Tags

* BREAKING
  * Better logging (#6038) (#6095)
* FEATURE
  * Content API for Creating, Updating, Deleting Files (#6314)
  * Enable tls-alpn-01: Use certmanager provided TLSConfig for LetsEncrypt (#7229)
  * Add command to convert mysql database from utf8 to utf8mb4 (#7144)
  * Fixes #2738 - Adds the /git/tags API endpoint (#7138)
  * Compare branches, commits and tags with each other (#6991)
  * Show Pull Request button or status of latest PR in branch list (#6990)
  * Repository avatars (#6986)
  * Show git-notes (#6984)
  * Add commit statuses reports on pull request view (#6845)
  * Number of commits ahead/behind in branch overview (#6695)
  * Add CLI commands to manage LDAP authentication source (#6681)
  * Add support for MS Teams webhooks (#6632)
  * OAuth2 Grant UI (#6625)
  * Add SUBJECT_PREFIX mailer config option (#6605)
  * Include custom configuration file in dump (#6516)
  * Add API for manipulating Git hooks (#6436)
  * Improve migrations to support migrating milestones/labels/issues/comments/pullrequests (#6290)
  * Add option to blame files (#5721)
  * Implement Default Webhooks (#4299)
  * Telegram webhook (#4227)
* BUGFIXES
  * Correctly adjust mirror url (#6593)
  * Handle early git version's lack of get-url (#7065)
  * Fix icon position in issue view (#7354)
  * Cut timeline length with last element on issue view (#7355)
  * Fix mirror repository webhooks (#7366)
  * Fix api route for hooks (#7346)
  * Fix bug conflict between SyncReleasesWithTags and InsertReleases (#7337)
  * Fix pull view ui merge section (#7335)
  * Fix 7303 - remove unnessesary buttons on archived repos (#7326)
  * Fix topic bar to allow prefixes (#7325)
  * Fixes #7152 - Allow create/update/delete message to be empty, use default message (#7324)
  * Fixes #7238 - Annotated tag commit ID incorrect (#7321)
  * Dark theme fixes (#7319)
  * Gitea own dark codemirror theme (#7317)
  * Fixes #7292 - API File Contents bug (#7301)
  * Fix API link header (#7298)
  * Fix extra newlines when copying from diff in Firefox (#7288)
  * Make diff line-marker non-selectable (#7279)
  * Fix Submodule dection in subdir (#7275)
  * Fix error log when loading issues caused by a xorm bug (#7271)
  * Add .fa icon margin like .octicon (#7258)
  * Fix hljs unintenionally highlighting commit links (#7244)
  * Only check and config git on web subcommand but not others (#7236)
  * Fix migration panic when Head.User is not exist (#7226)
  * Only warn on errors in deleting LFS orphaned files during repo deletion (#7213)
  * Fix duplicated file on pull request conflicted files (#7211)
  * Allow colon between fixing word and issue (#7207)
  * Fix overflow issues in repo (#7190)
  * API error cleanup (#7186)
  * Add error for fork already existing (#7185)
  * Fixes diff on merged pull requests (#7171)
  * If milestone id is zero don't get it from database (#7169)
  * Fix pusher name via ssh push (#7167)
  * Fix database lock when use random repository fallback image (#7166)
  * Various fixes for issue mail notifications (#7165)
  * Allow archived repos to be (un)starred and (un)watched (#7163)
  * Fix GCArgs load from ini (#7156)
  * Detect noreply email address as user (#7133)
  * Avoid arbitrary format strings upon calling fail() function (#7112)
  * Validate External Tracker URL Format (#7089)
  * Repository avatar fallback configuration (#7087)
  * Fix #732: Add LFS objects to base repository on merging  (#7082)
  * Install page - Handle invalid administrator username better (#7060)
  * Workaround for posting single comments in split diff view (#7052)
  * Fix possbile mysql invalid connnection error (#7051)
  * Fix charset was not saved after installation finished (#7048)
  * Handle insecure and ports in go get (#7041)
  * Avoid bad database state after failed migration (#7040)
  * Fix wrong init dependency on markup extensions (#7038)
  * Fix default for allowing new organization creation for new users (#7017)
  * Fix content download and /verify LFS handler expecting wrong content-type (#7015)
  * Fix missing repo description when migrating (#7000)
  * Fix LFS Locks over SSH (#6999)
  * Do not attempt to return blob on submodule (#6996)
  * Fix U2F for Chrome >= 74 (#6980)
  * Fix index produces problem when issues/pulls deleted (#6973)
  * Allow collaborators to view repo owned by private org (#6965)
  * Stop running hooks on pr merge (#6963)
  * Run hooks on merge/edit and cope with protected branches (#6961)
  * Webhook Logs show proper HTTP Method, and allow change HTTP method in form (#6953)
  * Stop colorizing log files by default (#6949)
  * Rotate serv.log, http.log and hook logs and stop stacktracing in these (#6935)
  * Fix plain text overflow line wrap (#6915)
  * Fix input size for dependency select (#6913)
  * Change drone token name to let users know to use oauth2 (#6912)
  * Fix syntax highlight in blame view #6895 (#6909)
  * Use AppURL for Oauth user link (#6894)
  * Fixes #6881 - API users search fix (#6882)
  * Fix 404 when send pull request some situation  (#6871)
  * Enforce osusergo build tag for releases (#6862)
  * Fix 500 when reviewer is deleted with integration tests (#6856)
  * Fix v85.go (#6851)
  * Make dropTableColumns drop columns on sqlite and constraints on all (#6849)
  * Fix double-generation of scratch token (#6832) (#6833)
  * When mirroring we should set the remote to mirror (#6824)
  * Fix the v78 migration "Drop is_bare" on MSSQL #6707 (#6823)
  * Change verbose flag in dump command to avoid colliding with global version flag (#6822)
  * Fix #6813: Allow git.GetTree to take both commit and tree names (#6816)
  * Remove `seen` map from `getLastCommitForPaths` (#6807)
  * Show scrollbar only when needed (#6802)
  * Restore IsWindows variable assignment (#6722) (#6790)
  * Service worker js is a missing comma (#6788)
  * Fix team edit API panic (#6780)
  * Set user search base field optional in LDAP (simple auth) edit page (#6779)
  * Ignore already existing public keys after ldap sync (#6766)
  * Fix pulls broken when fork repository deleted (#6754)
  * Fix missing return (#6751)
  * Fix new team 500 (#6749)
  * OAuth2 token can be used in basic auth (#6747)
  * Fix org visibility bug when git cloning (#6743)
  * Fix bug when sort repos on org home page login with non-admin (#6741)
  * Stricter domain name pattern in email regex (#6739)
  * Fix admin template error (#6737)
  * Drop is_bare IDX only when it exists for MySQL and MariaDB (#6736)
  * UI: Detect and restore encoding and BOM in content  (#6727)
  * Load issue attributes when editing an issue with API (#6723)
  * Fix team members API (#6714)
  * Unfortunately MemProvider Init does not actually Init properly (#6692)
  * Fix partial reversion of #6657 caused by #6314 (#6685)
  * Prevent creating empty sessions (#6677)
  * Fixes #6659 - Swagger schemes selection default to page's protocol (#6660)
  * Update highlight.js to 9.15.6 (#6658)
  * Properly escape on the redirect from the web editor (#6657)
  * Fix #6655 - Don't EscapePound .Link as it is already escaped (#6656)
  * Use ctx.metas for SHA hash links (#6645)
  * Fix wrong GPG expire date (#6643)
  * upgrade version of lib/pq to v1.1.0 (#6640)
  * Fix forking an empty repository (#6637)
  * Fix issuer of OTP URI should be URI-encoded. (#6634)
  * Return a UserList from /api/v1/admin/users (#6629)
  * Add json tags for oauth2 form (#6627)
  * Remove extra slash from twitter card (#6619)
  * remove bash requirement in makefile (#6617)
  * Fix Open Graph og:image link (#6612)
  * Fix cross-compile builds (#6609)
  * Change commit summary to full message in API (#6591)
  * Fix bug user search API pagesize didn't obey ExplorePagingNum (#6579)
  * Prevent server 500 on compare branches with no common history (#6555)
  * Properly escape release attachment URL (#6512)
  * Delete local branch when repo branch is deleted (#6497)
  * Fix bug when user login and want to resend register confirmation email (#6482)
  * Fix upload attachments (#6481)
  * Avoid multi-clicks in oauth2 login (#6467)
  * Hacky fix for alignment of the create-organization dialog (#6455)
  * Change order that PostProcess Processors are run (#6445)
  * Clean up ref name rules (#6437)
  * Fix Hook & HookList in Swagger (#6432)
  * Fixed unitTypeCode not being used in accessLevelUnit (#6419)
  * Display correct error for invalid mirror interval (#6414)
  * Don't Unescape redirect_to cookie value (#6399)
  * Fix dump table name error and add some test for dump database (#6394)
  * Fix migrations 82 to ignore unsynced tags between database and git data and missing is_archived on repository table (#6387)
