gogs

ℹ️ Heads up! There is a new patch release 0.12.11 available, we recommend directly installing or upgrading to that version.

Fixed

• The updated_at field is now correctly updated when updates an issue. #6209
• Fixed a regression which created login_source.cfg column to have VARCHAR(255) instead of TEXT in MySQL. #6280

0.12.0

Added

• Support for Git LFS, you can read documentation for both user and admin. #1322
• Allow admin to remove observers from the repository. #5803
• Use Last-Modified HTTP header for raw files. #5811
• Support syntax highlighting for SAS code files (i.e. .r, .sas, .tex, .yaml). #5856
• Able to fill in pull request title with a template. #5901
• Able to override static files under public/ directory, please refer to documentation for usage. #5920
• New API endpoint GET /admin/teams/:teamid/members to list members of a team. #5877
• Support backup with retention policy for Docker deployments. #6140

Changed

• The organization profile page has changed to display at most 12 members. #5506
• The required Go version to compile source code changed to 1.14.
• All assets are now embedded into binary and served from memory by default. Set [server] LOAD_ASSETS_FROM_DISK = true to load them from disk. #5920
• Application and Go versions are removed from page footer and only show in the admin dashboard.
• Build tag for running as Windows Service has been changed from miniwinsvc to minwinsvc.
• Configuration option APP_NAME is deprecated and will end support in 0.13.0, please start using BRAND_NAME.
• Configuration option [server] ROOT_URL is deprecated and will end support in 0.13.0, please start using [server] EXTERNAL_URL.
• Configuration option [server] LANDING_PAGE is deprecated and will end support in 0.13.0, please start using [server] LANDING_URL.
• Configuration option [database] DB_TYPE is deprecated and will end support in 0.13.0, please start using [database] TYPE.
• Configuration option [database] PASSWD is deprecated and will end support in 0.13.0, please start using [database] PASSWORD.
• Configuration option [security] REVERSE_PROXY_AUTHENTICATION_USER is deprecated and will end support in 0.13.0, please start using [auth] REVERSE_PROXY_AUTHENTICATION_HEADER.
• Configuration section [mailer] is deprecated and will end support in 0.13.0, please start using [email].
• Configuration section [service] is deprecated and will end support in 0.13.0, please start using [auth].
• Configuration option [auth] ACTIVE_CODE_LIVE_MINUTES is deprecated and will end support in 0.13.0, please start using [auth] ACTIVATE_CODE_LIVES.
• Configuration option [auth] RESET_PASSWD_CODE_LIVE_MINUTES is deprecated and will end support in 0.13.0, please start using [auth] RESET_PASSWORD_CODE_LIVES.
• Configuration option [auth] ENABLE_CAPTCHA is deprecated and will end support in 0.13.0, please start using [auth] ENABLE_REGISTRATION_CAPTCHA.
• Configuration option [auth] ENABLE_NOTIFY_MAIL is deprecated and will end support in 0.13.0, please start using [user] ENABLE_EMAIL_NOTIFICATION.
• Configuration option [session] GC_INTERVAL_TIME is deprecated and will end support in 0.13.0, please start using [session] GC_INTERVAL.
• Configuration option [session] SESSION_LIFE_TIME is deprecated and will end support in 0.13.0, please start using [session] MAX_LIFE_TIME.
• The name - is reserved and cannot be used for users or organizations.

