mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2026-07-13 04:58:46 +00:00
https://codeberg.org/forgejo/forgejo/milestone/86949 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13033 Reviewed-by: 0ko <0ko@noreply.codeberg.org>
16 KiB
16 KiB
Release notes
- Security bug fixes
- PR: - fix: prevent stored XSS in user display name on Actions page
- PR: - fix: LFS locks must belong to the intended repo, port from Gitea
- PR: - fix: prevent unauthorized access to draft releases via API
- PR: - fix: prevent writes to OpenID visibility which may affect other users
- PR: - fix: prevent viewing private PRs that are linked to public issues on public projects
- PR (backported): fix: do not migrate confidential issues and internal notes from Gitlab
- User Interface features
- PR (backported): fix: improve visibility of mismatched repository & package visibility
- User Interface bug fixes
- PR (backported): fix: display the actions trust management panel on merged and closed pull requests
- PR (backported): fix(ui): improve contrast of checkboxes in markup
- PR (backported): fix(ui): hide some disallowed actions that lead to 404 errors in archived repos
- PR (backported): fix(ui): do not clip overflow in workflow dispatch menu
- PR (backported): fix: show the actions trust management panel when runs from trusted users are pending approval
- PR (backported): fix: always display the pull request merge box if there are actions pending approval
- PR (backported): fix(ui): fix typo in issue sort dropdown; relevance was misnamed as relevency
- PR (backported): fix: do not hide previous attempts without task for latest attempt
- PR (backported): fix(ui): use URL query escaping for SSH key verification reload token link
- Features
- PR: Update module ini to v1.67.3 to improve config parse performance
- Bug fixes
- PR (backported): fix(doctor): ensure the doctor runs with the same settings.AppPath as Forgejo
- PR (backported): fix: make email token extraction case-insensitive (#12436)
- PR (backported): fix: cancel dependent jobs when rerunning jobs
- PR (backported): fix: check quota in LFS uploads against the repository owner, not operating user
- PR (backported): fix: load repo language for converting to api struct
- PR (backported): fix: debian package cleanup failure due to xorm connection corruption
- PR (backported): fix: workflow with pull_request trigger and path filter not run when merging
- PR (backported): fix: update statuses in phases to prevent out of order updates from stalling workflows
- PR (backported): fix: return 404 instead of 500 for non-existing SHA in commit status endpoint
- PR (backported): fix(issue-search): single exclude query was erroneosly considered as must
- PR (backported): fix: remove link to artefacts that have expired
- PR (backported): fix: wipe run artifacts before rerun (#12523)
- Included for completeness but not user-facing (chores, etc.)
- PR: Update playwright monorepo to v1.60.0 (v15.0/forgejo)
- PR: Update go toolchain directive to v1.26.4 [SECURITY] (v15.0/forgejo)
- PR (backported): refactor(tests): use forgery.CreateRepository in more places
- PR (backported): refactor(forgery): CreateProject helper to reduce dependency on global fixture when testing
- PR (backported): fix: keep run in sync when rerunning individual jobs
- PR: Update module golang.org/x/image to v0.41.0 [SECURITY] (v15.0/forgejo)
- PR: fix:
make tidy-checkfailure after recent merges - PR: Update module code.forgejo.org/forgejo/runner/v12 to v12.10.2 (v15.0/forgejo)
- PR (backported): chore: replace
github.com/robfig/cron/v3(#12365) - PR (backported): fix: adds missing AppSubUrl to the webmanifest's location
- PR: Update module golang.org/x/net to v0.55.0 [SECURITY] (v15.0/forgejo)
- PR: Update module golang.org/x/crypto to v0.52.0 [SECURITY] (v15.0/forgejo)
- PR: Update module code.forgejo.org/forgejo/levelqueue to v1.1.0 (v15.0/forgejo)
- PR (backported): chore: tidy up uploading migration code
- PR: Update module code.forgejo.org/forgejo/runner/v12 to v12.10.1 (v15.0/forgejo)
- PR (backported): fix: make the fork API respect CanCreateOrgRepo policy
- PR (backported): fix(e2e): Race condition in dialog modal test
- PR (backported): tests: better factory with forgery package
- PR (backported): refactor: delegate to service for run cancellation (#12142)
- PR (backported): fix(e2e): Dialog modal max-width rendering failure
- PR (backported): refactor: move rerun logic to services