser, err := oAuth2FetchUser(ctx, authSource, request, response)
+	if err != nil {
+		return nil, goth.User{}, err
+	}
+
+	if _, _, err := remote_service.MaybePromoteRemoteUser(ctx, authSource, gothUser.UserID, gothUser.Email); err != nil {
+		return nil, goth.User{}, err
+	}
+
+	u, err := oAuth2GothUserToUser(request.Context(), authSource, gothUser)
+	return u, gothUser, err
+}
+
+func oAuth2FetchUser(ctx *context.Context, authSource *auth.Source, request *http.Request, response http.ResponseWriter) (goth.User, error) {
 	oauth2Source := authSource.Cfg.(*oauth2.Source)

 	// Make sure that the response is not an error response.
@ -1216,10 +1229,10 @@ func oAuth2UserLoginCallback(ctx *context.Context, authSource *auth.Source, requ
 		// Delete the goth session
 		err := gothic.Logout(response, request)
 		if err != nil {
-			return nil, goth.User{}, err
+			return goth.User{}, err
 		}

-		return nil, goth.User{}, errCallback{
+		return goth.User{}, errCallback{
 			Code:        errorName,
 			Description: errorDescription,
 		}
@ -1232,24 +1245,28 @@ func oAuth2UserLoginCallback(ctx *context.Context, authSource *auth.Source, requ
 			log.Error("OAuth2 Provider %s returned too long a token. Current max: %d. Either increase the [OAuth2] MAX_TOKEN_LENGTH or reduce the information returned from the OAuth2 provider", authSource.Name, setting.OAuth2.MaxTokenLength)
 			err = fmt.Errorf("OAuth2 Provider %s returned too long a token. Current max: %d. Either increase the [OAuth2] MAX_TOKEN_LENGTH or reduce the information returned from the OAuth2 provider", authSource.Name, setting.OAuth2.MaxTokenLength)
 		}
-		return nil, goth.User{}, err
+		return goth.User{}, err
 	}

 	if oauth2Source.RequiredClaimName != "" {
 		claimInterface, has := gothUser.RawData[oauth2Source.RequiredClaimName]
 		if !has {
-			return nil, goth.User{}, user_model.ErrUserProhibitLogin{Name: gothUser.UserID}
+			return goth.User{}, user_model.ErrUserProhibitLogin{Name: gothUser.UserID}
 		}

 		if oauth2Source.RequiredClaimValue != "" {
 			groups := claimValueToStringSet(claimInterface)

 			if !groups.Contains(oauth2Source.RequiredClaimValue) {
-				return nil, goth.User{}, user_model.ErrUserProhibitLogin{Name: gothUser.UserID}
+				return goth.User{}, user_model.ErrUserProhibitLogin{Name: gothUser.UserID}
 			}
 		}
 	}

+	return gothUser, nil
+}
+
+func oAuth2GothUserToUser(ctx go_context.Context, authSource *auth.Source, gothUser goth.User) (*user_model.User, error) {
 	user := &user_model.User{
 		LoginName:   gothUser.UserID,
 		LoginType:   auth.OAuth2,
@ -1258,27 +1275,28 @@ func oAuth2UserLoginCallback(ctx *context.Context, authSource *auth.Source, requ

 	hasUser, err := user_model.GetUser(ctx, user)
 	if err != nil {
-		return nil, goth.User{}, err
+		return nil, err
 	}

 	if hasUser {
-		return user, gothUser, nil
+		return user, nil
 	}
+	log.Debug("no user found for LoginName %v, LoginSource %v, LoginType %v", user.LoginName, user.LoginSource, user.LoginType)

 	// search in external linked users
 	externalLoginUser := &user_model.ExternalLoginUser{
 		ExternalID:    gothUser.UserID,
 		LoginSourceID: authSource.ID,
 	}
-	hasUser, err = user_model.GetExternalLogin(request.Context(), externalLoginUser)
+	hasUser, err = user_model.GetExternalLogin(ctx, externalLoginUser)
 	if err != nil {
-		return nil, goth.User{}, err
+		return nil, err
 	}
 	if hasUser {
-		user, err = user_model.GetUserByID(request.Context(), externalLoginUser.UserID)
-		return user, gothUser, err
+		user, err = user_model.GetUserByID(ctx, externalLoginUser.UserID)
+		return user, err
 	}

 	// no user found to login
-	return nil, gothUser, nil
+	return nil, nil
 }
--- a/routers/web/org/projects.go
+++ b/routers/web/org/projects.go
@ -104,7 +104,7 @@ func Projects(ctx *context.Context) {
 	}

 	for _, project := range projects {
-		project.RenderedContent = templates.SanitizeHTML(project.Description) // FIXME: is it right? why not render?
+		project.RenderedContent = templates.RenderMarkdownToHtml(ctx, project.Description)
 	}

 	err = shared_user.LoadHeaderCount(ctx)
@ -372,7 +372,7 @@ func ViewProject(ctx *context.Context) {
 		}
 	}

-	project.RenderedContent = templates.SanitizeHTML(project.Description) // FIXME: is it right? why not render?
+	project.RenderedContent = templates.RenderMarkdownToHtml(ctx, project.Description)
 	ctx.Data["LinkedPRs"] = linkedPrsMap
 	ctx.Data["PageIsViewProjects"] = true
 	ctx.Data["CanWriteProjects"] = canWriteProjects(ctx)
--- a/routers/web/repo/compare.go
+++ b/routers/web/repo/compare.go
@ -35,6 +35,7 @@ import (
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/typesniffer"
 	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/routers/common"
 	"code.gitea.io/gitea/services/context"
 	"code.gitea.io/gitea/services/context/upload"
 	"code.gitea.io/gitea/services/gitdiff"
@ -185,21 +186,10 @@ func setCsvCompareContext(ctx *context.Context) {
 	}
 }

-// CompareInfo represents the collected results from ParseCompareInfo
-type CompareInfo struct {
-	HeadUser         *user_model.User
-	HeadRepo         *repo_model.Repository
-	HeadGitRepo      *git.Repository
-	CompareInfo      *git.CompareInfo
-	BaseBranch       string
-	HeadBranch       string
-	DirectComparison bool
-}
-
 // ParseCompareInfo parse compare info between two commit for preparing comparing references
-func ParseCompareInfo(ctx *context.Context) *CompareInfo {
+func ParseCompareInfo(ctx *context.Context) *common.CompareInfo {
 	baseRepo := ctx.Repo.Repository
-	ci := &CompareInfo{}
+	ci := &common.CompareInfo{}

 	fileOnly := ctx.FormBool("file-only")

@ -576,7 +566,7 @@ func ParseCompareInfo(ctx *context.Context) *CompareInfo {
 // PrepareCompareDiff renders compare diff page
 func PrepareCompareDiff(
 	ctx *context.Context,
-	ci *CompareInfo,
+	ci *common.CompareInfo,
 	whitespaceBehavior git.TrustedCmdArgs,
 ) bool {
 	var (
--- a/routers/web/repo/issue.go
+++ b/routers/web/repo/issue.go
@ -3160,12 +3160,6 @@ func UpdateCommentContent(ctx *context.Context) {

 	oldContent := comment.Content
 	comment.Content = ctx.FormString("content")
-	if len(comment.Content) == 0 {
-		ctx.JSON(http.StatusOK, map[string]any{
-			"content": "",
-		})
-		return
-	}
 	if err = issue_service.UpdateComment(ctx, comment, ctx.Doer, oldContent); err != nil {
 		ctx.ServerError("UpdateComment", err)
 		return
--- a/routers/web/repo/release.go
+++ b/routers/web/repo/release.go
@ -441,6 +441,20 @@ func NewRelease(ctx *context.Context) {
 	}
 	ctx.Data["Tags"] = tags

