upstream/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2026-03-25 14:23:03 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
forgejo/release-notes-published/13.0.3.md
forgejo-release-manager abec41fcbe chore(release-notes): Forgejo v13.0.3 (#10200) 
https://codeberg.org/forgejo/forgejo/milestone/29561
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10200
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Co-committed-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
2025-11-21 11:55:33 +01:00

6.6 KiB
Raw Permalink Blame History

Release notes

  • Security bug fixes
    • PR: fix(api): fix dependency repo perms in Create/RemoveIssueDependency
    • PR: fix(api): draft releases could be read before being published
    • PR: misconfigured security checks on tag delete web form
    • PR: incorrect logic in "Update PR" did not enforce head branch protection rules correctly
    • PR: issue owner can delete another user's comment's edit history on same issue
    • PR: tag protection rules can be bypassed during tag delete operation
  • Localization
  • Bug fixes
    • PR (backported): fix: support git clone when /tmp has noexec
    • PR (backported): fix: get new session from enginegroup instead of masterengine
    • PR (backported): fix: endless redirection loop between /user/settings/change_password and /user/settings/security
    • PR (backported): fix(alt): handle package names with dots in ALT repository
    • PR (backported): fix: pull request review comment position
  • Included for completeness but not user-facing (chores, etc.)
    • PR: chore: pin node version
    • PR: Update module golang.org/x/crypto to v0.45.0 (v13.0/forgejo)
    • PR: Update module golang.org/x/crypto to v0.44.0 (v13.0/forgejo)
    • PR (backported): fix: less restrictive matrix room_id pattern
    • PR (backported): fix: add required headers to Pagure migration
    • PR (backported): fix: prevent orgs from being added as members of orgs
    • PR (backported): fix(api): set all hook event types
    • PR (backported): fix: don't show ConEmu OSC escape sequences
    • PR (backported): fix: set tag message on tag addition
    • PR (backported): fix: construct project links in timeline better