github go-gitea/gitea v1.27.0-rc0
on GitHub

pre-release2 hours ago

  • BREAKING

    • Feat(actions)!: improve support for reusable workflows (#37478)
    • Use Content-Security-Policy: script nonce (#37232)

  • SECURITY

    • Fix(deps): update module github.com/go-git/go-git/v5 to v5.19.1 [security] (#37786)
    • Fix(oauth): restrict introspection to the token's client (#38042)
    • Fix(api): don't expose private org membership via public_members (#38145)
    • Fix(actions): deny fork-PR cross-repo access via collaborative owner (#38214)
    • Fix(migrations): prevent path traversal in repository restore (#38215)

  • FEATURES

    • Feat(actions): add workflow status badge modal (#38196)
    • Feat(actions): support owner-level and global scoped workflows (#38154)
    • Feat(api): support ref suffixes in compare (#38148)
    • Feat(actions): implement jobs.<job_id>.continue-on-error (#38100)
    • Feat(actions): show run status on browser tab favicon (#38071)
    • Feat(api): add token introspection and self-deletion endpoint (#37995)
    • Feat(api): add q parameter to list branches API for server-side filtering (#37982)
    • Feat(repo): split repository creation limit into user and org scopes (#37872)
    • Feat(actions): bulk delete, disable and enable runners in admin UI (#37869)
    • Feat(actions): List workflows that were executed once but got removed from the default branch (#37835)
    • Feat(org): add team visibility so org members can discover teams (#37680)
    • Feat: add raw diff/patch endpoint for repository comparisons (#37632)
    • Feat: Add avatar stacks (#37594)
    • Feat(actions): add job summaries (GITHUB_STEP_SUMMARY) (#37500)
    • Feat(web): Add Jupyter Notebook (.ipynb) Rendering Support (#37433)
    • Support for Custom URI Schemes in OAuth2 Redirect URIs (#37356)
    • Feat(orgs): Add search bar for organization members tab page (#37347)
    • Feat(api): Add assignees APIs (#37330)
    • Feat(api): Add GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/runs (#37196)
    • Serve OpenAPI 3.0 spec at /openapi.v1.json (#37038)
    • Add project column picker to issue and pull request sidebar (#37037)
    • Allow multiple projects per issue and pull requests (#36784)
    • Feat(ui): add "follow rename" to file commit history list (#34994)
    • Feat(ssh): auto generate additional ssh keys (#33974)

  • ENHANCEMENTS

    • Enhance: allow builtin default git config options to be overridden (#38172)
    • Enhance: allow MathML core elements (#38034)
    • Enhance(markup): improve issue title rendering (#37908)
    • Enhance(actions): set descriptive browser tab title on run view (#37870)
    • Enhance: Migrate remaining gopkg.in/yaml.v3 usages to go.yaml.in/yaml/v4 (#37866)
    • Enhance(actions): show workflow name from YAML instead of filename (#37833)
    • Feat(actions): add before/after to PR synchronize event payload (#37827)
    • Enhance(actions): add branch filters to run list (#37826)
    • Enhance(actions): Make Summary UI more beautiful with more infos (#37824)
    • Feat: add copy button to action step header, improve other copy buttons (#37744)
    • Fix(icon): use repo-forked icon to display forks count (#37731)
    • Feat(api): add sort and order query parameters to job list endpoints (#37672)
    • Feat(api): add last_sync to repository API (#37566)
    • Enhance: Adjust Workflow Graph styling (#37497)
    • Improve code editor text selection and clean up lint enablement (#37474)
    • Add mirror auth updates to repo edit API and settings (#37468)
    • Replace olivere/elastic with REST API client, add OpenSearch support (#37411)
    • Feat: Add default PR branch update style setting (#37410)
    • Fix inconsistent disabled styling on logged-out repo header buttons (#37406)
    • Allow fast-forward-only merge when signed commits are required (#37335)
    • Enhance styling in actions page (#37323)
    • Fix: improve actions status icons and texts (#37206)
    • Make Markdown fenced code block work with more syntaxes (#37154)
    • Fix: Sort action run jobs by JobID and Name with matrix examples (#37046)
    • Add API endpoint to reply to pull request review comments (#36683)