+	// We set the value of the hide_archive_link textbox depending on the latest release
+	latestRelease, err := repo_model.GetLatestReleaseByRepoID(ctx, ctx.Repo.Repository.ID)
+	if err != nil {
+		if repo_model.IsErrReleaseNotExist(err) {
+			ctx.Data["hide_archive_links"] = false
+		} else {
+			ctx.ServerError("GetLatestReleaseByRepoID", err)
+			return
+		}
+	}
+	if latestRelease != nil {
+		ctx.Data["hide_archive_links"] = latestRelease.HideArchiveLinks
+	}
+
 	ctx.HTML(http.StatusOK, tplReleaseNew)
 }

@ -525,17 +539,18 @@ func NewReleasePost(ctx *context.Context) {
 		}

 		rel = &repo_model.Release{
-			RepoID:       ctx.Repo.Repository.ID,
-			Repo:         ctx.Repo.Repository,
-			PublisherID:  ctx.Doer.ID,
-			Publisher:    ctx.Doer,
-			Title:        form.Title,
-			TagName:      form.TagName,
-			Target:       form.Target,
-			Note:         form.Content,
-			IsDraft:      len(form.Draft) > 0,
-			IsPrerelease: form.Prerelease,
-			IsTag:        false,
+			RepoID:           ctx.Repo.Repository.ID,
+			Repo:             ctx.Repo.Repository,
+			PublisherID:      ctx.Doer.ID,
+			Publisher:        ctx.Doer,
+			Title:            form.Title,
+			TagName:          form.TagName,
+			Target:           form.Target,
+			Note:             form.Content,
+			IsDraft:          len(form.Draft) > 0,
+			IsPrerelease:     form.Prerelease,
+			HideArchiveLinks: form.HideArchiveLinks,
+			IsTag:            false,
 		}

 		if err = releaseservice.CreateRelease(ctx.Repo.GitRepo, rel, attachmentUUIDs, msg); err != nil {
@ -565,6 +580,7 @@ func NewReleasePost(ctx *context.Context) {
 		rel.IsDraft = len(form.Draft) > 0
 		rel.IsPrerelease = form.Prerelease
 		rel.PublisherID = ctx.Doer.ID
+		rel.HideArchiveLinks = form.HideArchiveLinks
 		rel.IsTag = false

 		if err = releaseservice.UpdateRelease(ctx, ctx.Doer, ctx.Repo.GitRepo, rel, attachmentUUIDs, nil, nil, true); err != nil {
@ -602,6 +618,7 @@ func EditRelease(ctx *context.Context) {
 	ctx.Data["title"] = rel.Title
 	ctx.Data["content"] = rel.Note
 	ctx.Data["prerelease"] = rel.IsPrerelease
+	ctx.Data["hide_archive_links"] = rel.HideArchiveLinks
 	ctx.Data["IsDraft"] = rel.IsDraft

 	rel.Repo = ctx.Repo.Repository
@ -648,6 +665,7 @@ func EditReleasePost(ctx *context.Context) {
 	ctx.Data["title"] = rel.Title
 	ctx.Data["content"] = rel.Note
 	ctx.Data["prerelease"] = rel.IsPrerelease
+	ctx.Data["hide_archive_links"] = rel.HideArchiveLinks

 	if ctx.HasError() {
 		ctx.HTML(http.StatusOK, tplReleaseNew)
@ -673,6 +691,7 @@ func EditReleasePost(ctx *context.Context) {
 	rel.Note = form.Content
 	rel.IsDraft = len(form.Draft) > 0
 	rel.IsPrerelease = form.Prerelease
+	rel.HideArchiveLinks = form.HideArchiveLinks
 	if err = releaseservice.UpdateRelease(ctx, ctx.Doer, ctx.Repo.GitRepo,
 		rel, addAttachmentUUIDs, delAttachmentUUIDs, editAttachments, false); err != nil {
 		ctx.ServerError("UpdateRelease", err)
--- a/routers/web/web.go
+++ b/routers/web/web.go
@ -258,7 +258,7 @@ func Routes() *web.Route {
 		routes.Get("/metrics", append(mid, Metrics)...)
 	}

-	routes.Get("/robots.txt", append(mid, misc.RobotsTxt)...)
+	routes.Methods("GET,HEAD", "/robots.txt", append(mid, misc.RobotsTxt)...)
 	routes.Get("/ssh_info", misc.SSHInfo)
 	routes.Get("/api/healthz", healthcheck.Check)

--- a/services/actions/notifier_helper.go
+++ b/services/actions/notifier_helper.go
@ -80,6 +80,11 @@ func newNotifyInput(repo *repo_model.Repository, doer *user_model.User, event we
 	}
 }

+func newNotifyInputForSchedules(repo *repo_model.Repository) *notifyInput {
+	// the doer here will be ignored as we force using action user when handling schedules
+	return newNotifyInput(repo, user_model.NewActionsUser(), webhook_module.HookEventSchedule)
+}
+
 func (input *notifyInput) WithDoer(doer *user_model.User) *notifyInput {
 	input.Doer = doer
 	return input
@ -562,7 +567,7 @@ func DetectAndHandleSchedules(ctx context.Context, repo *repo_model.Repository)
 	// We need a notifyInput to call handleSchedules
 	// if repo is a mirror, commit author maybe an external user,
 	// so we use action user as the Doer of the notifyInput
-	notifyInput := newNotifyInput(repo, user_model.NewActionsUser(), webhook_module.HookEventSchedule)
+	notifyInput := newNotifyInputForSchedules(repo)

 	return handleSchedules(ctx, scheduleWorkflows, commit, notifyInput, repo.DefaultBranch)
 }
--- a/services/auth/source/remote/source.go
+++ b/services/auth/source/remote/source.go
@ -0,0 +1,33 @@
+// Copyright Earl Warren <contact@earl-warren.org>
+// SPDX-License-Identifier: MIT
+
+package remote
+
+import (
+	"code.gitea.io/gitea/models/auth"
+	"code.gitea.io/gitea/modules/json"
+)
+
+type Source struct {
+	URL            string
+	MatchingSource string
+
+	// reference to the authSource
+	authSource *auth.Source
+}
+
+func (source *Source) FromDB(bs []byte) error {
+	return json.UnmarshalHandleDoubleEncode(bs, &source)
+}
+
+func (source *Source) ToDB() ([]byte, error) {
+	return json.Marshal(source)
+}
+
+func (source *Source) SetAuthSource(authSource *auth.Source) {
+	source.authSource = authSource
+}
+
+func init() {
+	auth.RegisterTypeConfig(auth.Remote, &Source{})
+}
--- a/services/convert/convert.go
+++ b/services/convert/convert.go
@ -21,6 +21,7 @@ import (
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/container"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	api "code.gitea.io/gitea/modules/structs"
@ -105,33 +106,46 @@ func ToBranch(ctx context.Context, repo *repo_model.Repository, branchName strin
 	return branch, nil
 }

