Tags give the ability to mark specific points in history as being important
  • v1.7.4
    * SECURITY
      * Fix potential XSS vulnerability in repository description. (#6306) (#6308)
    * BUGFIXES
      * Fix wrong release commit id (#6224) (#6300)
      * Fix panic on empty signed commits (#6292) (#6300)
      * Fix organization dropdown not being scrollable when using mouse wheel (#5988) (#6246)
      * Fix displaying dashboard even if required to change password (#6214) (#6215)
    
  • v1.7.3
    * BUGFIXES
      * Fix server 500 when trying to migrate to an already existing repository (#6188) (#6197)
      * Load Issue attributes for API /repos/{owner}/{repo}/issues/{index} (#6122) (#6185)
      * Fix bug whereby user could change private repository to public when force private enabled. (#6156) (#6165)
      * Fix bug when update owner team then visit team's repo return 404 (#6119) (#6166)
      * Fix heatmap and repository menu display in Internet Explorer 9+ (#6117) (#6137)
      * Fix prohibit login check on authorization (#6106) (#6115)
      * Fix LDAP protocol error regression by moving to ldap.v3 (#6105) (#6107)
      * Fix deadlock in webhook PullRequest (#6102) (#6104)
      * Fix redirect loop when password change is required and Gitea is installed as a suburl (#5965) (#6101)
      * Fix compare button regression (#5929) (#6098)
      * Recover panic in orgmode.Render if bad orgfile (#4982) (#5903) (#6097)
    
  • v1.7.2
    * BUGFIXES
      * Remove all CommitStatus when a repo is deleted (#5940) (#5941)
      * Fix notifications on pushing with deploy keys by setting hook environment variables (#5935) (#5944)
      * Silence console logger in gitea serv (#5887) (#5943)
      * Handle milestone webhook events for issues and PR (#5947) (#5955)
      * Show user who created the repository instead of the organization in action feed (#5948) (#5956)
      * Fix ssh deploy and user key constraints (#1357) (#5939) (#5966)
      * Fix bug when deleting a linked account will removed all (#5989) (#5990)
      * Fix empty ssh key importing in ldap (#5984) (#6009)
      * Fix metrics auth token detection (#6006) (#6017)
      * Create repository on organisation by default on its dashboard (#6026) (#6048)
      * Make sure labels are actually returned in API (#6053) (#6059)
      * Switch to more recent build of xgo (#6070) (#6072)
      * In basic auth check for tokens before call UserSignIn (#5725) (#6083)
    
  • v1.7.1
    dfad569e · 1.7.1 changelog (#5918) ·
    * SECURITY
      * Disable redirect for i18n (#5910) (#5916)
      * Only allow local login if password is non-empty (#5906) (#5908)
      * Fix go-get URL generation (#5905) (#5907)
    * BUGFIXES
      * Fix TLS errors when using acme/autocert for local connections (#5820) (#5826)
      * Request for public keys only if LDAP attribute is set (#5816) (#5819)
      * Fix delete correct temp directory (#5840) (#5839)
      * Fix an error while adding a dependency via UI (#5862) (#5876)
      * Fix null pointer in attempt to Sudo if not logged in (#5872) (#5884)
      * When creating new repository fsck option should be enabled (#5817) (#5885)
      * Prevent nil dereference in mailIssueCommentToParticipants (#5891) (#5895) (#5894)
      * Fix bug when read public repo lfs file (#5913) (#5912)
      * Respect value of REQUIRE_SIGNIN_VIEW (#5901) (#5915)
      * Fix compare button on upstream repo leading to 404 (#5877) (#5914)
    * DOCS
      * Added docs for the tree api (#5835)
    * MISC
      * Include Go toolchain to --version (#5832) (#5830)
    
