Releases · go-gitea/gitea

21 Jun 16:03

GiteaBot

v1.26.4

95ba37d

v1.26.4 Latest

Latest

SECURITY
- fix(auth): do not auto-reactivate disabled users on OAuth2 callback (#38009) (#38183)
BUGFIXES
- fix: walk git log context error handling (#38182) (#38185)

Instances on Gitea Cloud will be automatically upgraded to this version during the specified maintenance window.

Assets 126

gitea-1.26.4-darwin-10.12-amd64

sha256:8d63b25b92a2b75da26433244a4a2ab6ed59114d6bb49efc2e2c620b9d037768

113 MB 2026-06-21T16:03:35Z
gitea-1.26.4-darwin-10.12-amd64.asc

sha256:a1419190f1ff0214937b0bc13e038ee16e013252702c61daebaaa741bc171224

566 Bytes 2026-06-21T16:03:35Z
gitea-1.26.4-darwin-10.12-amd64.sha256

sha256:146d4bd567bc383a83d4a33bbe7acf6c591e0896c0eb3bfefd1e1277b07316f5

98 Bytes 2026-06-21T16:03:34Z
gitea-1.26.4-darwin-10.12-amd64.sha256.asc

sha256:792b778122e2f94709701bb1080f32dafe2908603c3ee15732fc37915434cb70

566 Bytes 2026-06-21T16:03:35Z
gitea-1.26.4-darwin-10.12-amd64.xz

sha256:38c89bd49d07092bdeed2f0fd0c032facbfe083929f4a4f61be49891e8fdfe08

38.6 MB 2026-06-21T16:03:34Z
gitea-1.26.4-darwin-10.12-amd64.xz.asc

sha256:3c1d45c519024fe4c4e6e3359f41c80688590c6ebc3eca6313a673298b615a8d

566 Bytes 2026-06-21T16:03:35Z
gitea-1.26.4-darwin-10.12-amd64.xz.sha256

sha256:7d6a999dfd1c08f646dc27dbe911e74df7ba5496a489db07b0336252d8e80eb9

101 Bytes 2026-06-21T16:03:35Z
gitea-1.26.4-darwin-10.12-amd64.xz.sha256.asc

sha256:805038494f6f18ba1fa4feff967132ab616a2ef91a788fee7939e430e9100989

566 Bytes 2026-06-21T16:03:35Z
gitea-1.26.4-darwin-10.12-arm64

sha256:b86287c1bcf624f64a15bc3cbe2d0f34e2e14b96ba4bce086feca2c97f37256d

106 MB 2026-06-21T16:03:35Z
gitea-1.26.4-darwin-10.12-arm64.asc

sha256:6628ad9872c793bef4e4fd6aa362ff14385beb190ddceae373502308cbdd9831

566 Bytes 2026-06-21T16:03:35Z
Source code (zip)

2026-06-22T06:26:26Z
Source code (tar.gz)

2026-06-22T06:26:26Z

20 Jun 20:55

GiteaBot

v1.26.3

4aa0d70

v1.26.3

Warning

Please upgrade to 1.26.4 directly. A regression in this release can cause "context deadline exceeded" errors when opening any repository's code pages (#38177). Please hold off on upgrading until a fix is released.

BREAKING
- fix(actions)!: require merged PR to bypass fork PR approval gate (#38010) (#38041)
SECURITY
- fix(hostmatcher): patch incorrect private list (#38170) (#38173)
- fix: Various security fixes (#38103) (#38151)
- fix: Various sec fixes (#38108) (#38147)
- fix: allow git clone of private repos with anonymous code access (#38074) (#38146)
- fix(auth): ignore stale OIDC external login links to organizations (#37875) (#38141)
- fix(hostmatcher): block reserved IP ranges from external/private filters (#38039) (#38059)
- fix(lfs): require Code-unit access for cross-repo LFS object reuse (#38006) (#38050)
- fix(lfs): reject unknown SSH LFS sub-verbs to prevent auth bypass (#38008) (#38015)
- fix: bound CODEOWNERS regex match time (#38011) (#38025)
- fix: bound debian ParseControlFile to a single control stanza (#38044) (#38055)
- fix(deps): update module golang.org/x/net to v0.55.0 [security] (#37813) (#37829)
API
- feat(api): add Link header in ListForks (#38052) (#38063)
BUGFIXES
- fix: Fix the panic when ssh remote lfs endpoint parsing failure (#38026) (#38158)
- fix(api): nil pointer panic when filtering tracked times by a non-existent user (#38112) (#38115)
- fix: keep literal "false" value displayed in workflow_dispatch choice dropdowns (#38080) (#38096)
- fix: parse HEAD ref (#38119)
- fix: git cmd (#38084) (#38087)
- fix(releases): generate notes for initial tag (#37697) (#37986)
- fix(actions): return 404 when job log blob is missing (#38003) (#38004)
- fix(actions): exclude workflow_call from workflow trigger detection (#37894) (#37899)
- fix(actions): keep action run title clickable when commit subject is a URL (#37867) (#37898)
- fix(actions): reject workflow_dispatch for workflows without that trigger (#37660) (#37895)
- fix(actions): ack re-sent UpdateLog finalize idempotently (#37885) (#37892)
- fix: http content file render (#37850) (#37856)
- fix(issues): clear stale ReviewTypeRequest when submitting pending review (#37809) (#37815)
- fix: Fix issue target branch selection for non-collaborators (#36916) (#38164)
BUILD
- fix(deps): update @playwright/test to 1.60.0 (#38144)
- ci: add tools/ci-tools.ts for the PR labeler workflow (#37831)
- fix(build): swagger css import (#37801) (#37803)

