All Versions
16
Latest Version
Avg Release Cycle
92 days
Latest Release
-

Changelog History
Page 1

  • v0.13.0

    โž• Added

    • ๐Ÿ’ป An unlisted option is added when create or migrate a repository. Unlisted repositories are public but not being listed for users without direct access in the UI. #5733
    • โž• Add new configuration option [git.timeout] DIFF for customizing operation timeout of git diff. #6315

    ๐Ÿ”„ Changed

    • 0๏ธโƒฃ The default branch has been changed to main. #6285
    • ๐Ÿ”ง MSSQL as database backend is deprecated, installation page no longer shows it as an option. Existing installations and manually craft configuration file continue to work. #6295
    • ๐Ÿ— Use Task as the default build tool for development. #6297

    ๐Ÿ›  Fixed

    • Regression: When running Gogs on Windows, push commits no longer fail on a daily basis with the error "pre-receive hook declined". #6316
    • Auto-linked commit SHAs now have correct links. #6300
    • Git LFS client (with version >= 2.5.0) wasn't able to upload files with known format (e.g. PNG, JPEG), and the server is expecting the HTTP Header Content-Type to be application/octet-stream. The server now tells the LFS client to always use Content-Type: application/octet-stream when upload files.

    โœ‚ Removed

    • โฌ†๏ธ โš ๏ธ Migrations before 0.12 are removed, installations not on 0.12 should upgrade to it to run the migrations and then upgrade to 0.13.
    • ๐Ÿ”ง Configuration section [mailer] is no longer used.
    • ๐Ÿ”ง Configuration section [service] is no longer used.
    • ๐Ÿ”ง Configuration option APP_NAME is no longer used.
    • Configuration option [security] REVERSE_PROXY_AUTHENTICATION_USER is no longer used.
    • ๐Ÿ”ง Configuration option [database] PASSWD is no longer used.
    • Configuration option [auth] ACTIVE_CODE_LIVE_MINUTES is no longer used.
    • Configuration option [auth] RESET_PASSWD_CODE_LIVE_MINUTES is no longer used.
    • ๐Ÿ”ง Configuration option [auth] ENABLE_CAPTCHA is no longer used.
    • ๐Ÿ”” Configuration option [auth] ENABLE_NOTIFY_MAIL is no longer used.
    • Configuration option [auth] REGISTER_EMAIL_CONFIRM is no longer used.
    • Configuration option [session] GC_INTERVAL_TIME is no longer used.
    • Configuration option [session] SESSION_LIFE_TIME is no longer used.
    • ๐Ÿ”ง Configuration option [server] ROOT_URL is no longer used.
    • ๐Ÿ”ง Configuration option [server] LANDING_PAGE is no longer used.
    • ๐Ÿ”ง Configuration option [database] DB_TYPE is no longer used.
    • ๐Ÿ”ง Configuration option [database] PASSWD is no longer used.
  • v0.12.3

    October 07, 2020

    ๐Ÿ›  Fixed

    • Regression: When running Gogs on Windows, push commits no longer fail on a daily basis with the error "pre-receive hook declined". #6316
    • Auto-linked commit SHAs now have correct links. #6300
    • Git LFS client (with version >= 2.5.0) wasn't able to upload files with known format (e.g. PNG, JPEG), and the server is expecting the HTTP Header Content-Type to be application/octet-stream. The server now tells the LFS client to always use Content-Type: application/octet-stream when upload files.

    0.12.2

    ๐Ÿ›  Fixed

    • Regression: Pages are correctly rendered when requesting ?go-get=1 for subdirectories. #6314
    • Regression: Submodule with a relative path is linked correctly. #6319
    • ๐Ÿ Backup can be processed when --target is specified on Windows. #6339
    • Commit message contains keywords look like an issue reference no longer fails the push entirely. #6289

    0.12.1

    ๐Ÿ›  Fixed

    • โšก๏ธ The updated_at field is now correctly updated when updates an issue. #6209
    • ๐Ÿ›  Fixed a regression which created login_source.cfg column to have VARCHAR(255) instead of TEXT in MySQL. #6280