  • PERFORMANCE

    • Perf(web): sort the action_run query by a repo-scoped index when possible (#38155)
    • Perf: Various performance regression fixes (#38078)
    • Perf: extend action c_u index to include created_unix for faster dashboard feeds (#38076)
    • Batch-load related data in actions run, job, and task API endpoints (#37032)

  • BUGFIXES

    • Fix: update npm dependencies, fix misc issues (#38257)
    • Fix(api): respect since/until when counting commits for X-Total-Count (#38204)
    • Fix: codemirror regressions (#38248)
    • Fix(api): support HEAD requests on all API GET endpoints (#38245)
    • Fix(actions): Cleanup workflow status badge code (#38241)
    • Fix(web): Correctly align the "disabled" label on larger workflow names (#38240)
    • Fix(actions): don't swallow HTML entities into linkified URLs (#38239)
    • Fix(packages): accept npm "repository" and "bin" in string form (#38236)
    • Fix(actions): fix 500 error when canceling a canceling task (#38223)
    • Fix(deps): update module golang.org/x/image to v0.43.0 [security] (#38219)
    • Fix(mssql): convert legacy DATETIME columns to DATETIME2 (#38216)
    • Fix(api): deny private org member enumeration via /members (#38213)
    • Fix(actions): ensure all waiting jobs get runners in large workflows (#38200)
    • Fix(deps): update go dependencies (#38194)
    • Fix(deps): update npm dependencies (#38193)
    • Fix(cli): default must-change-password to false for bot users (#38175)
    • Fix(actions): show run index in run view and fix summary graph height (#38165)
    • Fix: csp (#38162)
    • Fix(deps): update npm dependencies (#38123)
    • Fix(mssql): expand legacy issue and comment long-text columns (#38120)
    • Fix(packages): validate debian distribution and component names (#38116)
    • Fix(packages): validate module version in goproxy ParsePackage (#38104)
    • Fix(deps): update dependency esbuild to v0.28.1 [security] (#38097)
    • Fix: git push hook post receive (#38089)
    • Fix(ui): prevent commit status popup overflowing its row (#38081)
    • Fix: validate gem name in rubygems parseMetadataFile (#38061)
    • Fix: commit display name (#38057)
    • Fix: csp regressions (#38047)
    • Fix: api error message (#38031)
    • Fix(deps): update npm dependencies (#38029)
    • Fix: pgsql lint (#38022)
    • Fix(indexer): fix assignee filters in issue search (#38021)
    • Fix: various dropdown problems (#38020)
    • Fix: refactor git error handling and make archive streaming handle non-existing commit id (#38007)
    • Fix: raise git required version to 2.13 (#37996)
    • Fix: remove "no-transfrom" from the cache-control header (#37985)
    • Fix(deps): update module github.com/google/go-github/v87 to v88 (#37971)
    • Fix: use committer time where ever possible as default (#37969)
    • Fix(deps): update npm dependencies, remove nolyfill (#37968)
    • Fix(deps): update go dependencies (#37967)
    • Fix(pull): preserve squash message trailers and additional commit messages (#37954)
    • Fix(deps): update module golang.org/x/image to v0.41.0 [security] (#37904)
    • Fix: support ##[command] log prefix in action run UI (#37882)
    • Fix(deps): update module github.com/google/go-github/v86 to v87 (#37845)
    • Fix(deps): update npm dependencies (#37844)
    • Fix(deps): update go dependencies (#37841)
    • Fix(frontend): resolve Vite assets by manifest source path (#37836)
    • Fix(locales): Replace hardcoded strings (#37788)
    • Fix(packages): render markdown links relative to linked repo (#37676)
    • Fix: persist mirror repository metadata (#37519)
    • Fix cmd tests by mocking builtin paths (#37369)
    • Add form-fetch-action to some forms, fix "fetch action" resp bug (#37305)
    • Feat: execute post run cleanup when workflow is cancelled (#37275)
    • Fix relative-time error and improve global error handler (#37241)
    • Refactor flash message and remove SanitizeHTML template func (#37179)

  • TESTING

    • Test: speed up two tests (#37905)
    • Test: Fix random failure test (#37887)
    • Test: fix flaky issue-comment close test (#37880)
    • Test: enable WAL for sqlite integration tests (#37861)
    • Test: fix flaky TestResourceIndex and reduce its runtime (#37847)
    • Test: run TestAPIRepoMigrate offline via a local clone source (#37817)
    • Ci: shard tests and reduce redundant work (#37618)
    • Test(e2e): run playwright via container (#37300)
    • Remove external service dependencies in migration tests (#36866)

