Skip to content
Tags give the ability to mark specific points in history as being important
  • v1.17.0-rc1
    710a1419 · Changelog v1.17.0-rc1 (#20023) · 
    v1.17.0-rc1

* BREAKING
  * Require go1.18 for Gitea 1.17 (#19918)
  * Make AppDataPath absolute against the AppWorkPath if it is not (#19815)
  * Nuke the incorrect permission report on /api/v1/notifications (#19761)
  * Refactor git module, make Gitea use internal git config (#19732)
  * Remove `RequireHighlightJS` field, update plantuml example. (#19615)
  * Increase minimal required git version to 2.0 (#19577)
  * Add a directory prefix `gitea-src-VERSION` to release-tar-file (#19396)
  * Use "main" as default branch name (#19354)
  * Make cron task no notice on success (#19221)
  * Add pam account authorization check (#19040)
  * Show messages for users if the ROOT_URL is wrong, show JavaScript errors (#18971)
  * Refactor mirror code & fix StartToMirror (#18904)
  * Remove deprecated SSH ciphers from default (#18697)
  * Add the possibility to allow the user to have a favicon which differs from the main logo (#18542)
  * Update reserved usernames list (#18438)
  * Support custom ACME provider (#18340)
  * Change initial TrustModel to committer (#18335)
  * Update HTTP status codes (#18063)
  * Upgrade Alpine from 3.13 to 3.15 (#18050)
  * Restrict email address validation (#17688)
  * Refactor Router Logger (#17308)
* SECURITY
  * Remove deprecated SSH ciphers from default (#18697)
* FEDERATION
  * Return statistic information for nodeinfo (#19561)
  * Add Webfinger endpoint (#19462)
  * Store the foreign ID of issues during migration (#18446)
* FEATURES
  * Automatically render wiki TOC (#19873)
  * Adding button to link accounts from user settings (#19792)
  * Allow set default merge style while creating repo (#19751)
  * Auto merge pull requests when all checks succeeded (#9307 & #19648)
  * Improve reviewing PR UX (#19612)
  * Add support for rendering console output with colors (#19497)
  * Add Helm Chart registry (#19406)
  * Add Goroutine stack inspector to admin/monitor (#19207)
  * RSS/Atom support for Orgs & Repos (#17714 & #19055)
  * Add button for issue deletion (#19032)
  * Allow to mark files in a PR as viewed (#19007)
  * Add Index to comment for migrations and mirroring (#18806)
  * Add health check endpoint (#18465)
  * Add packagist webhook (#18224)
  * Add "Allow edits from maintainer" feature (#18002)
  * Add apply-patch, basic revert and cherry-pick functionality (#17902)
  * Add Package Registry (#16510)
  * Add LDAP group sync to Teams (#16299)
  * Pause queues (#15928)
  * Added auto-save whitespace behavior if it changed manually (#15566)
  * Find files in repo (#15028)
  * Provide configuration to allow camo-media proxying (#12802)
* API
  * Add endpoint to serve blob or LFS file content (#19689)
  * Add endpoint to check if team has repo access (#19540)
  * More commit info (#19252)
  * Allow to create file on empty repo (#19224)
  * Allow removing issues (#18879)
  * Add endpoint to query collaborators permission for a repository (#18761)
  * Return primary language and repository language stats API URL (#18396)
  * Implement http signatures support for the API (#17565)
* ENHANCEMENTS
  * Add dbconsistency checks for Stopwatches (#20010)
  * Add fetch.writeCommitGraph to gitconfig (#20006)
  * Add fgprof pprof profiler (#20005)
  * Move agit dependency (#19998)
  * Empty log queue on flush and close (#19994)
  * Remove tab/TabName usage where it's not needed (#19973)
  * Improve file header on mobile (#19945)
  * Move issues related files into models/issues (#19931)
  * Add breaking email restrictions checker in doctor (#19903)
  * Improve UX on modal for deleting an access token (#19894)
  * Add alt text to logo (#19892)
  * Move some code into models/git (#19879)
  * Remove customized (unmaintained) dropdown, improve aria a11y for dropdown (#19861)
  * Make user profile image show full image on mobile (#19840)
  * Replace blue button and label classes with primary (#19763)
  * Remove fomantic progress module (#19760)
  * Allows repo search to match against "owner/repo" pattern strings (#19754)
  * Move org functions (#19753)
  * Move almost all functions' parameter db.Engine to context.Context (#19748)
  * Show source/target branches on PR's list (#19747)
  * Use http.StatusTemporaryRedirect(307) when serve avatar directly (#19739)
  * Add doctor orphan check for orphaned pull requests without an existing base repo  (#19731)
  * Make Ctrl+Enter (quick submit) work for issue comment and wiki editor (#19729)
  * Update go-chi/cache to utilize Ping() (#19719)
  * Improve commit list/view on mobile (#19712)
  * Move some repository related code into sub package (#19711)
  * Use a better OlderThan for DeleteInactiveUsers (#19693)
  * Introduce eslint-plugin-jquery (#19690)
  * Tidy up `<head>` template (#19678)
  * Calculate filename hash only once (#19654)
  * Simplify `IsVendor` (#19626)
  * Add "Reference" section to Issue view sidebar (#19609)
  * Only set CanColorStdout / CanColorStderr to true if the stdout/stderr is a terminal (#19581)
  * Use for a repo action one database transaction (#19576)
  * Simplify loops to copy (#19569)
  * Added X-Mailer header to outgoing emails (#19562)
  * use middleware to open gitRepo (#19559)
  * Mute link in diff header (#19556)
  * Improve UI on mobile (#19546)
  * Fix Pull Request comment filename word breaks (#19535)
  * Permalink files In PR diff (#19534)
  * PullService lock via pullID (#19520)
  * Make repository file list useable on mobile (#19515)
  * more context for models  (#19511)
  * Allow package dump skipping (#19506)
  * Refactor readme file renderer (#19502)
  * By default force vertical tabs on mobile (#19486)
  * Github style following followers (#19482)
  * Improve action table indices (#19472)
  * Use horizontal tabs for repo header on mobile (#19468)
  * pass gitRepo down since its used for main repo and wiki (#19461)
  * Admin should not delete himself (#19423)
  * Use queue instead of memory queue in webhook send service (#19390)
  * Simplify the code to get issue count (#19380)
  * Add commit status popup to issuelist (#19375)
  * Add RSS Feed buttons to Repo, User and Org pages (#19370)
  * Add logic to switch between source/rendered on Markdown (#19356)
  * Move some helper files out of models (#19355)
  * Move access and repo permission to models/perm/access (#19350)
  * Disallow selecting the text of buttons (#19330)
  * Allow custom redirect for landing page (#19324)
  * Repository level enable package or disable (#19323)
  * Remove dependent on session auth for api/v1 routers (#19321)
  * Never use /api/v1 from Gitea UI Pages (#19318)
  * Remove legacy unmaintained packages, refactor to support change default locale (#19308)
  * Move milestone to models/issues/ (#19278)
  * Configure OpenSSH log level via Environment in Docker (#19274)
  * Move reaction to models/issues/ (#19264)
  * Make git.OpenRepository accept Context (#19260)
  * Move some issue methods as functions (#19255)
  * Show last cron messages on monitor page (#19223)
  * New cron task: delete old system notices (#19219)
  * Add Redis Sentinel Authentication Support (#19213)
  * Add auto logging of goroutine pid label (#19212)
  * Set OpenGraph title to DisplayName in profile pages  (#19206)
  * Add pprof labels in processes and for lifecycles (#19202)
  * Let web and API routes have different auth methods group (#19168)
  * Move init repository related functions to modules (#19159)
  * Feeds: render markdown to html (#19058)
  * Allow users to self-request a PR review (#19030)
  * Allow render HTML with css/js external links (#19017)
  * Fix script compatiable with OpenWrt (#19000)
  * Support ignore all santize for external renderer (#18984)
  * Add note to GPG key response if user has no keys (#18961)
