gitforge/release-notes-published/11.0.15.md
2026-06-10 07:43:34 +02:00

3.1 KiB

Release notes

  • Security bug fixes
    • PR: - fix: LFS locks must belong to the intended repo, port from Gitea
    • PR: - fix: prevent unauthorized access to draft releases via API
    • PR: - fix: prevent writes to OpenID visibility which may affect other users
    • PR: - fix: prevent viewing private PRs that are linked to public issues on public projects
  • Included for completeness but not user-facing (chores, etc.)
    • PR: chore(deps): Update playwright to v1.60.0
    • PR: Update go toolchain directive to v1.25.11 [SECURITY] (v11.0/forgejo)
    • PR: Update module golang.org/x/image to v0.41.0 [SECURITY] (v11.0/forgejo)
    • PR: Update module golang.org/x/net to v0.55.0 [SECURITY] (v11.0/forgejo)
    • PR: Update module golang.org/x/crypto to v0.52.0 [SECURITY] (v11.0/forgejo)
    • PR (backported): fix: make the fork API respect CanCreateOrgRepo policy