Instances on Gitea Cloud will be automatically upgraded to this version during the specified maintenance window.

Assets 126

20 May 18:51

GiteaBot

v1.26.2

2c749ce

v1.26.2

SECURITY
- fix(permissions): Fix reading permission (#37769)
- fix(actions): make artifact signature payloads unambiguous (#37707)
- fix: Unify public-only token filtering in API queries and repo access checks (#37118)
- fix: Add missed token scope checking (#37735)
- fix(oauth): bind token exchanges to the original client request (#37704)
- fix(oauth): strengthen PKCE validation and refresh token replay protection (#37706)
- fix(web): enforce token scopes on raw, media, and attachment downloads (#37698)
- fix(security): enforce wiki git writes and LFS token access at request time (#37695)
- feat(api): encrypt AWS creds (#37679)
- fix(deps): update dependency mermaid to v11.15.0 [security], add e2e test
- fix(packages): Add label for private and internal package and fix composor package source permission check (#37610)
- fix(git): Fix smart http request scope bug (#37583)
- Fix basic auth bug (#37503)
- Fix allow maintainer edit permission check (#37479) (#37484)
- Fix URL sanitization to handle schemeless credentials (#37440) (#37471)
- Fix attachment Content-Security-Policy (#37455) (#37464)
- chore(deps): bump go-git/go-git/v5 to 5.19.0 (#37608)
BUGFIXES
- fix(pull): handle empty pull request files view to allow reviews (#37783)
- fix(markup): make RenderString never fail (#37779)
- fix: add natural sort to sortTreeViewNodes (#37772)
- fix: package creation unique conflict (#37774)
- fix!: add DEFAULT_TITLE_SOURCE setting for pull request title default behavior (#37465)
- fix: Allow direct commits for unprotected files with push restrictions (#37657)
- fix(actions): wrong assumption that run id always >= job id (#37737)
- fix(auth): set User-Agent on avatar fetch and sync avatar on link-account register (#37564) (#37588)
- fix(actions): deadlock between PrepareRunAndInsert and UpdateTaskByState (#37692)
- fix(repo): /generate must sync the branch table for the new repo (#37693)
- build: Fix snap build (1.26)
- fix(actions): run TransferLogs on UpdateLog{Rows:[], NoMore:true} (#37631)
- fix show correct mergebase
- fix: make clone URL respect public URL detection setting (#37615)
- fix: "run as root" check (#37622)
- chore(deps): update dependency go to v1.26.3 (#37601)
- Compare dropdown fails when selecting branch with no common merge-base (#37470)
- fix: treat email addresses case-insensitively (#37600)
- fix(actions): fix blank lines after ::endgroup:: (#37597)
- fix(actions): report individual step status in workflow job API response (#37592)
- fix: Invalid UTF-8 commit messages in JSON API responses (#37542)
- fix: use consistent GetUser family functions (#37553)
- fix(api): return 409 message instead of empty JSON for wrong commit id (#37572)
- fix(actions): prevent panic when workflow contains null jobs (#37570)
- Make ServeSetHeaders default to download attachment if filename exists (#37552) (#37555)
- Fix(actions): validate workflow param to prevent 500 error (#37546) (#37554)
- Don't unblock run-level-concurrency-blocked runs in the resolver (#37461) (#37538)
- Fix(packages): use file names for generic web downloads (#37514) (#37520)
- Fix merge autodetect can't close other PRs but only the last one when multiple PRs are pushed at once (#37512) (#37516)
- Fix update branch protection order (#37508) (#37513)
- Fix mCaptcha broken after Vite migration (#37492) (#37509)
- Fix review submission from single-commit PR view (#37475) (#37485)
- Fix scheduled action panic with null event payload (#37459) (#37466)
- Make GetPossibleUserByID can handle deleted user (#37430) (#37431)
- Remove excessive quote from terraform instructions (#37424) (#37426)
- Fix color regressions, add priority color (#37417) (#37421)
MISC
- Add CurrentURL template variable back (#37444) (#37449)

Instances on Gitea Cloud will be automatically upgraded to this version during the specified maintenance window.