  * Improve Stopwatch behavior (#18930)
  * Improve mirror iterator (#18928)
  * Uncapitalize errors (#18915)
  * Prevent Stats Indexer reporting error if repo dir missing (#18870)
  * Refactor SecToTime() function (#18863)
  * Replace deprecated String.prototype.substr() with String.prototype.slice() (#18796)
  * Move deletebeans into models/db (#18781)
  * Fix display time of milestones (#18753)
  * Add config option to disable "Update branch by rebase" (#18745)
  * Display template path of current page in dev mode (#18717)
  * Add number in queue status to monitor page (#18712)
  * Change git.cmd to RunWithContext (#18693)
  * Refactor i18n, use Locale to provide i18n/translation related functions (#18648)
  * Delete old git.NewCommand() and use it as git.NewCommandContext() (#18552)
  * Move organization related structs into sub package (#18518)
  * Warn at startup if the provided `SCRIPT_TYPE` is not on the PATH (#18467)
  * Use `CryptoRandomBytes` instead of `CryptoRandomString` (#18439)
  * Use explicit jQuery import, remove unused eslint globals (#18435)
  * Allow to filter repositories by language in explore, user and organization repositories lists (#18430)
  * Use base32 for 2FA scratch token (#18384)
  * Unexport var git.GlobalCommandArgs (#18376)
  * Don't underline commit status icon on hover (#18372)
  * Always use git command but not os.Command (#18363)
  * Switch to non-deprecation setting (#18358)
  * Set the LastModified header for raw files (#18356)
  * Refactor jwt.StandardClaims to RegisteredClaims (#18344)
  * Enable deprecation error for v1.17.0 (#18341)
  * Refactor httplib (#18338)
  * Limit max-height of CodeMirror editors for issue comment and wiki (#18271)
  * Validate migration files (#18203)
  * Format with gofumpt (#18184)
  * Allow custom default merge message with .gitea/default_merge_message/<merge_style>_TEMPLATE.md (#18177)
  * Prettify number of issues (#17760)
  * Add a "admin user generate-access-token" subcommand (#17722)
  * Move project files into models/project sub package (#17704)
  * Custom regexp external issues (#17624)
  * Add smtp password to install page (#17564)
  * Add config options to hide issue events (#17414)
  * Prevent double click new issue/pull/comment button (#16157)
  * Show issue assignee on project board (#15232)
* BUGFIXES
  * Alter hook_task TEXT fields to LONGTEXT (#20038) (#20041)
  * Respond with a 401 on git push when password isn't changed yet (#20026) (#20027)
  * Return 404 when tag is broken (#20017) (#20024)
  * Write Commit-Graphs in RepositoryDumper (#20004)
  * Use DisplayName() instead of FullName in Oauth Provider (#19991)
  * Don't buffer doctor logger (#19982)
  * Always try to fetch repo for mirrors (#19975)
  * Uppercase first languages letters (#19965)
  * Fix cli command restore-repo: "units" should be parsed as StringSlice (#19953)
  * Ensure minimum mirror interval is reported on settings page (#19895)
  * Exclude Archived repos from Dashboard Milestones (#19882)
  * gitconfig: set safe.directory = * (#19870)
  * Prevent NPE on update mirror settings (#19864)
  * Only return valid stopwatches to the EventSource (#19863)
  * Prevent NPE whilst migrating if there is a team request review (#19855)
  * Fix inconsistency in doctor output (#19836)
  * Fix release tag for webhook (#19830)
  * Add title attribute to dependencies in sidebar (#19807)
  * Estimate Action Count in Statistics (#19775)
  * Do not update user stars numbers unless fix is specified (#19750)
  * Improved ref comment link when origin is body/title (#19741)
  * Fix nodeinfo caching and prevent NPE if cache non-existent (#19721)
  * Fix duplicate entry error when add team member (#19702)
  * Fix sending empty notifications (#19589)
  * Update image URL for Discord webhook (#19536)
  * Don't let repo clone URL overflow (#19517)
  * Allow commit status popup on /pulls page (#19507)
  * Fix two UI bugs: JS error in imagediff.js, 500 error in diff/compare.tmpl (#19494)
  * Fix logging of Transfer API (#19456)
  * Fix panic in teams API when requesting members (#19360)
  * Refactor CSRF protection modules, make sure CSRF tokens can be up-to-date. (#19337)
  * An attempt to sync a non-mirror repo must give 400 (Bad Request) (#19300)
  * Move checks for pulls before merge into own function (#19271)
  * Fix `contrib/upgrade.sh` (#19222)
  * Set the default branch for repositories generated from templates (#19136)
  * Fix EasyMDE error when input Enter (#19004)
  * Don't clean up hardcoded `tmp` (#18983)
  * Delete related notifications on issue deletion too (#18953)
  * Fix trace log to show value instead of pointers (#18926)
  * Fix behavior or checkbox submission. (#18851)
  * Add `ContextUser` (#18798)
  * Fix some mirror bugs (#18649)
  * Quote MAKE to prevent path expansion with space error (#18622)
  * Preserve users if restoring a repository on the same Gitea instance (#18604)
  * Fix non-ASCII search on database  (#18437)
  * Automatically pause queue if index service is unavailable (#15066)
* TESTING
  * Allow postgres integration tests to run over unix pipe (#19875)
  * Prevent intermittent NPE in queue tests (#19301)
  * Add test for importing pull requests in gitea uploader for migrations (#18752)
  * Remove redundant comparison in repo dump/restore (#18660)
  * More repo dump/restore tests, including pull requests  (#18621)
  * Add test coverage for original author conversion during migrations (#18506)
* TRANSLATION
  * Update issue_no_dependencies description (#19112)
  * Refactor webhooks i18n (#18380)
* BUILD
  * Use alpine 3.16 (#19797)
  * Require node 14.0 (#19451)
* DOCS
  * Update documents (git/fomantic/db, etc) (#19868)
  * Update the ROOT documentation and error messages (#19832)
  * Update document to use FHS `/usr/local/bin/gitea` instead of `/app/...` for Docker (#19794)
  * Update documentation to disable duration settings with -1 instead of 0 (#19647)
  * Add warning to set SENDMAIL_ARGS to --  (#19102)
  * Update nginx reverse proxy docs (#18922)
  * Add example to render html files (#18736)
  * Make SSH passtrough documentation better (#18687)
  * Changelog 1.16.0 & 1.15.11 (#18468 & #18455)  (#18470)
  * Update the SSH passthrough documentation (#18366)
  * Add `contrib/upgrade.sh` (#18286)
* MISC
  * Fix aria for logo (#19955)
  * In code search, get code unit accessible repos in one (main) query (#19764)
  * Enable packages by default again (#19746)
  * Add tooltip to pending PR comments (#19662)
  * Improve sync performance for pull-mirrors (#19125)
  * Improve dashboard's repo list performance (#18963)
  * Avoid database lookups for `DescriptionHTML` (#18924)
  * Remove CodeMirror dependencies (#18911)
  * Disable unnecessary mirroring elements (#18527)
  * Disable unnecessary OpenID/OAuth2 elements (#18491)
  * Disable unnecessary GitHooks elements (#18485)
  * Change some logging levels (#18421)
  * Prevent showing webauthn error for every time visiting `/user/settings/security` (#18385)
  * Use correct translation key for errors (#18342)
  • v1.18.0-dev
    433443ff · Dump should only copy regular files and symlink regular files (#20015) · 
    start work on v1.18.0
  • v1.16.8-git-annex
    c9cad64e · git-annex support ·
  • v1.16.8
    09b76295 · Add changelog for v1.16.8 (#19724) · 
    * ENHANCEMENTS
  * Add doctor check/fix for bogus action rows (#19656) (#19669)
  * Make .cs highlighting legible on dark themes. (#19604) (#19605)
* BUGFIXES
  * Fix oauth setting list bug (#19681)
  * Delete user related oauth stuff on user deletion too (#19677) (#19680)
  * Fix new release from tags list UI (#19670) (#19673)
  * Prevent NPE when checking repo units if the user is nil (#19625) (#19630)
  * GetFeeds must always discard actions with dangling repo_id (#19598) (#19629)
  * Call MultipartForm.RemoveAll when request finishes (#19606) (#19607)