    0.12.0

    โž• Added

    • ๐Ÿ‘Œ Support for Git LFS, you can read documentation for both user and admin. #1322
    • ๐Ÿ‘ Allow admin to remove observers from the repository. #5803
    • ๐Ÿ‘‰ Use Last-Modified HTTP header for raw files. #5811
    • ๐Ÿ‘Œ Support syntax highlighting for SAS code files (i.e. .r, .sas, .tex, .yaml). #5856
    • Able to fill in pull request title with a template. #5901
    • ๐Ÿ“š Able to override static files under public/ directory, please refer to documentation for usage. #5920
    • ๐Ÿ†• New API endpoint GET /admin/teams/:teamid/members to list members of a team. #5877
    • ๐Ÿ‘Œ Support backup with retention policy for Docker deployments. #6140

    ๐Ÿ”„ Changed

    • The organization profile page has changed to display at most 12 members. #5506
    • The required Go version to compile source code changed to 1.14.
    • ๐Ÿฑ All assets are now embedded into binary and served from memory by default. Set [server] LOAD_ASSETS_FROM_DISK = true to load them from disk. #5920
    • ๐Ÿšš Application and Go versions are removed from page footer and only show in the admin dashboard.
    • ๐Ÿ Build tag for running as Windows Service has been changed from miniwinsvc to minwinsvc.
    • ๐Ÿ—„ Configuration option APP_NAME is deprecated and will end support in 0.13.0, please start using BRAND_NAME.
    • ๐Ÿ—„ Configuration option [server] ROOT_URL is deprecated and will end support in 0.13.0, please start using [server] EXTERNAL_URL.
    • ๐Ÿ—„ Configuration option [server] LANDING_PAGE is deprecated and will end support in 0.13.0, please start using [server] LANDING_URL.
    • ๐Ÿ”ง Configuration option [database] DB_TYPE is deprecated and will end support in 0.13.0, please start using [database] TYPE.
    • ๐Ÿ”ง Configuration option [database] PASSWD is deprecated and will end support in 0.13.0, please start using [database] PASSWORD.
    • Configuration option [security] REVERSE_PROXY_AUTHENTICATION_USER is deprecated and will end support in 0.13.0, please start using [auth] REVERSE_PROXY_AUTHENTICATION_HEADER.
    • ๐Ÿ”ง Configuration section [mailer] is deprecated and will end support in 0.13.0, please start using [email].
    • ๐Ÿ”ง Configuration section [service] is deprecated and will end support in 0.13.0, please start using [auth].
    • Configuration option [auth] ACTIVE_CODE_LIVE_MINUTES is deprecated and will end support in 0.13.0, please start using [auth] ACTIVATE_CODE_LIVES.
    • Configuration option [auth] RESET_PASSWD_CODE_LIVE_MINUTES is deprecated and will end support in 0.13.0, please start using [auth] RESET_PASSWORD_CODE_LIVES.
    • ๐Ÿ—„ Configuration option [auth] ENABLE_CAPTCHA is deprecated and will end support in 0.13.0, please start using [auth] ENABLE_REGISTRATION_CAPTCHA.
    • ๐Ÿ”” Configuration option [auth] ENABLE_NOTIFY_MAIL is deprecated and will end support in 0.13.0, please start using [user] ENABLE_EMAIL_NOTIFICATION.
    • Configuration option [session] GC_INTERVAL_TIME is deprecated and will end support in 0.13.0, please start using [session] GC_INTERVAL.
    • Configuration option [session] SESSION_LIFE_TIME is deprecated and will end support in 0.13.0, please start using [session] MAX_LIFE_TIME.
    • The name - is reserved and cannot be used for users or organizations.