  • v1.7.0
    3fa49f37 · 1.7.0 changelog (#5802) ·
    * SECURITY
      * Do not display the raw OpenID error in the UI (#5705) (#5712)
      * When redirecting clean the path to avoid redirecting to external site (#5669) (#5679)
      * Prevent DeleteFilePost doing arbitrary deletion (#5631)
    * BREAKING
      * Restrict permission check on repositories and fix some problems (#5314)
      * Show only opened milestones on issues page milestone filter (#5051)
    * FEATURE
      * Implement git refs API for listing references (branches, tags and other) (#5354)
      * Approvals at Branch Protection (#5350)
      * Add raw blob endpoint to get objects by SHA ID (#5334)
      * Add api for user to create org (#5268)
      * Create AuthorizedKeysCommand (#5236)
      * User action heatmap (#5131)
      * Refactor heatmap to vue component (#5401)
      * Webhook for Pull Request approval/rejection (#5027)
      * Add command for migrating database (#4954)
      * Search keyword by splitting provided values by , (#4939)
      * Create Progressive Web App (#4730)
      * Give user a link to create PR after push (#4716)
      * Add rebase with merge commit merge style (#3844) (#4052)
    * BUGFIXES
      * Disallow empty titles (#5785) (#5794)
      * Fix sqlite deadlock when assigning to a PR (#5640) (#5642)
      * Don't close issues via commits on non-default branch. (#5622) (#5643)
      * Fix commit page showing status for current default branch (#5650) (#5653)
      * Only count users own actions for heatmap contributions (#5647) (#5655)
      * Update xorm to fix issue postgresql dumping issues (#5680) (#5692)
      * Use correct value for "MSpan Structures Obtained" (#5706) (#5716)
      * Fix bug on modifying sshd username (#5624)
      * Delete tags in mirror which are removed for original repo. (#5609)
      * Fix wrong text getting saved on editing second comment on an issue. (#5608)
      * Fix nil pointer when adding a due date  (#5587)
      * Fix type mismatch of format string (#5574)
      * Fix bug on upload file name (#5571)
      * Issue is not overdue when it is on the same date #5566 (#5568)
      * Fix indexer reindex bug when gitea restart (#5563)
      * Fix table name typo on SQL (#5562)
      * Synchronize SSH keys on login with LDAP + Fix SQLite deadlock on ldap ssh key deletion (#5557)
      * Fix makefile generate buildstep (#5556)
      * Fix nil pointer base branch bug (#5555)
      * Fix permission check on api create org (#5523)
      * Fix detect force push failure on deletion of protected branches (#5522)
      * Fix approvals limitation (#5521)
      * Fix bug when a read perm user to edit his issue (#5516)
      * Fix adding reaction fail for read permission user (#5515)
      * Fixing MSSQL timestamp type (#5511)
      * Fix forgot deletion of notification when delete repository (#5506)
      * Fix empty wiki (#5504)
      * Fix clone wiki failed via ssh (#5503)
      * Fix code review on mssql (#5502)
      * Fix lfs version check warning log when using ssh protocol (#5501)
      * Fix topic name length on database (#5493)
      * Ensure that the `closed_at` is set for closed issues (#5449)
      * Admin should be able to delete repos via the API even if he is not a member of the organization (#5443)
      * Word-Break the WebHook url to prevent a ui-break (#5432)
      * Fix forgot removed records when deleting user (#5429)
      * Fix repository deletion when there is large number of issues in it (#5426)
      * Fix heatmap colors for Chrome/Safari (#5421)
      * Fix password variable shadowing (#5405)
      * Fix dependent issue searching when gitea is run in subpath (#5392)
      * Don't force a password change for the admin user when creating an account via cli (#5391)
      * API: '/orgs/:org/repos': return private repos with read access (#5383)
      * Don't send assign webhooks when creating issue (#5365)
      * Removing Labels via EditPullRequest API (#5348)
      * Migration fixes for gogs (0.11.66) to gitea (1.6.0) #5318 (#5341)
      * Fix bug when users have serval teams with different units on different repositories (#5307)
      * Fix U2F if gitea is configured in subpath (#5302)
      * Fix file edit change preview functionality (#5300)
      * Update gitignore list (#5258)
      * Fixed heatmap not working in mssql (#5248)
      * Fixed wrong api request url for instances running in subfolders (#5247)
      * Fix compatibility heatmap with mysql 8 (#5232)
      * Fix data race on migrate repository (#5224)
      * Fix sqlite and mssql lock (#5214)
      * Fix sqlite lock (#5210)
      * Fix: Accept web-command cli flags if web-command is commited (#5200)
      * Fix: Add secret to all webhook's payload where it has been missing (#5199)
      * Fix race on updatesize (#5190)
      * Fix create team, update team missing units (#5188)
      * Fix sqlite lock (#5184 & #5176)
      * Fix showing pull request link when delete a branch (#5166)
      * Fix JSON result of empty array in heatmap data array (#5154)
      * Update build tags for sqlite_unlock notify (#5144)
      * This commit will reduce join star, repo_topic, topic tables on repo search, so that fix extra columns problem on mssql (#5136)
      * Fix deadlock when sqlite (#5118)
      * Add comment replies (#5104)
      * Fix home page template regression (#5102)
      * Fix regex to support optional end line of old section in diff hunk (#5096)
      * LDAP via simple auth separate bind user and search base (#5055)
      * Fix markdown image with link (#4675)
      * Fix to 3819 - Filtering issues by tags on main screen issues (#3824)
    * ENHANCEMENT
      * Delete organization endpoint added (#5601)
      * Update Licenses (#5558)
      * Support reverse proxy providing email (#5554)
      * Add git protocol v2 support via SSH on Docker image (#5520)
      * Add tests for api user orgs (#5494)
      * Allow link verification for services like Mastodon (#5481)
      * Improve team members and repositories settings UI (#5457)
      * Remove the required class from optional ssh port in installation page (#5428)
      * Explicitly disable Git credential helper (#5367)
      * Setting Labels via EditPullRequest API (#5347)
      * Implement pasting image from clipboard for browsers that supports that (#5317)
      * Milestone issues and pull requests (#5293)
      * Support envs on external render commands (#5278)
      * Add option to disable automatic mirror syncing. (#5242)
      * Remove unused db init on commands serv, update, hooks (#5225)
      * Serve audio files using HTML5 audio tag (#5221)
      * Pass link prefixes to external markup parsers (#5201)
      * Add AutoHead functionality. (#5186)
      * Fix emojis not showing in commit messages (#5168)
      * Block registration based on email domain (#5157)
      * Update vendor/go-sqlite3 (#5133 & #5162)
      * Update x/net lib (#5169)
      * Show review summary in pull requests (#5132)
      * Use type switch (#5122)
      * Remove duplicated if bodies (#5121)
      * Remove check for negative length (#5120)
      * Make switch more clear (#5119)
      * Use named const instead of a raw string (#5115)
      * Fix issue where ecdsa and other key types are not synced from LDAP (#5092) (#5094)
      * Refactor: err != nil check, just return error instead (#5093)
      * Add notification interface and refactor UI notifications (#5085)
      * Use APP_NAME on home page (#5048)
      * Explicitly decide whether to  use TLS in mailer's configuration (#5024)
      * Generate random password (#5023)
      * UX of link account (Step 1) (#5006)
      * Make sure argsSet verifies string isn't empty too (#4980)
      * Improve performance of dashboard (#4977)
      * Keys API changes (#4960)
      * Add must-change-password flag to cli for creating a user (#4955)
      * Use native go method to get current user rather than environment variable (#4930)
      * Make gitea serv use api/internal (#4886)
      * Add support for search by uid (#4876)
      * Allow to add organization members as collaborators on organization owned repositories (#4748)
    * TESTING
      * Kill testing processes if the test takes too long (#5174)
      * Update outdated Go toolchain version for .drone.yml (#5146)
      * Increase the retry limit to 20 times and the interval to 200ms (#5134)
      * Retry test-fixtures loading in case of transaction rollback (#5125)
      * Added test environment for mssql (#4282)
    * BUILD
      * Replace lint to revive (#5422)
      * Update golang version in Dockerfile (#5246)
    * DOCS
      * Typo in routers/api/v1/org/org.go fixed. (#5598)
      * Update the docs for sqlite_unlock_notify (#5145)
      * CN translation of docs part (#5049)
      * Kubernetes deployment file (#5046)
    * MISC
      * Upgrade alpine to 3.8 (#5423)
      * Git-Trees API (#5403)
      * Only chown directories during docker setup if necessary. Fix #4425 (#5064)
    
  • v1.7.0-rc3
    * SECURITY
      * Do not display the raw OpenID error in the UI (#5705) (#5712)
      * When redirecting clean the path to avoid redirecting to external site (#5669) (#5679)
    * BUGFIX
      * Fix sqlite deadlock when assigning to a PR (#5640) (#5642)
      * Don't close issues via commits on non-default branch. (#5622) (#5643)
      * Fix commit page showing status for current default branch (#5650) (#5653)
      * Only count users own actions for heatmap contributions (#5647) (#5655)
      * Update xorm to fix issue postgresql dumping issues (#5680) (#5692)
      * Use correct value for "MSpan Structures Obtained" (#5706) (#5716)
    
  • v1.6.4
    * BUGFIX
      * Fix SSH key now can be reused as public key after deleting as deploy key (#5671) (#5685)
      * When redirecting clean the path to avoid redirecting to external site (#5669) (#5703)
      * Fix to use correct value for "MSpan Structures Obtained" (#5706) (#5715)
    
  • v1.7.0-rc2
    * SECURITY
      * Prevent DeleteFilePost doing arbitrary deletion (#5631)
    
  • v1.6.3
    * SECURITY
      * Prevent DeleteFilePost doing arbitrary deletion (#5631)
    * BUGFIX
      * Fix wrong text getting saved on editing second comment on an issue (#5608)
    