  * Avoid MoreThanOne error when creating a branch whose name conflicts with other ref names (#19557) (#19591)
  * Fix sending empty notifications (#19589) (#19590)
  * Ignore DNS error when doing migration allow/block check (#19566) (#19567)
  * Fix issue overview for teams (#19652) (#19653)
  • v1.16.7-git-annex-http
    90ce33ad · Sketch in an Annex setting, to the dumb-http git-annex part ·
  • v1.16.7-git-annex
    9844245d · Return permission mode from API, and use it to decide on GIT_ANNEX_READONLY ·
  • v1.16.7
    f4729e24 · Add Changelog v1.16.7 (#19575) · 
    * SECURITY
  * Escape git fetch remote (#19487) (#19490)
* BUGFIXES
  * Don't overwrite err with nil (#19572) (#19574)
  * On Migrations, only write commit-graph if wiki clone was successful (#19563) (#19568)
  * Respect DefaultUserIsRestricted system default when creating new user (#19310) (#19560)
  * Don't error when branch's commit doesn't exist (#19547) (#19548)
  * Support `hostname:port` to pass host matcher's check (#19543) (#19544)
  * Prevent intermittent race in attribute reader close (#19537) (#19539)
  * Fix 64-bit atomic operations on 32-bit machines (#19531) (#19532)
  * Prevent dangling archiver goroutine (#19516) (#19526)
  * Fix migrate release from github (#19510) (#19523)
  * When view _Siderbar or _Footer, just display once (#19501) (#19522)
  * Fix blame page select range error and some typos (#19503)
  * Fix name of doctor fix "authorized-keys" in hints (#19464) (#19484)
  * User specific repoID or xorm builder conditions for issue search (#19475) (#19476)
  * Prevent dangling cat-file calls (goroutine alternative) (#19454) (#19466)
  * RepoAssignment ensure to close before overwrite (#19449) (#19460)
  * Set correct PR status on 3way on conflict checking (#19457) (#19458)
  * Mark TemplateLoading error as "UnprocessableEntity" (#19445) (#19446)
  • v1.16.6-git-annex
    13ea5f78 · Return permission mode from API, and use it to decide on GIT_ANNEX_READONLY ·
  • v1.16.6
    acd64806 · Add Changelog v1.16.6 (#19339) · 
    v1.16.6

* ENHANCEMENTS
 * Only request write when necessary (#18657) (#19422)
 * Disable service worker by default (#18914) (#19342)
* BUGFIXES
  * When dumping trim the standard suffices instead of a random suffix (#19440) (#19447)
  * Fix DELETE request for non-existent public key (#19443) (#19444)
  * Don't panic on ErrEmailInvalid (#19441) (#19442)
  * Add uploadpack.allowAnySHA1InWant to allow --filter=blob:none with older git clients (#19430) (#19438)
  * Warn on SSH connection for incorrect configuration (#19317) (#19437)
  * Search Issues via API, dont show 500 if filter result in empty list (#19244) (#19436)
  * When updating mirror repo intervals by API reschedule next update too (#19429) (#19433)
  * Fix nil error when some pages are rendered outside request context (#19427) (#19428)
  * Fix double blob-hunk on diff page (#19404) (#19405)
  * Don't allow merging PR's which are being conflict checked (#19357) (#19358)
  * Fix middleware function's placements (#19377) (#19378)
  * Fix invalid CSRF token bug, make sure CSRF tokens can be up-to-date (#19338)
  * Restore user autoregistration with email addresses (#19261) (#19312)
  * Move checks for pulls before merge into own function (#19271) (#19277)
  * Granular webhook events in editHook (#19251) (#19257)
  * Only send webhook events to active system webhooks and only deliver to active hooks (#19234) (#19248)
  * Use full output of git show-ref --tags to get tags for PushUpdateAddTag (#19235) (#19236)
  * Touch mirrors on even on fail to update (#19217) (#19233)
  * Hide sensitive content on admin panel progress monitor (#19218 & #19226) (#19231)
  * Fix clone url JS error for the empty repo page (#19209)
  * Bump goldmark to v1.4.11 (#19201) (#19203)
* TESTING
  * Prevent intermittent failures in RepoIndexerTest (#19225 #19229) (#19228)
* BUILD
  * Revert the minimal golang version requirement from 1.17 to 1.16 and add a warning in Makefile (#19319)
* MISC
  * Performance improvement for add team user when org has more than 1000 repositories (#19227) (#19289)
  * Check go and nodejs version by go.mod and package.json (#19197) (#19254)
  • v1.16.5-git-annex
    92bc4f12 · Return permission mode from API, and use it to decide on GIT_ANNEX_READONLY ·
  • v1.17.0-dev-git-annex
    521eb284 · Return permission mode from API, and use it to decide on GIT_ANNEX_READONLY ·
  • v1.16.5
    bab7d885 · Changelog for 1.16.5 (#19189) · 
    * BREAKING
  * Bump to build with go1.18 (#19120 et al) (#19127)
* SECURITY
  * Prevent redirect to Host (2) (#19175) (#19186)
  * Try to prevent autolinking of displaynames by email readers (#19169) (#19183)
  * Clean paths when looking in Storage (#19124) (#19179)
  * Do not send notification emails to inactive users (#19131) (#19139)
  * Do not send activation email if manual confirm is set (#19119) (#19122)
* ENHANCEMENTS
  * Use the new/choose link for New Issue on project page (#19172) (#19176)
* BUGFIXES
  * Fix showing issues in your repositories (#18916) (#19191)
  * Fix compare link in active feeds for new branch (#19149) (#19185)
  * Redirect .wiki/* ui link to /wiki (#18831) (#19184)
  * Ensure deploy keys with write access can push (#19010) (#19182)
  * Ensure that setting.LocalURL always has a trailing slash (#19171) (#19177)
  * Cleanup protected branches when deleting users & teams (#19158) (#19174)
  * Use IterateBufferSize whilst querying repositories during adoption check (#19140) (#19160)
  * Fix NPE /repos/issues/search when not signed in (#19154) (#19155)
  * Use custom favicon when viewing static files if it exists (#19130) (#19152)
  * Fix the editor height in review box (#19003) (#19147)
  * Ensure isSSH is set whenever DISABLE_HTTP_GIT is set (#19028) (#19146)
  * Fix wrong scopes caused by empty scope input (#19029) (#19145)
  * Make migrations SKIP_TLS_VERIFY apply to git too (#19132) (#19141)
  * Handle email address not exist (#19089) (#19121)
* MISC
  * Update json-iterator to allow compilation with go1.18 (#18644) (#19100)
  * Update golang.org/x/crypto (#19097) (#19098)
  • v1.16.4
    f460b754 · Changelog v1.16.4 (#19081) · 
    v1.16.4

* SECURITY
  * Restrict email address validation (#17688) (#19085)
  * Fix lfs bug (#19072) (#19080)
* ENHANCEMENTS
  * Improve SyncMirrors logging (#19045) (#19050)
* BUGFIXES
  * Refactor mirror code & fix `StartToMirror` (#18904) (#19075)
  * Update the webauthn_credential_id_sequence in Postgres (#19048) (#19060)
  * Prevent 500 when there is an error during new auth source post (#19041) (#19059)
  * If rendering has failed due to a net.OpError stop rendering (attempt 2) (#19049) (#19056)
  * Fix flag validation (#19046) (#19051)
  * Add pam account authorization check (#19040) (#19047)
  * Ignore missing comment for user notifications (#18954) (#19043)
  * Set `rel="nofollow noindex"` on new issue links (#19023) (#19042)
  * Upgrading binding package (#19034) (#19035)
  * Don't show context cancelled errors in attribute reader (#19006) (#19027)
  * Fix update hint bug (#18996) (#19002)
* MISC
  *  Fix potential assignee query for repo (#18994) (#18999)
  • v1.16.3
    ff1c5815 · Changelog for v1.16.3 (#18966) · 
    * SECURITY
 * Git backend ignore replace objects (#18979) (#18980)
* ENHANCEMENTS
  * Adjust error for already locked db and prevent level db lock on malformed connstr (#18923) (#18938)
* BUGFIXES
  * Set max text height to prevent overflow (#18862) (#18977)
  * Fix newAttachmentPaths deletion for DeleteRepository() (#18973) (#18974)
  * Accounts with WebAuthn only (no TOTP) now exist ... fix code to handle that case (#18897) (#18964)
  * Send 404 on `/{org}.gpg` (#18959) (#18962)
  * Fix admin user list pagination (#18957) (#18960)
  * Fix lfs management setting (#18947) (#18946)
  * Fix login with email panic when email is not exist (#18942)