    ๐Ÿ›  Fixed

    • ๐Ÿ”’ [Security] Potential open redirection with i18n.
    • ๐Ÿ”’ [Security] Potential ability to delete files outside a repository.
    • ๐Ÿ”’ [Security] Potential ability to set primary email on others' behalf from their verified emails.
    • ๐Ÿ”’ [Security] Potential XSS attack via .ipynb. #5170
    • ๐Ÿ”’ [Security] Potential SSRF attack via webhooks. #5366
    • ๐Ÿ”’ [Security] Potential CSRF attack in admin panel. #5367
    • ๐Ÿ”’ [Security] Potential stored XSS attack in some browsers. #5397
    • ๐Ÿ”’ [Security] Potential RCE on mirror repositories. #5767
    • ๐Ÿ”’ [Security] Potential XSS attack with raw markdown API. #5907
    • File both modified and renamed within a commit treated as separate files. #5056
    • โช Unable to restore the database backup to MySQL 8.0 with syntax error. #5602
    • Open/close milestone redirects to a 404 page. #5677
    • Disallow multiple tokens with same name. #5587 #5820
    • Enable Federated Avatar Lookup could cause server to crash. #5848
    • Private repositories are hidden in the organization's view. #5869
    • ๐Ÿ‘‰ Users have access to base repository cannot view commits in forks. #5878
    • Server error when changing email address in user settings page. #5899
    • Fall back to use RFC 3339 as time layout when misconfigured. #6098
    • โšก๏ธ Unable to update team with server error. #6185
    • Webhooks are not fired after push when [service] REQUIRE_SIGNIN_VIEW = true.
    • Files with identical content are randomly displayed one of them.

    โœ‚ Removed

    • Configuration option [other] SHOW_FOOTER_VERSION
    • Configuration option [server] STATIC_ROOT_PATH
    • Configuration option [repository] MIRROR_QUEUE_LENGTH
    • Configuration option [repository] PULL_REQUEST_QUEUE_LENGTH
    • Configuration option [session] ENABLE_SET_COOKIE
    • ๐Ÿš€ Configuration option [release.attachment] PATH
    • ๐Ÿ”ง Configuration option [webhook] QUEUE_LENGTH
    • ๐Ÿ— Build tag sqlite, which means CGO is now required.
  • v0.12.2

    September 26, 2020

    ๐Ÿ›  Fixed

    • Regression: Pages are correctly rendered when requesting ?go-get=1 for subdirectories. #6314
    • Regression: Submodule with a relative path is linked correctly. #6319
    • ๐Ÿ Backup can be processed when --target is specified on Windows. #6339
    • Commit message contains keywords look like an issue reference no longer fails the push entirely. #6289

    0.12.1

    ๐Ÿ›  Fixed

    • โšก๏ธ The updated_at field is now correctly updated when updates an issue. #6209
    • ๐Ÿ›  Fixed a regression which created login_source.cfg column to have VARCHAR(255) instead of TEXT in MySQL. #6280

    0.12.0

    โž• Added

    • ๐Ÿ‘Œ Support for Git LFS, you can read documentation for both user and admin. #1322
    • ๐Ÿ‘ Allow admin to remove observers from the repository. #5803
    • ๐Ÿ‘‰ Use Last-Modified HTTP header for raw files. #5811
    • ๐Ÿ‘Œ Support syntax highlighting for SAS code files (i.e. .r, .sas, .tex, .yaml). #5856
    • Able to fill in pull request title with a template. #5901
    • ๐Ÿ“š Able to override static files under public/ directory, please refer to documentation for usage. #5920
    • ๐Ÿ†• New API endpoint GET /admin/teams/:teamid/members to list members of a team. #5877
    • ๐Ÿ‘Œ Support backup with retention policy for Docker deployments. #6140

