What's new in Gogs - Go Git Service 0.13.0
Feb 26, 2023
- Added:
- Support using personal access token in the password field. #3866
- An unlisted option is added when create or migrate a repository. Unlisted repositories are public but not being listed for users without direct access in the UI. #5733
- New API endpoint PUT /repos/:owner/:repo/contents/:path for creating and update repository contents. #5967
- New configuration option [git.timeout] DIFF for customizing operation timeout of git diff. #6315
- New configuration option [server] SSH_SERVER_MACS for setting list of accepted MACs for connections to builtin SSH server. #6434
- New configuration option [repository] DEFAULT_BRANCH for setting default branch name for new repositories. #7291
- New configuration option [server] SSH_SERVER_ALGORITHMS for specifying the list of accepted key exchange algorithms for connections to builtin SSH server. #7345
- Support specifying custom schema for PostgreSQL. #6695
- Support rendering Mermaid diagrams in Markdown. #6776
- Docker: Allow passing extra arguments to the backup command. #7060
- New languages support: Mongolian, Romanian. #6510 #7082
- Changed:
- The default branch has been changed to main. #6285
- MSSQL as database backend is deprecated, installation page no longer shows it as an option. Existing installations and manually craft configuration file continue to work. #6295
- Use Task as the build tool. #6297
- The required Go version to compile source code changed to 1.18.
- Access tokens are now stored using their SHA256 hashes instead of raw values. #7008
- Fixed:
- Unable to use LDAP authentication on ARM machines. #6761
- Unable to choose "Lookup Avatar by mail" in user settings without deleting custom avatar. #7267
- Mistakenly include the "data" directory under the custom directory in the Docker setup. #7343
- Unable to start after data recovery with an outdated migration version. #7125
- Removed:
- Migrations before 0.12 are removed, installations not on 0.12 should upgrade to it to run the migrations and then upgrade to 0.13.
- Configuration section [mailer] is no longer used, please use [email].
- Configuration section [service] is no longer used, please use [auth].
- Configuration option APP_NAME is no longer used, please use BRAND_NAME.
- Configuration option [security] REVERSE_PROXY_AUTHENTICATION_USER is no longer used, please use [auth] REVERSE_PROXY_AUTHENTICATION_HEADER.
- Configuration option [auth] ACTIVE_CODE_LIVE_MINUTES is no longer used, please use [auth] ACTIVATE_CODE_LIVES.
- Configuration option [auth] RESET_PASSWD_CODE_LIVE_MINUTES is no longer used, please use [auth] RESET_PASSWORD_CODE_LIVES.
- Configuration option [auth] ENABLE_CAPTCHA is no longer used, please use [auth] ENABLE_REGISTRATION_CAPTCHA.
- Configuration option [auth] ENABLE_NOTIFY_MAIL is no longer used, please use [user] ENABLE_EMAIL_NOTIFICATION.
- Configuration option [auth] REGISTER_EMAIL_CONFIRM is no longer used, please use [auth] REQUIRE_EMAIL_CONFIRMATION.
- Configuration option [session] GC_INTERVAL_TIME is no longer used, please use [session] GC_INTERVAL.
- Configuration option [session] SESSION_LIFE_TIME is no longer used, please use [session] MAX_LIFE_TIME.
- Configuration option [server] ROOT_URL is no longer used, please use [server] EXTERNAL_URL.
- Configuration option [server] LANDING_PAGE is no longer used, please use [server] LANDING_URL.
- Configuration option [database] DB_TYPE is no longer used, please use [database] TYPE.
- Configuration option [database] PASSWD is no longer used, please use [database] PASSWORD.