  * Make sure units of a team are returned (#6379)
  * Fix bug manifest.json will not request with cookie so that session will created every request (#6372)
  * Disable benchmarking during tag events on DroneIO (#6365)
  * Comments list performance optimization (#5305)
* ENHANCEMENT
  * Add API Endpoint for Repo Edit (#7006)
  * Add state param to milestone listing API (#7131)
  * Make captcha and password optional for external accounts (#6606)
  * Detect migrating batch size (#7353)
  * Fix 7255 - wrap long texts on user profile info (#7333)
  * Use commit graph files for listing pages (#7314)
  * Add git command line commitgraph support global default true when git version >= 2.18 (#7313)
  * Add LFS_START_SERVER option to control git-lfs support (#7281)
  * Dark theme markdown fixes (#7260)
  * Update go-git to v4.12.0 (#7249)
  * Show lfs config on admin panel (#7220)
  * Disable same user check for internal SSH (#7215)
  * Add LastLogin to the User API (#7196)
  * Add missing description of label on API (#7159)
  * Use go method to calculate ssh key fingerprint (#7128)
  * Enable Rust highlighting (#7125)
  * Refactor submodule URL parsing (#7100)
  * Change issue mail title. (#7064)
  * Use batch insert on migrating repository to make the process faster (#7050)
  * Improve github downloader on migrations (#7049)
  * When git version >= 2.18, git command could run with git wire protocol version 2 param if enabled (#7047)
  * Fix Erlang and Elixir highlight mappings (#7044)
  * API Org Visibility (#7028)
  * Improve handling of non-square avatars (#7025)
  * Bugfix: Align comment label and actions to the right (#7024)
  * Change UpdateRepoIndex api to include watchers (#7012)
  * Move serv hook functionality & drop GitLogger (#6993)
  * Add support of utf8mb4 for mysql (#6992)
  * Make webhook http connections resuable (#6976)
  * Move xorm logger bridge from log to models so that log module could be a standalone package (#6944)
  * Refactor models.NewRepoContext to extract git related codes to modules/git (#6941)
  * Remove macaron dependent on models (#6940)
  * Add less linter via npx (#6936)
  * Remove macaron dependent on modules/log (#6933)
  * Remove macaron dependent on models/mail.go (#6931)
  * Clean less files (#6921)
  * Fix code overflow (#6914)
  * Style orgs list in user profile (#6911)
  * Improve description of branch protection (fix #6886) (#6906)
  * Move sdk structs to modules/structs (#6905)
  * update sdk to latest (#6903)
  * Escape the commit message on issues update and title in telegram hook (#6901)
  * SearchRepositoryByName improvements and unification (#6897)
  * Change the color of issues/pulls list, merged is purple and closed is red (#6874)
  * Refactor table width to have more info shown in file list (#6867)
  * Monitor all git commands; move blame to git package and replace git as a variable (#6864)
  * Fix config ui error about cache ttl (#6861)
  * Improve localization of git activity stats (#6848)
  * Generate access token in admin cli (#6847)
  * Update github.com/urfave/cli to version 1.2.0 (#6838)
  * Rename LFS_JWT_SECRET cli option to include OAUTH2 as well (#6826)
  * internal/ssh: ignore env command totally (#6825)
  * Allow Recaptcha service url to be configured (#6820)
  * update github.com/mcuadros/go-version to v0.0.0-20190308113854-92cdf37c5b75 (#6815)
  * Use modules/git for git commands (#6775)
  * Add GET requests to webhook (#6771)
  * Move PushUpdate dependency from models to repofiles (#6763)
  * Tweak tab text and icon colors (#6760)
  * Ignore non-standard refs in git push (#6758)
  * Disable web preview for telegram webhook (#6719)
  * Show full name if DEFAULT_SHOW_FULL_NAME setting enabled (#6710)
  * Reorder file actions (#6706)
  * README WordPress the code is overflowing #6679 (#6696)
  * Improve issue reference on commit (#6694)
  * Handle redirects for git clone commands (#6688)
  * Fix one performance/correctness regression in #6478 found on Rails repository. (#6686)
  * API OTP Context (#6674)
  * Remove local clones & make hooks run on merge/edit/upload (#6672)
  * Bump github.com/stretchr/testify from 1.2.2 to 1.3.0 (#6663)
  * Bump gopkg.in/src-d/go-git.v4 from 4.8.0 to 4.10.0 (#6662)
  * Fix dropdown icon padding (#6651)
  * Add more title attributes on shortened names (#6647)
  * Update UI for topics labels on projects (#6639)
  * Trace Logging on Permission Denied & ColorFormat (#6618)
  * Add .gpg url (match github behaviour) (#6610)
  * Support for custom GITEA_CUSTOM env var in docker(#6608)
  * Show "delete branch" button on closed pull requests (#6570) (#6601)
  * Add option to disable refresh token invalidation (#6584)
  * Fix new repo dropdown alignment (#6583)
  * Fix mail notification when close/reopen issue (#6581)
  * Pre-calculate the absolute path of git (#6575)
  * Minor CSS cleanup for the navbar (#6553)
  * Render SHA1 links as code blocks (#6546)
  * Add username flag in create-user command (#6534)
  * Unifies pagination template usage (#6531) (#6533)
  * Fixes pagination width on mobile view (#5711) (#6532)
  * Improve SHA1 link detection (#6526)
  * Fixes #6446 - Sort team members and team's repositories (#6525)
  * Use stricter boundaries for auto-link detection (#6522)
  * Use regular line-height on frontpage entries (#6518)
  * Fixes #6514 - New Pull Request on files and pulls pages the same (#6515)
  * Make distinction between DisplayName and Username in email templates (#6495)
  * Add X-Auto-Response-Suppress header to outgoing messages (#6492)
  * Cleaned permission checks for API -> site admin can now do anything (#6483)
  * Support search operators for commits search (#6479)
  * Improve listing performance by using go-git (#6478)
  * Fix repo sub_menu font color in arc-green (#6477)
  * Show last commit status in pull request lists (#6465)
  * Add signatures to webhooks (#6428)
  * Optimize all images in public/img (#6427)
  * Add golangci (#6418)
  * Make "Ghost" not link to 404 page (#6410)
  * Include more variables on admin/config page (#6378)
  * Markdown: enable some more extensions (#6362)
  * Include repo name in page title tag (#6343)
  * Show locale string on timestamp (#6324)
  * Handle CORS requests (#6289)
  * Improve issue autolinks (#6273)
  * Migration Tweaks (#6260)
  * Add title attributes to all items in the repo list viewer (#6258)
  * Issue indexer queue redis support (#6218)
  * Add bio field for user (#6113)
  * Make the version within makefile overwriteable (#6080)
  * Updates to API 404 responses (#6077)
  * Use Go1.11 module (#5743)
  * UX + Security current user password reset (#5042)
  * Refactor: append, build variable and type switch (#4940)
  * Git statistics in Activity tab (#4724)
  * Drop the bits argument when generating an ed25519 key (#6504)
* SECURITY
  * Shadow the password on cache and session config on admin panel (#7300)
* TESTING
  * Exclude pull_request from fetch-tags step, fixes #7108 (#7120)
  * Refactor and improve git test (#7086)
  * Fix TestSearchRepo by waiting till indexing is done (#7004)
  * Add mssql migration tests (needs #6823) (#6852)
  * Add tests for Org API (#6731)
  * Context.ServerError and NotFound should log from their caller (#6550)
* TRANSLATION
  * Add french specific rule for translating plural texts (#6846)
* BUILD
  * Update mssql driver to last working version 20180314172330-6a30f4e59a44 (#7306)
  * Alpine 3.10 (#7256)
  * Use vfsgen instead of go-bindata (#7080)
  * remove and disable package-lock (#6969)
  * add make targets for js and css, add js linter (#6952)
  * Added tags pull step to drone config to show correct version hashes i… (#6836)
  * Make CustomPath, CustomConf and AppWorkPath configurable at build (#6631)
  * chore: update drone format to 1.0 (#6602)
  * Fix race in integration testlogger (#6556)
  * Quieter Integration Tests (#6513)
  * Drop the docker Makefile from the image (#6507)
  * Add make version on gitea version (#6485)
  * Fix #6468 - Uses space match and adds newline for all sed flavors (#6473)
  * Move code.gitea.io/git to code.gitea.io/gitea/modules/git (#6364)
  * Update npm dependencies and various tweaks (#7344)
  * Fix updated drone file (#7336)
  * Add 'npm' and 'npm-update' make targets and lockfile (#7246)
* DOCS
  * Add work path CLI option (#6922)
  * Fix logging documentation (#6904)
  * Some logging documentation (#6498)
  * Fix link to Hacking on Gitea on From-Source doc page (#6471)
  * Fix typos in docs command-line examples (#6466)
  * Added docker example for backup (#5846)

