From ce5541c78b42cfd441f4af7db004a3fa3af493b5 Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Tue, 3 Oct 2023 15:16:29 +0200 Subject: [PATCH 1/4] [DOCS] RELEASE-NOTES.md (squash) 1.20.5-0 --- RELEASE-NOTES.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index 443e25ffbf..fa8e5fff12 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -27,6 +27,35 @@ $ git -C forgejo log --oneline --no-merges origin/v1.20/forgejo..origin/v1.21/fo (More items to be added here) +## 1.20.5-0 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.20/forgejo) included in the `Forgejo v1.20.5-0` release can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo/ +$ git -C forgejo log --oneline --no-merges v1.20.4-1..v1.20.5-0 +``` + +This stable release includes bug fixes. + +* Recommended Action + + We recommend that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.20/admin/upgrade/) to the latest version. + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.20/user/semver/) + + The semantic version was updated to `5.0.5+0-gitea-1.20.5` + +* Bug fixes + + The most prominent ones are described here, others can be found in the list of commits included in the release as described above. + + * [Fix the display of pull requests waiting for review](https://codeberg.org/forgejo/forgejo/commit/4b23f11864) on the `/pulls` page. It incorrectly included all reviews. + * [Fix a v1.20 regression preventing access to files with OAuth2 tokens](https://codeberg.org/forgejo/forgejo/commit/3e8c3b7c09) in private repositories. + * [Fix](https://codeberg.org/forgejo/forgejo/commit/101cfc1f82) a bug by which the `doctor` command [complains the `deleted_branch` table is missing](https://codeberg.org/forgejo/forgejo/issues/1522) although it should not. + * [Fix the release URL in webhooks](https://codeberg.org/forgejo/forgejo/commit/1b1f878204) so that `URL` points to the API URL and `HTMLURL` points to the web page. + * [Fix organization field being null in POST /orgs/{orgid}/teams](https://codeberg.org/forgejo/forgejo/commit/f8bf284794). + ## 1.20.4-1 The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.20/forgejo) included in the `Forgejo v1.20.4-1` release can be reviewed from the command line with: From 5dd66c06e3aa24d355f0cba7a24ecd6ec43b2021 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Dachary?= Date: Thu, 5 Oct 2023 09:53:42 +0200 Subject: [PATCH 2/4] [DOCS] RELEASE-NOTES.md (squash) 1.20.5-0 is a security release --- RELEASE-NOTES.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index fa8e5fff12..4d58f1a479 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -36,16 +36,20 @@ $ git clone https://codeberg.org/forgejo/forgejo/ $ git -C forgejo log --oneline --no-merges v1.20.4-1..v1.20.5-0 ``` -This stable release includes bug fixes. +This stable release contains **important security fixes**, as explained in the [v1.20.5-0 companion blog post](https://forgejo.org/2023-10-release-v1205-0/). * Recommended Action - We recommend that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.20/admin/upgrade/) to the latest version. + We **strongly recommend** that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.20/admin/upgrade/) to the latest version as soon as possible. * [Forgejo Semantic Version](https://forgejo.org/docs/v1.20/user/semver/) The semantic version was updated to `5.0.5+0-gitea-1.20.5` +* Security fix + + * When a user logs into Forgejo, they can click the **Remember This Device** checkbox and their browser will store a **Long-term authentication** token provided by the server, in a cookie that will allow them to stay logged in for an extended period of time. The implementation was inherently insecure and was [reworked](https://codeberg.org/forgejo/forgejo/commit/51988ef52bc93b63184d28395d10bf3b76914ad0). Read more about this issue in the [v1.20.5-0 blog post](https://forgejo.org/2023-10-release-v1205-0/). + * Bug fixes The most prominent ones are described here, others can be found in the list of commits included in the release as described above. From fc5b52049f8f2e2271ef41a633efe3b7f04d05e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Dachary?= Date: Thu, 5 Oct 2023 12:07:28 +0200 Subject: [PATCH 3/4] slug of the blog post changed --- RELEASE-NOTES.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index 4d58f1a479..093d7c9a9d 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -36,7 +36,7 @@ $ git clone https://codeberg.org/forgejo/forgejo/ $ git -C forgejo log --oneline --no-merges v1.20.4-1..v1.20.5-0 ``` -This stable release contains **important security fixes**, as explained in the [v1.20.5-0 companion blog post](https://forgejo.org/2023-10-release-v1205-0/). +This stable release contains **important security fixes**, as explained in the [v1.20.5-0 companion blog post](https://forgejo.org/2023-10-release-v1-20-5-0/). * Recommended Action @@ -48,7 +48,7 @@ This stable release contains **important security fixes**, as explained in the [ * Security fix - * When a user logs into Forgejo, they can click the **Remember This Device** checkbox and their browser will store a **Long-term authentication** token provided by the server, in a cookie that will allow them to stay logged in for an extended period of time. The implementation was inherently insecure and was [reworked](https://codeberg.org/forgejo/forgejo/commit/51988ef52bc93b63184d28395d10bf3b76914ad0). Read more about this issue in the [v1.20.5-0 blog post](https://forgejo.org/2023-10-release-v1205-0/). + * When a user logs into Forgejo, they can click the **Remember This Device** checkbox and their browser will store a **Long-term authentication** token provided by the server, in a cookie that will allow them to stay logged in for an extended period of time. The implementation was inherently insecure and was [reworked](https://codeberg.org/forgejo/forgejo/commit/51988ef52bc93b63184d28395d10bf3b76914ad0). Read more about this issue in the [v1.20.5-0 blog post](https://forgejo.org/2023-10-release-v1-20-5-0/). * Bug fixes From 59e9648b7114121fca92c0ba5eb92272b1c45643 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Dachary?= Date: Thu, 5 Oct 2023 12:11:22 +0200 Subject: [PATCH 4/4] apply caesar rewording suggestions --- RELEASE-NOTES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index 093d7c9a9d..ff9d2c3131 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -52,7 +52,7 @@ This stable release contains **important security fixes**, as explained in the [ * Bug fixes - The most prominent ones are described here, others can be found in the list of commits included in the release as described above. + The most prominent bug fixes are described below. Others can be found in the list of commits included in the release as described above. * [Fix the display of pull requests waiting for review](https://codeberg.org/forgejo/forgejo/commit/4b23f11864) on the `/pulls` page. It incorrectly included all reviews. * [Fix a v1.20 regression preventing access to files with OAuth2 tokens](https://codeberg.org/forgejo/forgejo/commit/3e8c3b7c09) in private repositories.