Assets 126

24 Apr 22:30

GiteaBot

v1.26.1

afdbd9b

v1.26.1

BUGFIXES
- Add event.schedule context for schedule actions task (#37320) (#37348)
- Fix an issue where changing an organization's visibility caused problems when users had forked its repositories. (#37324) (#37344)
- Use modern "git update-index --cacheinfo" syntax to support more file names (#37338) (#37343)
- Fix URL related escaping for oauth2 (#37334) (#37340)
- When the requested arch rpm is missing fall back to noarch (#37236) (#37339)
- Fix actions concurrency groups cross-branch leak (#37311) (#37331)
- Fix bug when accessing user badges (#37321) (#37329)
- Fix AppFullLink (#37325) (#37328)
- Fix container auth for public instance (#37290) (#37294)
- Enhance GetActionWorkflow to support fallback references (#37189) (#37283)
- Fix vite manifest update masking build errors (#37279) (#37310)
- Fix Mermaid diagrams failing when node labels contain line breaks (#37296) (#37299)
- Use TriggerEvent instead of Event in workflow runs API response for scheduled runs (#37288) #37360
- Add URL to Learn more about blocking a user. (#37355) #37367
- Fix button layout shift when collapsing file tree in editor (#37363) #37375
- Fix org team assignee/reviewer lookups for team member permissions (#37365) #37391
- Fix repo init README EOL (#37388) #37399
- Fix: dump with default zip type produces uncompressed zip (#37401)#37402

Instances on Gitea Cloud will be automatically upgraded to this version during the specified maintenance window.