+// getWhitelistEntities returns the names of the entities that are in the whitelist
+func getWhitelistEntities[T *user_model.User | *organization.Team](entities []T, whitelistIDs []int64) []string {
+	whitelistUserIDsSet := container.SetOf(whitelistIDs...)
+	whitelistNames := make([]string, 0)
+	for _, entity := range entities {
+		switch v := any(entity).(type) {
+		case *user_model.User:
+			if whitelistUserIDsSet.Contains(v.ID) {
+				whitelistNames = append(whitelistNames, v.Name)
+			}
+		case *organization.Team:
+			if whitelistUserIDsSet.Contains(v.ID) {
+				whitelistNames = append(whitelistNames, v.Name)
+			}
+		}
+	}
+
+	return whitelistNames
+}
+
 // ToBranchProtection convert a ProtectedBranch to api.BranchProtection
-func ToBranchProtection(ctx context.Context, bp *git_model.ProtectedBranch) *api.BranchProtection {
-	pushWhitelistUsernames, err := user_model.GetUserNamesByIDs(ctx, bp.WhitelistUserIDs)
+func ToBranchProtection(ctx context.Context, bp *git_model.ProtectedBranch, repo *repo_model.Repository) *api.BranchProtection {
+	readers, err := access_model.GetRepoReaders(ctx, repo)
 	if err != nil {
-		log.Error("GetUserNamesByIDs (WhitelistUserIDs): %v", err)
+		log.Error("GetRepoReaders: %v", err)
 	}
-	mergeWhitelistUsernames, err := user_model.GetUserNamesByIDs(ctx, bp.MergeWhitelistUserIDs)
+
+	pushWhitelistUsernames := getWhitelistEntities(readers, bp.WhitelistUserIDs)
+	mergeWhitelistUsernames := getWhitelistEntities(readers, bp.MergeWhitelistUserIDs)
+	approvalsWhitelistUsernames := getWhitelistEntities(readers, bp.ApprovalsWhitelistUserIDs)
+
+	teamReaders, err := organization.OrgFromUser(repo.Owner).TeamsWithAccessToRepo(ctx, repo.ID, perm.AccessModeRead)
 	if err != nil {
-		log.Error("GetUserNamesByIDs (MergeWhitelistUserIDs): %v", err)
-	}
-	approvalsWhitelistUsernames, err := user_model.GetUserNamesByIDs(ctx, bp.ApprovalsWhitelistUserIDs)
-	if err != nil {
-		log.Error("GetUserNamesByIDs (ApprovalsWhitelistUserIDs): %v", err)
-	}
-	pushWhitelistTeams, err := organization.GetTeamNamesByID(ctx, bp.WhitelistTeamIDs)
-	if err != nil {
-		log.Error("GetTeamNamesByID (WhitelistTeamIDs): %v", err)
-	}
-	mergeWhitelistTeams, err := organization.GetTeamNamesByID(ctx, bp.MergeWhitelistTeamIDs)
-	if err != nil {
-		log.Error("GetTeamNamesByID (MergeWhitelistTeamIDs): %v", err)
-	}
-	approvalsWhitelistTeams, err := organization.GetTeamNamesByID(ctx, bp.ApprovalsWhitelistTeamIDs)
-	if err != nil {
-		log.Error("GetTeamNamesByID (ApprovalsWhitelistTeamIDs): %v", err)
+		log.Error("Repo.Owner.TeamsWithAccessToRepo: %v", err)
 	}

+	pushWhitelistTeams := getWhitelistEntities(teamReaders, bp.WhitelistTeamIDs)
+	mergeWhitelistTeams := getWhitelistEntities(teamReaders, bp.MergeWhitelistTeamIDs)
+	approvalsWhitelistTeams := getWhitelistEntities(teamReaders, bp.ApprovalsWhitelistTeamIDs)
+
 	branchName := ""
 	if !git_model.IsRuleNameSpecial(bp.RuleName) {
 		branchName = bp.RuleName
--- a/services/convert/release.go
+++ b/services/convert/release.go
@ -22,6 +22,7 @@ func ToAPIRelease(ctx context.Context, repo *repo_model.Repository, r *repo_mode
 		HTMLURL:              r.HTMLURL(),
 		TarURL:               r.TarURL(),
 		ZipURL:               r.ZipURL(),
+		HideArchiveLinks:     r.HideArchiveLinks,
 		UploadURL:            r.APIUploadURL(),
 		IsDraft:              r.IsDraft,
 		IsPrerelease:         r.IsPrerelease,
--- a/services/convert/repository.go
+++ b/services/convert/repository.go
@ -237,6 +237,7 @@ func innerToRepo(ctx context.Context, repo *repo_model.Repository, permissionInR
 		MirrorInterval:                mirrorInterval,
 		MirrorUpdated:                 mirrorUpdated,
 		RepoTransfer:                  transfer,
+		ObjectFormatName:              repo.ObjectFormatName,
 	}
 }

--- a/services/convert/user.go
+++ b/services/convert/user.go
@ -76,6 +76,7 @@ func toUser(ctx context.Context, user *user_model.User, signed, authed bool) *ap
 	if authed {
 		result.IsAdmin = user.IsAdmin
 		result.LoginName = user.LoginName
+		result.SourceID = user.LoginSource
 		result.LastLogin = user.LastLoginUnix.AsTime()
 		result.Language = user.Language
 		result.IsActive = user.IsActive
--- a/services/forms/repo_form.go
+++ b/services/forms/repo_form.go
@ -559,15 +559,16 @@ type UpdateAllowEditsForm struct {

 // NewReleaseForm form for creating release
 type NewReleaseForm struct {
-	TagName    string `binding:"Required;GitRefName;MaxSize(255)"`
-	Target     string `form:"tag_target" binding:"Required;MaxSize(255)"`
-	Title      string `binding:"MaxSize(255)"`
-	Content    string
-	Draft      string
-	TagOnly    string
-	Prerelease bool
-	AddTagMsg  bool
-	Files      []string
+	TagName          string `binding:"Required;GitRefName;MaxSize(255)"`
+	Target           string `form:"tag_target" binding:"Required;MaxSize(255)"`
+	Title            string `binding:"MaxSize(255)"`
+	Content          string
+	Draft            string
+	TagOnly          string
+	Prerelease       bool
+	AddTagMsg        bool
+	HideArchiveLinks bool
+	Files            []string
 }

 // Validate validates the fields
@ -578,11 +579,12 @@ func (f *NewReleaseForm) Validate(req *http.Request, errs binding.Errors) bindin

 // EditReleaseForm form for changing release
 type EditReleaseForm struct {
-	Title      string `form:"title" binding:"Required;MaxSize(255)"`
-	Content    string `form:"content"`
-	Draft      string `form:"draft"`
-	Prerelease bool   `form:"prerelease"`
-	Files      []string
+	Title            string `form:"title" binding:"Required;MaxSize(255)"`
+	Content          string `form:"content"`
+	Draft            string `form:"draft"`
+	Prerelease       bool   `form:"prerelease"`
+	HideArchiveLinks bool
+	Files            []string
 }

 // Validate validates the fields
--- a/services/mailer/incoming/incoming_handler.go
+++ b/services/mailer/incoming/incoming_handler.go
@ -82,31 +82,34 @@ func (h *ReplyHandler) Handle(ctx context.Context, content *MailContent, doer *u
 		return nil
 	}

+	log.Trace("incoming mail related to %T", ref)
+
+	attachmentIDs := make([]string, 0, len(content.Attachments))
+	if setting.Attachment.Enabled {
+		for _, attachment := range content.Attachments {
+			a, err := attachment_service.UploadAttachment(ctx, bytes.NewReader(attachment.Content), setting.Attachment.AllowedTypes, int64(len(attachment.Content)), &repo_model.Attachment{
+				Name:       attachment.Name,
+				UploaderID: doer.ID,
+				RepoID:     issue.Repo.ID,
+			})
+			if err != nil {
+				if upload.IsErrFileTypeForbidden(err) {
+					log.Info("Skipping disallowed attachment type: %s", attachment.Name)
+					continue
+				}
+				return err
+			}
+			attachmentIDs = append(attachmentIDs, a.UUID)
+		}
+	}
+
+	if content.Content == "" && len(attachmentIDs) == 0 {
+		log.Trace("incoming mail has no content and no attachement", ref)
+		return nil
+	}
+
 	switch r := ref.(type) {
 	case *issues_model.Issue:
-		attachmentIDs := make([]string, 0, len(content.Attachments))
-		if setting.Attachment.Enabled {
-			for _, attachment := range content.Attachments {
-				a, err := attachment_service.UploadAttachment(ctx, bytes.NewReader(attachment.Content), setting.Attachment.AllowedTypes, int64(len(attachment.Content)), &repo_model.Attachment{
-					Name:       attachment.Name,
-					UploaderID: doer.ID,
-					RepoID:     issue.Repo.ID,
-				})
-				if err != nil {
-					if upload.IsErrFileTypeForbidden(err) {
-						log.Info("Skipping disallowed attachment type: %s", attachment.Name)
-						continue
-					}
-					return err
-				}
-				attachmentIDs = append(attachmentIDs, a.UUID)
-			}
-		}
-
-		if content.Content == "" && len(attachmentIDs) == 0 {
-			return nil
-		}
-
 		_, err = issue_service.CreateIssueComment(ctx, doer, issue.Repo, issue, content.Content, attachmentIDs)
 		if err != nil {
 			return fmt.Errorf("CreateIssueComment failed: %w", err)
@ -114,11 +117,13 @@ func (h *ReplyHandler) Handle(ctx context.Context, content *MailContent, doer *u
 	case *issues_model.Comment:
 		comment := r