  * Update go-org to v1.6.1 (#18932) (#18933)
  * Fix `<strong>` html in translation (#18929) (#18931)
  * Fix page and missing return on unadopted repos API (#18848) (#18927)
  * Allow adminstrator teams members to see other teams (#18918) (#18919)
  * Don't treat BOM escape sequence as hidden character. (#18909) (#18910)
  * Correctly link URLs to users/repos with dashes, dots or underscores (… (#18908)
  * Fix redirect when using lowercase repo name (#18775) (#18902)
  * Fix migration v210 (#18893) (#18892)
  * Fix team management UI (#18887) (18886)
  * BeforeSourcePath should point to base commit (#18880) (#18799)
* TRANSLATION
  * Backport locales from master (#18944)
* MISC
  * Don't update email for organisation (#18905) (#18906)
  • v1.16.2
    8ebf0e68 · Add changelog for v1.16.2 (#18840) · 
    v1.16.2

* ENHANCEMENTS
  * Show fullname on issue edits and gpg/ssh signing info (#18828)
  * Immediately Hammer if second kill is sent (#18823) (#18826)
  * Allow mermaid render error to wrap (#18791)
* BUGFIXES
  * Fix ldap user sync missed email in email_address table (#18786) (#18876)
  * Update assignees check to include any writing team and change org sidebar (#18680) (#18873)
  * Don't report signal: killed errors in serviceRPC (#18850) (#18865)
  * Fix bug where certain LDAP settings were reverted (#18859)
  * Update go-org to 1.6.0 (#18824) (#18839)
  * Fix login with email for ldap users (#18800) (#18836)
  * Fix bug for get user by email (#18834)
  * Fix panic in EscapeReader (#18820) (#18821)
  * Fix ldap loginname (#18789) (#18804)
  * Remove redundant call to UpdateRepoStats during migration (#18591) (#18794)
  * In disk_channel queues synchronously push to disk on shutdown (#18415) (#18788)
  * Fix template bug of LFS lock (#18784) (#18787)
  * Attempt to fix the webauthn migration again - part 3 (#18770) (#18771)
  * Send mail to issue/pr assignee/reviewer also when OnMention is set (#18707) (#18765)
  * Fix a broken link in commits_list_small.tmpl (#18763) (#18764)
  * Increase the size of the webauthn_credential credential_id field (#18739) (#18756)
  * Prevent dangling GetAttribute calls (#18754) (#18755)
  * Fix isempty detection of git repository (#18746) (#18750)
  * Fix source code line highlighting on external tracker (#18729) (#18740)
  * Prevent double encoding of branch names in delete branch (#18714) (#18738)
  * Always set PullRequestWorkInProgressPrefixes in PrepareViewPullInfo (#18713) (#18737)
  * Fix forked repositories missed tags (#18719) (#18735)
  * Fix release typo (#18728) (#18731)
  * Separate the details links of commit-statuses in headers (#18661) (#18730)
  * Update object repo with the migrated repository (#18684) (#18726)
  * Fix bug for version update hint (#18701) (#18705)
  * Fix issue with docker-rootless shimming script (#18690) (#18699)
  * Let `MinUnitAccessMode` return correct perm (#18675) (#18689)
  * Prevent security failure due to bad APP_ID (#18678) (#18682)
  * Restart zero worker if there is still work to do (#18658) (#18672)
  * If rendering has failed due to a net.OpError stop rendering (#18642) (#18645)
* TESTING
  * Ensure git tag tests and others create test repos in tmpdir (#18447) (#18767)
* BUILD
  * Reduce CI go module downloads, add make targets (#18708, #18475, #18443) (#18741)
* MISC
  * Put buttons back in org dashboard (#18817) (#18825)
  * Various Mermaid improvements (#18776) (#18780)
  * C preprocessor colors improvement (#18671) (#18696)
  * Fix the missing i18n key for update checker (#18646) (#18665)
  • v1.16.1
    bb77e6c1 · Add changelog for v1.16.1 (#18614) · 
     ## [1.16.1](https://github.com/go-gitea/gitea/releases/tag/v1.16.1) - 2022-02-06

* SECURITY
  * Update JS dependencies, fix lint (#18389) (#18540)
* ENHANCEMENTS
  * Add dropdown icon to label set template dropdown (#18564) (#18571)
* BUGFIXES
  * Comments on migrated issues/prs must link to the comment ID (#18630) (#18637)
  * Stop logging an error when notes are not found (#18626) (#18635)
  * Ensure that blob-excerpt links work for wiki (#18587) (#18624)
  * Only attempt to flush queue if the underlying worker pool is not finished (#18593) (#18620)
  * Ensure commit-statuses box is sized correctly in headers (#18538) (#18606)
  * Prevent merge messages from being sorted to the top of email chains (#18566) (#18588)
  * Prevent panic on prohibited user login with oauth2 (#18562) (#18563)
  * Collaborator trust model should trust collaborators (#18539) (#18557)
  * Detect conflicts with 3way merge (#18536) (#18537)
  * In docker rootless use $GITEA_APP_INI if provided (#18524) (#18535)
  * Add `GetUserTeams` (#18499) (#18531)
  * Fix review excerpt (#18502) (#18530)
  * Fix for AvatarURL database type (#18487) (#18529)
  * Use `ImagedProvider` for gplus oauth2 provider (#18504) (#18505)
  * Fix OAuth Source Edit Page (#18495) (#18503)
  * Use "read" value for General Access (#18496) (#18500)
  * Prevent NPE on partial match of compare URL and allow short SHA1 compare URLs (#18472) (#18473)
* BUILD
  * Make docker gitea/gitea:v1.16-dev etc refer to the latest build on that branch (#18551) (#18569)
* DOCS
  * Update 1.16.0 changelog to set #17846 as breaking (#18533) (#18534)
  • v1.16.0
    a044ec8b · Changelog 1.16.0 (#18468) · 
    * BREAKING
  * Remove golang vendored directory (#18277)
  * Paginate releases page & set default page size to 10 (#16857)
  * Only allow webhook to send requests to allowed hosts (#17482)
* SECURITY
  * Disable content sniffing on `PlainTextBytes` (#18359) (#18365)
  * Only view milestones from current repo (#18414) (#18417)
  * Sanitize user-input on file name (#17666)
  * Use `hostmatcher` to replace `matchlist` to improve blocking of bad hosts in Webhooks (#17605)
* FEATURES
  * Add/update SMTP auth providers via cli (#18197)
  * Support webauthn (#17957)
  * Team permission allow different unit has different permission (#17811)
  * Implement Well-Known URL for password change (#17777)
  * Add support for ssh commit signing (#17743)
  * Allow Loading of Diffs that are too large (#17739)
  * Add copy button to markdown code blocks (#17638)
  * Add .gitattribute assisted language detection to blame, diff and render (#17590)
  * Add `PULL_LIMIT` and `PUSH_LIMIT` to cron.update_mirror task (#17568)
  * Add Reindex buttons to repository settings page (#17494)
  * Make SSL cipher suite configurable (#17440)
  * Add groups scope/claim to OIDC/OAuth2 Provider (#17367)
  * Add simple update checker to Gitea (#17212)
  * Migrated Repository will show modifications when possible (#17191)
  * Create pub/priv keypair for federation (#17071)
  * Make LDAP be able to skip local 2FA (#16954)
  * Add nodeinfo endpoint for federation purposes (#16953)
  * Save and view issue/comment content history (#16909)
  * Use git attributes to determine generated and vendored status for language stats and diffs (#16773)
  * Add migrate from Codebase (#16768)
  * Add migration from GitBucket (#16767)
  * Add OAuth2 introspection endpoint (#16752)
  * Add proxy settings and support for migration and webhook (#16704)
  * Add microsoft oauth2 providers (#16544)
  * Send registration email on user autoregistration (#16523)
  * Defer Last Commit Info (#16467)
  * Support unprotected file patterns (#16395)
  * Add migrate from OneDev (#16356)
  * Add option to update pull request by `rebase` (#16125)
  * Add RSS/Atom feed support for user actions (#16002)
  * Add support for corporate WeChat webhooks (#15910)
  * Add a simple way to rename branch like gh (#15870)
  * Add bundle download for repository (#14538)
  * Add agit flow support in gitea (#14295)
* API
  * Add MirrorUpdated field to Repository API type (#18267)
  * Adjust Fork API to allow setting a custom repository name (#18066)
  * Add API to manage repo tranfers (#17963)
  * Add API to get file commit history (#17652)