* BUGFIXES
  * Always set userID on LFS authentication (#7224) (Part of #6993)
  * Fix LFS Locks over SSH (#6999) (#7223)
  * Fix duplicated file on pull request conflicted files (#7211) (#7214)
  * Detect noreply email address as user (#7133) (#7195)
  * Don't get milestone from DB if ID is zero (#7169) (#7174)
  * Allow archived repos to be (un)starred and (un)watched (#7163) (#7168)
  * Fix GCArgs load from ini (#7156) (#7157)

* BUGFIXES
  * Fix possbile mysql invalid connnection error (#7051) (#7071)
  * Handle invalid administrator username on install page (#7060) (#7063)
  * Disable arm7 builds (#7037) (#7042)
  * Fix default for allowing new organization creation for new users (#7017) (#7034)
  * SearchRepositoryByName improvements and unification (#6897) (#7002)
  * Fix u2f registrationlist ToRegistrations() method (#6980) (#6982)
  * Allow collaborators to view repo owned by private org (#6965) (#6968)
  * Use AppURL for Oauth user link (#6894) (#6925)
  * Escape the commit message on issues update (#6901) (#6902)
  * Fix regression for API users search (#6882) (#6885)
  * Handle early git version's lack of get-url (#7065) (#7076)
  * Fix wrong init dependency on markup extensions (#7038) (#7074)

* BUGFIXES
  * Fix 404 when sending pull requests in some situations (#6871) (#6873)
  * Enforce osusergo build tag for releases (#6862) (#6869)
  * Don't post process commit summary in templates (#6842) (#6868)
  * Fix 500 when reviewer is deleted (#6856) (#6860)
  * Fix v78 migration for MSSQL (#6823) (#6854)
  * Added tags pull step to drone config to show correct version hashes (#6836) (#6839)
  * Fix double-generation of scratch token (#6833) (#6835)
  * When mirroring we should set the remote to mirror (#6824) (#6834)
  * Show scrollbar only when needed (#6802) (#6803)
  * Service worker js is missing a comma (#6788) (#6795)
  * Set user search base field optional in LDAP (simple auth) edit page (#6779) (#6789)
  * Fix team edit API panic (#6780) (#6785)
  * Minor CSS cleanup for the navbar (#6553) (#6781)
  * Stricter domain name pattern in email regex (#6739) (#6768)
  * Detect and restore encoding and BOM in content (#6727) (#6765)
  * Fix org visibility bug when git cloning (#6743) (#6762)
  * OAuth2 token can be used in basic auth (#6747) (#6761)
  * Fix missing return (#6751) (#6756)
  * Fix sorting repos on org home page with non-admin login (#6741) (#6746)
  * Drop is_bare IDX only when it exists for MySQL and MariaDB (#6736) (#6744)
  * Fix team members API (#6714) (#6729)
  * Load issue attributes when editing an issue with API (#6723) (#6725)
  * Fix config ui error about cache ttl (#6861) (#6865)