-		if content.Content == "" {
-			return nil
-		}
-
-		if comment.Type == issues_model.CommentTypeCode {
+		switch comment.Type {
+		case issues_model.CommentTypeComment, issues_model.CommentTypeReview:
+			_, err = issue_service.CreateIssueComment(ctx, doer, issue.Repo, issue, content.Content, attachmentIDs)
+			if err != nil {
+				return fmt.Errorf("CreateIssueComment failed: %w", err)
+			}
+		case issues_model.CommentTypeCode:
 			_, err := pull_service.CreateCodeComment(
 				ctx,
 				doer,
@ -130,12 +135,16 @@ func (h *ReplyHandler) Handle(ctx context.Context, content *MailContent, doer *u
 				false, // not pending review but a single review
 				comment.ReviewID,
 				"",
-				nil,
+				attachmentIDs,
 			)
 			if err != nil {
 				return fmt.Errorf("CreateCodeComment failed: %w", err)
 			}
+		default:
+			log.Trace("incoming mail related to comment of type %v is ignored", comment.Type)
 		}
+	default:
+		log.Trace("incoming mail related to %T is ignored", ref)
 	}
 	return nil
 }
--- a/services/remote/promote.go
+++ b/services/remote/promote.go
@ -0,0 +1,133 @@
+// Copyright Earl Warren <contact@earl-warren.org>
+// SPDX-License-Identifier: MIT
+
+package remote
+
+import (
+	"context"
+
+	auth_model "code.gitea.io/gitea/models/auth"
+	"code.gitea.io/gitea/models/db"
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/services/auth/source/oauth2"
+	remote_source "code.gitea.io/gitea/services/auth/source/remote"
+)
+
+type Reason int
+
+const (
+	ReasonNoMatch Reason = iota
+	ReasonNotAuth2
+	ReasonBadAuth2
+	ReasonLoginNameNotExists
+	ReasonNotRemote
+	ReasonEmailIsSet
+	ReasonNoSource
+	ReasonSourceWrongType
+	ReasonCanPromote
+	ReasonPromoted
+	ReasonUpdateFail
+	ReasonErrorLoginName
+	ReasonErrorGetSource
+)
+
+func NewReason(level log.Level, reason Reason, message string, args ...any) Reason {
+	log.Log(1, level, message, args...)
+	return reason
+}
+
+func getUsersByLoginName(ctx context.Context, name string) ([]*user_model.User, error) {
+	if len(name) == 0 {
+		return nil, user_model.ErrUserNotExist{Name: name}
+	}
+
+	users := make([]*user_model.User, 0, 5)
+
+	return users, db.GetEngine(ctx).
+		Table("user").
+		Where("login_name = ? AND login_type = ? AND type = ?", name, auth_model.Remote, user_model.UserTypeRemoteUser).
+		Find(&users)
+}
+
+// The remote user has:
+//
+//	Type        UserTypeRemoteUser
+//	LogingType  Remote
+//	LoginName   set to the unique identifier of the originating authentication source
+//	LoginSource set to the Remote source that can be matched against an OAuth2 source
+//
+// If the source from which an authentification happens is OAuth2, an existing
+// remote user will be promoted to an OAuth2 user provided:
+//
+//	user.LoginName is the same as goth.UserID (argument loginName)
+//	user.LoginSource has a MatchingSource equals to the name of the OAuth2 provider
+//
+// Once promoted, the user will be logged in without further interaction from the
+// user and will own all repositories, issues, etc. associated with it.
+func MaybePromoteRemoteUser(ctx context.Context, source *auth_model.Source, loginName, email string) (promoted bool, reason Reason, err error) {
+	user, reason, err := getRemoteUserToPromote(ctx, source, loginName, email)
+	if err != nil || user == nil {
+		return false, reason, err
+	}
+	promote := &user_model.User{
+		ID:          user.ID,
+		Type:        user_model.UserTypeIndividual,
+		Email:       email,
+		LoginSource: source.ID,
+		LoginType:   source.Type,
+	}
+	reason = NewReason(log.DEBUG, ReasonPromoted, "promote user %v: LoginName %v => %v, LoginSource %v => %v, LoginType %v => %v, Email %v => %v", user.ID, user.LoginName, promote.LoginName, user.LoginSource, promote.LoginSource, user.LoginType, promote.LoginType, user.Email, promote.Email)
+	if err := user_model.UpdateUserCols(ctx, promote, "type", "email", "login_source", "login_type"); err != nil {
+		return false, ReasonUpdateFail, err
+	}
+	return true, reason, nil
+}
+
+func getRemoteUserToPromote(ctx context.Context, source *auth_model.Source, loginName, email string) (*user_model.User, Reason, error) {
+	if !source.IsOAuth2() {
+		return nil, NewReason(log.DEBUG, ReasonNotAuth2, "source %v is not OAuth2", source), nil
+	}
+	oauth2Source, ok := source.Cfg.(*oauth2.Source)
+	if !ok {
+		return nil, NewReason(log.ERROR, ReasonBadAuth2, "source claims to be OAuth2 but is not"), nil
+	}
+
+	users, err := getUsersByLoginName(ctx, loginName)
+	if err != nil {
+		return nil, NewReason(log.ERROR, ReasonErrorLoginName, "getUserByLoginName('%s') %v", loginName, err), err
+	}
+	if len(users) == 0 {
+		return nil, NewReason(log.ERROR, ReasonLoginNameNotExists, "no user with LoginType UserTypeRemoteUser and LoginName '%s'", loginName), nil
+	}
+
+	reason := ReasonNoSource
+	for _, u := range users {
+		userSource, err := auth_model.GetSourceByID(ctx, u.LoginSource)
+		if err != nil {
+			if auth_model.IsErrSourceNotExist(err) {
+				reason = NewReason(log.DEBUG, ReasonNoSource, "source id = %v for user %v not found %v", u.LoginSource, u.ID, err)
+				continue
+			}
+			return nil, NewReason(log.ERROR, ReasonErrorGetSource, "GetSourceByID('%s') %v", u.LoginSource, err), err
+		}
+		if u.Email != "" {
+			reason = NewReason(log.DEBUG, ReasonEmailIsSet, "the user email is already set to '%s'", u.Email)
+			continue
+		}
+		remoteSource, ok := userSource.Cfg.(*remote_source.Source)
+		if !ok {
+			reason = NewReason(log.DEBUG, ReasonSourceWrongType, "expected a remote source but got %T %v", userSource, userSource)
+			continue
+		}
+
+		if oauth2Source.Provider != remoteSource.MatchingSource {
+			reason = NewReason(log.DEBUG, ReasonNoMatch, "skip OAuth2 source %s because it is different from %s which is the expected match for the remote source %s", oauth2Source.Provider, remoteSource.MatchingSource, remoteSource.URL)
+			continue
+		}
+
+		return u, ReasonCanPromote, nil
+	}
+
+	return nil, reason, nil
+}
--- a/services/repository/lfs_test.go
+++ b/services/repository/lfs_test.go
@ -28,9 +28,13 @@ func TestGarbageCollectLFSMetaObjects(t *testing.T) {
 	err := storage.Init()
 	assert.NoError(t, err)

