Gogs - Package Updates
-
You can use this thread to track updates to the Gogs package.
Please open issues in a separate topic instead of replying here.
-
[1.12.0]
- Update base image to 2.0.0
-
[1.13.0]
- Update manifest - tags, screenshots, forumUrl
-
The recent Gogs version 0.12.0 has some ORM issues. I have reported this upstream - https://github.com/gogs/gogs/issues/6280
-
[1.14.0]
- Update Gogs to 0.12.1
- Full changelog
- Support for Git LFS, you can read documentation for both user and admin. #1322
- Allow admin to remove observers from the repository. #5803
- Use Last-Modified HTTP header for raw files. #5811
- Support syntax highlighting for SAS code files (i.e. .r, .sas, .tex, .yaml). #5856
- Able to fill in pull request title with a template. #5901
- Able to override static files under public/ directory, please refer to documentation for usage. #5920
- New API endpoint GET /admin/teams/:teamid/members to list members of a team. #5877
-
[1.14.1]
- Update Gogs to 0.12.2
- Regression: Pages are correctly rendered when requesting ?go-get=1 for subdirectories. #6314
- Regression: Submodule with a relative path is linked correctly. #6319
- Backup can be processed when --target is specified on Windows. #6339
- Commit message contains keywords look like an issue reference no longer fails the push entirely. #6289
-
[1.14.2]
- Update Gogs to 0.12.3
- Auto-linked commit SHAs now have correct links. #6300
- Git LFS client wasn't able to upload files with known format (e.g. PNG, JPEG), and the server is expecting the HTTP Header Content-Type to be application/octet-stream. The server now tells the LFS client to always use Content-Type: application/octet-stream when upload files.
-
[1.14.3]
- Bring default app.ini upto speed with latest code
-
[1.15.0]
- Update base image to v3
-
[1.16.0]
- Update base image to 3.2.0
-
[1.16.1]
- Update Gogs to 0.12.4
- Security: Potential SSRF attack by CRLF injection via repository migration. #6413 by @stypr
- Regression: Fixed smart links for issues stops rendering. #6506 by @unknwon
- Added X-Frame-Options header to prevent Clickjacking. #6409 by @matheusmosca
-
[1.17.0]
- Update Gogs to 0.12.5
- Security: Potential SSRF in repository migration. #6754 by @michaellrowley
- Security: Improper PAM authorization handling. #6810 by @ysf
-
[1.17.1]
- Update Gogs to 0.12.6
- Full changelog
- Security: Remote command execution in file uploading. #6833 by @unknwon
- Regression: Unable to migrate repository from other local Git hosting. Added a new configuration option [security] LOCAL_NETWORK_ALLOWLIST, which is a comma separated list of hostnames that are explicitly allowed to be accessed within the local network. #6841 by @unknwon
-
[1.17.2]
- Update Gogs to 0.12.7
- Full changelog
- Security: Stored XSS in issues. #6919 by @unknwon
- Invalid character in Access-Control-Allow-Credentials response header. #4983 by @wuhan005
- Mysterious ssh: overflow reading version string errors from builtin SSH server. #6882 by @unknwon
-
[1.17.3]
- Update Gogs to 0.12.8
- Full changelog
- Security: SSRF in webhook. #6901
- Security: XSS in cookies. #6953
- Security: OS Command Injection in file uploading. #6968
- Security: Remote Command Execution in file editing. #6555
-
[1.17.4]
- Update Gogs to 0.12.9
- Full changelog
- Security: OS Command Injection in file editor. #7000
- Security: Sanitize DisplayName in repository issue list. #7009
- Security: Path Traversal in file editor on Windows. #7001
- Security: Path Traversal in Git HTTP endpoints. #7002
- Unable to init repository during creation on Windows. #6967
-
[1.17.5]
- Update Gogs to 0.12.10
- Full changelog
- Support using [security] LOCAL_NETWORK_ALLOWLIST = * to allow all hostnames. #7111
- Unable to send webhooks to local network addresses after configured [security] LOCAL_NETWORK_ALLOWLIST. #7074
-
[1.17.6]
- Add support for email display name
-
[1.18.0]
- Update base image to 4.0.0
-
[1.18.1]
- Update Gogs to 0.12.11
- Full changelog
- Security: Stored XSS for issue assignees. #7145
- Security: OS Command Injection in repo editor on case-insensitive file systems. #7030
- Unable to render repository pages with implicit submodules (e.g. get submodule "REDACTED": revision does not exist). #6436
-
[1.19.0]
- Update Gogs to 0.13.0
- Full changelog
- Support using personal access token in the password field. #3866
- An unlisted option is added when create or migrate a repository. Unlisted repositories are public but not being listed for users without direct access in the UI. #5733
- New API endpoint PUT /repos/:owner/:repo/contents/:path for creating and update repository contents. #5967
- New configuration option [git.timeout] DIFF for customizing operation timeout of git diff. #6315
- New configuration option [server] SSH_SERVER_MACS for setting list of accepted MACs for connections to builtin SSH server. #6434
- New configuration option [repository] DEFAULT_BRANCH for setting default branch name for new repositories. #7291
- New configuration option [server] SSH_SERVER_ALGORITHMS for specifying the list of accepted key exchange algorithms for connections to builtin SSH server. #7345
- Support specifying custom schema for PostgreSQL. #6695
- Support rendering Mermaid diagrams in Markdown. #6776
- Docker: Allow passing extra arguments to the backup command. #7060
- New languages support: Mongolian, Romanian. #6510 #7082
- The required Go version to compile source code changed to 1.18.
- Access tokens are now stored using their SHA256 hashes instead of raw values. #7008
- Unable to use LDAP authentication on ARM machines. #6761
- Unable to choose "Lookup Avatar by mail" in user settings without deleting custom avatar. #7267
- Mistakenly include the "data" directory under the custom directory in the Docker setup. #7343
- Unable to start after data recovery with an outdated migration version. #7125
