From 316d88efba4d9d83de3b18eb81a5f836e291e916 Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Wed, 31 Jan 2024 17:23:54 +0100 Subject: [PATCH] [DOCS] RELEASE-NOTES.md (squash) v1.21.5-0 (squash) go-git (cherry picked from commit 6fc9ce83caf1cde207f375459b8a1d5495f7b78e) --- RELEASE-NOTES.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index f32068da66..65f79e3628 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -13,7 +13,7 @@ $ git clone https://codeberg.org/forgejo/forgejo/ $ git -C forgejo log --oneline --no-merges v1.21.4-0..v1.21.5-0 ``` -This stable release includes security and bug fixes as well as documentation improvements. +This stable release includes bug fixes as well as documentation improvements. * Recommended Action @@ -27,6 +27,7 @@ This stable release includes security and bug fixes as well as documentation imp The most prominent ones are described here, others can be found in the list of commits included in the release as described above. + * [Upgrade go-git to v5.11.0](https://codeberg.org/forgejo/forgejo/commit/faafccbcc7942b39cbc43f8014a435de4cc30f62). Although go-git is not used by Forgejo in a way that meets the requirements for the [CVE-2023-49568](https://github.com/advisories/GHSA-mw99-9chc-xw7r) and [DoS](https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r) vulnerabilities to be possible, it is upgraded to v5.11.0 which mitigates the issue, as a precaution. * [Fix markdown relative links rendering](https://codeberg.org/forgejo/forgejo/commit/f8c9ff55b98adfbfbcc24efd178c114006f28336) * [Fix NPE in `UsernameSubRoute`](https://codeberg.org/forgejo/forgejo/commit/3c7a955f05ec4c29f3c4f7412c45129b74c33e5c) * [Fix duplication when blocking multiple users](https://codeberg.org/forgejo/forgejo/commit/3d3790ef4c6cdbcbe0cf7ec80627596f44701977)