See also the [dedicated blog post](https://forgejo.org/2025-02-release-v10-0-1/).

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Security bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6839): <!--number 6839 --><!--line 0 --><!--description Zml4KHNlYyk6IEZvcmdlam8gQWN0aW9ucyB3ZWIgcm91dGVz-->Verify the ID of Forgejo Actions web endpoints belongs to the repository to prevent the deletion of runners or variables or the modification of variables. [Read more in the dedicated blog post](https://forgejo.org/2025-02-release-v10-0-1/).<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6838): <!--number 6838 --><!--line 0 --><!--description Zml4KHNlYyk6IHBlcm1pc3Npb24gY2hlY2sgZm9yIHByb2plY3QgaXNzdWU=-->Enforce permissions on publicly available user or organizations projects to not leak information from issues and pull requests that belong to private repositories. [Read more in the dedicated blog post](https://forgejo.org/2025-02-release-v10-0-1/).<!--description-->
- User Interface bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6803) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6833)): <!--number 6833 --><!--line 0 --><!--description Zml4KHVpKTogZGlzcGxheSB2ZXJpZmllZCBpY29uIGZvciBkZWZhdWx0IGdwZyBrZXk=-->fix(ui): display verified icon for default gpg key<!--description-->
- Localization
  - Updates from Codeberg Translate: [[1]](https://codeberg.org/forgejo/forgejo/pulls/6764), [[2]](https://codeberg.org/forgejo/forgejo/pulls/6834)
- Bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6674) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6678)): <!--number 6678 --><!--line 0 --><!--description Zml4OiBsb2FkIHNldHRpbmdzIGZvciB2YWxpZCB1c2VyIGFuZCBlbWFpbCBjaGVjaw==-->fix: load settings for valid user and email check<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6639) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6651)): <!--number 6651 --><!--line 0 --><!--description VGVhY2ggdGhlIGRvY3RvciB0byByZW1vdmUgb3JwaGFuZWQgdHdvX2ZhY3RvciB3aXRoIGBmb3JnZWpvIGRvY3RvciBjaGVjayAtLXJ1biBjaGVjay1kYi1jb25zaXN0ZW5jeSAtLWZpeGAuIFN1Y2ggcm93cyBtYXkgY29udGFpbiBpbnZhbGlkIGRhdGEgYW5kIFtibG9jayB0aGUgbWlncmF0aW9uIHRvIHYxMF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2lzc3Vlcy82NjM3KSB3aXRoIGEgbWVzc2FnZSBzdWNoIGFzIGBmYWlsZWQ6IEFlc0RlY3J5cHQgaW52YWxpZCBkZWNyeXB0ZWQgYmFzZTY0IHN0cmluZzogaWxsZWdhbCBiYXNlNjQgZGF0YSBhdCBpbnB1dCBieXRlIDBgLg==-->Teach the doctor to remove orphaned two_factor with `forgejo doctor check --run check-db-consistency --fix`. Such rows may contain invalid data and [block the migration to v10](https://codeberg.org/forgejo/forgejo/issues/6637) with a message such as `failed: AesDecrypt invalid decrypted base64 string: illegal base64 data at input byte 0`.<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6633) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6643)): <!--number 6643 --><!--line 0 --><!--description Zml4OiBsaXN0aW5nIHRva2VucyBtdXN0IG5vdCByZXF1aXJlIGJhc2ljIGF1dGg=-->fix: listing tokens must not require basic auth<!--description-->
- Included for completeness but not worth a release note
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6817) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6832)): <!--number 6832 --><!--line 0 --><!--description Zml4OiBhdm9pZCB5LWF4aXMgY2xpcHBpbmcgZm9yIGJyYW5jaCBuYW1l-->fix: avoid y-axis clipping for branch name<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6646) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6810)): <!--number 6810 --><!--line 0 --><!--description Y2k6IGZpeCBnbyB2ZXJzaW9uIGNoZWNr-->ci: fix go version check<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6808) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6809)): <!--number 6809 --><!--line 0 --><!--description Y2hvcmUoaTE4bik6IGxpbnQgZXJyb3Jz-->chore(i18n): lint errors<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6782) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6783)): <!--number 6783 --><!--line 0 --><!