    ๐Ÿ”„ Changed

    • The organization profile page has changed to display at most 12 members. #5506
    • The required Go version to compile source code changed to 1.14.
    • ๐Ÿฑ All assets are now embedded into binary and served from memory by default. Set [server] LOAD_ASSETS_FROM_DISK = true to load them from disk. #5920
    • ๐Ÿšš Application and Go versions are removed from page footer and only show in the admin dashboard.
    • ๐Ÿ Build tag for running as Windows Service has been changed from miniwinsvc to minwinsvc.
    • ๐Ÿ—„ Configuration option APP_NAME is deprecated and will end support in 0.13.0, please start using BRAND_NAME.
    • ๐Ÿ—„ Configuration option [server] ROOT_URL is deprecated and will end support in 0.13.0, please start using [server] EXTERNAL_URL.
    • ๐Ÿ—„ Configuration option [server] LANDING_PAGE is deprecated and will end support in 0.13.0, please start using [server] LANDING_URL.
    • ๐Ÿ”ง Configuration option [database] DB_TYPE is deprecated and will end support in 0.13.0, please start using [database] TYPE.
    • ๐Ÿ”ง Configuration option [database] PASSWD is deprecated and will end support in 0.13.0, please start using [database] PASSWORD.
    • Configuration option [security] REVERSE_PROXY_AUTHENTICATION_USER is deprecated and will end support in 0.13.0, please start using [auth] REVERSE_PROXY_AUTHENTICATION_HEADER.
    • ๐Ÿ”ง Configuration section [mailer] is deprecated and will end support in 0.13.0, please start using [email].
    • ๐Ÿ”ง Configuration section [service] is deprecated and will end support in 0.13.0, please start using [auth].
    • Configuration option [auth] ACTIVE_CODE_LIVE_MINUTES is deprecated and will end support in 0.13.0, please start using [auth] ACTIVATE_CODE_LIVES.
    • Configuration option [auth] RESET_PASSWD_CODE_LIVE_MINUTES is deprecated and will end support in 0.13.0, please start using [auth] RESET_PASSWORD_CODE_LIVES.
    • ๐Ÿ—„ Configuration option [auth] ENABLE_CAPTCHA is deprecated and will end support in 0.13.0, please start using [auth] ENABLE_REGISTRATION_CAPTCHA.
    • ๐Ÿ”” Configuration option [auth] ENABLE_NOTIFY_MAIL is deprecated and will end support in 0.13.0, please start using [user] ENABLE_EMAIL_NOTIFICATION.
    • Configuration option [session] GC_INTERVAL_TIME is deprecated and will end support in 0.13.0, please start using [session] GC_INTERVAL.
    • Configuration option [session] SESSION_LIFE_TIME is deprecated and will end support in 0.13.0, please start using [session] MAX_LIFE_TIME.
    • The name - is reserved and cannot be used for users or organizations.

    ๐Ÿ›  Fixed

    • ๐Ÿ”’ [Security] Potential open redirection with i18n.
    • ๐Ÿ”’ [Security] Potential ability to delete files outside a repository.
    • ๐Ÿ”’ [Security] Potential ability to set primary email on others' behalf from their verified emails.
    • ๐Ÿ”’ [Security] Potential XSS attack via .ipynb. #5170
    • ๐Ÿ”’ [Security] Potential SSRF attack via webhooks. #5366
    • ๐Ÿ”’ [Security] Potential CSRF attack in admin panel. #5367
    • ๐Ÿ”’ [Security] Potential stored XSS attack in some browsers. #5397
    • ๐Ÿ”’ [Security] Potential RCE on mirror repositories. #5767
    • ๐Ÿ”’ [Security] Potential XSS attack with raw markdown API. #5907
    • File both modified and renamed within a commit treated as separate files. #5056
    • โช Unable to restore the database backup to MySQL 8.0 with syntax error. #5602
    • Open/close milestone redirects to a 404 page. #5677
    • Disallow multiple tokens with same name. #5587 #5820
    • Enable Federated Avatar Lookup could cause server to crash. #5848
    • Private repositories are hidden in the organization's view. #5869
    • ๐Ÿ‘‰ Users have access to base repository cannot view commits in forks. #5878
    • Server error when changing email address in user settings page. #5899
    • Fall back to use RFC 3339 as time layout when misconfigured. #6098
    • โšก๏ธ Unable to update team with server error. #6185
    • Webhooks are not fired after push when [service] REQUIRE_SIGNIN_VIEW = true.
    • Files with identical content are randomly displayed one of them.

    โœ‚ Removed

    • Configuration option [other] SHOW_FOOTER_VERSION
    • Configuration option [server] STATIC_ROOT_PATH
    • Configuration option [repository] MIRROR_QUEUE_LENGTH
    • Configuration option [repository] PULL_REQUEST_QUEUE_LENGTH
    • Configuration option [session] ENABLE_SET_COOKIE
    • ๐Ÿš€ Configuration option [release.attachment] PATH
    • ๐Ÿ”ง Configuration option [webhook] QUEUE_LENGTH
    • ๐Ÿ— Build tag sqlite, which means CGO is now required.
  • v0.12.1