  • BUILD

    • Fix(actions): authenticate snapcraft before nightly remote build (#38252)
    • Ci: cap Elasticsearch heap in db-tests (#37816)
    • Build(snap): publish nightly version to snapcraft via actions (#37814)
    • Ci: split pgsql shards into plain jobs, dedupe setup actions (#37802)
    • Ci: narrow files-changed frontend filter (#37749)
    • Ci: add zizmor to lint-actions (#37720)
    • Chore: clean up "contrib" dir (#37690)
    • Fix: snap build (main branch) (#37685)
    • Ci: Also lint json5 files (#37659)
    • Feat(editor): broaden language detection in web code editor (#37619)
    • Build: update pnpm to v11 (#37591)
    • Refactor(deps): migrate from nektos/act fork to gitea/runner (#37557)
    • Refactor: lint bare fill/stroke colors, add vars for git graph color series (#37543)
    • Update go js py dependencies (#37525)
    • Ci: lint PR titles with commitlint (#37498)
    • Chore: upgrade Go version in devcontainer image to 1.26 (#37374)
    • Update GitHub Actions to latest major versions (#37313)
    • Update go js dependencies (#37312)
    • Fail vite build on rolldown warnings via NODE_ENV=test (#37270)
    • Remove htmx (#37224)
    • Replace custom Go formatter with golangci-lint fmt (#37194)
    • Refactor htmx and fetch-action related code (#37186)
    • Integrate renovate bot for all dependency updates (#37050)
    • Build(sign): move to sigstore (#38250)

  • DOCS

    • Docs: update changelog for 1.26.3 & 1.26.4 (#38178)
    • Docs: fix duplicated word in foreachref doc comment (#38161)
    • Docs: Clarify criteria for becoming a merger (#38113)
    • Docs: Publish TOC Election Result 2026 (#38111)
    • Docs: mark openapi3 as autogenerated in attributes (#37963)
    • Docs: add development setup guide (#37960)

