v1.25.4

Security

Release attachments and LFS locks must now belong to the intended repo

Org project operations permission check added

Watches cleaned when repository is made private; permission checked on release emails

Stopwatch read/list operations require additional validation

OpenID setting check fixed

Auto-merge cancellation bug fixed

Attachment deletion permission check added

Notification read permission bug fixed

Fixes

Markdown newline handling during IME composition

Missing repository ID when migrating release attachments

Pull request comparison bug

Text content detection accuracy

Missing has_code field in repository API responses

Notifications pagination query parameters

GitLab release import panics with multiple links

Release sync stats calculation

"Delete branch after merge" now respects user preference

LFS links now use requested host

EditorConfig file retrieval panic

SSH authorized principals regression

WebAuthn error handling

SECURITY
- Release attachments must belong to the intended repo (#36347) (#36375)
- Fix permission check on org project operations (#36318) (#36373)
- Clean watches when make a repository private and check permission when send release emails (#36319) (#36370)
- Add more check for stopwatch read or list (#36340) (#36368)
- Fix openid setting check (#36346) (#36361)
- Fix cancel auto merge bug (#36341) (#36356)
- Fix delete attachment check (#36320) (#36355)
- LFS locks must belong to the intended repo (#36344) (#36349)
- Fix bug on notification read (#36339) #36387
ENHANCEMENTS
- Add more routes to the "expensive" list (#36290)
- Make "commit statuses" API accept slashes in "ref" (#36264) (#36275)
BUGFIXES
- Fix markdown newline handling during IME composition (#36421) #36424
- Fix missing repository id when migrating release attachments (#36389)
- Fix bug when compare in the pull request (#36363) (#36372)
- Fix incorrect text content detection (#36364) (#36369)
- Fill missing has_code in repository api (#36338) (#36359)
- Fix notifications pagination query parameters (#36351) (#36358)
- Fix some trivial problems (#36336) (#36337)
- Prevent panic when GitLab release has more links than sources (#36295) (#36305)
- Fix stats bug when syncing release (#36285) (#36294)
- Always honor user's choice for "delete branch after merge" (#36281) (#36286)
- Use the requested host for LFS links (#36242) (#36258)
- Fix panic when get editor config file (#36241) (#36247)
- Fix regression in writing authorized principals (#36213) (#36218)
- Fix WebAuthn error checking (#36219) (#36235)

Instances on Gitea Cloud will be automatically upgraded to this version during the specified maintenance window.

Security

Release attachments and LFS locks must now belong to the intended repo

Org project operations permission check added

Watches cleaned when repository is made private; permission checked on release emails

Stopwatch read/list operations require additional validation

OpenID setting check fixed

Auto-merge cancellation bug fixed

Attachment deletion permission check added

Notification read permission bug fixed

Fixes

Markdown newline handling during IME composition

Missing repository ID when migrating release attachments

Pull request comparison bug

Text content detection accuracy

Missing has_code field in repository API responses

Notifications pagination query parameters

GitLab release import panics with multiple links

Release sync stats calculation

"Delete branch after merge" now respects user preference

LFS links now use requested host

EditorConfig file retrieval panic

SSH authorized principals regression

WebAuthn error handling

SECURITY
- Release attachments must belong to the intended repo (#36347) (#36375)
- Fix permission check on org project operations (#36318) (#36373)
- Clean watches when make a repository private and check permission when send release emails (#36319) (#36370)
- Add more check for stopwatch read or list (#36340) (#36368)
- Fix openid setting check (#36346) (#36361)
- Fix cancel auto merge bug (#36341) (#36356)
- Fix delete attachment check (#36320) (#36355)
- LFS locks must belong to the intended repo (#36344) (#36349)
- Fix bug on notification read (#36339) #36387
ENHANCEMENTS
- Add more routes to the "expensive" list (#36290)
- Make "commit statuses" API accept slashes in "ref" (#36264) (#36275)
BUGFIXES
- Fix markdown newline handling during IME composition (#36421) #36424
- Fix missing repository id when migrating release attachments (#36389)
- Fix bug when compare in the pull request (#36363) (#36372)
- Fix incorrect text content detection (#36364) (#36369)
- Fill missing has_code in repository api (#36338) (#36359)
- Fix notifications pagination query parameters (#36351) (#36358)
- Fix some trivial problems (#36336) (#36337)
- Prevent panic when GitLab release has more links than sources (#36295) (#36305)
- Fix stats bug when syncing release (#36285) (#36294)
- Always honor user's choice for "delete branch after merge" (#36281) (#36286)
- Use the requested host for LFS links (#36242) (#36258)
- Fix panic when get editor config file (#36241) (#36247)
- Fix regression in writing authorized principals (#36213) (#36218)
- Fix WebAuthn error checking (#36219) (#36235)

Instances on Gitea Cloud will be automatically upgraded to this version during the specified maintenance window.

gitea

Breaking Changes

Security

Enhancements

Fixes

More Go Projects

ollama

kubernetes

frp

gin

v1.25.4

Breaking Changes

Security

Enhancements

Fixes

More Go Projects

ollama

kubernetes

frp

gin