* SECURITY
  * Prevent remote code execution vulnerability with mirror repo URL settings (#6593) (#6594)
  * Resolve 2FA bypass on API (#6676) (#6674)
  * Prevent the creation of empty sessions for non-logged in users (#6690) (#6677)
* BREAKING
  * Add "ghost" and "notifications" to list of reserved user names. (#6208)
  * Change sqlite DB path default to data directory (#6198)
  * Adds MustChangePassword to user create/edit API (#6193)
  * Disable redirect for i18n (#5910)
  * Releases API paging (#5831)
  * Allow Macaron to be set to log through to gitea.log (#5667)
  * Don't close issues via commits on non-default branch (#5622)
* FEATURE
  * Add regenerate secret feature for oauth2 (#6291)
  * Expose issue stopwatch toggling via API (#5970)
  * Add other session providers (#5963)
  * Pull request conflict files detection (#5951)
  * Integrate OAuth2 Provider (#5378)
  * Implement "conversation lock" for issue comments (#5073)
  * Feature: Archive repos (#5009)
  * Discord Oauth2 support (#4476)
  * Allow to set organization visibility (public, internal, private) (#1763)
  * Added URL mapping for Release attachments like on github.com (#1707)
* ENHANCEMENT
  * Add support for client basic auth for exchanging access tokens (#6293)
  * Add ability to sort issues by due date (#6206) (#6244)
  * Style tweaks to issue selection (#6196)
  * Increase Username and Orgname MaxSize 35 -> 40 (#6178)
  * Coverage profile with multiple packages (#6167)
  * Split setting.go to multiple files (#6154)
  * Allow labels to contain emoji (#6063)
  * Disable git fsck for mirrored repos by default (#6018)
  * Add default time out for git operations (#6015)
  * Split setting.go as multiple files (#6014)
  * Make dashboard navbar and footer full-width (#6013)
  * Add lang specific font stacks for CJK (#6007)
  * Fix header menu misalignment (#6002)
  * Enhance closed PR and Issue status in the list (#6000)
  * Make navbar full width (#5998)
  * Add option to close issues via commit on a non master branch (#5992)
  * Support n as a line highlight prefix (#5987)
  * Search for org repos (#3031) (#5986)
  * Minor UI tweaks (#5980)
  * Use native golang SSH library but ssh-keygen when enable built-in SSH server to remove dependent on that command lines (#5976)
  * Dashboard tweaks (#5974)
  * Fixes for repo topic editor (#5971)
  * Display the branch name in the commit view (#5950)
  * handle milestone events for issues and PR (#5947)
  * Add label names as filter in issue search api (#5946)
  * Repo header tweaks (#5945)
  * Better support for long repo names (#5932)
  * Fix wrapping long code lines (#5927)
  * Change GPG Validation colors and remove inline CSS (#5404) (#5896)
  * Fix "pulls.blocked_by_approvals" text (#5879)
  * Rename reject to 'request changes' (#5858)
  * Move input fields to add members to a team and repos to a team (#5853)
  * Config option to disable automatic repo watching (#5852)
  * New Issue ?body= query (#5851)
  * Add API to list tags (#5850)
  * Pagination for git tree API (#5838)
  * Add InternalTokenURI to load InternalToken from an external file (#5812)
  * Allow markdown files to read from the LFS (#5787)
  * Add the ability to use multiple labels as filters (#5786)
  * Adjust log settings when a user is not found. (#5771)
  * Log IP of failed ssh connection (#5766)
  * Moved defaults in defaults.go to setting.go (#5764)
  * Make DB connect more robust (#5738)
  * Add Default Pull Request Title (#5735)
  * Refactor repo.isBare to repo.isEmpty #5629 (#5714)
  * Add flag to skip repository dumping (#5695)
  * Prioritize "readme.md" (#5691)
  * Improve "Fork button" for guests by showing a pop up asking them to log in before forking (#5690)
  * Allow for user specific themes (#5668)
  * Display branch name in delete branch confirmation modal. (#5654)
  * New API routes added (#5594)
  * Refactor notification for indexer (#5111)
  * Refactor mail notification (#5110)
  * Show email if the authenticated user owns the profile page being requested for (#4981)
  * Optimize pulls merging (#4921)
  * Sort Repositories widget by most recently updated (#3963) (#4599)
  * Allow markdown table to scroll (#4401)
  * Automatically clear stopwatch on merging a PR (#4327)
  * Add the Owner Name to differentiate when merging (#3807)
  * Add title attributes to all items in the repo list viewer (#6258) (#6650)
* BUGFIXES
  * Fix dropdown icon padding (#6651) (#6654)
  * Fix wrong GPG expire date (#6643) (#6644)
  * Fix forking an empty repository (#6637) (#6653)
  * Remove call to EscapePound .Link as it is already escaped (#6656) (#6666)
  * Properly escape on the redirect from the web editor (#6657) (#6667)
  * Allow resend of confirmation email when logged in (#6482) (#6486)
  * Fix mail notification when close/reopen issue (#6581) (#6588)
  * Change API commit summary to full message (#6591) (#6592)
  * Add option to disable refresh token invalidation (#6584) (#6587)
  * Fix bug user search API pagesize didn't obey ExplorePagingNum (#6579) (#6586)
  * Fix new repo alignment (#6583) (#6585)
  * Prevent server 500 on compare branches with no common history (#6555) (#6558)
  * Properly escape release attachment URL (#6512) (#6523)
  * Hacky fix for alignment of the create-organization dialog (#6455) (#6462)
  * Disable benchmarking during tag events on DroneIO (#6365) (#6366)
  * Make sure units of a team are returned (#6379) (#6381)
  * Don't Unescape redirect_to cookie value (#6399) (#6401)
  * Fix dump table name error and add some test for dump database (#6394) (#6402)
  * Fix migration v82 to ignore unsynced tags between database and git data; Add missing is_archived column on repository table (#6387) (#6403)
  * Display correct error for invalid mirror interval (#6414) (#6429)
  * Clean up ref name rules (#6437) (#6439)
  * Fix Hook & HookList in Swagger (#6432) (#6440)
  * Change order that PostProcess Processors are run (#6445) (#6447)
  * Clean up various use of escape/unescape functions for URL generation (#6334)
  * Return 409 when creating repo if it already exists. (#6330)
  * Add same changes from issues page to milestone->issues page (#6328)
  * Fix ParsePatch function to work with quoted diff --git strings (#6323)
  * Fix reported issue in repo description (#6306)
  * Use url.PathEscape to escape the branchname (#6304)
  * Add robots.txt as reserved username (#6272)
  * Replace linkRegex with xurls library (#6261)
  * Remove visitLinksForShortLinks features (#6257)
  * Add unit types to repo action URL to correctly show 404 when archived (#6247)
  * Check organization visibility before everything else (#6234) (#6235)
  * Prevent double-close of issues (#6233)
  * Override xorm type mapping for U2F counter (#6232)
  * Add isAdmin to user API response (#6231)
  * Update git vendor to fix wrong release commit id and add migrations (#6224)
  * Fix fork button (#6223)
  * Fix renames over redirects (#6216)
  * Fix display dashboard even if require to change password (#6214)
  * Create a repo redirect when transferring ownership (#6210) (#6211)
  * Fix issue update race condition (#6194)
  * Fix bug when migrate repository 500 when repo is existed (#6188)
  * Fix scrollbar always present on page body (#6177)
  * Fix bug when set indexer as db and add tests (#6173)
  * Modify linkRegex to require http|https (#6171)
  * Fix bug user could change private repository to public when force private enabled. (#6156)
  * Fix admin list user/org API (#6143)
  * Make repo creation for API similar to UI (#6142)
  * Make document body a flexbox (#6139)
  * Refactor issue indexer, add some testing and fix a bug (#6131)
  * Load Issue attributes for API call (#6122)
  * Fix bug when update owner team then visit team's repo return 404 (#6119)
  * Fix heatmap and repository menu display in Internet Explorer 9+ (#6117)
  * Show private organization for admin, fix #6111 (#6112)
  * Fix prohibit login check on authorization (#6106)
  * Move to ldap.v3 to fix #5928 (#6105)
  * Remove use MakeAssigneeList in webhooks to fix deadlock (#6102)
  * Allow display of LFS stored Readme.md on directory page (#6073) (#6099)
  * Make sure labels are actually returned (#6053)
  * Fix panic: template: repo/issue/list:210: unexpected "=" in operand (#6041)
  * After deleting a repo on admin panel, UI should remember the last sort type (#6033)
  * Default create repository on organisation on its dashboard (#6026)
  * Swagger: Remove spaces in MergePullRequestOption enum (#6016)
  * Fix metrics auth token detection (#6006)
  * Fix repo header issues (#5995)
  * Fix bug when deleting a linked account will removed all (#5989)
  * Make organization dropdown scrollable when using mouse wheel (#5988)
  * Fix empty ssh key importing in ldap (#5984)
  * Admin config page mailertype setting option update (#5973)
  * Fix redirect loop during forced password change (#5965)
  * Show user who created the repository instead of the organisation in action feed (#5948)
  * Remove all CommitStatus when a repo is deleted (#5940)
  * Fix ssh deploy and user key constraints (#1357) (#5939)
  * Fix log output (#5938)
  * Set PusherName and PusherID to owner on deploy key to fix pushing with deploy keys (#5935)
  * Fix compare button (#5929)
  * Fix bug when read public repo lfs file (#5912)
  * Only allow local login if password is non-empty (#5906)
  * Recover panic in orgmode.Render if bad orgfile (#4982) (#5903)
  * Provide better panic handling (#5902)
  * Respect value of REQUIRE_SIGNIN_VIEW (#5901)
  * Show a 404 not a 500 if a repo does not exist (#5900)
  * Ensure repo is loaded in mailer (Completely fix #5891) (#5895)
  * Ensure issue.Poster is loaded in mailIssueCommentToParticipants (#5891)
  * Correct footer height if screen-width is to small (fixes #5878) (#5889)
  * In gitea serv switch off console logger to fix #5866 (#5887)
  * Don't allow pull requests to be created on an archived repository (#5883)
  * Support reviews on a deleted file path (#5880)
  * Fix compare button on upstream repo leading to 404 (#5877)
  * Fix null pointer on not logged in attempt to Sudo (#5872)
  * Fix new release creation API to allow empty target (#5870)
  * Fix an error while adding a dependency via UI. (#5862)
  * Fix failing migration v67 (#5849)
  * Fix delete correct temp directory (#5839)
  * Make sure .git/info is created before generating .git/info/sparse-che… (#5825)
  * Fix topics saving internal error and disable for archived repos (#5821)
  * Fix TLS errors when using acme/autocert for local connections (#5820)
  * When creating new repository fsck option should be enabled (#5817)
  * Request for public keys only if LDAP attribute is set  (#5816)
  * Fix serving of raw wiki files other than .md (#5814)
  * Fix migration 78 error mssql (#5791)
  * Disallow empty titles (#5785)
  * Fix the v78 migration script (#5776)
  * Ensure valid git author names passed in signatures (#5774)
  * Fix wrong assumption where a user is always said to have unassigned (her)himself (#5769)
  * Upgrade go-sql-driver/mysql to fix invalid connection error (#5748)
  * Fixing PostgreSQL dump creation (#5747)
  * Add proper CORS preflight origin validation (#5740)
  * Disable auto-migrate in docker container (#5730)
  * In basic auth check for tokens before call UserSignIn (#5725)
  * Pooled and buffered gzip implementation (#5722)
  * Ensure that sessions are passed into queries that could use the database to prevent deadlocks (#5718)
  * Keep file permissions during database migration (#5707)
  * Use correct value for "MSpan Structures Obtained" #4742 (#5706)
  * Refactor editor upload, update and delete to use git plumbing and add LFS support (#5702)
  * Update xorm to fix issue #5659 and #5651 (#5680)
  * Fix public will not be reused as public key after deleting as deploy key (#5671)
  * When redirecting, clean the path (#5669)
  * Don't list an issue on its own dependency list UI. (#5658)
  * Fix commit page showing status for current default branch (#5649) (#5650)
  * Only count users own actions for heatmap contributions (#5647)
  * Fix sqlite deadlock when assigning to a PR (#5640)
  * Refactor issue indexer (#5363)
* TESTING
  * Run benchmark at tag to track performances (#6035)
  * Add test environment for MySQL8 (#5234)
* BUILD
  * Use go 1.12 for tests and deprecate go 1.9 (#6186)
  * Makefile changes for Windows and easier development (#6103)
  * Update bleve dependency to latest master revision (#6100)
  * Switch to more recent build of xgo (#6070)
  * Add autoprefixer to css build (#6029)
  * Update the version of less (#6010)
  * Make log mailer for testing (#5893)
* DOCS
  * Add more tests and docs for issue indexer, add db indexer type for searching from database (#6144)
  * update default value of `--must-change-password` cli flag (#6032)
  * Update and expand information about building Gitea (#6019)
  * Update U2F Section of app.ini.sample (#5994)
  * Update swagger for release API pagination (#5841)
  * Added docs for the tree api (#5834)
* MISC
  * Add single commit API support (#5843)
  * Add missing GET teams endpoints (#5382)
  * Migrate database if app.ini found (#5290)

