Gogs - Package Updates
-
[1.18.1]
- Update Gogs to 0.12.11
- Full changelog
- Security: Stored XSS for issue assignees. #7145
- Security: OS Command Injection in repo editor on case-insensitive file systems. #7030
- Unable to render repository pages with implicit submodules (e.g. get submodule "REDACTED": revision does not exist). #6436
-
[1.19.0]
- Update Gogs to 0.13.0
- Full changelog
- Support using personal access token in the password field. #3866
- An unlisted option is added when create or migrate a repository. Unlisted repositories are public but not being listed for users without direct access in the UI. #5733
- New API endpoint PUT /repos/:owner/:repo/contents/:path for creating and update repository contents. #5967
- New configuration option [git.timeout] DIFF for customizing operation timeout of git diff. #6315
- New configuration option [server] SSH_SERVER_MACS for setting list of accepted MACs for connections to builtin SSH server. #6434
- New configuration option [repository] DEFAULT_BRANCH for setting default branch name for new repositories. #7291
- New configuration option [server] SSH_SERVER_ALGORITHMS for specifying the list of accepted key exchange algorithms for connections to builtin SSH server. #7345
- Support specifying custom schema for PostgreSQL. #6695
- Support rendering Mermaid diagrams in Markdown. #6776
- Docker: Allow passing extra arguments to the backup command. #7060
- New languages support: Mongolian, Romanian. #6510 #7082
- The required Go version to compile source code changed to 1.18.
- Access tokens are now stored using their SHA256 hashes instead of raw values. #7008
- Unable to use LDAP authentication on ARM machines. #6761
- Unable to choose "Lookup Avatar by mail" in user settings without deleting custom avatar. #7267
- Mistakenly include the "data" directory under the custom directory in the Docker setup. #7343
- Unable to start after data recovery with an outdated migration version. #7125
-
[1.20.2]
- Update gogs to 0.13.2
- Full Changelog
- Security: Path Traversal in file editing UI. GHSA-r7j8-5h9c-f6fx
- Security: Path Traversal in file update API. GHSA-qf5v-rp47-55gg
- Security: Argument Injection in the built-in SSH server. GHSA-vm62-9jw3-c8w3
- Security: Deletion of internal files. GHSA-ccqv-43vm-4f3w
- Security: Argument Injection during changes preview. GHSA-9pp6-wq8c-3w2c
- Security: Argument Injection when tagging new releases. GHSA-m27m-h5gj-wwmg
- Use the non-deprecated section name
[email]during installation for email settings. #7704 - Use the non-deprecated section name
[email] PASSWORDduring installation for email password. #7807 - Make purple template label color to actually use the hexcode of purple. #7722
-
[1.21.0]
- Update base image to 5.0.0
-
[1.22.0]
- checklist added to manifest
-
[1.22.1]
- Update gogs to 0.13.3
- Full Changelog
- Security: Stored XSS in PDF renderer. GHSA-xh32-cx6c-cp4v
- Security: Path Traversal in file editing UI. GHSA-wj44-9vcg-wjq7
- Randomly timeout on repository file uploads. #7890
- Unable to override email templates in custom directory. #7905
-
[1.23.0]
- Update gogs to 0.14.1
- Full Changelog
- Support comparing tags in addition to branches. #6141
- Show file name in browser tab title when viewing files. #5896
- Support using TLS for Redis session provider using
[session] PROVIDER_CONFIG = ...,tls=true. #7860 - Support expanading values in
app.inifrom environment variables, e.g.[database] PASSWORD = ${DATABASE_PASSWORD}. #8057 - Support custom logout URL that users get redirected to after sign out using
[auth] CUSTOM_LOGOUT_URL. #8089 - The required Go version to compile source code changed to 1.25.
- The build tag
certhas been removed, and thegogs certsubcommand is now always available. #7883 - Switched to pure-Go SQLite driver, CGO is no longer required to compile Gogs. #7882
- Security: Unauthenticated file upload. #8128 - GHSA-fc3h-92p8-h36f
- Security: Protected branch bypass in web UI. #8124 - GHSA-2c6v-8r3v-gh6p
