Reviewed-on: gitea/blog#325 Reviewed-by: delvh <dev.lh@web.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-committed-by: Lunny Xiao <xiaolunwen@gmail.com>
9.4 KiB
date | authors | title | tags | draft | coverImageRelease | |||
---|---|---|---|---|---|---|---|---|
2023-11-27T14:00:00+02:00 |
|
Gitea 1.21.1 is released |
|
false | 1.21.1/1.20.6 |
Gitea 1.21.1 and 1.20.6 are now released. 1.21.1 includs 24 merged PRs and a fix for a high impact security vulnerability. You are highly recommanded to upgrade to this version ASAP. 1.20.6 includes 30 merged PRs and also the fix mentioned above.
The problem was that previously only comments, among other types, was used to find the comment. However, as you request the comment on a specific repo, it must also be checked that the ID of the given comment belongs to the given repo as you can otherwise retrieve content you are not supposed to see.
We would like to give a special thanks to the Forgejo team for reporting the security issue that was patched in this release.
Thanks to @lunny for fixing the problem.
You can download Gitea 1.21.1 for example from our downloads page or 1.20.6 here. Please read our installation guide for more information on installation.
We would also like to thank all of our supporters on Open Collective who are helping to sustain us financially.
Are you looking for a seamless, hassle-free solution to manage your Git repositories? Look no further! Gitea Cloud is here to revolutionize your development experience.
Changelog
1.21.1 - 2023-11-26
- SECURITY
- BUGFIXES
- Fix delete-orphaned-repos (#28200) (#28202)
- Make CORS work for oauth2 handlers (#28184) (#28185)
- Fix missing buttons (#28179) (#28181)
- Fix no ActionTaskOutput table waring (#28149) (#28152)
- Fix empty action run title (#28113) (#28148)
- Use "is-loading" to avoid duplicate form submit for code comment (#28143) (#28147)
- Fix Matrix and MSTeams nil dereference (#28089) (#28105)
- Fix incorrect pgsql conn builder behavior (#28085) (#28098)
- Fix system config cache expiration timing (#28072) (#28090)
- Restricted users only see repos in orgs which their team was assigned to (#28025) (#28051)
- API
- ENHANCEMENTS
- DOCS
- MISC
Contributors for 1.21.1
- @6543
- @CodeShakingSheep
- @evantobin
- @jolheiser
- @KN4CK3R
- @lng2020
- @lunny
- @pitpalme
- @wolfogre
- @wxiaoguang
- @yp05327
1.20.6 - 2023-11-26
- SECURITY
- BUGFIXES
- Fix no ActionTaskOutput table waring (#28149) (#28151)
- Restricted users only see repos in orgs which their team was assigned to (#28025) (#28050)
- Fix DownloadFunc when migrating releases (#27887) (#27889)
- Fix http protocol auth (#27875) (#27878)
- Revert "fix orphan check for deleted branch (#27310) (#27320)" (#27763)
- Fix label render containing invalid HTML (#27752) (#27761)
- Fix poster is not loaded in get default merge message (#27657) (#27665)
- Fix 404 when deleting Docker package with an internal version (#27615) (#27629)
- Fix attachment download bug (#27486) (#27570)
- When comparing with an non-exist repository, return 404 but 500 (#27437) (#27441)
- API
- ENHANCEMENTS
- DOCS
- Update agit-support.en-us.md (#27652)
- MISC