* SECURITY
  * Prevent remote code execution vulnerability with mirror repo URL settings (#6593) (#6594)
* BUGFIXES
  * Allow resend of confirmation email when logged in (#6482) (#6486)
  * Fix mail notification when close/reopen issue (#6581) (#6588)
  * Change API commit summary to full message (#6591) (#6592)
  * Add option to disable refresh token invalidation (#6584) (#6587)
  * Fix bug user search API pagesize didn't obey ExplorePagingNum (#6579) (#6586)
  * Fix new repo alignment (#6583) (#6585)
  * Prevent server 500 on compare branches with no common history (#6555) (#6558)
  * Properly escape release attachment URL (#6512) (#6523)
  * Hacky fix for alignment of the create-organization dialog (#6455) (#6462)

* SECURITY
  * Prevent remote code execution vulnerability with mirror repo URL settings (#6593) (#6595)
* BUGFIXES
  * Allow resend of confirmation email when logged in (#6482) (#6487)

* BUGFIXES
  * Disable benchmarking during tag events on DroneIO (#6365) (#6366)
  * Make sure units of a team are returned (#6379) (#6381)
  * Don't Unescape redirect_to cookie value (#6399) (#6401)
  * Fix dump table name error and add some test for dump database (#6394) (#6402)
  * Fix migration v82 to ignore unsynced tags between database and git data; Add missing is_archived column on repository table (#6387) (#6403)
  * Display correct error for invalid mirror interval (#6414) (#6429)
  * Clean up ref name rules (#6437) (#6439)
  * Fix Hook & HookList in Swagger (#6432) (#6440)
  * Change order that PostProcess Processors are run (#6445) (#6447)

* BUGFIXES
  * Fix unitTypeCode not being used in accessLevelUnit (#6419) (#6423)
  * Fix bug where manifest.json was being requested without cookies and continuously creating new sessions (#6372) (#6383)·
  * Fix ParsePatch function to work with quoted diff --git strings (#6323) (#6332)