    August 27, 2020

    ๐Ÿ›  Fixed

    • โšก๏ธ The updated_at field is now correctly updated when updates an issue. #6209
    • ๐Ÿ›  Fixed a regression which created login_source.cfg column to have VARCHAR(255) instead of TEXT in MySQL. #6280

    0.12.0

    โž• Added

    • ๐Ÿ‘Œ Support for Git LFS, you can read documentation for both user and admin. #1322
    • ๐Ÿ‘ Allow admin to remove observers from the repository. #5803
    • ๐Ÿ‘‰ Use Last-Modified HTTP header for raw files. #5811
    • ๐Ÿ‘Œ Support syntax highlighting for SAS code files (i.e. .r, .sas, .tex, .yaml). #5856
    • Able to fill in pull request title with a template. #5901
    • ๐Ÿ“š Able to override static files under public/ directory, please refer to documentation for usage. #5920
    • ๐Ÿ†• New API endpoint GET /admin/teams/:teamid/members to list members of a team. #5877
    • ๐Ÿ‘Œ Support backup with retention policy for Docker deployments. #6140

    ๐Ÿ”„ Changed

    • The organization profile page has changed to display at most 12 members. #5506
    • The required Go version to compile source code changed to 1.14.
    • ๐Ÿฑ All assets are now embedded into binary and served from memory by default. Set [server] LOAD_ASSETS_FROM_DISK = true to load them from disk. #5920
    • ๐Ÿšš Application and Go versions are removed from page footer and only show in the admin dashboard.
    • ๐Ÿ Build tag for running as Windows Service has been changed from miniwinsvc to minwinsvc.
    • ๐Ÿ—„ Configuration option APP_NAME is deprecated and will end support in 0.13.0, please start using BRAND_NAME.
    • ๐Ÿ—„ Configuration option [server] ROOT_URL is deprecated and will end support in 0.13.0, please start using [server] EXTERNAL_URL.
    • ๐Ÿ—„ Configuration option [server] LANDING_PAGE is deprecated and will end support in 0.13.0, please start using [server] LANDING_URL.
    • ๐Ÿ”ง Configuration option [database] DB_TYPE is deprecated and will end support in 0.13.0, please start using [database] TYPE.
    • ๐Ÿ”ง Configuration option [database] PASSWD is deprecated and will end support in 0.13.0, please start using [database] PASSWORD.
    • Configuration option [security] REVERSE_PROXY_AUTHENTICATION_USER is deprecated and will end support in 0.13.0, please start using [auth] REVERSE_PROXY_AUTHENTICATION_HEADER.
    • ๐Ÿ”ง Configuration section [mailer] is deprecated and will end support in 0.13.0, please start using [email].
    • ๐Ÿ”ง Configuration section [service] is deprecated and will end support in 0.13.0, please start using [auth].
    • Configuration option [auth] ACTIVE_CODE_LIVE_MINUTES is deprecated and will end support in 0.13.0, please start using [auth] ACTIVATE_CODE_LIVES.
    • Configuration option [auth] RESET_PASSWD_CODE_LIVE_MINUTES is deprecated and will end support in 0.13.0, please start using [auth] RESET_PASSWORD_CODE_LIVES.
    • ๐Ÿ—„ Configuration option [auth] ENABLE_CAPTCHA is deprecated and will end support in 0.13.0, please start using [auth] ENABLE_REGISTRATION_CAPTCHA.
    • ๐Ÿ”” Configuration option [auth] ENABLE_NOTIFY_MAIL is deprecated and will end support in 0.13.0, please start using [user] ENABLE_EMAIL_NOTIFICATION.
    • Configuration option [session] GC_INTERVAL_TIME is deprecated and will end support in 0.13.0, please start using [session] GC_INTERVAL.
    • Configuration option [session] SESSION_LIFE_TIME is deprecated and will end support in 0.13.0, please start using [session] MAX_LIFE_TIME.
    • The name - is reserved and cannot be used for users or organizations.