-	repo, err := repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, "user2", "repo1")
+	repo, err := repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, "user2", "lfs")
 	assert.NoError(t, err)

+	validLFSObjects, err := db.GetEngine(db.DefaultContext).Count(git_model.LFSMetaObject{RepositoryID: repo.ID})
+	assert.NoError(t, err)
+	assert.Greater(t, validLFSObjects, int64(1))
+
 	// add lfs object
 	lfsContent := []byte("gitea1")
 	lfsOid := storeObjectInRepo(t, repo.ID, &lfsContent)
@ -39,13 +43,18 @@ func TestGarbageCollectLFSMetaObjects(t *testing.T) {
 	err = repo_service.GarbageCollectLFSMetaObjects(context.Background(), repo_service.GarbageCollectLFSMetaObjectsOptions{
 		AutoFix:                 true,
 		OlderThan:               time.Now().Add(7 * 24 * time.Hour).Add(5 * 24 * time.Hour),
-		UpdatedLessRecentlyThan: time.Now().Add(7 * 24 * time.Hour).Add(3 * 24 * time.Hour),
+		UpdatedLessRecentlyThan: time.Time{}, // ensure that the models/fixtures/lfs_meta_object.yml objects are considered as well
+		LogDetail:               t.Logf,
 	})
 	assert.NoError(t, err)

 	// lfs meta has been deleted
 	_, err = git_model.GetLFSMetaObjectByOid(db.DefaultContext, repo.ID, lfsOid)
 	assert.ErrorIs(t, err, git_model.ErrLFSObjectNotExist)
+
+	remainingLFSObjects, err := db.GetEngine(db.DefaultContext).Count(git_model.LFSMetaObject{RepositoryID: repo.ID})
+	assert.NoError(t, err)
+	assert.Equal(t, validLFSObjects-1, remainingLFSObjects)
 }

 func storeObjectInRepo(t *testing.T, repositoryID int64, content *[]byte) string {
--- a/templates/devtest/label.tmpl
+++ b/templates/devtest/label.tmpl
@ -0,0 +1,27 @@
+{{template "base/head" .}}
+<link rel="stylesheet" href="{{AssetUrlPrefix}}/css/devtest.css?v={{AssetVersion}}">
+<div class="page-content devtest ui container">
+	<div>
+		<h1>Label</h1>
+		<div class="flex-text-block tw-my-2">
+			<span class="ui label">simple label</span>
+			<span class="ui red label">red label</span>
+			<span class="ui green label">green label</span>
+		</div>
+		<div class="flex-text-block tw-my-2">
+			<span class="ui basic label">basic label</span>
+			<span class="ui basic red label">basic red label</span>
+			<span class="ui basic green label">basic green label</span>
+		</div>
+		<div class="flex-text-block tw-my-2">
+			<span class="ui label">long content must be in a non-flex "gt-ellipsis" element, otherwise it won't get ellipsis. very looooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong label</span>
+		</div>
+		<div class="flex-text-block tw-my-2">
+			<span class="ui label"><span class="gt-ellipsis">very looooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong label</span></span>
+		</div>
+		<div class="tw-my-2">
+			<span class="ui label tw-max-w-full"><span class="gt-ellipsis">very looooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong label</span></span>
+		</div>
+	</div>
+</div>
+{{template "base/footer" .}}
--- a/templates/repo/actions/runs_list.tmpl
+++ b/templates/repo/actions/runs_list.tmpl
@ -1,4 +1,4 @@
-<div class="flex-list">
+<div class="flex-list run-list">
 	{{if not .Runs}}
 	<div class="empty-placeholder">
 		{{svg "octicon-no-entry" 48}}
@ -28,14 +28,14 @@
 			</div>
 			<div class="flex-item-trailing">
 				{{if .RefLink}}
-					<a class="ui label tw-px-1 tw-mx-0" href="{{.RefLink}}">{{.PrettyRef}}</a>
+					<a class="ui label run-list-ref gt-ellipsis" href="{{.RefLink}}">{{.PrettyRef}}</a>
 				{{else}}
-					<span class="ui label tw-px-1 tw-mx-0">{{.PrettyRef}}</span>
+					<span class="ui label run-list-ref gt-ellipsis">{{.PrettyRef}}</span>
 				{{end}}
-			</div>
-			<div class="run-list-item-right">
-				<div class="run-list-meta">{{svg "octicon-calendar" 16}}{{TimeSinceUnix .Updated ctx.Locale}}</div>
-				<div class="run-list-meta">{{svg "octicon-stopwatch" 16}}{{.Duration}}</div>
+				<div class="run-list-item-right">
+					<div class="run-list-meta">{{svg "octicon-calendar" 16}}{{TimeSinceUnix .Updated ctx.Locale}}</div>
+					<div class="run-list-meta">{{svg "octicon-stopwatch" 16}}{{.Duration}}</div>
+				</div>
 			</div>
 		</div>
 	{{end}}
--- a/templates/repo/blame.tmpl
+++ b/templates/repo/blame.tmpl
@ -28,7 +28,7 @@
 			</div>
 		</div>
 	</h4>
-	<div class="ui attached table unstackable segment">
+	<div class="ui bottom attached table unstackable segment">
 		<div class="file-view code-view unicode-escaped">
 			{{if .IsFileTooLarge}}
 				<table>
--- a/templates/repo/commits_list_small.tmpl
+++ b/templates/repo/commits_list_small.tmpl
@ -6,14 +6,23 @@
 	<div class="singular-commit" id="{{$tag}}">
 		<span class="badge badge-commit">{{svg "octicon-git-commit"}}</span>
 		{{if .User}}
-			<a class="avatar" href="{{.User.HomeLink}}">{{ctx.AvatarUtils.Avatar .User}}</a>
+			<a class="avatar" href="{{.User.HomeLink}}">{{ctx.AvatarUtils.Avatar .User 20}}</a>
 		{{else}}
-			{{ctx.AvatarUtils.AvatarByEmail .Author.Email .Author.Name}}
+			{{ctx.AvatarUtils.AvatarByEmail .Author.Email .Author.Name 20}}
 		{{end}}

 		{{$commitLink:= printf "%s/commit/%s" $.comment.Issue.PullRequest.BaseRepo.Link (PathEscape .ID.String)}}