* BREAKING
  * Add "ghost" and "notifications" to list of reserved user names. (#6208)
  * Change sqlite DB path default to data directory (#6198)
  * Adds MustChangePassword to user create/edit API (#6193)
  * Disable redirect for i18n (#5910)
  * Releases API paging (#5831)
  * Allow Macaron to be set to log through to gitea.log (#5667)
  * Don't close issues via commits on non-default branch (#5622)
* FEATURE
  * Add regenerate secret feature for oauth2 (#6291)
  * Expose issue stopwatch toggling via API (#5970)
  * Add other session providers (#5963)
  * Pull request conflict files detection (#5951)
  * Integrate OAuth2 Provider (#5378)
  * Implement "conversation lock" for issue comments (#5073)
  * Feature: Archive repos (#5009)
  * Discord Oauth2 support (#4476)
  * Allow to set organization visibility (public, internal, private) (#1763)
  * Added URL mapping for Release attachments like on github.com (#1707)
* ENHANCEMENT
  * Add support for client basic auth for exchanging access tokens (#6293)
  * Add ability to sort issues by due date (#6206) (#6244)
  * Style tweaks to issue selection (#6196)
  * Increase Username and Orgname MaxSize 35 -> 40 (#6178)
  * Coverage profile with multiple packages (#6167)
  * Split setting.go to multiple files (#6154)
  * Allow labels to contain emoji (#6063)
  * Disable git fsck for mirrored repos by default (#6018)
  * Add default time out for git operations (#6015)
  * Split setting.go as multiple files (#6014)
  * Make dashboard navbar and footer full-width (#6013)
  * Add lang specific font stacks for CJK (#6007)
  * Fix header menu misalignment (#6002)
  * Enhance closed PR and Issue status in the list (#6000)
  * Make navbar full width (#5998)
  * Add option to close issues via commit on a non master branch (#5992)
  * Support n as a line highlight prefix (#5987)
  * Search for org repos (#3031) (#5986)
  * Minor UI tweaks (#5980)
  * Use native golang SSH library but ssh-keygen when enable built-in SSH server to remove dependent on that command lines (#5976)
  * Dashboard tweaks (#5974)
  * Fixes for repo topic editor (#5971)
  * Display the branch name in the commit view (#5950)
  * handle milestone events for issues and PR (#5947)
  * Add label names as filter in issue search api (#5946)
  * Repo header tweaks (#5945)
  * Better support for long repo names (#5932)
  * Fix wrapping long code lines (#5927)
  * Change GPG Validation colors and remove inline CSS (#5404) (#5896)
  * Fix "pulls.blocked_by_approvals" text (#5879)
  * Rename reject to 'request changes' (#5858)
  * Move input fields to add members to a team and repos to a team (#5853)
  * Config option to disable automatic repo watching (#5852)
  * New Issue ?body= query (#5851)
  * Add API to list tags (#5850)
  * Pagination for git tree API (#5838)
  * Add InternalTokenURI to load InternalToken from an external file (#5812)
  * Allow markdown files to read from the LFS (#5787)
  * Add the ability to use multiple labels as filters (#5786)
  * Adjust log settings when a user is not found. (#5771)
  * Log IP of failed ssh connection (#5766)
  * Moved defaults in defaults.go to setting.go (#5764)
  * Make DB connect more robust (#5738)
  * Add Default Pull Request Title (#5735)
  * Refactor repo.isBare to repo.isEmpty #5629 (#5714)
  * Add flag to skip repository dumping (#5695)
  * Prioritize "readme.md" (#5691)
  * Improve "Fork button" for guests by showing a pop up asking them to log in before forking (#5690)
  * Allow for user specific themes (#5668)
  * Display branch name in delete branch confirmation modal. (#5654)
  * New API routes added (#5594)
  * Refactor notification for indexer (#5111)
  * Refactor mail notification (#5110)
  * Show email if the authenticated user owns the profile page being requested for (#4981)
  * Optimize pulls merging (#4921)
  * Sort Repositories widget by most recently updated (#3963) (#4599)
  * Allow markdown table to scroll (#4401)
  * Automatically clear stopwatch on merging a PR (#4327)
  * Add the Owner Name to differentiate when merging (#3807)
* BUGFIXES
  * Clean up various use of escape/unescape functions for URL generation (#6334)
  * Return 409 when creating repo if it already exists. (#6330)
  * Add same changes from issues page to milestone->issues page (#6328)
  * Fix ParsePatch function to work with quoted diff --git strings (#6323)
  * Fix reported issue in repo description (#6306)
  * Use url.PathEscape to escape the branchname (#6304)
  * Add robots.txt as reserved username (#6272)
  * Replace linkRegex with xurls library (#6261)
  * Remove visitLinksForShortLinks features (#6257)
  * Add unit types to repo action URL to correctly show 404 when archived (#6247)
  * Check organization visibility before everything else (#6234) (#6235)
  * Prevent double-close of issues (#6233)
  * Override xorm type mapping for U2F counter (#6232)
  * Add isAdmin to user API response (#6231)
  * Update git vendor to fix wrong release commit id and add migrations (#6224)
  * Fix fork button (#6223)
  * Fix renames over redirects (#6216)
  * Fix display dashboard even if require to change password (#6214)
  * Create a repo redirect when transferring ownership (#6210) (#6211)
  * Fix issue update race condition (#6194)
  * Fix bug when migrate repository 500 when repo is existed (#6188)
  * Fix scrollbar always present on page body (#6177)
  * Fix bug when set indexer as db and add tests (#6173)
  * Modify linkRegex to require http|https (#6171)
  * Fix bug user could change private repository to public when force private enabled. (#6156)
  * Fix admin list user/org API (#6143)
  * Make repo creation for API similar to UI (#6142)
  * Make document body a flexbox (#6139)
  * Refactor issue indexer, add some testing and fix a bug (#6131)
  * Load Issue attributes for API call (#6122)
  * Fix bug when update owner team then visit team's repo return 404 (#6119)
  * Fix heatmap and repository menu display in Internet Explorer 9+ (#6117)
  * Show private organization for admin, fix #6111 (#6112)
  * Fix prohibit login check on authorization (#6106)
  * Move to ldap.v3 to fix #5928 (#6105)
  * Remove use MakeAssigneeList in webhooks to fix deadlock (#6102)
  * Allow display of LFS stored Readme.md on directory page (#6073) (#6099)
  * Make sure labels are actually returned (#6053)
  * Fix panic: template: repo/issue/list:210: unexpected "=" in operand (#6041)
  * After deleting a repo on admin panel, UI should remember the last sort type (#6033)
  * Default create repository on organisation on its dashboard (#6026)
  * Swagger: Remove spaces in MergePullRequestOption enum (#6016)
  * Fix metrics auth token detection (#6006)
  * Fix repo header issues (#5995)
  * Fix bug when deleting a linked account will removed all (#5989)
  * Make organization dropdown scrollable when using mouse wheel (#5988)
  * Fix empty ssh key importing in ldap (#5984)
  * Admin config page mailertype setting option update (#5973)
  * Fix redirect loop during forced password change (#5965)
  * Show user who created the repository instead of the organisation in action feed (#5948)
  * Remove all CommitStatus when a repo is deleted (#5940)
  * Fix ssh deploy and user key constraints (#1357) (#5939)
  * Fix log output (#5938)
  * Set PusherName and PusherID to owner on deploy key to fix pushing with deploy keys (#5935)
  * Fix compare button (#5929)
  * Fix bug when read public repo lfs file (#5912)
  * Only allow local login if password is non-empty (#5906)
  * Recover panic in orgmode.Render if bad orgfile (#4982) (#5903)
  * Provide better panic handling (#5902)
  * Respect value of REQUIRE_SIGNIN_VIEW (#5901)
  * Show a 404 not a 500 if a repo does not exist (#5900)
  * Ensure repo is loaded in mailer (Completely fix #5891) (#5895)
  * Ensure issue.Poster is loaded in mailIssueCommentToParticipants (#5891)
  * Correct footer height if screen-width is to small (fixes #5878) (#5889)
  * In gitea serv switch off console logger to fix #5866 (#5887)
  * Don't allow pull requests to be created on an archived repository (#5883)
  * Support reviews on a deleted file path (#5880)
  * Fix compare button on upstream repo leading to 404 (#5877)
  * Fix null pointer on not logged in attempt to Sudo (#5872)
  * Fix new release creation API to allow empty target (#5870)
  * Fix an error while adding a dependency via UI. (#5862)
  * Fix failing migration v67 (#5849)
  * Fix delete correct temp directory (#5839)
  * Make sure .git/info is created before generating .git/info/sparse-che… (#5825)
  * Fix topics saving internal error and disable for archived repos (#5821)
  * Fix TLS errors when using acme/autocert for local connections (#5820)
  * When creating new repository fsck option should be enabled (#5817)
  * Request for public keys only if LDAP attribute is set  (#5816)
  * Fix serving of raw wiki files other than .md (#5814)
  * Fix migration 78 error mssql (#5791)
  * Disallow empty titles (#5785)
  * Fix the v78 migration script (#5776)
  * Ensure valid git author names passed in signatures (#5774)
  * Fix wrong assumption where a user is always said to have unassigned (her)himself (#5769)
  * Upgrade go-sql-driver/mysql to fix invalid connection error (#5748)
  * Fixing PostgreSQL dump creation (#5747)
  * Add proper CORS preflight origin validation (#5740)
  * Disable auto-migrate in docker container (#5730)
  * In basic auth check for tokens before call UserSignIn (#5725)
  * Pooled and buffered gzip implementation (#5722)
  * Ensure that sessions are passed into queries that could use the database to prevent deadlocks (#5718)
  * Keep file permissions during database migration (#5707)
  * Use correct value for "MSpan Structures Obtained" #4742 (#5706)
  * Refactor editor upload, update and delete to use git plumbing and add LFS support (#5702)
  * Update xorm to fix issue #5659 and #5651 (#5680)
  * Fix public will not be reused as public key after deleting as deploy key (#5671)
  * When redirecting, clean the path (#5669)
  * Don't list an issue on its own dependency list UI. (#5658)
  * Fix commit page showing status for current default branch (#5649) (#5650)
  * Only count users own actions for heatmap contributions (#5647)
  * Fix sqlite deadlock when assigning to a PR (#5640)
  * Refactor issue indexer (#5363)
* TESTING
  * Run benchmark at tag to track performances (#6035)
  * Add test environment for MySQL8 (#5234)
* BUILD
  * Use go 1.12 for tests and deprecate go 1.9 (#6186)
  * Makefile changes for Windows and easier development (#6103)
  * Update bleve dependency to latest master revision (#6100)
  * Switch to more recent build of xgo (#6070)
  * Add autoprefixer to css build (#6029)
  * Update the version of less (#6010)
  * Make log mailer for testing (#5893)
* DOCS
  * Add more tests and docs for issue indexer, add db indexer type for searching from database (#6144)
  * update default value of `--must-change-password` cli flag (#6032)
  * Update and expand information about building Gitea (#6019)
  * Update U2F Section of app.ini.sample (#5994)
  * Update swagger for release API pagination (#5841)
  * Added docs for the tree api (#5834)
* MISC
  * Add single commit API support (#5843)
  * Add missing GET teams endpoints (#5382)
  * Migrate database if app.ini found (#5290)