    ๐Ÿ›  Fixed

    • ๐Ÿ”’ [Security] Potential open redirection with i18n.
    • ๐Ÿ”’ [Security] Potential ability to delete files outside a repository.
    • ๐Ÿ”’ [Security] Potential ability to set primary email on others' behalf from their verified emails.
    • ๐Ÿ”’ [Security] Potential XSS attack via .ipynb. #5170
    • ๐Ÿ”’ [Security] Potential SSRF attack via webhooks. #5366
    • ๐Ÿ”’ [Security] Potential CSRF attack in admin panel. #5367
    • ๐Ÿ”’ [Security] Potential stored XSS attack in some browsers. #5397
    • ๐Ÿ”’ [Security] Potential RCE on mirror repositories. #5767
    • ๐Ÿ”’ [Security] Potential XSS attack with raw markdown API. #5907
    • File both modified and renamed within a commit treated as separate files. #5056
    • โช Unable to restore the database backup to MySQL 8.0 with syntax error. #5602
    • Open/close milestone redirects to a 404 page. #5677
    • Disallow multiple tokens with same name. #5587 #5820
    • Enable Federated Avatar Lookup could cause server to crash. #5848
    • Private repositories are hidden in the organization's view. #5869
    • ๐Ÿ‘‰ Users have access to base repository cannot view commits in forks. #5878
    • Server error when changing email address in user settings page. #5899
    • Fall back to use RFC 3339 as time layout when misconfigured. #6098
    • โšก๏ธ Unable to update team with server error. #6185
    • Webhooks are not fired after push when [service] REQUIRE_SIGNIN_VIEW = true.
    • Files with identical content are randomly displayed one of them.

    โœ‚ Removed

    • Configuration option [other] SHOW_FOOTER_VERSION
    • Configuration option [server] STATIC_ROOT_PATH
    • Configuration option [repository] MIRROR_QUEUE_LENGTH
    • Configuration option [repository] PULL_REQUEST_QUEUE_LENGTH
    • Configuration option [session] ENABLE_SET_COOKIE
    • ๐Ÿš€ Configuration option [release.attachment] PATH
    • ๐Ÿ”ง Configuration option [webhook] QUEUE_LENGTH
    • ๐Ÿ— Build tag sqlite, which means CGO is now required.
  • v0.12.0

    August 22, 2020

    โž• Added

    • ๐Ÿ‘Œ Support for Git LFS, you can read documentation for both user and admin. #1322
    • ๐Ÿ‘ Allow admin to remove observers from the repository. #5803
    • ๐Ÿ‘‰ Use Last-Modified HTTP header for raw files. #5811
    • ๐Ÿ‘Œ Support syntax highlighting for SAS code files (i.e. .r, .sas, .tex, .yaml). #5856
    • Able to fill in pull request title with a template. #5901
    • ๐Ÿ“š Able to override static files under public/ directory, please refer to documentation for usage. #5920
    • ๐Ÿ†• New API endpoint GET /admin/teams/:teamid/members to list members of a team. #5877
    • ๐Ÿ‘Œ Support backup with retention policy for Docker deployments. #6140