Fixed

• [Security] Potential open redirection with i18n.
• [Security] Potential ability to delete files outside a repository.
• [Security] Potential ability to set primary email on others' behalf from their verified emails.
• [Security] Potential XSS attack via .ipynb. #5170
• [Security] Potential SSRF attack via webhooks. #5366
• [Security] Potential CSRF attack in admin panel. #5367
• [Security] Potential stored XSS attack in some browsers. #5397
• [Security] Potential RCE on mirror repositories. #5767
• [Security] Potential XSS attack with raw markdown API. #5907
• File both modified and renamed within a commit treated as separate files. #5056
• Unable to restore the database backup to MySQL 8.0 with syntax error. #5602
• Open/close milestone redirects to a 404 page. #5677
• Disallow multiple tokens with same name. #5587 #5820
• Enable Federated Avatar Lookup could cause server to crash. #5848
• Private repositories are hidden in the organization's view. #5869
• Users have access to base repository cannot view commits in forks. #5878
• Server error when changing email address in user settings page. #5899
• Fall back to use RFC 3339 as time layout when misconfigured. #6098
• Unable to update team with server error. #6185
• Webhooks are not fired after push when [service] REQUIRE_SIGNIN_VIEW = true.
• Files with identical content are randomly displayed one of them.

Removed

• Configuration option [other] SHOW_FOOTER_VERSION
• Configuration option [server] STATIC_ROOT_PATH
• Configuration option [repository] MIRROR_QUEUE_LENGTH
• Configuration option [repository] PULL_REQUEST_QUEUE_LENGTH
• Configuration option [session] ENABLE_SET_COOKIE
• Configuration option [release.attachment] PATH
• Configuration option [webhook] QUEUE_LENGTH
• Build tag sqlite, which means CGO is now required.

ℹ️ Heads up! There is a new patch release 0.12.11 available, we recommend directly installing or upgrading to that version.

Added

• Support for Git LFS, you can read documentation for both user and admin. #1322
• Allow admin to remove observers from the repository. #5803
• Use Last-Modified HTTP header for raw files. #5811
• Support syntax highlighting for SAS code files (i.e. .r, .sas, .tex, .yaml). #5856
• Able to fill in pull request title with a template. #5901
• Able to override static files under public/ directory, please refer to documentation for usage. #5920
• New API endpoint GET /admin/teams/:teamid/members to list members of a team. #5877
• Support backup with retention policy for Docker deployments. #6140

Changed

• The organization profile page has changed to display at most 12 members. #5506
• The required Go version to compile source code changed to 1.14.
• All assets are now embedded into binary and served from memory by default. Set [server] LOAD_ASSETS_FROM_DISK = true to load them from disk. #5920
• Application and Go versions are removed from page footer and only show in the admin dashboard.
• Build tag for running as Windows Service has been changed from miniwinsvc to minwinsvc.
• Configuration option APP_NAME is deprecated and will end support in 0.13.0, please start using BRAND_NAME.
• Configuration option [server] ROOT_URL is deprecated and will end support in 0.13.0, please start using [server] EXTERNAL_URL.
• Configuration option [server] LANDING_PAGE is deprecated and will end support in 0.13.0, please start using [server] LANDING_URL.
• Configuration option [database] DB_TYPE is deprecated and will end support in 0.13.0, please start using [database] TYPE.
• Configuration option [database] PASSWD is deprecated and will end support in 0.13.0, please start using [database] PASSWORD.
• Configuration option [security] REVERSE_PROXY_AUTHENTICATION_USER is deprecated and will end support in 0.13.0, please start using [auth] REVERSE_PROXY_AUTHENTICATION_HEADER.
• Configuration section [mailer] is deprecated and will end support in 0.13.0, please start using [email].
• Configuration section [service] is deprecated and will end support in 0.13.0, please start using [auth].
• Configuration option [auth] ACTIVE_CODE_LIVE_MINUTES is deprecated and will end support in 0.13.0, please start using [auth] ACTIVATE_CODE_LIVES.
• Configuration option [auth] RESET_PASSWD_CODE_LIVE_MINUTES is deprecated and will end support in 0.13.0, please start using [auth] RESET_PASSWORD_CODE_LIVES.
• Configuration option [auth] ENABLE_CAPTCHA is deprecated and will end support in 0.13.0, please start using [auth] ENABLE_REGISTRATION_CAPTCHA.
• Configuration option [auth] ENABLE_NOTIFY_MAIL is deprecated and will end support in 0.13.0, please start using [user] ENABLE_EMAIL_NOTIFICATION.
• Configuration option [session] GC_INTERVAL_TIME is deprecated and will end support in 0.13.0, please start using [session] GC_INTERVAL.
• Configuration option [session] SESSION_LIFE_TIME is deprecated and will end support in 0.13.0, please start using [session] MAX_LIFE_TIME.
• The name - is reserved and cannot be used for users or organizations.