Assets 126

18 Apr 20:23

GiteaBot

v1.26.0

9b9d1e3

v1.26.0

BREAKING
- Correct swagger annotations for enums, status codes, and notification state (#37030)
- Remove GET API registration-token (#36801)
- Support Actions concurrency syntax (#32751)
- Make PUBLIC_URL_DETECTION default to "auto" (#36955)
SECURITY
- Bound PageSize in ListUnadoptedRepositories (#36884)
FEATURES
- Support Actions concurrency syntax (#32751)
- Add terraform state registry (#36710)
- Instance-wide (global) info banner and maintenance mode (#36571)
- Support rendering OpenAPI spec (#36449)
- Add keyboard shortcuts for repository file and code search (#36416)
- Add support for archive-upload rpc (#36391)
- Add ability to download subpath archive (#36371)
- Add workflow dependencies visualization (#26062) (#36248) & Restyle Workflow Graph (#36912)
- Automatic generation of release notes (#35977)
- Add "Go to file", "Delete Directory" to repo file list page (#35911)
- Introduce "config edit-ini" sub command to help maintaining INI config file (#35735)
- Add button to re-run failed jobs in Actions (#36924)
- Support actions and reusable workflows from private repos (#32562)
- Add summary to action runs view (#36883)
- Add user badges (#36752)
- Add configurable permissions for Actions automatic tokens (#36173)
- Add per-runner "Disable/Pause" (#36776)
- Feature non-zipped actions artifacts (action v7 / nodejs / npm v6.2.0) (#36786)
PERFORMANCE
- WorkflowDispatch API optionally return runid (#36706)
- Add render cache for SVG icons (#36863)
- Load mentionValues asynchronously (#36739)
- Lazy-load some Vue components, fix heatmap chunk loading on every page (#36719)
- Load heatmap data asynchronously (#36622)
- Use prev/next pagination for user profile activities page to speed up (#36642)
- Refactor cat-file batch operations and support --batch-command approach (#35775)
- Use merge tree to detect conflicts when possible (#36400)
ENHANCEMENTS
- Implement logout redirection for reverse proxy auth setups (#36085) (#37171)
- Adds option to force update new branch in contents routes (#35592)
- Add viewer controller for mermaid (zoom, drag) (#36557)
- Add code editor setting dropdowns (#36534)
- Add elk layout support to mermaid (#36486)
- Add resolve/unresolve review comment API endpoints (#36441)
- Allow configuring default PR base branch (fixes #36412) (#36425)
- Add support for RPM Errata (updateinfo.xml) (#37125)
- Require additional user confirmation for making repo private (#36959)
- Add actions.WORKFLOW_DIRS setting (#36619)
- Avoid opening new tab when downloading actions logs (#36740)
- Implements OIDC RP-Initiated Logout (#36724)
- Show workflow link (#37070)
- Desaturate dark theme background colors (#37056)
- Refactor "org teams" page and help new users to "add member" to an org (#37051)
- Add webhook name field to improve webhook identification (#37025) (#37040)
- Make task list checkboxes clickable in the preview tab (#37010)
- Improve severity labels in Actions logs and tweak colors (#36993)
- Linkify URLs in Actions workflow logs (#36986)
- Allow text selection on checkbox labels (#36970)
- Support dark/light theme images in markdown (#36922)
- Enable native dark mode for swagger-ui (#36899)
- Rework checkbox styling, remove input border hover effect (#36870)
- Refactor storage content-type handling of ServeDirectURL (#36804)
- Use "Enable Gravatar" but not "Disable" (#36771)
- Use case-insensitive matching for Git error "Not a valid object name" (#36728)
- Add "Copy Source" to markup comment menu (#36726)
- Change image transparency grid to CSS (#36711)
- Add "Run" prefix for unnamed action steps (#36624)
- Persist actions log time display settings in localStorage (#36623)
- Use first commit title for multi-commit PRs and fix auto-focus title field (#36606)
- Improve BuildCaseInsensitiveLike with lowercase (#36598)
- Improve diff highlighting (#36583)
- Exclude cancelled runs from failure-only email notifications (#36569)
- Use full-file highlighting for diff sections (#36561)
- Color command/error logs in Actions log (#36538)
- Add paging headers (#36521)
- Improve timeline entries for WIP prefix changes in pull requests (#36518)
- Add FOLDER_ICON_THEME configuration option (#36496)
- Normalize guessed languages for code highlighting (#36450)
- Add chunked transfer encoding support for LFS uploads (#36380)
- Indicate when only optional checks failed (#36367)
- Add 'allow_maintainer_edit' API option for creating a pull request (#36283)
- Support closing keywords with URL references (#36221)
- Improve diff file headers (#36215)
- Fix and enhance comment editor monospace toggle (#36181)
- Add git.DIFF_RENAME_SIMILARITY_THRESHOLD option (#36164)
- Add matching pair insertion to markdown textarea (#36121)