v1.9.0-dev

* SECURITY
  * Fix potential XSS vulnerability in repository description. (#6306) (#6308)
* BUGFIXES
  * Fix wrong release commit id (#6224) (#6300)
  * Fix panic on empty signed commits (#6292) (#6300)
  * Fix organization dropdown not being scrollable when using mouse wheel (#5988) (#6246)
  * Fix displaying dashboard even if required to change password (#6214) (#6215)

* BUGFIXES
  * Fix server 500 when trying to migrate to an already existing repository (#6188) (#6197)
  * Load Issue attributes for API /repos/{owner}/{repo}/issues/{index} (#6122) (#6185)
  * Fix bug whereby user could change private repository to public when force private enabled. (#6156) (#6165)
  * Fix bug when update owner team then visit team's repo return 404 (#6119) (#6166)
  * Fix heatmap and repository menu display in Internet Explorer 9+ (#6117) (#6137)
  * Fix prohibit login check on authorization (#6106) (#6115)
  * Fix LDAP protocol error regression by moving to ldap.v3 (#6105) (#6107)
  * Fix deadlock in webhook PullRequest (#6102) (#6104)
  * Fix redirect loop when password change is required and Gitea is installed as a suburl (#5965) (#6101)
  * Fix compare button regression (#5929) (#6098)
  * Recover panic in orgmode.Render if bad orgfile (#4982) (#5903) (#6097)

* BUGFIXES
  * Remove all CommitStatus when a repo is deleted (#5940) (#5941)
  * Fix notifications on pushing with deploy keys by setting hook environment variables (#5935) (#5944)
  * Silence console logger in gitea serv (#5887) (#5943)
  * Handle milestone webhook events for issues and PR (#5947) (#5955)
  * Show user who created the repository instead of the organization in action feed (#5948) (#5956)
  * Fix ssh deploy and user key constraints (#1357) (#5939) (#5966)
  * Fix bug when deleting a linked account will removed all (#5989) (#5990)
  * Fix empty ssh key importing in ldap (#5984) (#6009)
  * Fix metrics auth token detection (#6006) (#6017)
  * Create repository on organisation by default on its dashboard (#6026) (#6048)
  * Make sure labels are actually returned in API (#6053) (#6059)
  * Switch to more recent build of xgo (#6070) (#6072)
  * In basic auth check for tokens before call UserSignIn (#5725) (#6083)

* SECURITY
  * Disable redirect for i18n (#5910) (#5916)
  * Only allow local login if password is non-empty (#5906) (#5908)
  * Fix go-get URL generation (#5905) (#5907)
* BUGFIXES
  * Fix TLS errors when using acme/autocert for local connections (#5820) (#5826)
  * Request for public keys only if LDAP attribute is set (#5816) (#5819)
  * Fix delete correct temp directory (#5840) (#5839)
  * Fix an error while adding a dependency via UI (#5862) (#5876)
  * Fix null pointer in attempt to Sudo if not logged in (#5872) (#5884)
  * When creating new repository fsck option should be enabled (#5817) (#5885)
  * Prevent nil dereference in mailIssueCommentToParticipants (#5891) (#5895) (#5894)
  * Fix bug when read public repo lfs file (#5913) (#5912)
  * Respect value of REQUIRE_SIGNIN_VIEW (#5901) (#5915)
  * Fix compare button on upstream repo leading to 404 (#5877) (#5914)
* DOCS
  * Added docs for the tree api (#5835)
* MISC
  * Include Go toolchain to --version (#5832) (#5830)