Fixed

• [Security] Potential open redirection with i18n.
• [Security] Potential ability to delete files outside a repository.
• [Security] Potential ability to set primary email on others' behalf from their verified emails.
• [Security] Potential XSS attack via .ipynb. #5170
• [Security] Potential SSRF attack via webhooks. #5366
• [Security] Potential CSRF attack in admin panel. #5367
• [Security] Potential stored XSS attack in some browsers. #5397
• [Security] Potential RCE on mirror repositories. #5767
• [Security] Potential XSS attack with raw markdown API. #5907
• File both modified and renamed within a commit treated as separate files. #5056
• Unable to restore the database backup to MySQL 8.0 with syntax error. #5602
• Open/close milestone redirects to a 404 page. #5677
• Disallow multiple tokens with same name. #5587 #5820
• Enable Federated Avatar Lookup could cause server to crash. #5848
• Private repositories are hidden in the organization's view. #5869
• Users have access to base repository cannot view commits in forks. #5878
• Server error when changing email address in user settings page. #5899
• Fall back to use RFC 3339 as time layout when misconfigured. #6098
• Unable to update team with server error. #6185
• Webhooks are not fired after push when [service] REQUIRE_SIGNIN_VIEW = true.
• Files with identical content are randomly displayed one of them.

Removed

• Configuration option [other] SHOW_FOOTER_VERSION
• Configuration option [server] STATIC_ROOT_PATH
• Configuration option [repository] MIRROR_QUEUE_LENGTH
• Configuration option [repository] PULL_REQUEST_QUEUE_LENGTH
• Configuration option [session] ENABLE_SET_COOKIE
• Configuration option [release.attachment] PATH
• Configuration option [webhook] QUEUE_LENGTH
• Build tag sqlite, which means CGO is now required.

Bug fixes

• MySQL: invalid connection #5532
• Docker: Deprecation Notice OpenSSH #5647
• Copyright is behind the times #5674
• [Security] Incorrect API access control #5764

Improvements

• Assignee receives email updates of issue thread #4220
• Render Markdown in emails #4552
• Add rsync to the Docker image #5773

Bug fixes

• Layout misalignment in Firefox for Linux #5299
• Unexpected issue index parsing error while using external issue tracker #5551
• [Security] Remote Code execution or/and Denial of Service #5558

Features

• Support GitHub (Enterprise) authentication source #5340
• Add API endpoint to get commit details by SHA #5546

Others

• Add new languages support: Portuguese

Bug fixes

• LDAP group verification doesn't work when using 'dn' as user attribute #4684
• LDAP group verification fails #4792
• Emoji's do not work in wiki #4869
• Log level not applied from configuration #5007
• Not able to go get a repository with non-80 port #5305
• Fix critical CSRF vulnerabilities on API routes #5355
• Wrong redirect after updated protect branch setting whose name contains # #5442
• Clear labels not working #5445
• [Security] Remote command execution #5469
• Push event webhook is not triggered when new branch fetched to mirror repository #5473
• Large issue comment exceeds dashboard section #5502
• List collaborator API does not contain permission information #5538
• [Security] Log out only deletes browser cookies #5540
• [Security] Some routes need to be POST #5541
• [Security] Stored XSS in external issue tracker URL format #5545

Improvements

• Support prefilling the title and body of new issues using query parameters #5302
• Support data URL of base64 encoded images in Markdown #5391
• Allow non logged in users to call repository information API /repos/:username/:reponame #5475