-		<span class="shabox tw-flex tw-items-center tw-float-right">
+		<span class="tw-flex-1 gt-ellipsis tw-font-mono{{if gt .ParentCount 1}} grey text{{end}}" title="{{.Summary}}">{{RenderCommitMessageLinkSubject $.root.Context .Message $commitLink ($.comment.Issue.PullRequest.BaseRepo.ComposeMetas ctx)}}</span>
+
+		{{if IsMultilineCommitMessage .Message}}
+			<button class="ui button js-toggle-commit-body ellipsis-button" aria-expanded="false">...</button>
+		{{end}}
+		{{if IsMultilineCommitMessage .Message}}
+			<pre class="commit-body tw-hidden">{{RenderCommitBody $.root.Context .Message ($.comment.Issue.PullRequest.BaseRepo.ComposeMetas ctx)}}</pre>
+		{{end}}
+
+		<span class="shabox tw-flex tw-items-center">
 			{{template "repo/commit_statuses" dict "Status" .Status "Statuses" .Statuses}}
 			{{$class := "ui sha label"}}
 			{{if .Signature}}
@ -37,14 +46,6 @@
 				{{end}}
 			</a>
 		</span>
-
-		<span class="tw-font-mono commit-summary {{if gt .ParentCount 1}} grey text{{end}}" title="{{.Summary}}">{{RenderCommitMessageLinkSubject $.root.Context .Message $commitLink ($.comment.Issue.PullRequest.BaseRepo.ComposeMetas ctx)}}</span>
-		{{if IsMultilineCommitMessage .Message}}
-			<button class="ui button js-toggle-commit-body ellipsis-button" aria-expanded="false">...</button>
-		{{end}}
-		{{if IsMultilineCommitMessage .Message}}
-			<pre class="commit-body tw-hidden">{{RenderCommitBody $.root.Context .Message ($.comment.Issue.PullRequest.BaseRepo.ComposeMetas ctx)}}</pre>
-		{{end}}
 	</div>
 {{end}}
 </div>
--- a/templates/repo/diff/box.tmpl
+++ b/templates/repo/diff/box.tmpl
@ -130,7 +130,7 @@
 								</div>
 								<span class="file tw-flex tw-items-center tw-font-mono tw-flex-1"><a class="muted file-link" title="{{if $file.IsRenamed}}{{$file.OldName}} → {{end}}{{$file.Name}}" href="#diff-{{$file.NameHash}}">{{if $file.IsRenamed}}{{$file.OldName}} → {{end}}{{$file.Name}}</a>
 									{{if .IsLFSFile}} ({{ctx.Locale.Tr "repo.stored_lfs"}}){{end}}
-									<button class="btn interact-fg tw-p-2" data-clipboard-text="{{$file.Name}}">{{svg "octicon-copy" 14}}</button>
+									<button class="btn interact-fg tw-p-2" data-clipboard-text="{{$file.Name}}" data-tooltip-content="{{ctx.Locale.Tr "copy_generic"}}" aria-label="{{ctx.Locale.Tr "copy_generic"}}">{{svg "octicon-copy" 14}}</button>
 									{{if $file.IsGenerated}}
 										<span class="ui label">{{ctx.Locale.Tr "repo.diff.generated"}}</span>
 									{{end}}
--- a/templates/repo/editor/edit.tmpl
+++ b/templates/repo/editor/edit.tmpl
@ -15,7 +15,7 @@
 					{{range $i, $v := .TreeNames}}
 						<div class="breadcrumb-divider">/</div>
 						{{if eq $i $l}}
-							<input id="file-name" maxlength="500" value="{{$v}}" placeholder="{{ctx.Locale.Tr "repo.editor.name_your_file"}}" data-editorconfig="{{$.EditorconfigJson}}" required autofocus>
+							<input id="file-name" maxlength="255" value="{{$v}}" placeholder="{{ctx.Locale.Tr "repo.editor.name_your_file"}}" data-editorconfig="{{$.EditorconfigJson}}" required autofocus>
 							<span data-tooltip-content="{{ctx.Locale.Tr "repo.editor.filename_help"}}">{{svg "octicon-info"}}</span>
 						{{else}}
 							<span class="section"><a href="{{$.BranchLink}}/{{index $.TreePaths $i | PathEscapeSegments}}">{{$v}}</a></span>
--- a/templates/repo/editor/upload.tmpl
+++ b/templates/repo/editor/upload.tmpl
@ -13,7 +13,7 @@
 					{{range $i, $v := .TreeNames}}
 						<div class="breadcrumb-divider">/</div>
 						{{if eq $i $l}}
-							<input type="text" id="file-name" maxlength="500" value="{{$v}}" placeholder="{{ctx.Locale.Tr "repo.editor.add_subdir"}}" autofocus>
+							<input type="text" id="file-name" maxlength="255" value="{{$v}}" placeholder="{{ctx.Locale.Tr "repo.editor.add_subdir"}}" autofocus>
 							<span data-tooltip-content="{{ctx.Locale.Tr "repo.editor.filename_help"}}">{{svg "octicon-info"}}</span>
 						{{else}}
 							<span class="section"><a href="{{$.BranchLink}}/{{index $.TreePaths $i | PathEscapeSegments}}">{{$v}}</a></span>
--- a/templates/repo/header.tmpl
+++ b/templates/repo/header.tmpl
@ -2,7 +2,7 @@
 {{with .Repository}}
 	<div class="ui container">
 		<div class="repo-header">
-			<div class="flex-item gt-ac">
+			<div class="flex-item tw-items-center">
 				<div class="flex-item-leading">
 					{{template "repo/icon" .}}
 				</div>
--- a/templates/repo/issue/view_content/reference_issue_dialog.tmpl
+++ b/templates/repo/issue/view_content/reference_issue_dialog.tmpl
@ -2,29 +2,27 @@
 	<div class="header">
 		{{ctx.Locale.Tr "repo.issues.context.reference_issue"}}
 	</div>
-	<div class="content tw-text-left">
-		<form class="ui form form-fetch-action" action="{{printf "%s/issues/new" .Repository.Link}}" method="post">
+	<div class="content">
+		<form class="ui form form-fetch-action" action="{{.Repository.Link}}/issues/new" method="post">
 			{{.CsrfTokenHtml}}
-			<div class="ui segment content">
-				<div class="field">
-					<span class="text"><strong>{{ctx.Locale.Tr "repository"}}</strong></span>
-					<div class="ui search normal selection dropdown issue_reference_repository_search">
-						<div class="default text">{{.Repository.FullName}}</div>
-						<div class="menu"></div>
-					</div>
-				</div>
-				<div class="field">
-					<span class="text"><strong>{{ctx.Locale.Tr "repo.milestones.title"}}</strong></span>
-					<input name="title" value="" autofocus required maxlength="255" autocomplete="off">
-				</div>
-				<div class="field">
-					<span class="text"><strong>{{ctx.Locale.Tr "repo.issues.reference_issue.body"}}</strong></span>
-					<textarea name="content" class="form-control"></textarea>
-				</div>
-				<div class="text right">
-					<button class="ui primary button">{{ctx.Locale.Tr "repo.issues.create"}}</button>
+			<div class="field">
+				<label><strong>{{ctx.Locale.Tr "repository"}}</strong></label>
+				<div class="ui search selection dropdown issue_reference_repository_search">
+					<div class="default text gt-ellipsis">{{.Repository.FullName}}</div>
+					<div class="menu"></div>
 				</div>
 			</div>
+			<div class="field">
+				<label><strong>{{ctx.Locale.Tr "repo.milestones.title"}}</strong></label>
+				<input name="title" value="" autofocus required maxlength="255" autocomplete="off">
+			</div>
+			<div class="field">
+				<label><strong>{{ctx.Locale.Tr "repo.issues.reference_issue.body"}}</strong></label>
+				<textarea name="content"></textarea>
+			</div>
+			<div class="text right">
+				<button class="ui primary button">{{ctx.Locale.Tr "repo.issues.create"}}</button>
+			</div>
 		</form>
 	</div>
 </div>
--- a/templates/repo/issue/view_content/sidebar.tmpl
+++ b/templates/repo/issue/view_content/sidebar.tmpl
@ -114,7 +114,7 @@
 			</div>
 		</div>
 		{{if and (or .HasIssuesOrPullsWritePermission .IsIssuePoster) (not .HasMerged) (not .Issue.IsClosed)}}
-			<div class="toggle-wip" data-title="{{.Issue.Title}}" data-wip-prefix="{{index .PullRequestWorkInProgressPrefixes 0}}" data-update-url="{{.Issue.Link}}/title">
+			<div class="toggle-wip" data-title="{{.Issue.Title}}" data-wip-prefixes="{{JsonUtils.EncodeToString .PullRequestWorkInProgressPrefixes}}" data-update-url="{{.Issue.Link}}/title">
 				<a class="muted">
 					{{if .IsPullWorkInProgress}}
 						{{ctx.Locale.Tr "repo.pulls.ready_for_review"}} {{ctx.Locale.Tr "repo.pulls.remove_prefix" (index .PullRequestWorkInProgressPrefixes 0)}}
--- a/templates/repo/pulse.tmpl
+++ b/templates/repo/pulse.tmpl
@ -25,12 +25,14 @@
 		<div class="column">
 			{{if gt .Activity.ActivePRCount 0}}
 			<div class="stats-table">
-				<a href="#merged-pull-requests" class="table-cell tiny background purple" style="width: {{.Activity.MergedPRPerc}}{{if ne .Activity.MergedPRPerc 0}}%{{end}}"></a>
-				<a href="#proposed-pull-requests" class="table-cell tiny background green"></a>
+				{{if gt .Activity.MergedPRPerc 0}}
+					<a href="#merged-pull-requests" class="table-cell tiny tw-bg-purple" style="width: {{.Activity.MergedPRPerc}}%"></a>
+				{{end}}
+				<a href="#proposed-pull-requests" class="table-cell tiny tw-bg-green"></a>
 			</div>
 			{{else}}
 			<div class="stats-table">
-				<a class="table-cell tiny background light grey"></a>
+				<a class="table-cell tiny tw-bg-grey"></a>
 			</div>
 			{{end}}
 			{{ctx.Locale.TrN .Activity.ActivePRCount "repo.activity.active_prs_count_1" "repo.activity.active_prs_count_n" .Activity.ActivePRCount}}
@ -40,8 +42,10 @@
 		<div class="column">
 			{{if gt .Activity.ActiveIssueCount 0}}
 			<div class="stats-table">
-				<a href="#closed-issues" class="table-cell tiny background red" style="width: {{.Activity.ClosedIssuePerc}}{{if ne .Activity.ClosedIssuePerc 0}}%{{end}}"></a>
-				<a href="#new-issues" class="table-cell tiny background green"></a>
+				{{if gt .Activity.ClosedIssuePerc 0}}
+					<a href="#closed-issues" class="table-cell tiny tw-bg-red" style="width: {{.Activity.ClosedIssuePerc}}%"></a>
+				{{end}}
+				<a href="#new-issues" class="table-cell tiny tw-bg-green"></a>
 			</div>
 			{{else}}
 			<div class="stats-table">
@ -108,7 +112,7 @@
 {{end}}