- Remove option to use Makefile as the build tool. #6980
New in Gogs - Go Git Service 0.12.10 (Aug 2, 2022)
- Changed:
- Support using [security] LOCAL_NETWORK_ALLOWLIST = * to allow all hostnames. #7111
- Fixed:
- Unable to send webhooks to local network addresses after configured [security] LOCAL_NETWORK_ALLOWLIST. #7074
New in Gogs - Go Git Service 0.12.9 (Jun 7, 2022)
- Fixed:
- Security: OS Command Injection in file editor. #7000
- Security: Sanitize DisplayName in repository issue list. #7009
- Security: Path Traversal in file editor on Windows. #7001
- Security: Path Traversal in Git HTTP endpoints. #7002
- Unable to init repository during creation on Windows. #6967
- Mysterious panic on Value not found for type *repo.HTTPContext. #6963
New in Gogs - Go Git Service 0.12.8 (May 31, 2022)
- Changed:
- All users (including admins) need to use the configuration option [security] LOCAL_NETWORK_ALLOWLIST to allow repository migration and webhooks to be able to access local network addresses, which is a comma separated list of hostnames. #6988
- Fixed
- Security: SSRF in webhook. #6901
- Security: XSS in cookies. #6953
- Security: OS Command Injection in file uploading. #6968
- Security: Remote Command Execution in file editing. #6555
New in Gogs - Go Git Service 0.12.7 (May 5, 2022)
- Fixed:
- Security: Stored XSS in issues.
- Invalid character in Access-Control-Allow-Credentials response header.
- Mysterious ssh: overflow reading version string errors from builtin SSH server.
New in Gogs - Go Git Service 0.12.6 (Mar 19, 2022)
- Security: Remote command execution in file uploading. #6833 by @unknwon
- Regression: Unable to migrate repository from other local Git hosting. Added a new configuration option [security] LOCAL_NETWORK_ALLOWLIST, which is a comma separated list of hostnames that are explicitly allowed to be accessed within the local network. #6841 by @unknwon
- Slow start of Docker containers using NAS devices. #6554 by @druppy
New in Gogs - Go Git Service 0.12.5 (Mar 11, 2022)
- Fixed:
- Security: Potential SSRF in repository migration. #6754 by @michaellrowley
- Security: Improper PAM authorization handling. #6810 by @ysf
New in Gogs - Go Git Service 0.12.4 (Jan 17, 2022)
- Fixed:
- Security: Potential SSRF attack by CRLF injection via repository migration. #6413 by @stypr
- Regression: Fixed smart links for issues stops rendering. #6506 by @unknwon
- Added X-Frame-Options header to prevent Clickjacking. #6409 by @matheusmosca
New in Gogs - Go Git Service 0.12.3 (Oct 7, 2020)
- Fixed:
- Regression: When running Gogs on Windows, push commits no longer fail on a daily basis with the error "pre-receive hook declined". #6316
- Auto-linked commit SHAs now have correct links. #6300
- Git LFS client (with version >= 2.5.0) wasn't able to upload files with known format (e.g. PNG, JPEG), and the server is expecting the HTTP Header Content-Type to be application/octet-stream. The server now tells the LFS client to always use Content-Type: application/octet-stream when upload files.
New in Gogs - Go Git Service 0.12.2 (Sep 26, 2020)
- Fixed:
- Regression: Pages are correctly rendered when requesting ?go-get=1 for subdirectories. #6314
- Regression: Submodule with a relative path is linked correctly. #6319
- Backup can be processed when --target is specified on Windows. #6339
- Commit message contains keywords look like an issue reference no longer fails the push entirely. #6289
New in Gogs - Go Git Service 0.12.0 (Aug 23, 2020)
- Added:
- Support for Git LFS, you can read documentation for both user and admin. #1322
- Allow admin to remove observers from the repository. #5803
- Use Last-Modified HTTP header for raw files. #5811
- Support syntax highlighting for SAS code files (i.e. .r, .sas, .tex, .yaml). #5856
- Able to fill in pull request title with a template. #5901
- Able to override static files under public/ directory, please refer to documentation for usage. #5920
- New API endpoint GET /admin/teams/:teamid/members to list members of a team. #5877
- Support backup with retention policy for Docker deployments. #6140
- Changed:
- The organization profile page has changed to display at most 12 members. #5506
- The required Go version to compile source code changed to 1.14.
- All assets are now embedded into binary and served from memory by default. Set [server] LOAD_ASSETS_FROM_DISK = true to load them from disk. #5920
- Application and Go versions are removed from page footer and only show in the admin dashboard.
- Build tag for running as Windows Service has been changed from miniwinsvc to minwinsvc.
- Configuration option APP_NAME is deprecated and will end support in 0.13.0, please start using BRAND_NAME.