  * Add API to get issue/pull comments and events (timeline) (#17403)
  * Add API to get/edit wiki (#17278)
  * Add API for get user org permissions (#17232)
  * Add HTML urls to notification API (#17178)
  * Add API to get commit diff/patch (#17095)
  * Respond with updated notifications in API (#17064)
  * Add API to fetch git notes (#16649)
  * Generalize list header for API (#16551)
  * Add API Token Cache (#16547)
  * Allow Token API calls be authorized using the reverse-proxy header (#15119)
* ENHANCEMENTS
  * Make the height of the editor in Review Box smaller (4 lines as GitHub) (#18319)
  * Return nicer error if trying to pull from non-existent user (#18288)
  * Show pull link for agit pull request also (#18235)
  * Enable partial clone by default (#18195)
  * Added replay of webhooks (#18191)
  * Show OAuth callback error message (#18185)
  * Increase Salt randomness (#18179)
  * Add MP4 as default allowed attachment type (#18170)
  * Include folders into size cost (#18158)
  * Remove `/email2user` endpoint (#18127)
  * Handle invalid issues (#18111)
  * Load EasyMDE/CodeMirror dynamically, remove RequireEasyMDE (#18069)
  * Support open compare page directly (#17975)
  * Prefer "Hiragino Kaku Gothic ProN" in system-ui-ja (#17954)
  * Clean legacy SimpleMDE code (#17926)
  * Refactor install page (db type) (#17919)
  * Improve interface when comparing a branch which has created a pull request (#17911)
  * Allow default branch to be inferred on compare page (#17908)
  * Display issue/comment role even if repo archived (#17907)
  * Always set a message-id on mails (#17900)
  * Change `<a>` elements to underline on hover (#17898)
  * Render issue references in file table (#17897)
  * Handle relative unix socket paths (#17836)
  * Move accessmode into models/perm (#17828)
  * Fix some org style problems (#17807)
  * Add List-Unsubscribe header (#17804)
  * Create menus for organization pages (#17802)
  * Switch archive URL code back to href attributes (#17796)
  * Refactor "refs/*" string usage by using constants (#17784)
  * Allow forks to org if you can create repos (#17783)
  * Improve install code to avoid low-level mistakes. (#17779)
  * Improve ellipsis buttons (#17773)
  * Add restrict and no-user-rc to authorized_keys (#17772)
  * Add copy Commit ID button in commits list (#17759)
  * Make `bind` error more readable (#17750)
  * Fix navbar on project view (#17749)
  * More pleasantly handle broken or missing git repositories (#17747)
  * Use `*PushUpdateOptions` as receiver (#17724)
  * Remove unused `user` paramater (#17723)
  * Better builtin avatar generator (#17707)
  * Cleanup and use global style on popups (#17674)
  * Move user/org deletion to services (#17673)
  * Added comment for changing issue ref (#17672)
  * Allow admins to change user avatars (#17661)
  * Only set `data-path` once for each file in diff pages (#17657)
  * Add icon to vscode clone link (#17641)
  * Add download button for file viewer (#17640)
  * Add pagination to fork list (#17639)
  * Use a standalone struct name for Organization (#17632)
  * Minor readability patch. (#17627)
  * Add context support for GetUserByID (#17602)
  * Move merge-section to `> .content` (#17582)
  * Remove NewSession method from db.Engine interface (#17577)
  * Move unit into models/unit/ (#17576)
  * Restrict GetDeletedBranchByID to the repositories deleted branches (#17570)
  * Refactor commentTags functionality (#17558)
  * Make Repo Code Indexer an Unique Queue (#17515)
  * Simplify Gothic to use our session store instead of creating a different store (#17507)
  * Add settings to allow different SMTP envelope from address (#17479)
  * Properly determine CSV delimiter (#17459)
  * Hide label comments if labels were added and removed immediately (#17455)
  * Tune UI alignment for nav bar notification icon, avatar image, issue label (#17438)
  * Add appearance section in settings (#17433)
  * Move key forms before list and add cancel button (#17432)
  * When copying executables to the docker chmod them (#17423)
  * Remove deprecated `extendDefaultPlugins` method of svgo (#17399)
  * Fix the click behavior for <tr> and <td> with [data-href] (#17388)
  * Refactor update checker to use AppState (#17387)
  * Improve async/await usage, and sort init calls in `index.js` (#17386)
  * Use a variable but a function for IsProd because of a slight performance increment (#17368)
  * Frontend refactor, PascalCase to camelCase, remove unused code (#17365)
  * Hide command line merge instructions when user can't push (#17339)
  * Move session to models/login (#17338)
  * Sync gitea app path for git hooks and authorized keys when starting (#17335)
  * Make the Mirror Queue a queue (#17326)
  * Add "Copy branch name" button to pull request page (#17323)
  * Fix repository summary on mobile (#17322)
  * Split `index.js` to separate files (#17315)
  * Show direct match on top for user search (#17303)
  * Frontend refactor: move Vue related code from `index.js` to `components` dir, and remove unused codes. (#17301)
  * Upgrade chi to v5 (#17298)
  * Disable form autofill (#17291)
  * Improve behavior of "Fork" button (#17288)
  * Open markdown image links in new window (#17287)
  * Add hints for special Wiki pages (#17283)
  * Move add deploy key form before the list and add a cancel button (#17228)
  * Allow adding multiple issues to a project  (#17226)
  * Add metrics to get issues by repository (#17225)
  * Add specific event type to header (#17222)
  * Redirect on project after issue created (#17211)
  * Reference in new issue modal: dont pre-populate issue title (#17208)
  * Always set a unique Message-ID header (#17206)
  * Add projects and project boards in exposed metrics (#17202)
  * Add metrics to get issues by label (#17201)
  * Add protection to disable Gitea when run as root (#17168)
  * Don't return binary file changes in raw PR diffs by default (#17158)
  * Support sorting for project board issuses (#17152)
  * Force color-adjust for markdown checkboxes (#17146)
  * Add option to copy line permalink (#17145)
  * Move twofactor to models/login (#17143)
  * Multiple tokens support for migrating from github (#17134)
  * Unify issue and PR subtitles (#17133)
  * Make Requests Processes and create process hierarchy. Associate OpenRepository with context. (#17125)
  * Fix problem when database id is not increment as expected (#17124)
  * Avatar refactor, move avatar code from `models` to `models.avatars`, remove duplicated code (#17123)
  * Re-allow clipboard copy on non-https sites (#17118)
  * DBContext is just a Context (#17100)
  * Move login related structs and functions to models/login (#17093)
  * Add SkipLocal2FA option to pam and smtp sources (#17078)
  * Move db related basic functions to models/db (#17075)
  * Fixes username tagging in "Reference in new issue" (#17074)
  * Use light/dark theme based on system preference (#17051)
  * Always emit the configuration path (#17036)
  * Add `AbsoluteListOptions` (#17028)
  * Use common sessioner for API and Web (#17027)
  * Fix overflow label in small view (#17020)
  * Report the associated filter if there is an error in LDAP (#17014)
  * Add "new issue" btn on project (#17001)
  * Add doctor dbconsistency check for release and attachment (#16978)
  * Disable Fomantic's CSS tooltips (#16974)
  * Add Cache-Control to avatar redirects (#16973)
  * Make mirror feature more configurable (#16957)
  * Add skip and limit to git.GetTags (#16897)
  * Remove ParseQueueConnStr as it is unused (#16878)
  * Remove unused Fomantic sidebar module (#16853)
  * Allow LDAP Sources to provide Avatars (#16851)
  * Remove Dashboard/Home button from the navbar (#16844)
  * Use conditions but not repo ids as query condition (#16839)
  * Add user settings key/value DB table (#16834)
  * Add buttons to allow loading of incomplete diffs (#16829)