- Add sorting/filtering to admin user search API endpoint (#36112)
- Allow action user have read permission in public repo like other user (#36095)
- Disable matchBrackets in monaco (#36089)
- Use GitHub-style commit message for squash merge (#35987)
- Make composer registry support tar.gz and tar.bz2 and fix bugs (#35958)
- Add GITEA_PR_INDEX env variable to githooks (#35938)
- Add proper error message if session provider can not be created (#35520)
- Add button to copy file name in PR files (#35509)
- Move X_FRAME_OPTIONS setting from cors to security section (#30256)
- Add placeholder content for empty content page (#37114)
- Add DEFAULT_DELETE_BRANCH_AFTER_MERGE setting (#36917)
- Redirect to the only OAuth2 provider when no other login methods and fix various problems (#36901)
- Add admin badge to navbar avatar (#36790)
- Add never option to PUBLIC_URL_DETECTION configuration (#36785)
- Add background and run count to actions list page (#36707)
- Add icon to buttons "Close with Comment", "Close Pull Request", "Close Issue" (#36654)
- Add support for in_progress event in workflow_run webhook (#36979)
- Report commit status for pull_request_review events (#36589)
- Render merged pull request title as such in dashboard feed (#36479)
- Feature to be able to filter project boards by milestones (#36321)
- Use user id in noreply emails (#36550)
- Enable pagination on GiteaDownloader.getIssueReactions() (#36549)
- Remove striped tables in UI (#36509)
- Improve control char rendering and escape button styling (#37094)
- Support legacy run/job index-based URLs and refactor migration 326 (#37008)
- Add date to "No Contributions" tooltip (#36190)
- Show edit page confirmation dialog on tree view file change (#36130)
- Mention proc-receive in text for dashboard.resync_all_hooks func (#35991)
- Reuse selectable style for wiki (#35990)
- Support blue yellow colorblind theme (#35910)
- Support selecting theme on the footer (#35741)
- Improve online runner check (#35722)
- Add quick approve button on PR page (#35678)
- Enable commenting on expanded lines in PR diffs (#35662)
- Print PR-Title into tooltip for actions (#35579)
- Use explicit, stronger defaults for newly generated repo signing keys for Debian (#36236)
- Improve the compare page (#36261)
- Unify repo names in system notices (#36491)
- Move package settings to package instead of being tied to version (#37026)
- Add Actions API rerun endpoints for runs and jobs (#36768)
- Add branch_count to repository API (#35351) (#36743)
- Add created_by filter to SearchIssues (#36670)
- Allow admins to rename non-local users (#35970)
- Support updating branch via API (#35951)
- Add an option to automatically verify SSH keys from LDAP (#35927)
- Make "update file" API can create a new file when SHA is not set (#35738)
- Update issue.go with labels documentation (labels content, not ids) (#35522)
- Expose content_version for optimistic locking on issue and PR edits (#37035)
- Pass ServeHeaderOptions by value instead of pointer, fine tune httplib tests (#36982)
BUGFIXES
- Frontend iframe renderer framework: 3D models, OpenAPI (#37233) (#37273)
- Fix CODEOWNERS absolute path matching. (#37244) (#37264)
- Swift registry metadata: preserve more JSON fields and accept empty metadata (#37254) (#37261)
- Fix user ssh key exporting and tests (#37256) (#37258)
- Fix team member avatar size and add tooltip (#37253)
- Fix commit title rendering in action run and blame (#37243) (#37251)
- Fix corrupted JSON caused by goccy library (#37214) (#37220)
- Add test for "fetch redirect", add CSS value validation for external render (#37207) (#37216)
- Fix incorrect concurrency check (#37205) (#37215)
- Fix handle missing base branch in PR commits API (#37193) (#37203)
- Fix encoding for Matrix Webhooks (#37190) (#37201)
- Fix handle fork-only commits in compare API (#37185) (#37199)
- Indicate form field readonly via background, fix RunUser config (#37175, #37180) (#37178)
- Report structurally invalid workflows to users (#37116) (#37164)
- Fix API not persisting pull request unit config when has_pull_requests is not set (#36718)
- Rename CSS variables and improve colorblind themes (#36353)
- Hide add-matcher and remove-matcher from actions job logs (#36520)
- Prevent navigation keys from triggering actions during IME composition (#36540)
- Fix vertical alignment of .commit-sign-badge children (#36570)
- Fix duplicate startup warnings in admin panel (#36641)
- Fix CODEOWNERS review request attribution using comment metadata (#36348)
- Fix HTML tags appearing in wiki table of contents (#36284)
- Fix various bugs (#37096)
- Fix various legacy problems (#37092)
- Fix RPM Registry 404 when package name contains 'package' (#37087)
- Merge some standalone Vite entries into...