 {{if gt .Activity.PublishedReleaseCount 0}}
-	<h4 class="divider divider-text tw-normal-case" id="published-releases">
+	<h4 class="divider divider-text" id="published-releases">
 		{{svg "octicon-tag" 16 "tw-mr-2"}}
 		{{ctx.Locale.Tr "repo.activity.title.releases_published_by"
 			(ctx.Locale.TrN .Activity.PublishedReleaseCount "repo.activity.title.releases_1" "repo.activity.title.releases_n" .Activity.PublishedReleaseCount)
@ -130,7 +134,7 @@
 {{end}}

 {{if gt .Activity.MergedPRCount 0}}
-	<h4 class="divider divider-text tw-normal-case" id="merged-pull-requests">
+	<h4 class="divider divider-text" id="merged-pull-requests">
 		{{svg "octicon-git-pull-request" 16 "tw-mr-2"}}
 		{{ctx.Locale.Tr "repo.activity.title.prs_merged_by"
 			(ctx.Locale.TrN .Activity.MergedPRCount "repo.activity.title.prs_1" "repo.activity.title.prs_n" .Activity.MergedPRCount)
@ -149,7 +153,7 @@
 {{end}}

 {{if gt .Activity.OpenedPRCount 0}}
-	<h4 class="divider divider-text tw-normal-case" id="proposed-pull-requests">
+	<h4 class="divider divider-text" id="proposed-pull-requests">
 		{{svg "octicon-git-branch" 16 "tw-mr-2"}}
 		{{ctx.Locale.Tr "repo.activity.title.prs_opened_by"
 			(ctx.Locale.TrN .Activity.OpenedPRCount "repo.activity.title.prs_1" "repo.activity.title.prs_n" .Activity.OpenedPRCount)
@ -168,7 +172,7 @@
 {{end}}

 {{if gt .Activity.ClosedIssueCount 0}}
-	<h4 class="divider divider-text tw-normal-case" id="closed-issues">
+	<h4 class="divider divider-text" id="closed-issues">
 		{{svg "octicon-issue-closed" 16 "tw-mr-2"}}
 		{{ctx.Locale.Tr "repo.activity.title.issues_closed_from"
 			(ctx.Locale.TrN .Activity.ClosedIssueCount "repo.activity.title.issues_1" "repo.activity.title.issues_n" .Activity.ClosedIssueCount)
@ -187,7 +191,7 @@
 {{end}}

 {{if gt .Activity.OpenedIssueCount 0}}
-	<h4 class="divider divider-text tw-normal-case" id="new-issues">
+	<h4 class="divider divider-text" id="new-issues">
 		{{svg "octicon-issue-opened" 16 "tw-mr-2"}}
 		{{ctx.Locale.Tr "repo.activity.title.issues_created_by"
 			(ctx.Locale.TrN .Activity.OpenedIssueCount "repo.activity.title.issues_1" "repo.activity.title.issues_n" .Activity.OpenedIssueCount)
@ -206,7 +210,7 @@
 {{end}}