  * Add information for migrate failure (#16803)
  * Add EdDSA JWT signing algorithm (#16786)
  * Add user status filter to admin user management page (#16770)
  * Add Option to synchronize Admin & Restricted states from OIDC/OAuth2 along with Setting Scopes (#16766)
  * Do not use thin scrollbars on Firefox (#16738)
  * Download LFS in git and web workflow from minio/s3 directly (SERVE_DIRECT) (#16731)
  * Compute proper foreground color for labels (#16729)
  * Add edit button to wiki sidebar and footer (#16719)
  * Fix migration svg color (#16715)
  * Add link to vscode to repo header (#16664)
  * Add filter by owner and team to issue/pulls search endpoint (#16662)
  * Kanban colored boards (#16647)
  * Allow setting X-FRAME-OPTIONS (#16643)
  * Separate open and closed issue in metrics (#16637)
  * Support direct comparison (git diff a..b) as well merge comparison (a…b) (#16635)
  * Add setting to OAuth handlers to skip local 2FA authentication (#16594)
  * Make PR merge options more intuitive (#16582)
  * Show correct text when comparing commits on empty pull request (#16569)
  * Pre-fill suggested New File 'name' and 'content' with Query Params (#16556)
  * Add an abstract json layout to make it's easier to change json library (#16528)
  * Make Mermaid.js limit configurable (#16519)
  * Improve 2FA autofill (#16473)
  * Add modals to Organization and Team remove/leave (#16471)
  * Show tag name on dashboard items list (#16466)
  * Change default cron schedules from @every 24h to @midnight (#16431)
  * Prevent double sanitize (#16386)
  * Replace `list.List` with slices (#16311)
  * Add configuration option to restrict users by default (#16256)
  * Move login out of models (#16199)
  * Support pagination of organizations on user settings pages (#16083)
  * Switch migration icon to svg (#15954)
  * Add left padding for chunk header of split diff view (#13397)
  * Allow U2F 2FA without TOTP (#11573)
* BUGFIXES
  * GitLab reviews may not have the updated_at field set (#18450) (#18461)
  * Fix detection of no commits when the default branch is not master (#18422) (#18423)
  * Fix broken oauth2 authentication source edit page (#18412) (#18419)
  * Place inline diff comment dialogs on split diff in 4th and 8th columns (#18403) (#18404)
  * Fix restore without topic failure (#18387) (#18400)
  * Fix commit's time (#18375) (#18392)
  * Fix partial cloning a repo (#18373) (#18377)
  * Stop trimming preceding and suffixing spaces from editor filenames (#18334)
  * Prevent showing webauthn error for every time visiting `/user/settings/security` (#18386)
  * Fix mime-type detection for HTTP server (#18370) (#18371)
  * Stop trimming preceding and suffixing spaces from editor filenames (#18334)
  * Restore propagation of ErrDependenciesLeft (#18325)
  * Fix PR comments UI (#18323)
  * Use indirect comparison when showing pull requests (#18313)
  * Replace satori/go.uuid with gofrs/uuid (#18311)
  * Fix commit links on compare page (#18310)
  * Don't show double error response in git hook (#18292)
  * Handle missing default branch better in owner/repo/branches page (#18290)
  * Fix CheckRepoStats and reuse it during migration (#18264)
  * Prevent underline hover on cards (#18259)
  * Don't delete branch if other PRs with this branch are open (#18164)
  * Require codereview to have content (#18156)
  * Allow admin to associate missing LFS objects for repositories (#18143)
  * When attempting to subscribe other user to issue report why access denied (#18091)
  * Add option to convert CRLF to LF line endings for sendmail (#18075)
  * Only create pprof files for gitea serv if explicitly asked for (#18068)
  * Abort merge if head has been updated before pressing merge (#18032)
  * Improve TestPatch to use git read-tree -m and implement git-merge-one-file functionality (#18004)
  * Use JSON module instead of stdlib json (#18003)
  * Fixed issue merged/closed wording (#17973)
  * Return nicer error for ForcePrivate (#17971)
  * Fix overflow in commit graph (#17947)
  * Prevent services/mailer/mailer_test.go tests from deleteing data directory (#17941)
  * Use disable_form_autofill on Codebase and Gitbucket (#17936)
  * Fix a panic in NotifyCreateIssueComment (caused by string truncation) (#17928)
  * Fix markdown URL parsing (#17924)
  * Apply CSS Variables to all message elements (#17920)
  * Improve checkBranchName (#17901)
  * Update chi/middleware to chi/v5/middleware (#17888)
  * Fix position of label color picker colors (#17866)
  * Fix ListUnadoptedRepositories incorrect total count (#17865)
  * Remove whitespace inside rendered code `<td>` (#17859)
  * Make Co-committed-by and co-authored-by trailers optional (#17848)
  * Fix value of User.IsRestricted when oauth2 user registration (#17839)
  * Use new OneDev /milestones endpoint (#17782)
  * Prevent deadlock in TestPersistableChannelQueue (#17717)
  * Simplify code for writing SHA to name-rev (#17696)
  * Fix database deadlock when update issue labels (#17649)
  * Add warning for BIDI characters in page renders and in diffs (#17562)
  * Fix ipv6 parsing for builtin ssh server (#17561)
  * Multiple Escaping Improvements (#17551)
  * Fixes #16559 - Do not trim leading spaces for tab delimited (#17442)
  * Show client-side error if wiki page is empty (#17415)
  * Fix context popup error (#17398)
  * Stop sanitizing full name in API (#17396)
  * Fix issue close/comment buttons on mobile (#17317)
  * Fix navbar UI (#17235)
  * Fix problem when database id is not increment as expected (#17229)
  * Open the DingTalk link in browser (#17084)
  * Remove heads pointing to missing old refs (#17076)
  * Fix commit status index problem (#17061)
  * Handle broken references in mirror sync (#17013)
  * Fix for create repo page layout (#17012)
  * Improve LDAP synchronization efficiency (#16994)
  * Add repo_id for attachment (#16958)
  * Clean-up HookPreReceive and restore functionality for pushing non-standard refs (#16705)
  * Remove duplicate csv import in modules/csv/csv.go (#16631)
  * Improve SMTP authentication and Fix user creation bugs  (#16612)
  * Fixed emoji alias not parsed in links (#16221)
  * Calculate label URL on API  (#16186)
* TRANSLATION
  * Fix mispelling of starred as stared (#17465)
  * Re-separate the color translation strings (#17390)
  * Enable Malayalam, Greek, Persian, Hungarian & Indonesian by default (#16998)
* BUILD
  * Add lockfile-check (#18285)
  * Don't store assets modified time into generated files (#18193)
  * Use shadowing script for docker (#17846)
* MISC
  * Update JS dependencies (#17611)
  • v1.15.11
    147bcc3d · Changelog for 1.15.11 (#18455) · 
    v1.15.11

* SECURITY
  * Only view milestones from current repo (#18414) (#18418)
* BUGFIXES
  * Fix broken when no commits and default branch is not master (#18422) (#18424)
  * Fix commit's time (#18375) (#18409)
  * Fix restore without topic failure (#18387) (#18401)
  * Fix mermaid import in 1.15 (it uses ESModule now) (#18382)
  * Update to go/text 0.3.7 (#18336)
* MISC
  * Upgrade EasyMDE to 2.16.1 (#18278) (#18279)
  • v1.17.0-dev
    4563148a · Upgrade Alpine from 3.13 to 3.15 (#18050) · 
    v1.17.0-dev
  • v1.16.0-rc1
    6b0a7123 · Stop trimming preceding and suffixing spaces from editor filenames (#18334) · 
    v1.16.0-rc1

 ## [1.16.0-rc1](https://github.com/go-gitea/gitea/releases/tag/v1.16.0-rc1) - 2022-01-19

* BREAKING
  * Remove golang vendored directory (#18277)
  * Paginate releases page & set default page size to 10 (#16857)
  * Only allow webhook to send requests to allowed hosts (#17482)
* SECURITY
  * Sanitize user-input on file name (#17666)
  * Use `hostmatcher` to replace `matchlist` to improve blocking of bad hosts in Webhooks (#17605)
* FEATURES
  * Add/update SMTP auth providers via cli (#18197)
  * Support webauthn (#17957)
  * Team permission allow different unit has different permission (#17811)