  • v1.7.0-rc1
    * BREAKING
      * Restrict permission check on repositories and fix some problems (#5314)
      * Show only opened milestones on issues page milestone filter (#5051)
    * FEATURE
      * Implement git refs API for listing references (branches, tags and other) (#5354)
      * Approvals at Branch Protection (#5350)
      * Add raw blob endpoint to get objects by SHA ID (#5334)
      * Add api for user to create org (#5268)
      * Create AuthorizedKeysCommand (#5236)
      * User action heatmap (#5131)
      * Refactor heatmap to vue component (#5401)
      * Webhook for Pull Request approval/rejection (#5027)
      * Add command for migrating database (#4954)
      * Search keyword by splitting provided values by , (#4939)
      * Create Progressive Web App (#4730)
      * Give user a link to create PR after push (#4716)
      * Add rebase with merge commit merge style (#3844) (#4052)
    * BUGFIXES
      * Fix bug on modifying sshd username (#5624)
      * Delete tags in mirror which are removed for original repo. (#5609)
      * Fix wrong text getting saved on editing second comment on an issue. (#5608)
      * Fix nil pointer when adding a due date  (#5587)
      * Fix type mismatch of format string (#5574)
      * Fix bug on upload file name (#5571)
      * Issue is not overdue when it is on the same date #5566 (#5568)
      * Fix indexer reindex bug when gitea restart (#5563)
      * Fix table name typo on SQL (#5562)
      * Synchronize SSH keys on login with LDAP + Fix SQLite deadlock on ldap ssh key deletion (#5557)
      * Fix makefile generate buildstep (#5556)
      * Fix nil pointer base branch bug (#5555)
      * Fix permission check on api create org (#5523)
      * Fix detect force push failure on deletion of protected branches (#5522)
      * Fix approvals limitation (#5521)
      * Fix bug when a read perm user to edit his issue (#5516)
      * Fix adding reaction fail for read permission user (#5515)
      * Fixing MSSQL timestamp type (#5511)
      * Fix forgot deletion of notification when delete repository (#5506)
      * Fix empty wiki (#5504)
      * Fix clone wiki failed via ssh (#5503)
      * Fix code review on mssql (#5502)
      * Fix lfs version check warning log when using ssh protocol (#5501)
      * Fix topic name length on database (#5493)
      * Ensure that the `closed_at` is set for closed issues (#5449)
      * Admin should be able to delete repos via the API even if he is not a member of the organization (#5443)
      * Word-Break the WebHook url to prevent a ui-break (#5432)
      * Fix forgot removed records when deleting user (#5429)
      * Fix repository deletion when there is large number of issues in it (#5426)
      * Fix heatmap colors for Chrome/Safari (#5421)
      * Fix password variable shadowing (#5405)
      * Fix dependent issue searching when gitea is run in subpath (#5392)
      * Don't force a password change for the admin user when creating an account via cli (#5391)
      * API: '/orgs/:org/repos': return private repos with read access (#5383)
      * Don't send assign webhooks when creating issue (#5365)
      * Removing Labels via EditPullRequest API (#5348)
      * Migration fixes for gogs (0.11.66) to gitea (1.6.0) #5318 (#5341)
      * Fix bug when users have serval teams with different units on different repositories (#5307)
      * Fix U2F if gitea is configured in subpath (#5302)
      * Fix file edit change preview functionality (#5300)
      * Update gitignore list (#5258)
      * Fixed heatmap not working in mssql (#5248)
      * Fixed wrong api request url for instances running in subfolders (#5247)
      * Fix compatibility heatmap with mysql 8 (#5232)
      * Fix data race on migrate repository (#5224)
      * Fix sqlite and mssql lock (#5214)
      * Fix sqlite lock (#5210)
      * Fix: Accept web-command cli flags if web-command is commited (#5200)
      * Fix: Add secret to all webhook's payload where it has been missing (#5199)
      * Fix race on updatesize (#5190)
      * Fix create team, update team missing units (#5188)
      * Fix sqlite lock (#5184 & #5176)
      * Fix showing pull request link when delete a branch (#5166)
      * Fix JSON result of empty array in heatmap data array (#5154)
      * Update build tags for sqlite_unlock notify (#5144)
      * This commit will reduce join star, repo_topic, topic tables on repo search, so that fix extra columns problem on mssql (#5136)
      * Fix deadlock when sqlite (#5118)
      * Add comment replies (#5104)
      * Fix home page template regression (#5102)
      * Fix regex to support optional end line of old section in diff hunk (#5096)
      * LDAP via simple auth separate bind user and search base (#5055)
      * Fix markdown image with link (#4675)
      * Fix to 3819 - Filtering issues by tags on main screen issues (#3824)
    * ENHANCEMENT
      * Delete organization endpoint added (#5601)
      * Update Licenses (#5558)
      * Support reverse proxy providing email (#5554)
      * Add git protocol v2 support via SSH on Docker image (#5520)
      * Add tests for api user orgs (#5494)
      * Allow link verification for services like Mastodon (#5481)
      * Improve team members and repositories settings UI (#5457)
      * Remove the required class from optional ssh port in installation page (#5428)
      * Explicitly disable Git credential helper (#5367)
      * Setting Labels via EditPullRequest API (#5347)
      * Implement pasting image from clipboard for browsers that supports that (#5317)
      * Milestone issues and pull requests (#5293)
      * Support envs on external render commands (#5278)
      * Add option to disable automatic mirror syncing. (#5242)
      * Remove unused db init on commands serv, update, hooks (#5225)
      * Serve audio files using HTML5 audio tag (#5221)
      * Pass link prefixes to external markup parsers (#5201)
      * Add AutoHead functionality. (#5186)
      * Fix emojis not showing in commit messages (#5168)
      * Block registration based on email domain (#5157)
      * Update vendor/go-sqlite3 (#5133 & #5162)
      * Update x/net lib (#5169)
      * Show review summary in pull requests (#5132)
      * Use type switch (#5122)
      * Remove duplicated if bodies (#5121)
      * Remove check for negative length (#5120)
      * Make switch more clear (#5119)
      * Use named const instead of a raw string (#5115)
      * Fix issue where ecdsa and other key types are not synced from LDAP (#5092) (#5094)
      * Refactor: err != nil check, just return error instead (#5093)
      * Add notification interface and refactor UI notifications (#5085)
      * Use APP_NAME on home page (#5048)
      * Explicitly decide whether to  use TLS in mailer's configuration (#5024)
      * Generate random password (#5023)
      * UX of link account (Step 1) (#5006)
      * Make sure argsSet verifies string isn't empty too (#4980)
      * Improve performance of dashboard (#4977)
      * Keys API changes (#4960)
      * Add must-change-password flag to cli for creating a user (#4955)
      * Use native go method to get current user rather than environment variable (#4930)
      * Make gitea serv use api/internal (#4886)
      * Add support for search by uid (#4876)
      * Allow to add organization members as collaborators on organization owned repositories (#4748)
    * TESTING
      * Kill testing processes if the test takes too long (#5174)
      * Update outdated Go toolchain version for .drone.yml (#5146)
      * Increase the retry limit to 20 times and the interval to 200ms (#5134)
      * Retry test-fixtures loading in case of transaction rollback (#5125)
      * Added test environment for mssql (#4282)
    * BUILD
      * Replace lint to revive (#5422)
      * Update golang version in Dockerfile (#5246)
    * DOCS
      * Typo in routers/api/v1/org/org.go fixed. (#5598)
      * Update the docs for sqlite_unlock_notify (#5145)
      * CN translation of docs part (#5049)
      * Kubernetes deployment file (#5046)
    * MISC
      * Upgrade alpine to 3.8 (#5423)
      * Git-Trees API (#5403)
      * Only chown directories during docker setup if necessary. Fix #4425 (#5064)
    