Bug fixes

• Web editor doesn't execute hooks after commit #4338
• Release attachments are deleted when delete any random comment #4627
• Private repository with public wiki or issue does not show in search result #4973
• Cannot start with MySQL 8.0 #5187
• Webhook and its tasks are not cleaned up when delete repository #5229
• Time set to current after restored from backup #5264
• Delete branch after merged pull request does no trigger webhook #5331
• Fork repository does not check of the limit of users #5345
• Unable to delete user with PostgreSQL #5376

Features

• Able to add avatar for repository #2340
• Add basic Go runtime metrics provided by Prometheus #4141

Improvements

• Ignore configuration inline comment by default
• Add deletion of an empty line at the end of file in file view #5270
• Able to set default authentication method for login #5274
• Able to add custom merge commit description #5276

Others

• Security fixes

Bug fixes

• The branch name contains '#' not work correctly #4601
• Issue mention does not render with square brackets #4706
• 500 when merge branch when the base branch is not the default branch #5138
• Gravatar URLs are badly generated #5157
• Able to reuse two factor passcode
• Config option [git] GC_ARGS does not take effect

Features

• Show mirror updates in activity timeline #2017
• Support authentication source config file #3142
• Trigger webhook after mirror sync #4528

Others

• Changed import path from "gogits/gogs" to "gogs/gogs"
• Security fixes
• Add new languages support: Vietnamese

Bug fixes

• Protected branch can be deleted from the web after merge request #4514
• Does not recognise SYSNAME datatype in MSSQL #4642
• Quick guide is only showed for repository admin #4646
• Wrong branch URL for name contains # in branches view #4874
• Commits not merged after accepting pull request using rebase #5051
• Once branch was protected "Lock" icon will never be removed #5053
• SVG support in IPython notebook #5077

Improvements

• Support HTTP HEAD requests #2857
• Add option to rewrite authorized_keys file at start #4435
• Add option to prepend global prefix to the email subject #4524
• Disable federated avatar lookup by default #5126

Others

• Add new languages support: Indonesian, Persian

Bug fixes

• Regression: Pull request is not working between different repositories #4890

Bug fixes

• Some security fixes
• Wrong commit ID in webhook payload after merging pull request #4442
• Meta tag go-import does not response correct value #4832

Features

• Add Dingtalk webhook support #4773
• Allow rebase and merge pull request #4798

Improvements

• Add placeholder '%s' for username in LDAP BindDN #2526
• Allow UID for git user in Docker container to be specified via ENV variable #3520
• Add repository setting to ignore whitespace when check pull request conflict #4834

Others

• Add new language support: Slovak

Bug fixes

• Private repository activity shown in "Public activity" tab, if the repository was once public #4414
• Webhooks refuse IPv6 URLs as invalid #4428
• No email notification if issue closed by commit #4430
• Explore page incorrect paging #4441
• /api/v1/repos/search returns empty values #4522
• Panic after created a pull request #4572

Bug fixes

• Unable to go get subpkg #1878
• Does not set as admin after first LDAP login #2855
• Panic when login via PAM #4216
• Unique constraint violation after backup restored for PostgreSQL #4357
• Images in IPython notebook are not displayed #4366
• Broken relative path for image link in edit file preview #4368
• Emoji not rendered on commits view #4439
• High CPU when view single commit contains file mode change #4475
• Cannot change permissions of collaborators #4512

Features

• Support two-factor authentication #945
• Support filter by group membership for LDAP #4398

Improvements

• Installation checks port for SMTP host #2243
• Remain updated time unchanged if no new commits fetched for mirrors #4341
• Support IPython notebook as README #4367
• Configurable TLS Support #4450

Bug fixes

• Client is not informed to provide credentials during HTTP/HTTPS push/pull
• Mirror credentials are not URL encoded #4014
• Create pull request buttons are showed on branches page when pull request is disabled #4377
• Panic if user has validation error on installation #4383