  * Implement Well-Known URL for password change (#17777)
  * Add support for ssh commit signing (#17743)
  * Allow Loading of Diffs that are too large (#17739)
  * Add copy button to markdown code blocks (#17638)
  * Add .gitattribute assisted language detection to blame, diff and render (#17590)
  * Add `PULL_LIMIT` and `PUSH_LIMIT` to cron.update_mirror task (#17568)
  * Add Reindex buttons to repository settings page (#17494)
  * Make SSL cipher suite configurable (#17440)
  * Add groups scope/claim to OIDC/OAuth2 Provider (#17367)
  * Add simple update checker to Gitea (#17212)
  * Migrated Repository will show modifications when possible (#17191)
  * Create pub/priv keypair for federation (#17071)
  * Make LDAP be able to skip local 2FA (#16954)
  * Add nodeinfo endpoint for federation purposes (#16953)
  * Save and view issue/comment content history (#16909)
  * Use git attributes to determine generated and vendored status for language stats and diffs (#16773)
  * Add migrate from Codebase (#16768)
  * Add migration from GitBucket (#16767)
  * Add OAuth2 introspection endpoint (#16752)
  * Add proxy settings and support for migration and webhook (#16704)
  * Add microsoft oauth2 providers (#16544)
  * Send registration email on user autoregistration (#16523)
  * Defer Last Commit Info (#16467)
  * Support unprotected file patterns (#16395)
  * Add migrate from OneDev (#16356)
  * Add option to update pull request by `rebase` (#16125)
  * Add RSS/Atom feed support for user actions (#16002)
  * Add support for corporate WeChat webhooks (#15910)
  * Add a simple way to rename branch like gh (#15870)
  * Add bundle download for repository (#14538)
  * Add agit flow support in gitea (#14295)
* API
  * Add MirrorUpdated field to Repository API type (#18267)
  * Adjust Fork API to allow setting a custom repository name (#18066)
  * Add API to manage repo tranfers (#17963)
  * Add API to get file commit history (#17652)
  * Add API to get issue/pull comments and events (timeline) (#17403)
  * Add API to get/edit wiki (#17278)
  * Add API for get user org permissions (#17232)
  * Add HTML urls to notification API (#17178)
  * Add API to get commit diff/patch (#17095)
  * Respond with updated notifications in API (#17064)
  * Add API to fetch git notes (#16649)
  * Generalize list header for API (#16551)
  * Add API Token Cache (#16547)
  * Allow Token API calls be authorized using the reverse-proxy header (#15119)
* ENHANCEMENTS
  * Make the height of the editor in Review Box smaller (4 lines as GitHub) (#18319)
  * Return nicer error if trying to pull from non-existent user (#18288)
  * Show pull link for agit pull request also (#18235)
  * Enable partial clone by default (#18195)
  * Added replay of webhooks (#18191)
  * Show OAuth callback error message (#18185)
  * Increase Salt randomness (#18179)
  * Add MP4 as default allowed attachment type (#18170)
  * Include folders into size cost (#18158)
  * Remove `/email2user` endpoint (#18127)
  * Handle invalid issues (#18111)
  * Load EasyMDE/CodeMirror dynamically, remove RequireEasyMDE (#18069)
  * Support open compare page directly (#17975)
  * Prefer "Hiragino Kaku Gothic ProN" in system-ui-ja (#17954)
  * Clean legacy SimpleMDE code (#17926)
  * Refactor install page (db type) (#17919)
  * Improve interface when comparing a branch which has created a pull request (#17911)
  * Allow default branch to be inferred on compare page (#17908)
  * Display issue/comment role even if repo archived (#17907)
  * Always set a message-id on mails (#17900)
  * Change `<a>` elements to underline on hover (#17898)
  * Render issue references in file table (#17897)
  * Handle relative unix socket paths (#17836)
  * Move accessmode into models/perm (#17828)
  * Fix some org style problems (#17807)
  * Add List-Unsubscribe header (#17804)
  * Create menus for organization pages (#17802)
  * Switch archive URL code back to href attributes (#17796)
  * Refactor "refs/*" string usage by using constants (#17784)
  * Allow forks to org if you can create repos (#17783)
  * Improve install code to avoid low-level mistakes. (#17779)
  * Improve ellipsis buttons (#17773)
  * Add restrict and no-user-rc to authorized_keys (#17772)
  * Add copy Commit ID button in commits list (#17759)
  * Make `bind` error more readable (#17750)
  * Fix navbar on project view (#17749)
  * More pleasantly handle broken or missing git repositories (#17747)
  * Use `*PushUpdateOptions` as receiver (#17724)
  * Remove unused `user` paramater (#17723)
  * Better builtin avatar generator (#17707)
  * Cleanup and use global style on popups (#17674)
  * Move user/org deletion to services (#17673)
  * Added comment for changing issue ref (#17672)
  * Allow admins to change user avatars (#17661)
  * Only set `data-path` once for each file in diff pages (#17657)
  * Add icon to vscode clone link (#17641)
  * Add download button for file viewer (#17640)
  * Add pagination to fork list (#17639)
  * Use a standalone struct name for Organization (#17632)
  * Minor readability patch. (#17627)
  * Add context support for GetUserByID (#17602)
  * Move merge-section to `> .content` (#17582)
  * Remove NewSession method from db.Engine interface (#17577)
  * Move unit into models/unit/ (#17576)
  * Restrict GetDeletedBranchByID to the repositories deleted branches (#17570)
  * Refactor commentTags functionality (#17558)
  * Make Repo Code Indexer an Unique Queue (#17515)
  * Simplify Gothic to use our session store instead of creating a different store (#17507)
  * Add settings to allow different SMTP envelope from address (#17479)
  * Properly determine CSV delimiter (#17459)
  * Hide label comments if labels were added and removed immediately (#17455)
  * Tune UI alignment for nav bar notification icon, avatar image, issue label (#17438)
  * Add appearance section in settings (#17433)
  * Move key forms before list and add cancel button (#17432)
  * When copying executables to the docker chmod them (#17423)
  * Remove deprecated `extendDefaultPlugins` method of svgo (#17399)
  * Fix the click behavior for <tr> and <td> with [data-href] (#17388)
  * Refactor update checker to use AppState (#17387)
  * Improve async/await usage, and sort init calls in `index.js` (#17386)
  * Use a variable but a function for IsProd because of a slight performance increment (#17368)
  * Frontend refactor, PascalCase to camelCase, remove unused code (#17365)
  * Hide command line merge instructions when user can't push (#17339)
  * Move session to models/login (#17338)
  * Sync gitea app path for git hooks and authorized keys when starting (#17335)
  * Make the Mirror Queue a queue (#17326)
  * Add "Copy branch name" button to pull request page (#17323)
  * Fix repository summary on mobile (#17322)
  * Split `index.js` to separate files (#17315)
  * Show direct match on top for user search (#17303)
  * Frontend refactor: move Vue related code from `index.js` to `components` dir, and remove unused codes. (#17301)
  * Upgrade chi to v5 (#17298)
  * Disable form autofill (#17291)
  * Improve behavior of "Fork" button (#17288)
  * Open markdown image links in new window (#17287)
  * Add hints for special Wiki pages (#17283)
  * Move add deploy key form before the list and add a cancel button (#17228)
  * Allow adding multiple issues to a project  (#17226)
  * Add metrics to get issues by repository (#17225)
  * Add specific event type to header (#17222)
  * Redirect on project after issue created (#17211)
  * Reference in new issue modal: dont pre-populate issue title (#17208)
  * Always set a unique Message-ID header (#17206)
  * Add projects and project boards in exposed metrics (#17202)
  * Add metrics to get issues by label (#17201)
  * Add protection to disable Gitea when run as root (#17168)
