Gogs - Package Updates
-
[1.19.0]
- Update Gogs to 0.13.0
- Full changelog
- Support using personal access token in the password field. #3866
- An unlisted option is added when create or migrate a repository. Unlisted repositories are public but not being listed for users without direct access in the UI. #5733
- New API endpoint PUT /repos/:owner/:repo/contents/:path for creating and update repository contents. #5967
- New configuration option [git.timeout] DIFF for customizing operation timeout of git diff. #6315
- New configuration option [server] SSH_SERVER_MACS for setting list of accepted MACs for connections to builtin SSH server. #6434
- New configuration option [repository] DEFAULT_BRANCH for setting default branch name for new repositories. #7291
- New configuration option [server] SSH_SERVER_ALGORITHMS for specifying the list of accepted key exchange algorithms for connections to builtin SSH server. #7345
- Support specifying custom schema for PostgreSQL. #6695
- Support rendering Mermaid diagrams in Markdown. #6776
- Docker: Allow passing extra arguments to the backup command. #7060
- New languages support: Mongolian, Romanian. #6510 #7082
- The required Go version to compile source code changed to 1.18.
- Access tokens are now stored using their SHA256 hashes instead of raw values. #7008
- Unable to use LDAP authentication on ARM machines. #6761
- Unable to choose "Lookup Avatar by mail" in user settings without deleting custom avatar. #7267
- Mistakenly include the "data" directory under the custom directory in the Docker setup. #7343
- Unable to start after data recovery with an outdated migration version. #7125
-
[1.20.2]
- Update gogs to 0.13.2
- Full Changelog
- Security: Path Traversal in file editing UI. GHSA-r7j8-5h9c-f6fx
- Security: Path Traversal in file update API. GHSA-qf5v-rp47-55gg
- Security: Argument Injection in the built-in SSH server. GHSA-vm62-9jw3-c8w3
- Security: Deletion of internal files. GHSA-ccqv-43vm-4f3w
- Security: Argument Injection during changes preview. GHSA-9pp6-wq8c-3w2c
- Security: Argument Injection when tagging new releases. GHSA-m27m-h5gj-wwmg
- Use the non-deprecated section name
[email]during installation for email settings. #7704 - Use the non-deprecated section name
[email] PASSWORDduring installation for email password. #7807 - Make purple template label color to actually use the hexcode of purple. #7722
-
[1.21.0]
- Update base image to 5.0.0
-
[1.22.0]
- checklist added to manifest
-
[1.22.1]
- Update gogs to 0.13.3
- Full Changelog
- Security: Stored XSS in PDF renderer. GHSA-xh32-cx6c-cp4v
- Security: Path Traversal in file editing UI. GHSA-wj44-9vcg-wjq7
- Randomly timeout on repository file uploads. #7890
- Unable to override email templates in custom directory. #7905
-
[1.23.0]
- Update gogs to 0.14.1
- Full Changelog
- Support comparing tags in addition to branches. #6141
- Show file name in browser tab title when viewing files. #5896
- Support using TLS for Redis session provider using
[session] PROVIDER_CONFIG = ...,tls=true. #7860 - Support expanading values in
app.inifrom environment variables, e.g.[database] PASSWORD = ${DATABASE_PASSWORD}. #8057 - Support custom logout URL that users get redirected to after sign out using
[auth] CUSTOM_LOGOUT_URL. #8089 - The required Go version to compile source code changed to 1.25.
- The build tag
certhas been removed, and thegogs certsubcommand is now always available. #7883 - Switched to pure-Go SQLite driver, CGO is no longer required to compile Gogs. #7882
- Security: Unauthenticated file upload. #8128 - GHSA-fc3h-92p8-h36f
- Security: Protected branch bypass in web UI. #8124 - GHSA-2c6v-8r3v-gh6p
-
[1.23.1]
- Update gogs to 0.14.2
- Full Changelog
- Security: Cross-repository LFS object overwrite via missing content hash verification. #8166 - GHSA-gmf8-978x-2fg2
- Security: Stored XSS via data URI in issue comments. #8174 - GHSA-xrcr-gmf5-2r8j
- Security: Release tag option injection in release deletion. #8175 - GHSA-v9vm-r24h-6rqm
- Security: Stored XSS in branch and wiki views through author and committer names. #8176 - GHSA-vgvf-m4fw-938j
- Security: DOM-based XSS via issue meta selection on the issue page. #8178 - GHSA-vgjm-2cpf-4g7c
- Unable to update files via web editor and API. #8184
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login