    ๐Ÿ”„ Changed

    • The organization profile page has changed to display at most 12 members. #5506
    • The required Go version to compile source code changed to 1.14.
    • ๐Ÿฑ All assets are now embedded into binary and served from memory by default. Set [server] LOAD_ASSETS_FROM_DISK = true to load them from disk. #5920
    • ๐Ÿšš Application and Go versions are removed from page footer and only show in the admin dashboard.
    • ๐Ÿ Build tag for running as Windows Service has been changed from miniwinsvc to minwinsvc.
    • ๐Ÿ—„ Configuration option APP_NAME is deprecated and will end support in 0.13.0, please start using BRAND_NAME.
    • ๐Ÿ—„ Configuration option [server] ROOT_URL is deprecated and will end support in 0.13.0, please start using [server] EXTERNAL_URL.
    • ๐Ÿ—„ Configuration option [server] LANDING_PAGE is deprecated and will end support in 0.13.0, please start using [server] LANDING_URL.
    • ๐Ÿ”ง Configuration option [database] DB_TYPE is deprecated and will end support in 0.13.0, please start using [database] TYPE.
    • ๐Ÿ”ง Configuration option [database] PASSWD is deprecated and will end support in 0.13.0, please start using [database] PASSWORD.
    • Configuration option [security] REVERSE_PROXY_AUTHENTICATION_USER is deprecated and will end support in 0.13.0, please start using [auth] REVERSE_PROXY_AUTHENTICATION_HEADER.
    • ๐Ÿ”ง Configuration section [mailer] is deprecated and will end support in 0.13.0, please start using [email].
    • ๐Ÿ”ง Configuration section [service] is deprecated and will end support in 0.13.0, please start using [auth].
    • Configuration option [auth] ACTIVE_CODE_LIVE_MINUTES is deprecated and will end support in 0.13.0, please start using [auth] ACTIVATE_CODE_LIVES.
    • Configuration option [auth] RESET_PASSWD_CODE_LIVE_MINUTES is deprecated and will end support in 0.13.0, please start using [auth] RESET_PASSWORD_CODE_LIVES.
    • ๐Ÿ—„ Configuration option [auth] ENABLE_CAPTCHA is deprecated and will end support in 0.13.0, please start using [auth] ENABLE_REGISTRATION_CAPTCHA.
    • ๐Ÿ”” Configuration option [auth] ENABLE_NOTIFY_MAIL is deprecated and will end support in 0.13.0, please start using [user] ENABLE_EMAIL_NOTIFICATION.
    • Configuration option [session] GC_INTERVAL_TIME is deprecated and will end support in 0.13.0, please start using [session] GC_INTERVAL.
    • Configuration option [session] SESSION_LIFE_TIME is deprecated and will end support in 0.13.0, please start using [session] MAX_LIFE_TIME.
    • The name - is reserved and cannot be used for users or organizations.

    ๐Ÿ›  Fixed

    • ๐Ÿ”’ [Security] Potential open redirection with i18n.
    • ๐Ÿ”’ [Security] Potential ability to delete files outside a repository.
    • ๐Ÿ”’ [Security] Potential ability to set primary email on others' behalf from their verified emails.
    • ๐Ÿ”’ [Security] Potential XSS attack via .ipynb. #5170
    • ๐Ÿ”’ [Security] Potential SSRF attack via webhooks. #5366
    • ๐Ÿ”’ [Security] Potential CSRF attack in admin panel. #5367
    • ๐Ÿ”’ [Security] Potential stored XSS attack in some browsers. #5397
    • ๐Ÿ”’ [Security] Potential RCE on mirror repositories. #5767
    • ๐Ÿ”’ [Security] Potential XSS attack with raw markdown API. #5907
    • File both modified and renamed within a commit treated as separate files. #5056
    • โช Unable to restore the database backup to MySQL 8.0 with syntax error. #5602
    • Open/close milestone redirects to a 404 page. #5677
    • Disallow multiple tokens with same name. #5587 #5820
    • Enable Federated Avatar Lookup could cause server to crash. #5848
    • Private repositories are hidden in the organization's view. #5869
    • ๐Ÿ‘‰ Users have access to base repository cannot view commits in forks. #5878
    • Server error when changing email address in user settings page. #5899
    • Fall back to use RFC 3339 as time layout when misconfigured. #6098
    • โšก๏ธ Unable to update team with server error. #6185
    • Webhooks are not fired after push when [service] REQUIRE_SIGNIN_VIEW = true.
    • Files with identical content are randomly displayed one of them.

    โœ‚ Removed

    • Configuration option [other] SHOW_FOOTER_VERSION
    • Configuration option [server] STATIC_ROOT_PATH
    • Configuration option [repository] MIRROR_QUEUE_LENGTH
    • Configuration option [repository] PULL_REQUEST_QUEUE_LENGTH
    • Configuration option [session] ENABLE_SET_COOKIE
    • ๐Ÿš€ Configuration option [release.attachment] PATH
    • ๐Ÿ”ง Configuration option [webhook] QUEUE_LENGTH
    • ๐Ÿ— Build tag sqlite, which means CGO is now required.

    ๐Ÿš€ Older change logs can be found on GitHub.