Assets 126

08 Apr 04:58

GiteaBot

v1.26.0-rc0

1ad9e99

v1.26.0-rc0 Pre-release

Pre-release

BREAKING
- Correct swagger annotations for enums, status codes, and notification state (#37030)
- Remove GET API registration-token (#36801)
- Support Actions concurrency syntax (#32751)
- Make PUBLIC_URL_DETECTION default to "auto" (#36955)
SECURITY
- Bound PageSize in ListUnadoptedRepositories (#36884)
FEATURES
- Support Actions concurrency syntax (#32751)
- Add terraform state registry (#36710)
- Instance-wide (global) info banner and maintenance mode (#36571)
- Support rendering OpenAPI spec (#36449)
- Add keyboard shortcuts for repository file and code search (#36416)
- Add support for archive-upload rpc (#36391)
- Add ability to download subpath archive (#36371)
- Add workflow dependencies visualization (#26062) (#36248) & Restyle Workflow Graph (#36912)
- Automatic generation of release notes (#35977)
- Add "Go to file", "Delete Directory" to repo file list page (#35911)
- Introduce "config edit-ini" sub command to help maintaining INI config file (#35735)
- Add button to re-run failed jobs in Actions (#36924)
- Support actions and reusable workflows from private repos (#32562)
- Add summary to action runs view (#36883)
- Add user badges (#36752)
- Add configurable permissions for Actions automatic tokens (#36173)
- Add per-runner “Disable/Pause” (#36776)
PERFORMANCE
- WorkflowDispatch API optionally return runid (#36706)
- Add render cache for SVG icons (#36863)
- Load mentionValues asynchronously (#36739)
- Lazy-load some Vue components, fix heatmap chunk loading on every page (#36719)
- Load heatmap data asynchronously (#36622)
- Use prev/next pagination for user profile activities page to speed up (#36642)
- Refactor cat-file batch operations and support --batch-command approach (#35775)
- Use merge tree to detect conflicts when possible (#36400)
ENHANCEMENTS
- Adds option to force update new branch in contents routes (#35592)
- Add viewer controller for mermaid (zoom, drag) (#36557)
- Add code editor setting dropdowns (#36534)
- Add elk layout support to mermaid (#36486)
- Add resolve/unresolve review comment API endpoints (#36441)
- Allow configuring default PR base branch (fixes #36412) (#36425)
- Add support for RPM Errata (updateinfo.xml) (#37125)
- Require additional user confirmation for making repo private (#36959)
- Feature non-zipped actions artifacts (action v7 / nodejs / npm v6.2.0) (#36786)
- Add actions.WORKFLOW_DIRS setting (#36619)
- Avoid opening new tab when downloading actions logs (#36740)
- Implements OIDC RP-Initiated Logout (#36724)
- Show workflow link (#37070)
- Desaturate dark theme background colors (#37056)
- Refactor "org teams" page and help new users to "add member" to an org (#37051)
- Add webhook name field to improve webhook identification (#37025) (#37040)
- Make task list checkboxes clickable in the preview tab (#37010)
- Improve severity labels in Actions logs and tweak colors (#36993)
- Linkify URLs in Actions workflow logs (#36986)
- Allow text selection on checkbox labels (#36970)
- Support dark/light theme images in markdown (#36922)
- Enable native dark mode for swagger-ui (#36899)
- Rework checkbox styling, remove input border hover effect (#36870)
- Refactor storage content-type handling of ServeDirectURL (#36804)
- Use "Enable Gravatar" but not "Disable" (#36771)
- Use case-insensitive matching for Git error "Not a valid object name" (#36728)
- Add “Copy Source” to markup comment menu (#36726)
- Change image transparency grid to CSS (#36711)
- Add "Run" prefix for unnamed action steps (#36624)
- Persist actions log time display settings in localStorage (#36623)
- Use first commit title for multi-commit PRs and fix auto-focus title field (#36606)
- Improve BuildCaseInsensitiveLike with lowercase (#36598)
- Improve diff highlighting (#36583)
- Exclude cancelled runs from failure-only email notifications (#36569)
- Use full-file highlighting for diff sections (#36561)
- Color command/error logs in Actions log (#36538)
- Add paging headers (#36521)
- Improve timeline entries for WIP prefix changes in pull requests (#36518)
- Add FOLDER_ICON_THEME configuration option (#36496)
- Normalize guessed languages for code highlighting (#36450)
- Add chunked transfer encoding support for LFS uploads (#36380)
- Indicate when only optional checks failed (#36367)
- Add 'allow_maintainer_edit' API option for creating a pull request (#36283)
- Support closing keywords with URL references (#36221)
- Improve diff file headers (#36215)
- Fix and enhance comment editor monospace toggle (#36181)
- Add git.DIFF_RENAME_SIMILARITY_THRESHOLD option (#36164)
- Add matching pair insertion to markdown textarea (#36121)
- Add sorting/filtering to admin user search API endpoint (#36112)
- Allow action user have read permission in public repo like other user (#36095)
- Disable matchBrackets in monaco (#36089)
- Use GitHub-style commit message for squash merge (#35987)
- Make composer registry support tar.gz and tar.bz2 and fix bugs (#35958)
- Add GITEA_PR_INDEX env variable to githooks (#35938)
- Add proper error message if session provider can not be created (#35520)
- Add button to copy file name in PR files (#35509)
- Move X_FRAME_OPTIONS setting from cors to security section (#30256)
- Add placeholder content for empty content page (#37114)
- Add DEFAULT_DELETE_BRANCH_AFTER_MERGE setting (#36917)
- Redirect to the only OAuth2 provider when no other login methods and fix various problems (#36901)
- Add admin badge to navbar avatar (#36790)
- Add never option to PUBLIC_URL_DETECTION configuration (#36785)
- Add background and run count to actions list page (#36707)
- Add icon to buttons "Close with Comment", "Close Pull Request", "Close Issue" (#36654)
- Add support for in_progress event in workflow_run webhook (#36979)
- Report commit status for pull_request_review events (#36589)
- Render merged pull request title as such in dashboard feed (#36479)
- Feature to be able to filter project boards by milestones (#36321)
- Use user id in noreply emails (#36550)
- Enable pagination on GiteaDownloader.getIssueReactions() (#36549)
- Remove striped tables in UI (#36509)
- Improve control char rendering and escape button styling (#37094)
- Support legacy run/job index-based URLs and refactor migration 326 (#37008)
- Add date to "No Contributions" tooltip (#36190)
- Show edit page confirmation dialog on tree view file change (#36130)
- Mention proc-receive in text for dashboard.resync_all_hooks func (#35991)
- Reuse selectable style for wiki (#35990)
- Support blue yellow colorblind theme (#35910)
- Support selecting theme on the footer (#35741)
- Improve online runner check (#35722)
- Add quick approve button on PR page (#35678)
- Enable commenting on expanded lines in PR diffs (#35662)
- Print PR-Title into tooltip for actions (#35579)
- Use explicit, stronger defaults for newly generated repo signing keys for Debian (#36236)
- Improve the compare page (#36261)
- Unify repo names in system notices (#36491)
- Move package settings to package instead of being tied to version (#37026)
- Add Actions API rerun endpoints for runs and jobs (#36768)
- Add branch_count to repository API (#35351) (#36743)
- Add created_by filter to SearchIssues (#36670)
- Allow admins to rename non-local users (#35970)
- Support updating branch via API (#35951)
- Add an option to automatically verify SSH keys from LDAP (#35927)
- Make "update file" API can create a new file when SHA is not set (#35738)
- Update issue.go with labels documentation (labels content, not ids) (#35522)
- Expose content_version for optimistic locking on issue and PR edits (#37035)
- Pass ServeHeaderOptions by value instead of pointer, fine tune httplib tests (#36982)
BUGFIXES
- Fix API not persisting pull request unit config when has_pull_requests is not set (#36718)
- Rename CSS variables and improve colorblind themes (#36353)
- Hide add-matcher and remove-matcher from actions job logs (#36520)
- Prevent navigation keys from triggering actions during IME composition (#36540)
- Fix vertical alignment of .commit-sign-badge children (#36570)
- Fix duplicate startup warnings in admin panel (#36641)
- Fix CODEOWNERS review request attribution using comment metadata (#36348)
- Fix HTML tags appearing in wiki table of contents (#36284)
- Fix various bugs (#37096)
- Fix various legacy problems (#37092)
- Fix RPM Registry 404 when package name contains 'package' (#37087)
- Merge some standalone Vite entries into index.js (#37085)
- Fix various problems (#37077)
- Fix issue label deletion with Actions tokens (#37013)
- Hide delete branch or tag buttons in mirror or archived repositories. (#37006)
- Fix org contact email not clearable once set (#36975)
- Fix a bug when forking a repository in an organization (#36950)
- Preserve sort order of exclusive labels from template repo (#36931)
- Make container registry support Apple Container (basic auth) (#36920)
- Fix the wrong push commits in the pull request when force push (#36914)
- Add class "list-header-filters" to the div for projects (#36889)
- Fix dbfs error handling (#36844)
- Fix incorrect viewed files counter if reverted change was viewed (#36819)
- Refactor avatar package, support default avatar fallback (#36788)
- Fix README symlink resolution in subdirectories like .github (#36775)
- Fix CSS stacking context issue in actions log (#36749)
- Add gpg signing for merge rebase and update by rebase (#36701)
- Delete non-exist branch should return 404 (#36694)
- Fix `TestActionsCollab...