  * Don't return binary file changes in raw PR diffs by default (#17158)
  * Support sorting for project board issuses (#17152)
  * Force color-adjust for markdown checkboxes (#17146)
  * Add option to copy line permalink (#17145)
  * Move twofactor to models/login (#17143)
  * Multiple tokens support for migrating from github (#17134)
  * Unify issue and PR subtitles (#17133)
  * Make Requests Processes and create process hierarchy. Associate OpenRepository with context. (#17125)
  * Fix problem when database id is not increment as expected (#17124)
  * Avatar refactor, move avatar code from `models` to `models.avatars`, remove duplicated code (#17123)
  * Re-allow clipboard copy on non-https sites (#17118)
  * DBContext is just a Context (#17100)
  * Move login related structs and functions to models/login (#17093)
  * Add SkipLocal2FA option to pam and smtp sources (#17078)
  * Move db related basic functions to models/db (#17075)
  * Fixes username tagging in "Reference in new issue" (#17074)
  * Use light/dark theme based on system preference (#17051)
  * Always emit the configuration path (#17036)
  * Add `AbsoluteListOptions` (#17028)
  * Use common sessioner for API and Web (#17027)
  * Fix overflow label in small view (#17020)
  * Report the associated filter if there is an error in LDAP (#17014)
  * Add "new issue" btn on project (#17001)
  * Add doctor dbconsistency check for release and attachment (#16978)
  * Disable Fomantic's CSS tooltips (#16974)
  * Add Cache-Control to avatar redirects (#16973)
  * Make mirror feature more configurable (#16957)
  * Add skip and limit to git.GetTags (#16897)
  * Remove ParseQueueConnStr as it is unused (#16878)
  * Remove unused Fomantic sidebar module (#16853)
  * Allow LDAP Sources to provide Avatars (#16851)
  * Remove Dashboard/Home button from the navbar (#16844)
  * Use conditions but not repo ids as query condition (#16839)
  * Add user settings key/value DB table (#16834)
  * Add buttons to allow loading of incomplete diffs (#16829)
  * Add information for migrate failure (#16803)
  * Add EdDSA JWT signing algorithm (#16786)
  * Add user status filter to admin user management page (#16770)
  * Add Option to synchronize Admin & Restricted states from OIDC/OAuth2 along with Setting Scopes (#16766)
  * Do not use thin scrollbars on Firefox (#16738)
  * Download LFS in git and web workflow from minio/s3 directly (SERVE_DIRECT) (#16731)
  * Compute proper foreground color for labels (#16729)
  * Add edit button to wiki sidebar and footer (#16719)
  * Fix migration svg color (#16715)
  * Add link to vscode to repo header (#16664)
  * Add filter by owner and team to issue/pulls search endpoint (#16662)
  * Kanban colored boards (#16647)
  * Allow setting X-FRAME-OPTIONS (#16643)
  * Separate open and closed issue in metrics (#16637)
  * Support direct comparison (git diff a..b) as well merge comparison (a…b) (#16635)
  * Add setting to OAuth handlers to skip local 2FA authentication (#16594)
  * Make PR merge options more intuitive (#16582)
  * Show correct text when comparing commits on empty pull request (#16569)
  * Pre-fill suggested New File 'name' and 'content' with Query Params (#16556)
  * Add an abstract json layout to make it's easier to change json library (#16528)
  * Make Mermaid.js limit configurable (#16519)
  * Improve 2FA autofill (#16473)
  * Add modals to Organization and Team remove/leave (#16471)
  * Show tag name on dashboard items list (#16466)
  * Change default cron schedules from @every 24h to @midnight (#16431)
  * Prevent double sanitize (#16386)
  * Replace `list.List` with slices (#16311)
  * Add configuration option to restrict users by default (#16256)
  * Move login out of models (#16199)
  * Support pagination of organizations on user settings pages (#16083)
  * Switch migration icon to svg (#15954)
  * Add left padding for chunk header of split diff view (#13397)
  * Allow U2F 2FA without TOTP (#11573)
* BUGFIXES
  * Stop trimming preceding and suffixing spaces from editor filenames (#18334)
  * Restore propagation of ErrDependenciesLeft (#18325)
  * Fix PR comments UI (#18323)
  * Use indirect comparison when showing pull requests (#18313)
  * Replace satori/go.uuid with gofrs/uuid (#18311)
  * Fix commit links on compare page (#18310)
  * Don't show double error response in git hook (#18292)
  * Handle missing default branch better in owner/repo/branches page (#18290)
  * Fix CheckRepoStats and reuse it during migration (#18264)
  * Prevent underline hover on cards (#18259)
  * Don't delete branch if other PRs with this branch are open (#18164)
  * Require codereview to have content (#18156)
  * Allow admin to associate missing LFS objects for repositories (#18143)
  * When attempting to subscribe other user to issue report why access denied (#18091)
  * Add option to convert CRLF to LF line endings for sendmail (#18075)
  * Only create pprof files for gitea serv if explicitly asked for (#18068)
  * Abort merge if head has been updated before pressing merge (#18032)
  * Improve TestPatch to use git read-tree -m and implement git-merge-one-file functionality (#18004)
  * Use JSON module instead of stdlib json (#18003)
  * Fixed issue merged/closed wording (#17973)
  * Return nicer error for ForcePrivate (#17971)
  * Fix overflow in commit graph (#17947)
  * Prevent services/mailer/mailer_test.go tests from deleteing data directory (#17941)
  * Use disable_form_autofill on Codebase and Gitbucket (#17936)
  * Fix a panic in NotifyCreateIssueComment (caused by string truncation) (#17928)
  * Fix markdown URL parsing (#17924)
  * Apply CSS Variables to all message elements (#17920)
  * Improve checkBranchName (#17901)
  * Update chi/middleware to chi/v5/middleware (#17888)
  * Fix position of label color picker colors (#17866)
  * Fix ListUnadoptedRepositories incorrect total count (#17865)
  * Remove whitespace inside rendered code `<td>` (#17859)
  * Make Co-committed-by and co-authored-by trailers optional (#17848)
  * Fix value of User.IsRestricted when oauth2 user registration (#17839)
  * Use new OneDev /milestones endpoint (#17782)
  * Prevent deadlock in TestPersistableChannelQueue (#17717)
  * Simplify code for writing SHA to name-rev (#17696)
  * Fix database deadlock when update issue labels (#17649)
  * Add warning for BIDI characters in page renders and in diffs (#17562)
  * Fix ipv6 parsing for builtin ssh server (#17561)
  * Multiple Escaping Improvements (#17551)
  * Fixes #16559 - Do not trim leading spaces for tab delimited (#17442)
  * Show client-side error if wiki page is empty (#17415)
  * Fix context popup error (#17398)
  * Stop sanitizing full name in API (#17396)
  * Fix issue close/comment buttons on mobile (#17317)
  * Fix navbar UI (#17235)
  * Fix problem when database id is not increment as expected (#17229)
  * Open the DingTalk link in browser (#17084)
  * Remove heads pointing to missing old refs (#17076)
  * Fix commit status index problem (#17061)
  * Handle broken references in mirror sync (#17013)
  * Fix for create repo page layout (#17012)
  * Improve LDAP synchronization efficiency (#16994)
  * Add repo_id for attachment (#16958)
  * Clean-up HookPreReceive and restore functionality for pushing non-standard refs (#16705)
  * Remove duplicate csv import in modules/csv/csv.go (#16631)
  * Improve SMTP authentication and Fix user creation bugs  (#16612)
  * Fixed emoji alias not parsed in links (#16221)
  * Calculate label URL on API  (#16186)
* TRANSLATION
  * Fix mispelling of starred as stared (#17465)
  * Re-separate the color translation strings (#17390)
  * Enable Malayalam, Greek, Persian, Hungarian & Indonesian by default (#16998)
* BUILD
  * Add lockfile-check (#18285)
  * Don't store assets modified time into generated files (#18193)
  * Use shadowing script for docker (#17846)
* MISC
  * Update JS dependencies (#17611)