- Configuration option [server] ROOT_URL is deprecated and will end support in 0.13.0, please start using [server] EXTERNAL_URL.
- Configuration option [server] LANDING_PAGE is deprecated and will end support in 0.13.0, please start using [server] LANDING_URL.
- Configuration option [database] DB_TYPE is deprecated and will end support in 0.13.0, please start using [database] TYPE.
- Configuration option [database] PASSWD is deprecated and will end support in 0.13.0, please start using [database] PASSWORD.
- Configuration option [security] REVERSE_PROXY_AUTHENTICATION_USER is deprecated and will end support in 0.13.0, please start using [auth] REVERSE_PROXY_AUTHENTICATION_HEADER.
- Configuration section [mailer] is deprecated and will end support in 0.13.0, please start using [email].
- Configuration section [service] is deprecated and will end support in 0.13.0, please start using [auth].
- Configuration option [auth] ACTIVE_CODE_LIVE_MINUTES is deprecated and will end support in 0.13.0, please start using [auth] ACTIVATE_CODE_LIVES.
- Configuration option [auth] RESET_PASSWD_CODE_LIVE_MINUTES is deprecated and will end support in 0.13.0, please start using [auth] RESET_PASSWORD_CODE_LIVES.
- Configuration option [auth] ENABLE_CAPTCHA is deprecated and will end support in 0.13.0, please start using [auth] ENABLE_REGISTRATION_CAPTCHA.
- Configuration option [auth] ENABLE_NOTIFY_MAIL is deprecated and will end support in 0.13.0, please start using [user] ENABLE_EMAIL_NOTIFICATION.
- Configuration option [session] GC_INTERVAL_TIME is deprecated and will end support in 0.13.0, please start using [session] GC_INTERVAL.
- Configuration option [session] SESSION_LIFE_TIME is deprecated and will end support in 0.13.0, please start using [session] MAX_LIFE_TIME.
- The name - is reserved and cannot be used for users or organizations.
- Fixed:
- [Security] Potential open redirection with i18n.
- [Security] Potential ability to delete files outside a repository.
- [Security] Potential ability to set primary email on others' behalf from their verified emails.
- [Security] Potential XSS attack via .ipynb. #5170
- [Security] Potential SSRF attack via webhooks. #5366
- [Security] Potential CSRF attack in admin panel. #5367
- [Security] Potential stored XSS attack in some browsers. #5397
- [Security] Potential RCE on mirror repositories. #5767
- [Security] Potential XSS attack with raw markdown API. #5907
- File both modified and renamed within a commit treated as separate files. #5056
- Unable to restore the database backup to MySQL 8.0 with syntax error. #5602
- Open/close milestone redirects to a 404 page. #5677
- Disallow multiple tokens with same name. #5587 #5820
- Enable Federated Avatar Lookup could cause server to crash. #5848
- Private repositories are hidden in the organization's view. #5869
- Users have access to base repository cannot view commits in forks. #5878
- Server error when changing email address in user settings page. #5899
- Fall back to use RFC 3339 as time layout when misconfigured. #6098
- Unable to update team with server error. #6185
- Webhooks are not fired after push when [service] REQUIRE_SIGNIN_VIEW = true.
- Files with identical content are randomly displayed one of them.
- Removed:
- Configuration option [other] SHOW_FOOTER_VERSION
- Configuration option [server] STATIC_ROOT_PATH
- Configuration option [repository] MIRROR_QUEUE_LENGTH
- Configuration option [repository] PULL_REQUEST_QUEUE_LENGTH
- Configuration option [session] ENABLE_SET_COOKIE
- Configuration option [release.attachment] PATH
- Configuration option [webhook] QUEUE_LENGTH
- Build tag sqlite, which means CGO is now required.