Assets 126

13 Mar 02:31

GiteaBot

v1.25.5

f913d90

v1.25.5

SECURITY
- Toolchain Update to Go 1.25.6 (#36480) (#36487)
- Adjust the toolchain version (#36537) (#36542)
- Update toolchain to 1.25.8 for v1.25 (#36888)
- Prevent redirect bypasses via backslash-encoded paths (#36660) (#36716)
- Fix get release draft permission check (#36659) (#36715)
- Fix a bug user could change another user's primary email (#36586) (#36607)
- Fix OAuth2 authorization code expiry and reuse handling (#36797) (#36851)
- Add validation constraints for repository creation fields (#36671) (#36757)
- Fix bug to check whether user can update pull request branch or rebase branch (#36465) (#36838)
- Add migration http transport for push/sync mirror lfs (#36665) (#36691)
- Fix track time list permission check (#36662) (#36744)
- Fix track time issue id (#36664) (#36689)
- Fix path resolving (#36734) (#36746)
- Fix dump release asset bug (#36799) (#36839)
- Fix org permission API visibility checks for hidden members and private orgs (#36798) (#36841)
- Fix forwarded proto handling for public URL detection (#36810) (#36836)
- Add a git grep search timeout (#36809) (#36835)
- Fix oauth2 s256 (#36462) (#36477)
ENHANCEMENTS
- Make security-check informational only (#36681) (#36852)
- Upgrade to github.com/cloudflare/circl 1.6.3, svgo 4.0.1, markdownlint-cli 0.48.0 (#36840)
- Add some validation on values provided to USER_DISABLED_FEATURES and EXTERNAL_USER_DISABLED_FEATURES (#36688) (#36692)
- Upgrade gogit to 5.16.5 (#36687)
- Add wrap to runner label list (#36565) (#36574)
- Add dnf5 command for Fedora in RPM package instructions (#36527) (#36572)
- Allow scroll propagation outside code editor (#36502) (#36510)
BUGFIXES
- Fix non-admins unable to automerge PRs from forks (#36833) (#36843)
- Fix bug when pushing mirror with wiki (#36795) (#36807)
- Fix artifacts v4 backend upload problems (#36805) (#36834)
- Fix CRAN package version validation to allow more than 4 version components (#36813) (#36821)
- Fix force push time-line commit comments of pull request (#36653) (#36717)
- Fix SVG height calculation in diff viewer (#36748) (#36750)
- Fix push time bug (#36693) (#36713)
- Fix bug the protected branch rule name is conflicted with renamed branch name (#36650) (#36661)
- Fix bug when do LFS GC (#36500) (#36608)
- Fix focus lost bugs in the Monaco editor (#36609)
- Reprocess htmx content after loading more files (#36568) (#36577)
- Fix assignee sidebar links and empty placeholder (#36559) (#36563)
- Fix issues filter dropdown showing empty label scope section (#36535) (#36544)
- Fix various mermaid bugs (#36547) (#36552)
- Fix data race when uploading container blobs concurrently (#36524) (#36526)
- Correct spacing between username and bot label (#36473) (#36484)

Instances on Gitea Cloud will be automatically upgraded to this version during the specified maintenance window.