  • MISC

    • Revert(sign): restore gpg (#38251)
    • Refactor: replace legacy delete-button with link-action (#38143)
    • Refactor(actions): read runner capabilities from proto field (#38068)
    • Refactor(api): clarify APIError message usage and fix legacy lint error (#38012)
    • Refactor: Use db.Get[] instead of db.GetEngine(ctx).Get(bean) to avoid zero value fetching wrong database record (#37977)
    • Fix(deps): update go dependencies (#37851)
    • Ci: Fix sync PR labels from the conventional-commit title (#37784) (#37825)
    • Ci: tweak files-changed, add free-disk-space (#37819)
    • Fix(deps): update module golang.org/x/crypto to v0.52.0 [security] (#37806)
    • Test(e2e): add comment, release, star, PR and fork tests (#37800)
    • Chore: simplify issue and pull request templates (#37799)
    • Chore: Update giteabot to fix failure when backport (#37789)
    • Fix(api): handle partial failures in push mirror synchronization gracefully (#37782)
    • Fix(deps): update module gitlab.com/gitlab-org/api/client-go/v2 to v2.26.0 (#37771)
    • Ci: split giteabot workflow (#37770)
    • Fix(deps): update npm dependencies (#37768)
    • Refactor(waitgroup): replace Add/Done goroutines with WaitGroup.Go (#37764)
    • Fix(deps): update module google.golang.org/grpc to v1.81.1 (#37762)
    • Ci: fix cache-related issues (#37761)
    • Chore: fix tests (#37760)
    • Fix(deps): update module github.com/google/go-github/v85 to v86 (#37754)
    • Fix(deps): update npm dependencies (#37753)
    • Fix(deps): update go dependencies (#37752)
    • Chore(deps): update action dependencies (#37751)
    • Fix(markup): wrap indented code blocks for the code-copy button (#37748)
    • Chore(db): introduce db.Session and db.EngineMigration interfaces (#37746)
    • Feat(web): also display PR counts in repo list (#37739)
    • Refactor(glob): use strings.Builder for regexp compilation (#37730)
    • Chore(doctor): remove four obsolete doctor check implementations (#37728)
    • Refactor(org): simplify owner-team org repo creation logic (#37727)
    • Refactor: move workflowpattern into modules/actions (#37717)
    • Chore: clean up tests (#37715)
    • Style: misc UI fixes (#37691)
    • Ci: add shellcheck linter (#37682)
    • Fix: catch and fix more lint problems (#37674)
    • Fix(deps): update dependency mermaid to v11.15.0 [security], add e2e test (#37662)
    • Fix(deps): update npm dependencies (#37647)
    • Ci(renovate): update Go import paths on major bumps (#37641)
    • Fix(deps): update go dependencies (major) (#37639)
    • Chore(deps): update action dependencies (major) (#37638)
    • Fix(deps): update module code.gitea.io/sdk/gitea to v0.25.0 (#37637)
    • Fix(deps): update npm dependencies (#37636)
    • Refactor(log): replace log.Critical with log.Error (#37624)
    • Build(deps): bump fast-uri from 3.1.0 to 3.1.2 (#37616)
    • Feat(oauth): Support AWS Cognito OAuth2 provider (#37607)
    • Chore(deps): update action dependencies (#37603)
    • Ci: allow chore type in PR title lint (#37575)
    • Refactor: only reset a database table when the table's data was changed (#37573)
    • Ci: increase renovate frequency and fix RENOVATE_ALLOWED_POST_UPGRADE_COMMANDS (#37565)
    • Refactor: use modernc sqlite driver as default (#37562)
    • Docs: fix 4 typos in CHANGELOG.md (#37549)
    • Fix(deps): update go dependencies (#37541)
    • Chore(deps): update action dependencies (#37540)
    • Refactor pull request view (6) (#37522)
    • Fix: redirect early CLI console logger to stderr (#37507)
    • Refactor "flex-list" to "flex-divided-list" (#37505)
    • Refactor compare diff/pull page (1) (#37481)
    • Refactor pull request view (4) (#37451)
    • Update 1.26.1 changelog in main (#37442)
    • Refactor: use named Permission field in Repository struct instead of anonymous embedding (#37441)
    • Refactor: serve site manifest via /assets/site-manifest.json endpoint (#37405)
    • Remove IsValidExternalURL/IsAPIURL and use IsValidURL at call sites (#37364)
    • Update Block a user form (#37359)
    • Move review request functions to a standalone file (#37358)
    • Feat(security): set X-Content-Type-Options: nosniff by default (#37354)
    • Enable strict TypeScript, add errorMessage helper (#37292)
    • Refactor frontend tw-justify-between layouts to flex-left-right (#37291)
    • Update Nix flake (#37284)
    • Fix Repository transferring page (#37277)
    • Remove SubmitEvent polyfill (#37276)
    • Remove dead code identified by deadcode tool (#37271)
    • Upgrade go-git to v5.18.0 (#37268)
    • Don't add useless labels which will bother changelog generation (#37267)
    • Move heatmap to first-party code (#37262)
    • Tests/integration: simplify code (#37249)
    • Add pagination and search box to org teams list (#37245)
    • Remove error returns from crypto random helpers and callers (#37240)
    • Add ExternalIDClaim option for OAuth2 OIDC auth source (#37229)
    • Refactor: simplify ParseCatFileTreeLine and catBatchParseTreeEntries (#37210)
    • Refactor "htmx" to "fetch action" (#37208)
    • Update go js py dependencies (#37204)
    • Add comment for the design of "user activity time" (#37195)
    • Remove outdated RunUser logic (#37180)
    • Models/fixtures: add "DO NOT add more test data" comment to all yml fixture files (#37150)
    • Update javascript dependencies (#37142)
    • Update go dependencies (#37141)
    • Frontport changelog of v1.26.0-rc0 (#37138)
    • Introduce ActionRunAttempt to represent each execution of a run (#37119)
    • Workflow Artifact Info Hover (#37100)
    • Extend issue context popup beyond markdown content (#36908)
    • Add bulk repository deletion for organizations (#36763)
    • Feat: Add bypass allowlist for branch protection (#36514)
Check out latest releases or
releases around go-gitea/gitea v1.27.0-rc0

Don't miss a new gitea release

NewReleases is sending notifications on new releases.

Get notifications