From 0ff5be49abba9f989792551441fd930f5f5f5665 Mon Sep 17 00:00:00 2001 From: crystal Date: Wed, 17 Apr 2024 05:41:34 -0600 Subject: [PATCH 1/4] [RELEASE] v1.21.11-0 release notes --- RELEASE-NOTES.md | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index 7bb32310b4..6b3d6f0583 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -4,6 +4,37 @@ A Forgejo release is published shortly after a Gitea release is published and th The Forgejo admin should carefully read the required manual actions before upgrading. A point release (e.g. v1.21.1-0 or v1.21.2-0) does not require manual actions but others might (e.g. v1.20, v1.21). +## 1.21.11-0 + +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.21/forgejo) included in the `Forgejo v1.21.11-0` releae can be reviewed from the command line with: + +```shell +$ git clone https://codeberg.org/forgejo/forgejo +$ git -C forgejo log --oneline --no-merges v1.21.10-0..v1.21.11-0 +``` + +This stable release contains bug fixes and a **security fix**. + +* Recommended Action + + We recommend that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.21/admin/upgrade/) to the latest version as soon as possible. + +* [Forgejo Semantic Version](https://forgejo.org/docs/v1.21/user/semver/) + + The semantic version was updated to `6.0.11+0-gitea-1.21.10` + +* Security fix + + [This is a security release](https://codeberg.org/forgejo/security-announcements/issues/9), details about the bug and fix are currently TBA. + +* Bug fixes + + * [Use system action user to trigger scheduled action workflows](https://codeberg.org/forgejo/forgejo/commit/387aea4434488555838e55e067242509bc1510a6) + * [Close file in upload function](https://codeberg.org/forgejo/forgejo/commit/fd47240545ab1c4f10d07434c2ba00fff044236a) + * [Prevent registering runners for deleted repositories](https://codeberg.org/forgejo/forgejo/commit/fd47240545ab1c4f10d07434c2ba00fff044236a). Prevents 500 Internal Server Error in admin interface. + * [More reliable pagination support when migrating from gitbucket](https://codeberg.org/forgejo/forgejo/commit/e702e79625980b08ec060a1690b76502455acad9) + * [Fix automerge when used with actions](https://codeberg.org/forgejo/forgejo/commit/4889a3a1713d91a5ae95af4edf1bb3352d1871fd) + ## 1.21.10-0 The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.21/forgejo) included in the `Forgejo v1.21.10-0` release can be reviewed from the command line with: @@ -15,7 +46,7 @@ $ git -C forgejo log --oneline --no-merges v1.21.8-0..v1.21.10-0 This stable release contains bug fixes and a **security fix**. -Note that there is no `Forgejo v1.21.9-0` release. The release numbering of the `Forgejo v1.21` patch series follows the Gitea release numbering. However, the publication of `Gitea v1.21.9` and `Gitea v1.21.10` were a few days appart because of a regression that is not present on Forgejo and there was no need to publish `Forgejo v1.21.9-0`. +Note that there is no `Forgejo v1.21.9-0` release. The release numbering of the `Forgejo v1.21` patch series follows the Gitea release numbering. However, the publication of `Gitea v1.21.9` and `Gitea v1.21.10` were a few days apart because of a regression that is not present on Forgejo and there was no need to publish `Forgejo v1.21.9-0`. * Recommended Action From 95fa27374b8a5bc7dc0bebd04e02d1fda7ce86e6 Mon Sep 17 00:00:00 2001 From: crystal Date: Thu, 18 Apr 2024 07:27:48 -0600 Subject: [PATCH 2/4] typo --- RELEASE-NOTES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index 6b3d6f0583..f7acaeb94e 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -6,7 +6,7 @@ The Forgejo admin should carefully read the required manual actions before upgra ## 1.21.11-0 -The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.21/forgejo) included in the `Forgejo v1.21.11-0` releae can be reviewed from the command line with: +The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.21/forgejo) included in the `Forgejo v1.21.11-0` release can be reviewed from the command line with: ```shell $ git clone https://codeberg.org/forgejo/forgejo From 2b2c0f1ae25074eff425fb09ccd9c0333de238c7 Mon Sep 17 00:00:00 2001 From: crystal Date: Thu, 18 Apr 2024 12:37:59 -0600 Subject: [PATCH 3/4] add security fixes details, link to compare --- RELEASE-NOTES.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index f7acaeb94e..836c52ee93 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -6,7 +6,7 @@ The Forgejo admin should carefully read the required manual actions before upgra ## 1.21.11-0 -The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.21/forgejo) included in the `Forgejo v1.21.11-0` release can be reviewed from the command line with: +[The complete list of new commits included in the Forgejo v1.21.11-0 release can be reviewed here](https://codeberg.org/forgejo/forgejo/compare/v1.21.10-0...v1.21.11-0), or from the comand line with: ```shell $ git clone https://codeberg.org/forgejo/forgejo @@ -25,7 +25,8 @@ This stable release contains bug fixes and a **security fix**. * Security fix - [This is a security release](https://codeberg.org/forgejo/security-announcements/issues/9), details about the bug and fix are currently TBA. + * [Fixed a bug that allows user-supplied, non-sandboxed JavaScript to be run from the same domain as the forge](https://codeberg.org/forgejo/forgejo/commit/8dcc7d9e8ce36d94bae1a1becddc4735f51add3c), via `/{owner}/{repo}/render/branch/{branch}/{filename}` URLs. + * [Fixed a privilege escalation through git push options](https://codeberg.org/forgejo/forgejo/commit/cc80e661531794fff7f8a336eaaefdb7e3bd3956) that allows any user to change the visibility of any repository they can see, regardless of their level of access. * Bug fixes From 77843135b0c73a5da8994704e10571982c4c9d1a Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Thu, 18 Apr 2024 21:57:53 +0200 Subject: [PATCH 4/4] slight wording change and most serious fix first --- RELEASE-NOTES.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index 836c52ee93..0c51bcec99 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -13,11 +13,11 @@ $ git clone https://codeberg.org/forgejo/forgejo $ git -C forgejo log --oneline --no-merges v1.21.10-0..v1.21.11-0 ``` -This stable release contains bug fixes and a **security fix**. +This stable release contains bug fixes and **security fixes**. * Recommended Action - We recommend that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.21/admin/upgrade/) to the latest version as soon as possible. + We strongly recommend that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.21/admin/upgrade/) to the latest version as soon as possible. * [Forgejo Semantic Version](https://forgejo.org/docs/v1.21/user/semver/) @@ -25,8 +25,8 @@ This stable release contains bug fixes and a **security fix**. * Security fix - * [Fixed a bug that allows user-supplied, non-sandboxed JavaScript to be run from the same domain as the forge](https://codeberg.org/forgejo/forgejo/commit/8dcc7d9e8ce36d94bae1a1becddc4735f51add3c), via `/{owner}/{repo}/render/branch/{branch}/{filename}` URLs. * [Fixed a privilege escalation through git push options](https://codeberg.org/forgejo/forgejo/commit/cc80e661531794fff7f8a336eaaefdb7e3bd3956) that allows any user to change the visibility of any repository they can see, regardless of their level of access. + * [Fixed a bug that allows user-supplied, non-sandboxed JavaScript to be run from the same domain as the forge](https://codeberg.org/forgejo/forgejo/commit/8dcc7d9e8ce36d94bae1a1becddc4735f51add3c), via `/{owner}/{repo}/render/branch/{branch}/{filename}` URLs. * Bug fixes