* SECURITY
  * Do not display the raw OpenID error in the UI (#5705) (#5712)
  * When redirecting clean the path to avoid redirecting to external site (#5669) (#5679)
  * Prevent DeleteFilePost doing arbitrary deletion (#5631)
* BREAKING
  * Restrict permission check on repositories and fix some problems (#5314)
  * Show only opened milestones on issues page milestone filter (#5051)
* FEATURE
  * Implement git refs API for listing references (branches, tags and other) (#5354)
  * Approvals at Branch Protection (#5350)
  * Add raw blob endpoint to get objects by SHA ID (#5334)
  * Add api for user to create org (#5268)
  * Create AuthorizedKeysCommand (#5236)
  * User action heatmap (#5131)
  * Refactor heatmap to vue component (#5401)
  * Webhook for Pull Request approval/rejection (#5027)
  * Add command for migrating database (#4954)
  * Search keyword by splitting provided values by , (#4939)
  * Create Progressive Web App (#4730)
  * Give user a link to create PR after push (#4716)
  * Add rebase with merge commit merge style (#3844) (#4052)
* BUGFIXES
  * Disallow empty titles (#5785) (#5794)
  * Fix sqlite deadlock when assigning to a PR (#5640) (#5642)
  * Don't close issues via commits on non-default branch. (#5622) (#5643)
  * Fix commit page showing status for current default branch (#5650) (#5653)
  * Only count users own actions for heatmap contributions (#5647) (#5655)
  * Update xorm to fix issue postgresql dumping issues (#5680) (#5692)
  * Use correct value for "MSpan Structures Obtained" (#5706) (#5716)
  * Fix bug on modifying sshd username (#5624)
  * Delete tags in mirror which are removed for original repo. (#5609)
  * Fix wrong text getting saved on editing second comment on an issue. (#5608)
  * Fix nil pointer when adding a due date  (#5587)
  * Fix type mismatch of format string (#5574)
  * Fix bug on upload file name (#5571)
  * Issue is not overdue when it is on the same date #5566 (#5568)
  * Fix indexer reindex bug when gitea restart (#5563)
  * Fix table name typo on SQL (#5562)
  * Synchronize SSH keys on login with LDAP + Fix SQLite deadlock on ldap ssh key deletion (#5557)
  * Fix makefile generate buildstep (#5556)
  * Fix nil pointer base branch bug (#5555)
  * Fix permission check on api create org (#5523)
  * Fix detect force push failure on deletion of protected branches (#5522)
  * Fix approvals limitation (#5521)
  * Fix bug when a read perm user to edit his issue (#5516)
  * Fix adding reaction fail for read permission user (#5515)
  * Fixing MSSQL timestamp type (#5511)
  * Fix forgot deletion of notification when delete repository (#5506)
  * Fix empty wiki (#5504)
  * Fix clone wiki failed via ssh (#5503)
  * Fix code review on mssql (#5502)
  * Fix lfs version check warning log when using ssh protocol (#5501)
  * Fix topic name length on database (#5493)
  * Ensure that the `closed_at` is set for closed issues (#5449)
  * Admin should be able to delete repos via the API even if he is not a member of the organization (#5443)
  * Word-Break the WebHook url to prevent a ui-break (#5432)
  * Fix forgot removed records when deleting user (#5429)
  * Fix repository deletion when there is large number of issues in it (#5426)
  * Fix heatmap colors for Chrome/Safari (#5421)
  * Fix password variable shadowing (#5405)
  * Fix dependent issue searching when gitea is run in subpath (#5392)
  * Don't force a password change for the admin user when creating an account via cli (#5391)
  * API: '/orgs/:org/repos': return private repos with read access (#5383)
  * Don't send assign webhooks when creating issue (#5365)
  * Removing Labels via EditPullRequest API (#5348)
  * Migration fixes for gogs (0.11.66) to gitea (1.6.0) #5318 (#5341)
  * Fix bug when users have serval teams with different units on different repositories (#5307)
  * Fix U2F if gitea is configured in subpath (#5302)
  * Fix file edit change preview functionality (#5300)
  * Update gitignore list (#5258)
  * Fixed heatmap not working in mssql (#5248)
  * Fixed wrong api request url for instances running in subfolders (#5247)
  * Fix compatibility heatmap with mysql 8 (#5232)
  * Fix data race on migrate repository (#5224)
  * Fix sqlite and mssql lock (#5214)
  * Fix sqlite lock (#5210)
  * Fix: Accept web-command cli flags if web-command is commited (#5200)
  * Fix: Add secret to all webhook's payload where it has been missing (#5199)
  * Fix race on updatesize (#5190)
  * Fix create team, update team missing units (#5188)
  * Fix sqlite lock (#5184 & #5176)
  * Fix showing pull request link when delete a branch (#5166)
  * Fix JSON result of empty array in heatmap data array (#5154)
  * Update build tags for sqlite_unlock notify (#5144)
  * This commit will reduce join star, repo_topic, topic tables on repo search, so that fix extra columns problem on mssql (#5136)
  * Fix deadlock when sqlite (#5118)
  * Add comment replies (#5104)
  * Fix home page template regression (#5102)
  * Fix regex to support optional end line of old section in diff hunk (#5096)
  * LDAP via simple auth separate bind user and search base (#5055)
  * Fix markdown image with link (#4675)
  * Fix to 3819 - Filtering issues by tags on main screen issues (#3824)
* ENHANCEMENT
  * Delete organization endpoint added (#5601)
  * Update Licenses (#5558)
  * Support reverse proxy providing email (#5554)
  * Add git protocol v2 support via SSH on Docker image (#5520)
  * Add tests for api user orgs (#5494)
  * Allow link verification for services like Mastodon (#5481)
  * Improve team members and repositories settings UI (#5457)
  * Remove the required class from optional ssh port in installation page (#5428)
  * Explicitly disable Git credential helper (#5367)
  * Setting Labels via EditPullRequest API (#5347)
  * Implement pasting image from clipboard for browsers that supports that (#5317)
  * Milestone issues and pull requests (#5293)
  * Support envs on external render commands (#5278)
  * Add option to disable automatic mirror syncing. (#5242)
  * Remove unused db init on commands serv, update, hooks (#5225)
  * Serve audio files using HTML5 audio tag (#5221)
  * Pass link prefixes to external markup parsers (#5201)
  * Add AutoHead functionality. (#5186)
  * Fix emojis not showing in commit messages (#5168)
  * Block registration based on email domain (#5157)
  * Update vendor/go-sqlite3 (#5133 & #5162)
  * Update x/net lib (#5169)
  * Show review summary in pull requests (#5132)
  * Use type switch (#5122)
  * Remove duplicated if bodies (#5121)
  * Remove check for negative length (#5120)
  * Make switch more clear (#5119)
  * Use named const instead of a raw string (#5115)
  * Fix issue where ecdsa and other key types are not synced from LDAP (#5092) (#5094)
  * Refactor: err != nil check, just return error instead (#5093)
  * Add notification interface and refactor UI notifications (#5085)
  * Use APP_NAME on home page (#5048)
  * Explicitly decide whether to  use TLS in mailer's configuration (#5024)
  * Generate random password (#5023)
  * UX of link account (Step 1) (#5006)
  * Make sure argsSet verifies string isn't empty too (#4980)
  * Improve performance of dashboard (#4977)
  * Keys API changes (#4960)
  * Add must-change-password flag to cli for creating a user (#4955)
  * Use native go method to get current user rather than environment variable (#4930)
  * Make gitea serv use api/internal (#4886)
  * Add support for search by uid (#4876)
  * Allow to add organization members as collaborators on organization owned repositories (#4748)
* TESTING
  * Kill testing processes if the test takes too long (#5174)
  * Update outdated Go toolchain version for .drone.yml (#5146)
  * Increase the retry limit to 20 times and the interval to 200ms (#5134)
  * Retry test-fixtures loading in case of transaction rollback (#5125)
  * Added test environment for mssql (#4282)
* BUILD
  * Replace lint to revive (#5422)
  * Update golang version in Dockerfile (#5246)
* DOCS
  * Typo in routers/api/v1/org/org.go fixed. (#5598)
  * Update the docs for sqlite_unlock_notify (#5145)
  * CN translation of docs part (#5049)
  * Kubernetes deployment file (#5046)
* MISC
  * Upgrade alpine to 3.8 (#5423)
  * Git-Trees API (#5403)
  * Only chown directories during docker setup if necessary. Fix #4425 (#5064)

* SECURITY
  * Do not display the raw OpenID error in the UI (#5705) (#5712)
  * When redirecting clean the path to avoid redirecting to external site (#5669) (#5679)
* BUGFIX
  * Fix sqlite deadlock when assigning to a PR (#5640) (#5642)
  * Don't close issues via commits on non-default branch. (#5622) (#5643)
  * Fix commit page showing status for current default branch (#5650) (#5653)
  * Only count users own actions for heatmap contributions (#5647) (#5655)
  * Update xorm to fix issue postgresql dumping issues (#5680) (#5692)
  * Use correct value for "MSpan Structures Obtained" (#5706) (#5716)

* BUGFIX
  * Fix SSH key now can be reused as public key after deleting as deploy key (#5671) (#5685)
  * When redirecting clean the path to avoid redirecting to external site (#5669) (#5703)
  * Fix to use correct value for "MSpan Structures Obtained" (#5706) (#5715)

* SECURITY
  * Prevent DeleteFilePost doing arbitrary deletion (#5631)

* SECURITY
  * Prevent DeleteFilePost doing arbitrary deletion (#5631)
* BUGFIX
  * Fix wrong text getting saved on editing second comment on an issue (#5608)