New in Gogs - Go Git Service 0.11.91 (Aug 12, 2019)
- MySQL: invalid connection #5532
- Docker: Deprecation Notice OpenSSH #5647
- Copyright is behind the times #5674
- [Security] Incorrect API access control #5764
New in Gogs - Go Git Service 0.11.86 (Jan 31, 2019)
- Layout misalignment in Firefox for Linux #5299
- Unexpected issue index parsing error while using external issue tracker #5551
- [Security] Remote Code execution or/and Denial of Service #5558
New in Gogs - Go Git Service 0.11.79 (Dec 12, 2018)
- LDAP group verification doesn’t work when using ‘dn’ as user attribute #4684
- LDAP group verification fails #4792
- Emoji’s do not work in wiki #4869
- Log level not applied from configuration #5007
- Not able to go get a repository with non-80 port #5305
- Fix critical CSRF vulnerabilities on API routes #5355
- Wrong redirect after updated protect branch setting whose name contains # #5442
- Clear labels not working #5445
- [Security] Remote command execution #5469
- Push event webhook is not triggered when new branch fetched to mirror repository #5473
- Large issue comment exceeds dashboard section #5502
- List collaborator API does not contain permission information #5538
- [Security] Log out only deletes browser cookies #5540
- [Security] Some routes need to be POST #5541
- [Security] Stored XSS in external issue tracker URL format #5545
New in Gogs - Go Git Service 0.11.66 (Sep 17, 2018)
- Bug fixes:
- Web editor doesn't execute hooks after commit #4338
- Release attachments are deleted when delete any random comment #4627
- Private repository with public wiki or issue does not show in search result #4973
- Cannot start with MySQL 8.0 #5187
- Webhook and its tasks are not cleaned up when delete repository #5229
- Time set to current after restored from backup #5264
- Delete branch after merged pull request does no trigger webhook #5331
- Fork repository does not check of the limit of users #5345
- Unable to delete user with PostgreSQL #5376
- Features:
- Able to add avatar for repository #2340
- Add basic Go runtime metrics provided by Prometheus #4141
- Improvements:
- Ignore configuration inline comment by default
- Add deletion of an empty line at the end of file in file view #5270
- Able to set default authentication method for login #5274
- Able to add custom merge commit description #5276
- Others:
- Security fixes
New in Gogs - Go Git Service 0.11.53 (Jun 6, 2018)
- Bug fixes:
- The branch name contains '#' not work correctly #4601
- Issue mention does not render with square brackets #4706
- 500 when merge branch when the base branch is not the default branch #5138
- Gravatar URLs are badly generated #5157
- Able to reuse two factor passcode
- Config option [git] GC_ARGS does not take effect
- Features:
- Show mirror updates in activity timeline #2017
- Support authentication source config file #3142
- Trigger webhook after mirror sync #4528
- Others:
- Changed import path from "gogits/gogs" to "gogs/gogs"
- Security fixes
- Add new languages support: Vietnamese
New in Gogs - Go Git Service 0.11.43 (Mar 31, 2018)
- Bug fixes:
- Wrong branch URL for name contains # in branches view #4874
- Commits not merged after accepting pull request using rebase #5051
- SVG support in IPython notebook #5077
- Improvements:
- Support HTTP HEAD requests #2857
- Disable federated avatar lookup by default #5126
- Others:
- Add new languages support: Indonesian, Persian
New in Gogs - Go Git Service 0.11.34 (Nov 23, 2017)
- Bug fixes:
- Regression: Pull request is not working between different repositories #4890
New in Gogs - Go Git Service 0.11.33 (Nov 20, 2017)
- Bug fixes:
- Some security fixes
- Wrong commit ID in webhook payload after merging pull request #4442
- Meta tag go-import does not response correct value #4832
- Features:
- Add Dingtalk webhook support #4773
- Allow rebase and merge pull request #4798
- Improvements:
- Add placeholder '%s' for username in LDAP BindDN #2526
- Allow UID for git user in Docker container to be specified via ENV variable #3520
- Add repository setting to ignore whitespace when check pull request conflict #4834
- Others:
- Add new language support: Slovak
New in Gogs - Go Git Service 0.11.29 (Aug 16, 2017)
- Bug fixes:
- Private repository activity shown in "Public activity" tab, if the repository was once public #4414
- Webhooks refuse IPv6 URLs as invalid #4428
- No email notification if issue closed by commit #4430
- Explore page incorrect paging #4441