  • v1.7.0-dev
    * BREAKING
      * Restrict permission check on repositories and fix some problems (#5314)
      * Show only opened milestones on issues page milestone filter (#5051)
    * FEATURE
      * Implement git refs API for listing references (branches, tags and other) (#5354)
      * Approvals at Branch Protection (#5350)
      * Add raw blob endpoint to get objects by SHA ID (#5334)
      * Add api for user to create org (#5268)
      * Create AuthorizedKeysCommand (#5236)
      * User action heatmap (#5131)
      * Refactor heatmap to vue component (#5401)
      * Webhook for Pull Request approval/rejection (#5027)
      * Add command for migrating database (#4954)
      * Search keyword by splitting provided values by , (#4939)
      * Create Progressive Web App (#4730)
      * Give user a link to create PR after push (#4716)
      * Add rebase with merge commit merge style (#3844) (#4052)
    * BUGFIXES
      * Fix bug on modifying sshd username (#5624)
      * Delete tags in mirror which are removed for original repo. (#5609)
      * Fix wrong text getting saved on editing second comment on an issue. (#5608)
      * Fix nil pointer when adding a due date  (#5587)
      * Fix type mismatch of format string (#5574)
      * Fix bug on upload file name (#5571)
      * Issue is not overdue when it is on the same date #5566 (#5568)
      * Fix indexer reindex bug when gitea restart (#5563)
      * Fix table name typo on SQL (#5562)
      * Synchronize SSH keys on login with LDAP + Fix SQLite deadlock on ldap ssh key deletion (#5557)
      * Fix makefile generate buildstep (#5556)
      * Fix nil pointer base branch bug (#5555)
      * Fix permission check on api create org (#5523)
      * Fix detect force push failure on deletion of protected branches (#5522)
      * Fix approvals limitation (#5521)
      * Fix bug when a read perm user to edit his issue (#5516)
      * Fix adding reaction fail for read permission user (#5515)
      * Fixing MSSQL timestamp type (#5511)
      * Fix forgot deletion of notification when delete repository (#5506)
      * Fix empty wiki (#5504)
      * Fix clone wiki failed via ssh (#5503)
      * Fix code review on mssql (#5502)
      * Fix lfs version check warning log when using ssh protocol (#5501)
      * Fix topic name length on database (#5493)
      * Ensure that the `closed_at` is set for closed issues (#5449)
      * Admin should be able to delete repos via the API even if he is not a member of the organization (#5443)
      * Word-Break the WebHook url to prevent a ui-break (#5432)
      * Fix forgot removed records when deleting user (#5429)
      * Fix repository deletion when there is large number of issues in it (#5426)
      * Fix heatmap colors for Chrome/Safari (#5421)
      * Fix password variable shadowing (#5405)
      * Fix dependent issue searching when gitea is run in subpath (#5392)
      * Don't force a password change for the admin user when creating an account via cli (#5391)
      * API: '/orgs/:org/repos': return private repos with read access (#5383)
      * Don't send assign webhooks when creating issue (#5365)
      * Removing Labels via EditPullRequest API (#5348)
      * Migration fixes for gogs (0.11.66) to gitea (1.6.0) #5318 (#5341)
      * Fix bug when users have serval teams with different units on different repositories (#5307)
      * Fix U2F if gitea is configured in subpath (#5302)
      * Fix file edit change preview functionality (#5300)
      * Update gitignore list (#5258)
      * Fixed heatmap not working in mssql (#5248)
      * Fixed wrong api request url for instances running in subfolders (#5247)
      * Fix compatibility heatmap with mysql 8 (#5232)
      * Fix data race on migrate repository (#5224)
      * Fix sqlite and mssql lock (#5214)
      * Fix sqlite lock (#5210)
      * Fix: Accept web-command cli flags if web-command is commited (#5200)
      * Fix: Add secret to all webhook's payload where it has been missing (#5199)
      * Fix race on updatesize (#5190)
      * Fix create team, update team missing units (#5188)
      * Fix sqlite lock (#5184 & #5176)
      * Fix showing pull request link when delete a branch (#5166)
      * Fix JSON result of empty array in heatmap data array (#5154)
      * Update build tags for sqlite_unlock notify (#5144)
      * This commit will reduce join star, repo_topic, topic tables on repo search, so that fix extra columns problem on mssql (#5136)
      * Fix deadlock when sqlite (#5118)
      * Add comment replies (#5104)
      * Fix home page template regression (#5102)
      * Fix regex to support optional end line of old section in diff hunk (#5096)
      * LDAP via simple auth separate bind user and search base (#5055)
      * Fix markdown image with link (#4675)
      * Fix to 3819 - Filtering issues by tags on main screen issues (#3824)
    * ENHANCEMENT
      * Delete organization endpoint added (#5601)
      * Update Licenses (#5558)
      * Support reverse proxy providing email (#5554)
      * Add git protocol v2 support via SSH on Docker image (#5520)
      * Add tests for api user orgs (#5494)
      * Allow link verification for services like Mastodon (#5481)
      * Improve team members and repositories settings UI (#5457)
      * Remove the required class from optional ssh port in installation page (#5428)
      * Explicitly disable Git credential helper (#5367)
      * Setting Labels via EditPullRequest API (#5347)
      * Implement pasting image from clipboard for browsers that supports that (#5317)
      * Milestone issues and pull requests (#5293)
      * Support envs on external render commands (#5278)
      * Add option to disable automatic mirror syncing. (#5242)
      * Remove unused db init on commands serv, update, hooks (#5225)
      * Serve audio files using HTML5 audio tag (#5221)
      * Pass link prefixes to external markup parsers (#5201)
      * Add AutoHead functionality. (#5186)
      * Fix emojis not showing in commit messages (#5168)
      * Block registration based on email domain (#5157)
      * Update vendor/go-sqlite3 (#5133 & #5162)
      * Update x/net lib (#5169)
      * Show review summary in pull requests (#5132)
      * Use type switch (#5122)
      * Remove duplicated if bodies (#5121)
      * Remove check for negative length (#5120)
      * Make switch more clear (#5119)
      * Use named const instead of a raw string (#5115)
      * Fix issue where ecdsa and other key types are not synced from LDAP (#5092) (#5094)
      * Refactor: err != nil check, just return error instead (#5093)
      * Add notification interface and refactor UI notifications (#5085)
      * Use APP_NAME on home page (#5048)
      * Explicitly decide whether to  use TLS in mailer's configuration (#5024)
      * Generate random password (#5023)
      * UX of link account (Step 1) (#5006)
      * Make sure argsSet verifies string isn't empty too (#4980)
      * Improve performance of dashboard (#4977)
      * Keys API changes (#4960)
      * Add must-change-password flag to cli for creating a user (#4955)
      * Use native go method to get current user rather than environment variable (#4930)
      * Make gitea serv use api/internal (#4886)
      * Add support for search by uid (#4876)
      * Allow to add organization members as collaborators on organization owned repositories (#4748)
    * TESTING
      * Kill testing processes if the test takes too long (#5174)
      * Update outdated Go toolchain version for .drone.yml (#5146)
      * Increase the retry limit to 20 times and the interval to 200ms (#5134)
      * Retry test-fixtures loading in case of transaction rollback (#5125)
      * Added test environment for mssql (#4282)
    * BUILD
      * Replace lint to revive (#5422)
      * Update golang version in Dockerfile (#5246)
    * DOCS
      * Typo in routers/api/v1/org/org.go fixed. (#5598)
      * Update the docs for sqlite_unlock_notify (#5145)
      * CN translation of docs part (#5049)
      * Kubernetes deployment file (#5046)
    * MISC
      * Upgrade alpine to 3.8 (#5423)
      * Git-Trees API (#5403)
      * Only chown directories during docker setup if necessary. Fix #4425 (#5064)
    
