Gogs - Package Updates

girish

You can use this thread to track updates to the Gogs package.

Please open issues in a separate topic instead of replying here.

girish

[1.12.0]

• Update base image to 2.0.0

girish

[1.13.0]

• Update manifest - tags, screenshots, forumUrl

girish

The recent Gogs version 0.12.0 has some ORM issues. I have reported this upstream - https://github.com/gogs/gogs/issues/6280

girish

[1.14.0]

• Update Gogs to 0.12.1
• Full changelog
• Support for Git LFS, you can read documentation for both user and admin. #1322
• Allow admin to remove observers from the repository. #5803
• Use Last-Modified HTTP header for raw files. #5811
• Support syntax highlighting for SAS code files (i.e. .r, .sas, .tex, .yaml). #5856
• Able to fill in pull request title with a template. #5901
• Able to override static files under public/ directory, please refer to documentation for usage. #5920
• New API endpoint GET /admin/teams/:teamid/members to list members of a team. #5877

nebulon

[1.14.1]

• Update Gogs to 0.12.2
• Regression: Pages are correctly rendered when requesting ?go-get=1 for subdirectories. #6314
• Regression: Submodule with a relative path is linked correctly. #6319
• Backup can be processed when --target is specified on Windows. #6339
• Commit message contains keywords look like an issue reference no longer fails the push entirely. #6289

nebulon

[1.14.2]

• Update Gogs to 0.12.3
• Auto-linked commit SHAs now have correct links. #6300
• Git LFS client wasn't able to upload files with known format (e.g. PNG, JPEG), and the server is expecting the HTTP Header Content-Type to be application/octet-stream. The server now tells the LFS client to always use Content-Type: application/octet-stream when upload files.

girish

[1.14.3]

• Bring default app.ini upto speed with latest code

girish

[1.15.0]

• Update base image to v3

girish

[1.16.0]

• Update base image to 3.2.0

nebulon

[1.16.1]

• Update Gogs to 0.12.4
• Security: Potential SSRF attack by CRLF injection via repository migration. #6413 by @stypr
• Regression: Fixed smart links for issues stops rendering. #6506 by @unknwon
• Added X-Frame-Options header to prevent Clickjacking. #6409 by @matheusmosca

girish

[1.17.0]

• Update Gogs to 0.12.5
• Security: Potential SSRF in repository migration. #6754 by @michaellrowley
• Security: Improper PAM authorization handling. #6810 by @ysf

girish

[1.17.1]

• Update Gogs to 0.12.6
• Full changelog
• Security: Remote command execution in file uploading. #6833 by @unknwon
• Regression: Unable to migrate repository from other local Git hosting. Added a new configuration option [security] LOCAL_NETWORK_ALLOWLIST, which is a comma separated list of hostnames that are explicitly allowed to be accessed within the local network. #6841 by @unknwon

girish

[1.17.2]

• Update Gogs to 0.12.7
• Full changelog
• Security: Stored XSS in issues. #6919 by @unknwon
• Invalid character in Access-Control-Allow-Credentials response header. #4983 by @wuhan005
• Mysterious ssh: overflow reading version string errors from builtin SSH server. #6882 by @unknwon

nebulon

[1.17.3]

• Update Gogs to 0.12.8
• Full changelog
• Security: SSRF in webhook. #6901
• Security: XSS in cookies. #6953
• Security: OS Command Injection in file uploading. #6968
• Security: Remote Command Execution in file editing. #6555

girish

[1.17.4]

• Update Gogs to 0.12.9
• Full changelog
• Security: OS Command Injection in file editor. #7000
• Security: Sanitize DisplayName in repository issue list. #7009
• Security: Path Traversal in file editor on Windows. #7001
• Security: Path Traversal in Git HTTP endpoints. #7002
• Unable to init repository during creation on Windows. #6967

nebulon

[1.17.5]

• Update Gogs to 0.12.10
• Full changelog
• Support using [security] LOCAL_NETWORK_ALLOWLIST = * to allow all hostnames. #7111
• Unable to send webhooks to local network addresses after configured [security] LOCAL_NETWORK_ALLOWLIST. #7074