- /api/v1/repos/search returns empty values #4522
- Panic after created a pull request #4572
New in Gogs - Go Git Service 0.11.19 (Jun 11, 2017)
- Bug fixes:
- Unable to go get subpkg
- Does not set as admin after first LDAP login
- Panic when login via PAM
- Unique constraint violation after backup restored for PostgreSQL
- Images in IPython notebook are not displayed
- Broken relative path for image link in edit file preview
- Emoji not rendered on commits view
- High CPU when view single commit contains file mode change
- Cannot change permissions of collaborators
- Features:
- Support two-factor authentication
- Support filter by group membership for LDAP
- Improvements:
- Installation checks port for SMTP host
- Remain updated time unchanged if no new commits fetched for mirrors
- Support IPython notebook as README
- Configurable TLS Support
New in Gogs - Go Git Service 0.11.4 (Apr 6, 2017)
- Client is not informed to provide credentials during HTTP/HTTPS push/pull
- Mirror credentials are not URL encoded #4014
- Create pull request buttons are showed on branches page when pull request is disabled #4377
- Panic if user has validation error on installation #4383
New in Gogs - Go Git Service 0.11 (Apr 4, 2017)
- Bug fixes:
- Profile editing looses changes on validation error #1123
- Wrong repository count in organization dashboard #4351
- Fail to migrate from version prior to 0.10 #4355
- Private repository with public issues didn't handle anonymous visit properly #4359
New in Gogs - Go Git Service 0.11 RC (Mar 28, 2017)
- Bug fixes:
- Incorrect file permission for session files #3363
- API: Repository Permission object returns incorrect values #4309
- Unable to update non-local user profile #4313
- Redirect to random issue if index does not exist #4315
- Unable to propose pull request from secondary fork #4324
- Unable to update protect branch whitelist #4333
- Repository size does not update for fork, migrate and mirror #4336
- Features:
- Support private repository with public issues #649
- Support private repository with public wiki #2157
- Able to retrigger webhook history #2187
- API: Add sync for mirror repository #2235
- Able to load more feeds on dashboard #2511
- Add config option to set a cookie value indicates login status #2885
- Able to backup and restore #2924
- Able to use issues and wiki for bare repository #4104
- Custom page size for commits page #4230
- Add repositories panel to user settings #4277
- Improvements:
- Include private but accessible repositories in explore page #3088
- Able to choose console mode for logger #3119
- Able to config logger for XORM #3183
- Add config option for HTML render mode #3608
- Webhook push event provice details about added/removed/modified files #3897
- Able to config number of newsfeed showed on Dashboard #4247
New in Gogs - Go Git Service 0.10.18 (Mar 15, 2017)
- Bug fixes:
- Last updated is not changed after syncing for mirror repositories #2807
- Regression Cannot edit or view draft release #4262
- Improvements:
- More webhook events
- Send notification emails to all issue participants #2929
- Whitelist users can bypass require pull request check for protected branches #4207
- Features:
- Able to view repository size in admin panel
- Support add attachments to releases #1614
- Repository branches page #2310
- Support Smartypants with config section [smartypants] #4162
New in Gogs - Go Git Service 0.10.8 (Mar 8, 2017)
- Bug fixes:
- Git hooks do not work on Windows mws version
- link contains an image does not point to the correct URL #2636
- Web editor cannot create branch with slash #3568
- Cannot clone a repository without .git suffix #4189
- Git hook working directory is not repository directory #4225
- Regression on go get support #4226
- Webhook Skip TLS Verify setting doesn't take effect #4228
- Improvements:
- Use text/html as default email content encoding and use [mailer] USE_PLAIN_TEXT to disable it
- Able to perform initial commit on behave of actual user
- Support Gogs-related environment variables for Git hooks #4094
New in Gogs - Go Git Service 0.10.1 (Feb 28, 2017)
- Non-organizational repository cannot save branch protection options
New in Gogs - Go Git Service 0.10 (Feb 28, 2017)
- Bug fixes:
- Unexpected removal of migrated repository when wiki is detected
- Cannot preview diff on web editor
- Organizational webhook last delivery status cannot be updated
- Admin cannot delete organizational repository