  • v1.6.2
    * SECURITY
      * Sanitize uploaded file names (#5571) (#5573)
      * HTMLEncode user added text (#5570) (#5575)
    * BUGFIXES
      * Fix indexer reindex bug when gitea restart (#5563) (#5564)
      * Remove a double slash in the HTTPS redirect with Let's Encrypt (#5537) (#5539)
      * Fix bug when a read perm user to edit his issue (#5516) (#5534)
      * Detect force push failure on deletion of protected branches (#5522) (#5531)
      * Let's Encrypt handler listens on correct port for certificate validation (#5525) (#5527)
      * Fix forgot deletion of notification when delete repository (#5506) (#5514)
      * Fix undeleted content when deleting user (#5429) (#5509)
      * Fix empty wiki (#5504) (#5508)
    
  • v1.6.1
    * BUGFIXES
      * Fix dependent issue searching when gitea is run in subpath (#5392) (#5400)
      * API: '/orgs/:org/repos': return private repos with read access (#5393)
      * Fix repository deletion when there is large number of issues in it (#5426) (#5434)
      * Word-break the WebHook url to prevent a ui-break (#5445)
      * Admin should be able to delete repos via the API even if they are not a member of the organization (#5443) (#5447)
      * Ensure that the `closed_at` is set for closed (#5450)
      * Fix topic name length on database (#5493) (#5495)
    
  • v1.6.0
    * BREAKING
      * Respect email privacy option in user search via API (#4512)
      * Simply remove tidb and deps (#3993)
      * Swagger.v1.json template (#3572)
    * SECURITY
      * Add CSRF checking to reqToken and add reqToken to admin API routes (#5272) (#5250)
      * Improve URL validation for external wiki  and external issues (#4710)
      * Make cookies HttpOnly and obey COOKIE_SECURE flag (#4706)
      * Don't disclose emails of all users when sending out emails (#4664)
      * Check that repositories can only be migrated to own user or organizations (#4366)
    * FEATURE
      * Add comment replies (#5147) (#5104)
      * Pull request review/approval and comment on code (#3748)
      * Added dependencies for issues (#2196) (#2531)
      * Add the ability to have built in themes in Gitea and provide dark theme arc-green (#4198)
      * Add sudo functionality to the API (#4809)
      * Add oauth providers via cli (#4591)
      * Disable merging a WIP Pull request (#4529)
      * Force user to change password (#4489)
      * Add letsencrypt to Gitea (#4189)
      * Add push webhook support for mirrored repositories (#4127)
      * Add csv file render support defaultly (#4105)
      * Add Recaptcha functionality to Gitea (#4044)
    * ENHANCEMENT
      * Fix milestones sorted wrongly (#4987)
      * Allow api to create tags for releases if they don't exist (#4890)
      * Fix #4877 to follow the OpenID Connect Audiences spec (#4878)
      * Enforce token on api routes [fixed critical security issue #4357] (#4840)
      * Update legacy branch and tag URLs in dashboard to new format (#4812)
      * Slack webhook channel name cannot be empty or just contain an hashtag (#4786)
      * Add whitespace handling to PR-comparsion (#4683)
      * Make reverse proxy auth optional (#4643)
      * MySQL TLS (#4642)
      * Make sure to set PR split view when creating/previewing a pull request  (#4617)
      * Log user in after a successful sign up (#4615)
      * Fix typo IsPullReuqestBroken -> IsPullRequestBroken (#4578)
      * Allow admin toggle forcing a password change for newly created users (#4563)
      * Update jQuery to v1.12.4 (#4551)
      * Env var GITEA_PUSHER_EMAIL (#4516)
      * Feat(repo): support search repository by topic name (#4505)
      * Small improvements to dependency UI (#4503)
      * Make max commits in graph configurable (#4498)
      * Add valid for lfs oid (#4461)
      * Add shortcut to save wiki page (#4452)
      * Allow administrator to create repository for any organization (#4368)
      * Fix repository last updated time update when delete a user who watched the repo (#4363)
      * Switch plaintext scratch tokens to use hash instead (#4331)
      * Increase default TOTP secret size to 320 bits (#4287)
      * Keep preseeded database password (#4284)
      * Implemented hover text showing user FullName (#4261)
      * Add ability to delete a token (#4235)
      * Fix typos in i18n variable names. (#4080)
      * Api: repos/search: add parameters to control the sort order (#3964)
      * Add missing path in the Docker app.ini template (#2181)
      * Add file name and branch to page title (#4902)
      * Offline use of google fonts (#4872)
      * Add missing History link to directory listings v2 (#4829)
      * Locale for Edit and Remove due date issue (#4802)
      * Disable 'May Import Local Repository' when is disabled by setting (Is… (#4780)
      * API /admin/users/{username} missing parameter (#4775)
      * Display error when adding a user to a team twice (#4746)
      * Remove UsePrivilegeSeparation from the Docker sshd_config, see #2876 (#4722)
      * Focus title input when clicking helper link (#4696)
      * Add vendor to user reserved words and format words list according alphabet (#4685)
      * Add gitea/issues link to 500 page (#4654)
      * Hide home button when landing page is not set to home (#4651)