Bug fixes

• Profile editing looses changes on validation error #1123
• Wrong repository count in organization dashboard #4351
• Fail to migrate from version prior to 0.10 #4355
• Private repository with public issues didn't handle anonymous visit properly #4359

Bug fixes

• Incorrect file permission for session files #3363
• API: Repository Permission object returns incorrect values #4309
• Unable to update non-local user profile #4313
• Redirect to random issue if index does not exist #4315
• Unable to propose pull request from secondary fork #4324
• Unable to update protect branch whitelist #4333
• Repository size does not update for fork, migrate and mirror #4336

Features

• Support private repository with public issues #649
• Support private repository with public wiki #2157
• Able to retrigger webhook history #2187
• API: Add sync for mirror repository #2235
• Able to load more feeds on dashboard #2511
• Add config option to set a cookie value indicates login status #2885
• Able to backup and restore #2924
• Able to use issues and wiki for bare repository #4104
• Custom page size for commits page #4230
• Add repositories panel to user settings #4277

Improvements

• Include private but accessible repositories in explore page #3088
• Able to choose console mode for logger #3119
• Able to config logger for XORM #3183
• Add config option for HTML render mode #3608
• Webhook push event provice details about added/removed/modified files #3897
• Able to config number of newsfeed showed on Dashboard #4247

Bug fixes

• Last updated is not changed after syncing for mirror repositories #2807
• Regression Cannot edit or view draft release #4262

Improvements

• More webhook events
• Send notification emails to all issue participants #2929
• Whitelist users can bypass require pull request check for protected branches #4207

Features

• Able to view repository size in admin panel
• Support add attachments to releases #1614
• Repository branches page #2310
• Support Smartypants with config section [smartypants] #4162

Bug fixes

• Git hooks do not work on Windows mws version
• link contains an image does not point to the correct URL #2636
• Web editor cannot create branch with slash #3568
• Cannot clone a repository without .git suffix #4189
• Git hook working directory is not repository directory #4225
• Regression on go get support #4226
• Webhook Skip TLS Verify setting doesn't take effect #4228

Improvements

• Use text/html as default email content encoding and use [mailer] USE_PLAIN_TEXT to disable it
• Able to perform initial commit on behave of actual user
• Support Gogs-related environment variables for Git hooks #4094

Bug fixes

• Non-organizational repository cannot save branch protection options

Bug fixes

• Unexpected removal of migrated repository when wiki is detected
• Cannot preview diff on web editor
• Organizational webhook last delivery status cannot be updated
• Admin cannot delete organizational repository
• Diff split view doesn't work on create pull reqeust #3695
• Cannot edit release of fork repository #4174

Improvements

• Able to add organization member as repository collaborator
• Able to add custom head/footer #1286
• Able to send test delivery for specific webhook #3030
• Able to enable webhook types on choice #3356
• Able to send SHA256 HMAC hex digest for webhooks #3692
• Add config option [session] CSRF_COOKIE_NAME for custom CSRF cookie name #4172
• Able to whitelist users and teams for protect branch of organizational repository #4177

Bug fixes

• Cannot install or start server without mail service
• Out of memory when push large content through HTTP #636
• Cannot navigate to wiki page title contains - #3754
• Cannot edit wiki page title contains # #3767
• Crash when tabular spaces in title of wiki pages #3916
• Cannot close a milestone using API #4102
• Repository local copy stops working after force push #4123
• Cannot delete branch after merging pull request #4128

Improvements

• Able to fork own repository #1791
• Add pagination to releases #2164
• Assign issue to user with read-only access #3739
• Support short-hash for download archives #3834
• Highlight a line on diff view

Features

• Support Discord webhook
• Support protected branches #776
• Support MSSQL #3772

Others

• Stop supporting 0.6.x