- Diff split view doesn’t work on create pull reqeust #3695
- Cannot edit release of fork repository #4174
- Improvements:
- Able to add organization member as repository collaborator
- Able to add custom head/footer #1286
- Able to send test delivery for specific webhook #3030
- Able to enable webhook types on choice #3356
- Able to send SHA256 HMAC hex digest for webhooks #3692
- Add config option [session] CSRF_COOKIE_NAME for custom CSRF cookie name #4172
- Able to whitelist users and teams for protect branch of organizational repository #4177
New in Gogs - Go Git Service 0.10 RC (Feb 22, 2017)
- Bug fixes:
- Cannot install or start server without mail service
- Out of memory when push large content through HTTP #636
- Cannot navigate to wiki page title contains - #3754
- Cannot edit wiki page title contains # #3767
- Crash when tabular spaces in title of wiki pages #3916
- Cannot close a milestone using API #4102
- Repository local copy stops working after force push #4123
- Cannot delete branch after merging pull request #4128
- Improvements:
- Able to fork own repository #1791
- Add pagination to releases #2164
- Assign issue to user with read-only access #3739
- Support short-hash for download archives #3834
- Highlight a line on diff view
- Features:
- Support Discord webhook
- Support protected branches #776
- Support MSSQL #3772
- Others:
- Stop supporting 0.6.x
New in Gogs - Go Git Service 0.9.141 (Feb 11, 2017)
- Bug fixes:
- Cannot edit file after rename repository #3641
- mailto link incorrectly parsed in Markdown #3790
- Cannot include spaces inside LDAP DN field #3791
- Pull request on same repository shows 404 #4074
- Cannot delete branches with slashes in the name #4089
- Improvements:
- Able to redirect visitors to external issue tracker URL #3645
- Add Open Graph Meta tags #3664
- Features:
- Able to disable creation of organizations for non-admins #1556
- Support IPython Notebook rendering #4070
- Add Slack logger
- Others:
- Stop supporting network connection and email loggers
New in Gogs - Go Git Service 0.9.128 (Jan 31, 2017)
- Bug fixes:
- hanged branch not reflected when creating PR #3604
- Can not save release draft as draft again #3669
- README file without Markdown is showing empty #3749
- Incorrect composition when send notification emails #3856
- Wrong anchors for non-latin headings #3981
- Panic when try to get a file of bare repository #3992
- Ability to fork arbitrary repository #4006
- Users can register with used emails
- Improvements:
- View all issues assigned to me #1820
- Skip sending emails to inactive users #3814
- Add new config option [http] ACCESS_CONTROL_ALLOW_ORIGIN for custom Access-Control-Allow-Origin header #3987
- Add new config option [repository] ENABLE_LOCAL_PATH_MIGRATION to control local path migration (and disabled by default) #4033
- Features:
- Add 'Organizations' page to user settings #3587
New in Gogs - Go Git Service 0.9.113 (Dec 27, 2016)
- BUG FIXES:
- HTTP push consumes a lot of RAM #636
- Dashboard feeds has unexpected line break on Mac OS X Safari #2875
- Wrong avatar link for user #3577
- on release draft edition #3590
- when issue poster has deleted account
- Ability to delete other people's secondary emails and application's tokens #3959
- Ability to delete arbitrary repository's releases #3962
- Ability to use labels from arbitrary repositories
- IMPROVEMENTS:
- Add config option [other] SHOW_FOOTER_TEMPLATE_LOAD_TIME to hide template load time #3492
- FEATURES:
- Support search organizations on explore page #2951
- Provide button to delete merged pull request branch #3225
- Support disable HTTP operations of repository #3667
- Support for video files using the HTML5 video tag #3967
- OTHERS:
- Add Korean and Galician support
New in Gogs - Go Git Service 0.9.97.0901 (Nov 15, 2016)
- Bug fixes:
- Only user with repository write access can make comments
- Diff signs (+/-) are not showing #3464
- Archive includes full path on Windows #3535
- Improvements:
- Add git-daemon-export-ok support #2940
- Redirect to landing page after login #3089
- Use user name as email FROM value #3279
- Features:
- Support lable templates #1562
- Support sync mirror repository on UI #2018
- Support webhooks for pull requests #2246
- Support listen on unix socket #2852
- Support PostgreSQL with unix socket #3013
- Support migrate wiki with repository when available #3233
- Support web editor for repository files #3460