      * Remove link to GitHub issues in 404 template (#4639)
      * Cmd/serve: pprof cpu and memory profile dumps to disk (#4560)
      * Add flash message after an account has been successfully activated (#4510)
      * Prevent html entity escaping on delete branch (#4471)
      * Locale for button Edit on protected branch (#4442)
      * Update notification icon (#4343)
      * Added front-end topics validation (#4316)
      * Don't display buttons if there are no system notifications (#4280)
      * Issue due date api (#3890)
    * BUGFIXES
      * dont' send assign webhooks when creating issue (#5365)
      * Fix create team, update team missing units (#5188)
      * Fix file edit change preview functionality (#5300)
      * *ix bug when users have serval teams with different units on different repositories (#5307)
      * Fix U2F if gitea is configured in subpath (#5302)
      * Fix markdown image with link (#4675)
      * Remove maxlines option for file logger (#5282)
      * Fix wrong api request url for instances running in subfolders (#5261) (#5247)
      * Accept web-command cli flags if web-command is commited (#5245) (#5200)
      * Reduce join star, repo_topic, topic tables on repo search, to resolve extra columns problem on MSSQL (#5136) (#5229)
      * Fix data race on migrate repository (#5224) (#5230)
      * Add secret to all webhook's payload where it has been missing (#5208) (#5199)
      * Fix sqlite and MSSQL lock (#5210) (#5223) (#5214) (#5218) (#5176) (#5179)
      * Fix race on updatesize (#5190) (#5215)
      * Fix filtering issues by tags on main screen issues (#5219) (#3824)
      * Fix SQL quoting (#5137) (#5117)
      * Fix regex to support optional end line of old section in diff hunk (#5097) (#5096)
      * Fix release creation via API (#5076)
      * Remove links from topics in edit mode  (#5026)
      * Fix missing AppSubUrl in few more templates (fixup) (#5021)
      * Fix missing AppSubUrl in some templates (#5020)
      * Hide outdated comments in file view (#5017)
      * Upgrade gopkg.in/testfixtures.v2 (#4999)
      * Disable debug routes unless PPROF is enabled in configuration (#4995)
      * Fix user menu item styling (#4985)
      * Fix layout of the topics editing form (#4971)
      * Fix null pointer dereference in ParseCommitWithSignature (#4962)
      * Fix url in discord webhook (#4953)
      * Detect charset and convert non UTF-8 files for display (#4950)
      * Make sure to catch the right error so it is displayed on the UI (#4945)
      * Fix(topics): don't redirect to explore page. (#4938)
      * Fix bug forget to remove Stopwatch when remove repository (#4928)
      * Fix bug when repo remained bare if multiple branches pushed in single push (#4923)
      * Fix: Crippled diff (#4726) (#4900)
      * Fix trimming of markup section names (#4863)
      * Issues api allow pulls and fix #4832 (#4852)
      * Do not autocreate directory for new users/orgs (#4828) (#4849)
      * Fix redirect with non-ascii branch names (#4764) (#4810)
      * Fix missing release title in webhook (#4783) (#4796)
      * User shouldn't be able to approve or reject his/her own PR (#4729)
      * Make sure to reset commit count in the cache on mirror syncing (#4720)
      * Fixed bug where team with admin privelege type doesn't get any unit  (#4719)
      * Fix incorrect caption of webhook setting (#4701) (#4717)
      * Allow WIP marker to contains < or > (#4709)
      * Hide org/create menu item in Dashboard if user has no rights (#4678) (#4680)
      * Site admin could create repos even MAX_CREATION_LIMIT=0 (#4645)
      * Fix custom templates being ignored (#4638)
      * Fix starring icon after semantic ui update (#4628)
      * Fix Split-View line adjustment (#4622)
      * Fix integer constant overflows in tests (#4616)
      * Push whitelist now doesn't apply to branch deletion (#4601) (#4607)
      * Fix bugs when too many IN variables (#4594)
      * Fix failure on creating pull request with assignees (#4419) (#4583)
      * Fix panic issue on update avatar email (#4580) (#4581)
      * Fix status code label for a successful webhook (#4540)
      * An inactive user shouldn't be able to be added as a collaborator (#4535)
      * Don't fail silently if trying to add a collaborator twice (#4533)
      * Fix incorrect MergeWhitelistTeamIDs check in CanUserMerge function (#4519) (#4525)
      * Fix out-of-transaction query in removeOrgUser (#4521) (#4522)
      * Fix migration from older releases (#4495)
      * Accept 'Data:' in commit graph (#4487)
      * Update xorm to latest version and fix correct `user` table referencing in sql (#4473)
      * Relative URLs for LibreJS page (#4460)
      * Redirect to correct page after using scratch token (#4458)
      * Fix column droping for MSSQL that need new transaction for that (#4440)
      * Replace src with raw to fix image paths (#4377)
      * Add default merge options when creating new repository (#4369)
      * Fix docker build (#4358)
      * Fixes repo membership check in API (#4341)
      * Dep upgrade mysql lib (#4161)
      * Fix some issues with special chars in branch names (#3767)
      * Responsive design fixes (#4508)
    * TRANSLATION
      * Fix punctuation in English translation (#4958)
      * Fix translation (#4355)
    