 {{if gt .Activity.UnresolvedIssueCount 0}}
-	<h4 class="divider divider-text tw-normal-case" id="unresolved-conversations" data-tooltip-content="{{ctx.Locale.Tr "repo.activity.unresolved_conv_desc"}}">
+	<h4 class="divider divider-text" id="unresolved-conversations" data-tooltip-content="{{ctx.Locale.Tr "repo.activity.unresolved_conv_desc"}}">
 		{{svg "octicon-comment-discussion" 16 "tw-mr-2"}}
 		{{ctx.Locale.TrN .Activity.UnresolvedIssueCount "repo.activity.title.unresolved_conv_1" "repo.activity.title.unresolved_conv_n" .Activity.UnresolvedIssueCount}}
 	</h4>
--- a/templates/repo/release/list.tmpl
+++ b/templates/repo/release/list.tmpl
@ -61,46 +61,49 @@
 						<div class="markup desc">
 							{{$release.RenderedNote}}
 						</div>
-						<div class="divider"></div>
-						<details class="download" {{if eq $idx 0}}open{{end}}>
-							<summary class="tw-my-4">
-								{{ctx.Locale.Tr "repo.release.downloads"}}
-							</summary>
-							<ul class="list">
-								{{$hasReleaseAttachment := gt (len $release.Attachments) 0}}
-								{{if and (not $.DisableDownloadSourceArchives) (not $release.IsDraft) ($.Permission.CanRead $.UnitTypeCode)}}
-									<li>
-										<a class="archive-link tw-flex-1" href="{{$.RepoLink}}/archive/{{$release.TagName | PathEscapeSegments}}.zip" rel="nofollow"><strong>{{svg "octicon-file-zip" 16 "tw-mr-1"}}{{ctx.Locale.Tr "repo.release.source_code"}} (ZIP)</strong></a>
-										<div class="tw-mr-1">
-											<span class="text grey">{{ctx.Locale.TrN .Release.ArchiveDownloadCount.Zip "repo.release.download_count_one" "repo.release.download_count_few" (ctx.Locale.PrettyNumber .Release.ArchiveDownloadCount.Zip)}}</span>
-										</div>
-										<span data-tooltip-content="{{ctx.Locale.Tr "repo.release.system_generated"}}">
-											{{svg "octicon-info"}}
-										</span>
-									</li>
-									<li class="{{if $hasReleaseAttachment}}start-gap{{end}}">
-										<a class="archive-link tw-flex-1" href="{{$.RepoLink}}/archive/{{$release.TagName | PathEscapeSegments}}.tar.gz" rel="nofollow"><strong>{{svg "octicon-file-zip" 16 "tw-mr-1"}}{{ctx.Locale.Tr "repo.release.source_code"}} (TAR.GZ)</strong></a>
-										<div class="tw-mr-1">
-											<span class="text grey">{{ctx.Locale.TrN .Release.ArchiveDownloadCount.TarGz "repo.release.download_count_one" "repo.release.download_count_few" (ctx.Locale.PrettyNumber .Release.ArchiveDownloadCount.TarGz)}}</span>
-										</div>
-										<span data-tooltip-content="{{ctx.Locale.Tr "repo.release.system_generated"}}">
-											{{svg "octicon-info"}}
-										</span>
-									</li>
-									{{if $hasReleaseAttachment}}<hr>{{end}}
-								{{end}}
-								{{range $release.Attachments}}
-									<li>
-										<a target="_blank" rel="nofollow" href="{{.DownloadURL}}" download>
-											<strong>{{svg "octicon-package" 16 "tw-mr-1"}}{{.Name}}</strong>
-										</a>
-										<div>
-											<span class="text grey">{{ctx.Locale.TrN .DownloadCount "repo.release.download_count_one" "repo.release.download_count_few" (ctx.Locale.PrettyNumber .DownloadCount)}} · {{.Size | ctx.Locale.TrSize}}</span>
-										</div>
-									</li>
-								{{end}}
-							</ul>
-						</details>
+						{{$hasReleaseAttachment := gt (len $release.Attachments) 0}}
+						{{$hasArchiveLinks := and (not $.DisableDownloadSourceArchives) (not $release.IsDraft) (not $release.HideArchiveLinks) ($.Permission.CanRead $.UnitTypeCode)}}
+						{{if or $hasArchiveLinks $hasReleaseAttachment}}
+							<div class="divider"></div>
+							<details class="download" {{if eq $idx 0}}open{{end}}>
+								<summary class="tw-my-4">
+									{{ctx.Locale.Tr "repo.release.downloads"}}
+								</summary>
+								<ul class="list">
+									{{if $hasArchiveLinks}}
+										<li>
+											<a class="archive-link tw-flex-1" href="{{$.RepoLink}}/archive/{{$release.TagName | PathEscapeSegments}}.zip" rel="nofollow"><strong>{{svg "octicon-file-zip" 16 "tw-mr-1"}}{{ctx.Locale.Tr "repo.release.source_code"}} (ZIP)</strong></a>
+											<div class="tw-mr-1">
+												<span class="text grey">{{ctx.Locale.TrN .Release.ArchiveDownloadCount.Zip "repo.release.download_count_one" "repo.release.download_count_few" (ctx.Locale.PrettyNumber .Release.ArchiveDownloadCount.Zip)}}</span>
+											</div>
+											<span data-tooltip-content="{{ctx.Locale.Tr "repo.release.system_generated"}}">
+												{{svg "octicon-info"}}
+											</span>
+										</li>
+										<li class="{{if $hasReleaseAttachment}}start-gap{{end}}">
+											<a class="archive-link tw-flex-1" href="{{$.RepoLink}}/archive/{{$release.TagName | PathEscapeSegments}}.tar.gz" rel="nofollow"><strong>{{svg "octicon-file-zip" 16 "tw-mr-1"}}{{ctx.Locale.Tr "repo.release.source_code"}} (TAR.GZ)</strong></a>
+											<div class="tw-mr-1">
+												<span class="text grey">{{ctx.Locale.TrN .Release.ArchiveDownloadCount.TarGz "repo.release.download_count_one" "repo.release.download_count_few" (ctx.Locale.PrettyNumber .Release.ArchiveDownloadCount.TarGz)}}</span>
+											</div>
+											<span data-tooltip-content="{{ctx.Locale.Tr "repo.release.system_generated"}}">
+												{{svg "octicon-info"}}
+											</span>
+										</li>
+										{{if $hasReleaseAttachment}}<hr>{{end}}
+									{{end}}
+									{{range $release.Attachments}}
+										<li>
+											<a target="_blank" rel="nofollow" href="{{.DownloadURL}}" download>
+												<strong>{{svg "octicon-package" 16 "tw-mr-1"}}{{.Name}}</strong>
+											</a>
+											<div>
+												<span class="text grey">{{ctx.Locale.TrN .DownloadCount "repo.release.download_count_one" "repo.release.download_count_few" (ctx.Locale.PrettyNumber .DownloadCount)}} · {{.Size | ctx.Locale.TrSize}}</span>
+											</div>
+										</li>
+									{{end}}
+								</ul>
+							</details>
+						{{end}}
 						<div class="dot"></div>
 					</div>
 				</li>
--- a/templates/repo/release/new.tmpl
+++ b/templates/repo/release/new.tmpl
@ -98,6 +98,15 @@
 						</div>
 					</div>
 					<span class="help">{{ctx.Locale.Tr "repo.release.prerelease_helper"}}</span>
+					{{if not .DisableDownloadSourceArchives}}
+						<div class="field">
+							<div class="ui checkbox">
+								<input type="checkbox" name="hide_archive_links" {{if .hide_archive_links}}checked{{end}}>
+								<label><strong>{{ctx.Locale.Tr "repo.release.hide_archive_links"}}</strong></label>
+							</div>
+						</div>
+						<span class="help">{{ctx.Locale.Tr "repo.release.hide_archive_links_helper"}}</span>
+					{{end}}
 					<div class="divider tw-mt-0"></div>
 					<div class="tw-flex tw-justify-end">
 						{{if .PageIsEditRelease}}
--- a/templates/repo/settings/lfs_file.tmpl
+++ b/templates/repo/settings/lfs_file.tmpl
@ -11,7 +11,7 @@
 					<a class="ui primary tiny button" href="{{.LFSFilesLink}}/find?oid={{.LFSFile.Oid}}&size={{.LFSFile.Size}}">{{ctx.Locale.Tr "repo.settings.lfs_findcommits"}}</a>
 				</div>
 			</h4>
-			<div class="ui attached table unstackable segment">
+			<div class="ui bottom attached table unstackable segment">
 				{{template "repo/unicode_escape_prompt" dict "EscapeStatus" .EscapeStatus "root" $}}
 				<div class="file-view{{if .IsMarkup}} markup {{.MarkupType}}{{else if .IsPlainText}} plain-text{{else if .IsTextFile}} code-view{{end}}">
 					{{if .IsMarkup}}
--- a/templates/repo/view_file.tmpl
+++ b/templates/repo/view_file.tmpl
@ -11,7 +11,7 @@
 	{{end}}

 	{{if not .ReadmeInList}}
-		<div id="repo-file-commit-box" class="ui top attached header list-header tw-mb-4 tw-flex tw-justify-between">
+		<div id="repo-file-commit-box" class="ui segment list-header tw-mb-4 tw-flex tw-justify-between">
 			<div class="latest-commit">
 				{{template "repo/latest_commit" .}}
 			</div>
@ -93,7 +93,7 @@
 			{{end}}
 		</div>
 	</h4>
-	<div class="ui attached table unstackable segment">
+	<div class="ui bottom attached table unstackable segment">
 		{{if not (or .IsMarkup .IsRenderedHTML)}}
 			{{template "repo/unicode_escape_prompt" dict "EscapeStatus" .EscapeStatus "root" $}}
 		{{end}}
--- a/Show more
+++ b/Show more
				`@ -0,0 +1 @@`
				The regression in the [`fogejo admin user create`](https://forgejo.org/docs/v7.0/admin/command-line/#admin-user-create) CLI command [is fixed](https://codeberg.org/forgejo/forgejo/issues/3399) and it is backward compatible.
				`@ -0,0 +1 @@`
				Fixed a bug where the `/api/v1/repos/{owner}/{repo}/wiki` API endpoints were using a hardcoded "master" branch for the wiki, rather than the branch they really use.
				`@ -0,0 +1 @@`
				`Save updated empty comments instead of skipping the update silently, [which prevented the removal of attachments of such comments](https://codeberg.org/forgejo/forgejo/issues/3424).`
				`@ -0,0 +1 @@`
				`Fixed bleve indexer failing when [fuzziness exceeds the maximum 2](https://codeberg.org/forgejo/forgejo/pulls/3444)`
				`@ -0,0 +1 @@`
				Fixed an error 500 when visiting [the LFS settings](https://codeberg.org/forgejo/forgejo/pulls/3451) at `/{owner}/{repo}/settings/lfs/find?oid=...`.