  • v0.11.91

    August 12, 2019

    ๐Ÿ› Bug fixes

    • MySQL: invalid connection #5532
    • ๐Ÿณ Docker: Deprecation Notice OpenSSH #5647
    • Copyright is behind the times #5674
    • ๐Ÿ”’ [Security] Incorrect API access control #5764

    ๐Ÿ‘Œ Improvements

    • โšก๏ธ Assignee receives email updates of issue thread #4220
    • Render Markdown in emails #4552
    • โž• Add rsync to the Docker image #5773
  • v0.11.86

    January 31, 2019

    ๐Ÿ› Bug fixes

    • ๐Ÿง Layout misalignment in Firefox for Linux #5299
    • ๐Ÿ“œ Unexpected issue index parsing error while using external issue tracker #5551
    • ๐Ÿ”’ [Security] Remote Code execution or/and Denial of Service #5558

    ๐Ÿ”‹ Features

    • ๐Ÿ‘Œ Support GitHub (Enterprise) authentication source #5340
    • โž• Add API endpoint to get commit details by SHA #5546

    Others

    • โž• Add new languages support: Portuguese
  • v0.11.79

    December 12, 2018

    ๐Ÿ› Bug fixes

    • LDAP group verification doesn't work when using 'dn' as user attribute #4684
    • LDAP group verification fails #4792
    • Emoji's do not work in wiki #4869
    • ๐Ÿ”ง Log level not applied from configuration #5007
    • Not able to go get a repository with non-80 port #5305
    • ๐Ÿ›  Fix critical CSRF vulnerabilities on API routes #5355
    • โšก๏ธ Wrong redirect after updated protect branch setting whose name contains # #5442
    • Clear labels not working #5445
    • ๐Ÿ”’ [Security] Remote command execution #5469
    • Push event webhook is not triggered when new branch fetched to mirror repository #5473
    • Large issue comment exceeds dashboard section #5502
    • List collaborator API does not contain permission information #5538
    • ๐Ÿ”’ [Security] Log out only deletes browser cookies #5540
    • ๐Ÿ”’ [Security] Some routes need to be POST #5541
    • ๐Ÿ”’ [Security] Stored XSS in external issue tracker URL format #5545

    ๐Ÿ‘Œ Improvements

    • ๐Ÿ‘Œ Support prefilling the title and body of new issues using query parameters #5302
    • ๐Ÿ‘Œ Support data URL of base64 encoded images in Markdown #5391
    • ๐Ÿ‘ Allow non logged in users to call repository information API /repos/:username/:reponame #5475
  • v0.11.66

    September 16, 2018

    ๐Ÿ› Bug fixes

    • ๐ŸŒ Web editor doesn't execute hooks after commit #4338
    • ๐Ÿš€ Release attachments are deleted when delete any random comment #4627
    • Private repository with public wiki or issue does not show in search result #4973
    • Cannot start with MySQL 8.0 #5187
    • Webhook and its tasks are not cleaned up when delete repository #5229
    • โช Time set to current after restored from backup #5264
    • โœ‚ Delete branch after merged pull request does no trigger webhook #5331
    • Fork repository does not check of the limit of users #5345
    • Unable to delete user with PostgreSQL #5376

    ๐Ÿ”‹ Features

    • Able to add avatar for repository #2340
    • โž• Add basic Go runtime metrics provided by Prometheus #4141

    ๐Ÿ‘Œ Improvements

    • ๐Ÿ”ง Ignore configuration inline comment by default
    • โž• Add deletion of an empty line at the end of file in file view #5270
    • 0๏ธโƒฃ Able to set default authentication method for login #5274
    • ๐Ÿ”€ Able to add custom merge commit description #5276

    Others

    • ๐Ÿ”’ Security fixes
  • v0.11.53

    June 04, 2018

    ๐Ÿ› Bug fixes

    • The branch name contains '#' not work correctly #4601
    • Issue mention does not render with square brackets #4706
    • ๐Ÿ”€ 500 when merge branch when the base branch is not the default branch #5138
    • Gravatar URLs are badly generated #5157
    • Able to reuse two factor passcode
    • Config option [git] GC_ARGS does not take effect

    ๐Ÿ”‹ Features

    • โšก๏ธ Show mirror updates in activity timeline #2017
    • ๐Ÿ‘Œ Support authentication source config file #3142
    • ๐Ÿ”€ Trigger webhook after mirror sync #4528

    Others

    • ๐Ÿ”„ Changed import path from "gogits/gogs" to "gogs/gogs"
    • ๐Ÿ”’ Security fixes
    • โž• Add new languages support: Vietnamese