  • v1.6.0-rc2
    * SECURITY
      * Add CSRF checking to reqToken and add reqToken to admin API routes (#5272) (#5250)
    * FEATURE
      * Add comment replies (#5147) (#5104)
    * BUGFIXES
      * Fix wrong api request url for instances running in subfolders (#5261) (#5247)
      * Accept web-command cli flags if web-command is commited (#5245) (#5200)
      * Reduce join star, repo_topic, topic tables on repo search, to resolve extra columns problem on MSSQL (#5136) (#5229)
      * Fix data race on migrate repository (#5224) (#5230)
      * Add secret to all webhook's payload where it has been missing (#5208) (#5199)
      * Fix sqlite and MSSQL lock (#5210) (#5223) (#5214) (#5218) (#5176) (#5179)
      * Fix race on updatesize (#5190) (#5215)
      * Fix filtering issues by tags on main screen issues (#5219) (#3824)
      * Fix SQL quoting (#5137) (#5117)
      * Fix regex to support optional end line of old section in diff hunk (#5097) (#5096)
    
  • v1.5.3
    * SECURITY
      * Fix remote command execution vulnerability in upstream library (#5177) (#5196)
    
  • v1.6.0-rc1
    * BREAKING
      * Respect email privacy option in user search via API (#4512)
      * Simply remove tidb and deps (#3993)
      * Swagger.v1.json template (#3572)
    * FEATURE
      * Pull request review/approval and comment on code (#3748)
      * Added dependencies for issues (#2196) (#2531)
      * Add the ability to have built in themes in Gitea and provide dark theme arc-green (#4198)
      * Add sudo functionality to the API (#4809)
      * Add oauth providers via cli (#4591)
      * Disable merging a WIP Pull request (#4529)
      * Force user to change password (#4489)
      * Add letsencrypt to Gitea (#4189)
      * Add push webhook support for mirrored repositories (#4127)
      * Add csv file render support defaultly (#4105)
      * Add Recaptcha functionality to Gitea (#4044)
    * BUGFIXES
      * Fix release creation via API (#5076)
      * Remove links from topics in edit mode  (#5026)
      * Fix missing AppSubUrl in few more templates (fixup) (#5021)
      * Fix missing AppSubUrl in some templates (#5020)
      * Hide outdated comments in file view (#5017)
      * Upgrade gopkg.in/testfixtures.v2 (#4999)
      * Disable debug routes unless PPROF is enabled in configuration (#4995)
      * Fix user menu item styling (#4985)
      * Fix layout of the topics editing form (#4971)
      * Fix null pointer dereference in ParseCommitWithSignature (#4962)
      * Fix url in discord webhook (#4953)
      * Detect charset and convert non UTF-8 files for display (#4950)
      * Make sure to catch the right error so it is displayed on the UI (#4945)
      * Fix(topics): don't redirect to explore page. (#4938)
      * Fix bug forget to remove Stopwatch when remove repository (#4928)
      * Fix bug when repo remained bare if multiple branches pushed in single push (#4923)
      * Fix: Let's Encrypt configuration settings (#4911)
      * Fix: Crippled diff (#4726) (#4900)
      * Fix trimming of markup section names (#4863)
      * Issues api allow pulls and fix #4832 (#4852)
      * Do not autocreate directory for new users/orgs (#4828) (#4849)
      * Fix redirect with non-ascii branch names (#4764) (#4810)
      * Fix missing release title in webhook (#4783) (#4796)
      * User shouldn't be able to approve or reject his/her own PR (#4729)
      * Make sure to reset commit count in the cache on mirror syncing (#4720)
      * Fixed bug where team with admin privelege type doesn't get any unit  (#4719)
      * Fix incorrect caption of webhook setting (#4701) (#4717)
      * Allow WIP marker to contains < or > (#4709)
      * Hide org/create menu item in Dashboard if user has no rights (#4678) (#4680)
      * Site admin could create repos even MAX_CREATION_LIMIT=0 (#4645)
      * Fix custom templates being ignored (#4638)
      * Fix starring icon after semantic ui update (#4628)
      * Fix Split-View line adjustment (#4622)
      * Fix integer constant overflows in tests (#4616)
      * Push whitelist now doesn't apply to branch deletion (#4601) (#4607)
      * Fix bugs when too many IN variables (#4594)
      * Fix failure on creating pull request with assignees (#4419) (#4583)
      * Fix panic issue on update avatar email (#4580) (#4581)
      * Fix status code label for a successful webhook (#4540)
      * An inactive user shouldn't be able to be added as a collaborator (#4535)
      * Don't fail silently if trying to add a collaborator twice (#4533)
      * Fix incorrect MergeWhitelistTeamIDs check in CanUserMerge function (#4519) (#4525)
      * Fix out-of-transaction query in removeOrgUser (#4521) (#4522)
      * Fix migration from older releases (#4495)
      * Accept 'Data:' in commit graph (#4487)
      * Update xorm to latest version and fix correct `user` table referencing in sql (#4473)
      * Relative URLs for LibreJS page (#4460)
      * Redirect to correct page after using scratch token (#4458)
      * Fix column droping for MSSQL that need new transaction for that (#4440)
      * Replace src with raw to fix image paths (#4377)
      * Add default merge options when creating new repository (#4369)
      * Fix docker build (#4358)
      * Fixes repo membership check in API (#4341)
      * Dep upgrade mysql lib (#4161)
      * Fix some issues with special chars in branch names (#3767)
      * Responsive design fixes (#4508)
    * ENHANCEMENT
      * Fix milestones sorted wrongly (#4987)
      * Allow api to create tags for releases if they don't exist (#4890)
      * Fix #4877 to follow the OpenID Connect Audiences spec (#4878)
      * Enforce token on api routes [fixed critical security issue #4357] (#4840)
      * Update legacy branch and tag URLs in dashboard to new format (#4812)
      * Slack webhook channel name cannot be empty or just contain an hashtag (#4786)
      * Add whitespace handling to PR-comparsion (#4683)
      * Make reverse proxy auth optional (#4643)
      * MySQL TLS (#4642)
      * Make sure to set PR split view when creating/previewing a pull request  (#4617)
      * Log user in after a successful sign up (#4615)
      * Fix typo IsPullReuqestBroken -> IsPullRequestBroken (#4578)
      * Allow admin toggle forcing a password change for newly created users (#4563)
      * Update jQuery to v1.12.4 (#4551)
      * Env var GITEA_PUSHER_EMAIL (#4516)
      * Feat(repo): support search repository by topic name (#4505)
      * Small improvements to dependency UI (#4503)
      * Make max commits in graph configurable (#4498)
      * Add valid for lfs oid (#4461)
      * Add shortcut to save wiki page (#4452)
      * Allow administrator to create repository for any organization (#4368)
      * Fix repository last updated time update when delete a user who watched the repo (#4363)
      * Switch plaintext scratch tokens to use hash instead (#4331)
      * Increase default TOTP secret size to 320 bits (#4287)
      * Keep preseeded database password (#4284)
      * Implemented hover text showing user FullName (#4261)
      * Add ability to delete a token (#4235)
      * Fix typos in i18n variable names. (#4080)
      * Api: repos/search: add parameters to control the sort order (#3964)
      * Add missing path in the Docker app.ini template (#2181)
      * Add file name and branch to page title (#4902)
      * Offline use of google fonts (#4872)
      * Add missing History link to directory listings v2 (#4829)
      * Locale for Edit and Remove due date issue (#4802)
      * Disable 'May Import Local Repository' when is disabled by setting (Is… (#4780)
      * API /admin/users/{username} missing parameter (#4775)
      * Display error when adding a user to a team twice (#4746)
      * Remove UsePrivilegeSeparation from the Docker sshd_config, see #2876 (#4722)
      * Focus title input when clicking helper link (#4696)
      * Add vendor to user reserved words and format words list according alphabet (#4685)
      * Add gitea/issues link to 500 page (#4654)
      * Hide home button when landing page is not set to home (#4651)
      * Remove link to GitHub issues in 404 template (#4639)
      * Cmd/serve: pprof cpu and memory profile dumps to disk (#4560)
      * Add flash message after an account has been successfully activated (#4510)
      * Prevent html entity escaping on delete branch (#4471)
      * Locale for button Edit on protected branch (#4442)
      * Update notification icon (#4343)
      * Added front-end topics validation (#4316)
      * Don't display buttons if there are no system notifications (#4280)
      * Issue due date api (#3890)
    * SECURITY
      * Improve URL validation for external wiki  and external issues (#4710)
      * Make cookies HttpOnly and obey COOKIE_SECURE flag (#4706)
      * Don't disclose emails of all users when sending out emails (#4664)
      * Check that repositories can only be migrated to own user or organizations (#4366)
    * TRANSLATION
      * Fix punctuation in English translation (#4958)
      * Fix translation (#4355)
    