Assets 126

22 Jan 01:43

GiteaBot

v1.25.4

369830b

v1.25.4

SECURITY
- Release attachments must belong to the intended repo (#36347) (#36375)
- Fix permission check on org project operations (#36318) (#36373)
- Clean watches when make a repository private and check permission when send release emails (#36319) (#36370)
- Add more check for stopwatch read or list (#36340) (#36368)
- Fix openid setting check (#36346) (#36361)
- Fix cancel auto merge bug (#36341) (#36356)
- Fix delete attachment check (#36320) (#36355)
- LFS locks must belong to the intended repo (#36344) (#36349)
- Fix bug on notification read (#36339) #36387
ENHANCEMENTS
- Add more routes to the "expensive" list (#36290)
- Make "commit statuses" API accept slashes in "ref" (#36264) (#36275)
BUGFIXES
- Fix markdown newline handling during IME composition (#36421) #36424
- Fix missing repository id when migrating release attachments (#36389)
- Fix bug when compare in the pull request (#36363) (#36372)
- Fix incorrect text content detection (#36364) (#36369)
- Fill missing has_code in repository api (#36338) (#36359)
- Fix notifications pagination query parameters (#36351) (#36358)
- Fix some trivial problems (#36336) (#36337)
- Prevent panic when GitLab release has more links than sources (#36295) (#36305)
- Fix stats bug when syncing release (#36285) (#36294)
- Always honor user's choice for "delete branch after merge" (#36281) (#36286)
- Use the requested host for LFS links (#36242) (#36258)
- Fix panic when get editor config file (#36241) (#36247)
- Fix regression in writing authorized principals (#36213) (#36218)
- Fix WebAuthn error checking (#36219) (#36235)

Instances on Gitea Cloud will be automatically upgraded to this version during the specified maintenance window.

Assets 110

18 Dec 18:11

GiteaBot

v1.25.3

9a7cfd8

v1.25.3

SECURITY
- Bump toolchain to go1.25.5, misc fixes (#36082)
ENHANCEMENTS
- Add strikethrough button to markdown editor (#36087) (#36104)
- Add "site admin" back to profile menu (#36010) (#36013)
- Improve math rendering (#36124) (#36125)
BUGFIXES
- Check user visibility when redirecting to a renamed user (#36148) (#36159)
- Fix various bugs (#36139) (#36151)
- Fix bug when viewing the commit diff page with non-ANSI files (#36149) (#36150)
- Hide RSS icon when viewing a file not under a branch (#36135) (#36141)
- Fix SVG size calulation, only use style attribute (#36133) (#36134)
- Make Golang correctly delete temp files during uploading (#36128) (#36129)
- Fix the bug when ssh clone with redirect user or repository (#36039) (#36090)
- Use Golang net/smtp instead of gomail's smtp to send email (#36055) (#36083)
- Fix edit user email bug in API (#36068) (#36081)
- Fix bug when updating user email (#36058) (#36066)
- Fix incorrect viewed files counter if file has changed (#36009) (#36047)
- Fix container registry error handling (#36021) (#36037)
- Fix webAuthn insecure error view (#36165) (#36179)
- Fix some file icon ui (#36078) (#36088)
- Fix Actions pull_request.paths being triggered incorrectly by rebase (#36045) (#36054)
- Fix error handling in mailer and wiki services (#36041) (#36053)
- Fix bugs when comparing and creating pull request (#36166) (#36144)

Instances on Gitea Cloud will be automatically upgraded to this version during the specified maintenance window.

Assets 110

22 Nov 19:37

GiteaBot

v1.25.2

eaa916a

v1.25.2

SECURITY
- Upgrade golang.org/x/crypto to 0.45.0 (#35985) (#35988)
- Fix various permission & login related bugs (#36002) (#36004)
ENHANCEMENTS
- Display source code downloads last for release attachments (#35897) (#35903)
- Change project default column icon to 'star' (#35967) (#35979)
BUGFIXES
- Allow empty commit when merging pull request with squash style (#35989) (#36003)
- Fix container push tag overwriting (#35936) (#35954)
- Fix corrupted external render content (#35946) and upgrade golang.org/x packages (#35950)
- Limit reading bytes instead of ReadAll (#35928) (#35934)
- Use correct form field for allowed force push users in branch protection API (#35894) (#35908)
- Fix team member access check (#35899) (#35905)
- Fix conda null depend issue (#35900) (#35902)
- Set the dates to now when not specified by the caller (#35861) (#35874)
- Fix gogit ListEntriesRecursiveWithSize (#35862)
- Misc CSS fixes (#35888) (#35981)
- Don't show unnecessary error message to end users for DeleteBranchAfterMerge (#35937) (#35941)
- Load jQuery as early as possible to support custom scripts (#35926) (#35929)
- Allow to display embed images/pdfs when SERVE_DIRECT was enabled on MinIO storage (#35882) (#35917)
- Make OAuth2 issuer configurable (#35915) (#35916)
- Fix #35763: Add proper page title for project pages (#35773) (#35909)
- Fix avatar upload error handling (#35887) (#35890)
- Contribution heatmap improvements (#35876) (#35880)
- Remove padding override on .ui .sha.label (#35864) (#35873)
- Fix pull description code label background (#35865) (#35870)

Instances on Gitea Cloud will be automatically upgraded to this version during the specified maintenance window.

Assets 110

Uh oh!

Uh oh!

Releases: go-gitea/gitea

v1.26.4

Uh oh!

v1.26.3

Uh oh!

v1.26.2

Uh oh!

v1.26.1

Uh oh!

v1.26.0

Uh oh!

v1.26.0-rc0

Uh oh!

v1.25.5

Uh oh!

v1.25.4

Uh oh!

v1.25.3

Uh oh!

v1.25.2

Uh oh!