  • v1.6.0-dev
    * BREAKING
      * Respect email privacy option in user search via API (#4512)
      * Simply remove tidb and deps (#3993)
      * Swagger.v1.json template (#3572)
    * FEATURE
      * Pull request review/approval and comment on code (#3748)
      * Added dependencies for issues (#2196) (#2531)
      * Add the ability to have built in themes in Gitea and provide dark theme arc-green (#4198)
      * Add sudo functionality to the API (#4809)
      * Add oauth providers via cli (#4591)
      * Disable merging a WIP Pull request (#4529)
      * Force user to change password (#4489)
      * Add letsencrypt to Gitea (#4189)
      * Add push webhook support for mirrored repositories (#4127)
      * Add csv file render support defaultly (#4105)
      * Add Recaptcha functionality to Gitea (#4044)
    * BUGFIXES
      * Fix release creation via API (#5076)
      * Remove links from topics in edit mode  (#5026)
      * Fix missing AppSubUrl in few more templates (fixup) (#5021)
      * Fix missing AppSubUrl in some templates (#5020)
      * Hide outdated comments in file view (#5017)
      * Upgrade gopkg.in/testfixtures.v2 (#4999)
      * Disable debug routes unless PPROF is enabled in configuration (#4995)
      * Fix user menu item styling (#4985)
      * Fix layout of the topics editing form (#4971)
      * Fix null pointer dereference in ParseCommitWithSignature (#4962)
      * Fix url in discord webhook (#4953)
      * Detect charset and convert non UTF-8 files for display (#4950)
      * Make sure to catch the right error so it is displayed on the UI (#4945)
      * Fix(topics): don't redirect to explore page. (#4938)
      * Fix bug forget to remove Stopwatch when remove repository (#4928)
      * Fix bug when repo remained bare if multiple branches pushed in single push (#4923)
      * Fix: Let's Encrypt configuration settings (#4911)
      * Fix: Crippled diff (#4726) (#4900)
      * Fix trimming of markup section names (#4863)
      * Issues api allow pulls and fix #4832 (#4852)
      * Do not autocreate directory for new users/orgs (#4828) (#4849)
      * Fix redirect with non-ascii branch names (#4764) (#4810)
      * Fix missing release title in webhook (#4783) (#4796)
      * User shouldn't be able to approve or reject his/her own PR (#4729)
      * Make sure to reset commit count in the cache on mirror syncing (#4720)
      * Fixed bug where team with admin privelege type doesn't get any unit  (#4719)
      * Fix incorrect caption of webhook setting (#4701) (#4717)
      * Allow WIP marker to contains < or > (#4709)
      * Hide org/create menu item in Dashboard if user has no rights (#4678) (#4680)
      * Site admin could create repos even MAX_CREATION_LIMIT=0 (#4645)
      * Fix custom templates being ignored (#4638)
      * Fix starring icon after semantic ui update (#4628)
      * Fix Split-View line adjustment (#4622)
      * Fix integer constant overflows in tests (#4616)
      * Push whitelist now doesn't apply to branch deletion (#4601) (#4607)
      * Fix bugs when too many IN variables (#4594)
      * Fix failure on creating pull request with assignees (#4419) (#4583)
      * Fix panic issue on update avatar email (#4580) (#4581)
      * Fix status code label for a successful webhook (#4540)
      * An inactive user shouldn't be able to be added as a collaborator (#4535)
      * Don't fail silently if trying to add a collaborator twice (#4533)
      * Fix incorrect MergeWhitelistTeamIDs check in CanUserMerge function (#4519) (#4525)
      * Fix out-of-transaction query in removeOrgUser (#4521) (#4522)
      * Fix migration from older releases (#4495)
      * Accept 'Data:' in commit graph (#4487)
      * Update xorm to latest version and fix correct `user` table referencing in sql (#4473)
      * Relative URLs for LibreJS page (#4460)
      * Redirect to correct page after using scratch token (#4458)
      * Fix column droping for MSSQL that need new transaction for that (#4440)
      * Replace src with raw to fix image paths (#4377)
      * Add default merge options when creating new repository (#4369)
      * Fix docker build (#4358)
      * Fixes repo membership check in API (#4341)
      * Dep upgrade mysql lib (#4161)
      * Fix some issues with special chars in branch names (#3767)
      * Responsive design fixes (#4508)
    * ENHANCEMENT
      * Fix milestones sorted wrongly (#4987)
      * Allow api to create tags for releases if they don't exist (#4890)
      * Fix #4877 to follow the OpenID Connect Audiences spec (#4878)
      * Enforce token on api routes [fixed critical security issue #4357] (#4840)
      * Update legacy branch and tag URLs in dashboard to new format (#4812)
      * Slack webhook channel name cannot be empty or just contain an hashtag (#4786)
      * Add whitespace handling to PR-comparsion (#4683)
      * Make reverse proxy auth optional (#4643)
      * MySQL TLS (#4642)
      * Make sure to set PR split view when creating/previewing a pull request  (#4617)
      * Log user in after a successful sign up (#4615)
      * Fix typo IsPullReuqestBroken -> IsPullRequestBroken (#4578)
      * Allow admin toggle forcing a password change for newly created users (#4563)
      * Update jQuery to v1.12.4 (#4551)
      * Env var GITEA_PUSHER_EMAIL (#4516)
      * Feat(repo): support search repository by topic name (#4505)
      * Small improvements to dependency UI (#4503)
      * Make max commits in graph configurable (#4498)
      * Add valid for lfs oid (#4461)
      * Add shortcut to save wiki page (#4452)
      * Allow administrator to create repository for any organization (#4368)
      * Fix repository last updated time update when delete a user who watched the repo (#4363)
      * Switch plaintext scratch tokens to use hash instead (#4331)
      * Increase default TOTP secret size to 320 bits (#4287)
      * Keep preseeded database password (#4284)
      * Implemented hover text showing user FullName (#4261)
      * Add ability to delete a token (#4235)
      * Fix typos in i18n variable names. (#4080)
      * Api: repos/search: add parameters to control the sort order (#3964)
      * Add missing path in the Docker app.ini template (#2181)
      * Add file name and branch to page title (#4902)
      * Offline use of google fonts (#4872)
      * Add missing History link to directory listings v2 (#4829)
      * Locale for Edit and Remove due date issue (#4802)
      * Disable 'May Import Local Repository' when is disabled by setting (Is… (#4780)
      * API /admin/users/{username} missing parameter (#4775)
      * Display error when adding a user to a team twice (#4746)
      * Remove UsePrivilegeSeparation from the Docker sshd_config, see #2876 (#4722)
      * Focus title input when clicking helper link (#4696)
      * Add vendor to user reserved words and format words list according alphabet (#4685)
      * Add gitea/issues link to 500 page (#4654)
      * Hide home button when landing page is not set to home (#4651)
      * Remove link to GitHub issues in 404 template (#4639)
      * Cmd/serve: pprof cpu and memory profile dumps to disk (#4560)
      * Add flash message after an account has been successfully activated (#4510)
      * Prevent html entity escaping on delete branch (#4471)
      * Locale for button Edit on protected branch (#4442)
      * Update notification icon (#4343)
      * Added front-end topics validation (#4316)
      * Don't display buttons if there are no system notifications (#4280)
      * Issue due date api (#3890)
    * SECURITY
      * Improve URL validation for external wiki  and external issues (#4710)
      * Make cookies HttpOnly and obey COOKIE_SECURE flag (#4706)
      * Don't disclose emails of all users when sending out emails (#4664)
      * Check that repositories can only be migrated to own user or organizations (#4366)
    * TRANSLATION
      * Fix punctuation in English translation (#4958)
      * Fix translation (#4355)
    
  • v1.5.2
    31a738b2 · 1.5.2 changelog (#5052) ·
    * SECURITY
      * Enforce token on api routes (#4840) (#4905)
    * BUGFIXES
      * Remove links from topics in edit mode (#5030)
      * Detect charset and convert non UTF-8 files for display (#4950) (#4994)
      * Fix layout of the topics editing form (#4971) (#4993)
      * Fix null pointer dereference in ParseCommitWithSignature (#4964)
      * Fix url in discord webhook (#4951)
      * Fix font-cropping UI bug in diff (#4726) (#4929)
      * Fix bug forget to remove Stopwatch when remove repository (#4933)
      * Fix bug when repo remained bare if multiple branches pushed (#4927)
      * Fix redirect with non-ascii branch names (#4764) (#4887)
      * Fix issues api allow pulls (#4852) (#4862)
      * Fix trimming of markup section names (#4864)
    
  • v1.5.1
    38d8b8cf · 1.5.1 Changelog (#4851) ·
    * SECURITY
      * Don't disclose emails of all users when sending out emails (#4784)
      * Improve URL validation for external wiki and external issues (#4710) (#4740)
      * Make cookies HttpOnly and obey COOKIE_SECURE flag (#4706) (#4707)
    * BUGFIXES
      * Fix missing release title in webhook (#4783) (#4800)
      * Make sure to reset commit count in the cache on mirror syncing (#4770)
      * Fixed bug where team with admin privelege type doesn't get any unit (#4759)
      * Fix failure on creating pull request with assignees (#4583) (#4727)
      * Hide org/create menu item in Dashboard if user has no rights (#4678) (#4686)
    * TRANSLATION
      * Fix incorrect caption of webhook setting (#4701) (#4718)