--description Zml4OiBtYWtlIGF1dGhvciBzZWFyY2ggY2FzZSBpbnNlbnN0aXZl-->fix: make author search case insenstive<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6620) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6770)): <!--number 6770 --><!--line 0 --><!--description Zml4KHVpKTogYWRkIHRyaWFuZ2xlIGRvd24gb2N0aWNvbiB0byBjb2RlIHNlYXJjaCBvcHRpb25zIGRyb3Bkb3du-->fix(ui): add triangle down octicon to code search options dropdown<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6708) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6749)): <!--number 6749 --><!--line 0 --><!--description U2V0IGV4cGxvcmUgcGFnZXMgdG8gY29uZmlndXJhYmxlIGRlZmF1bHQgc29ydA==-->Set explore pages to configurable default sort<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6734) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6748)): <!--number 6748 --><!--line 0 --><!--description RGlzYWJsZSBhdXRvZm9jdXMgb24gdGhlIGRhc2hib2FyZCByZXBvc2l0b3J5IHNlYXJjaCBib3g=-->Disable autofocus on the dashboard repository search box<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6525) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6739)): <!--number 6739 --><!--line 0 --><!--description Zml4IGlubGluZSBmaWxlIHByZXZpZXcgZm9yIGZpbGVzIHdpdGggZW5jb2RlZCBVUkwsIGZpeCAjNTA2OQ==-->fix inline file preview for files with encoded URL, fix #5069<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6726) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6730)): <!--number 6730 --><!--line 0 --><!--description Zml4OiBjaGVjayBmb3Igd2ViYXV0aG4gaW4gMmZhIHVzZXIgc2VhcmNo-->fix: check for webauthn in 2fa user search<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6716) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6720)): <!--number 6720 --><!--line 0 --><!--description Zml4OiBkaXNhbGxvdyBibGFtZSBvbiBkaXJlY3Rvcmllcw==-->fix: disallow blame on directories<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6701) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6718)): <!--number 6718 --><!--line 0 --><!--description Zml4KGkxOG4pOiBhZGQgZm9yZ290dGVuIHRyYW5zbGF0YWJsZSBzdHJpbmc=-->fix(i18n): add forgotten translatable string<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6715) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6717)): <!--number 6717 --><!--line 0 --><!--description Zml4OiByZW5kZXIgaXNzdWUgdGl0bGVzIGNvbnNpc3RlbnRseQ==-->fix: render issue titles consistently<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6704): <!--number 6704 --><!--line 0 --><!--description Y2hvcmU6IGNvbnNpc3RlbnQgZG9ja2VyIGltYWdlIGFuZCBhY3Rpb24gcmVmZXJlbmNlcw==-->chore: consistent docker image and action references<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6694): <!--number 6694 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kga2F0ZXggdG8gdjAuMTYuMjEgW1NFQ1VSSVRZXSAodjEwLjAvZm9yZ2Vqbyk=-->Update dependency katex to v0.16.21 [SECURITY] (v10.0/forgejo)<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6572) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6685)): <!--number 6685 --><!--line 0 --><!--description Rml4IGlubGluZSBmaWxlIHByZXZpZXcgZm9yIHJlbmRlcmVkIGZpbGVz-->Fix inline file preview for rendered files<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6677) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6684)): <!--number 6684 --><!--line 0 --><!--description Zml4OiBhZGQgbm9uIGFsbG93ZWQgZG9tYWluIHRyYW5zbGF0aW9u-->fix: add non allowed domain translation<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6655) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6668)): <!--number 6668 --><!--line 0 --><!--description Y2hvcmUoc2VjdXJpdHkpOiB1cGRhdGUgc2VjdXJpdHkudHh0IHdpdGggbmV3IGV4cGlyYXRpb24gZGF0ZQ==-->chore(security): update security.txt with new expiration date<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6644): <!--number 6644 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjMuNSAodjEwLjAvZm9yZ2Vqbyk=-->Update dependency go to v1.23.5 (v10.0/forgejo)<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6617) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6636)): <!--number 6636 --><!--line 0 --><!--description Zml4KHVpKTogcHJldmVudCBvdmVyZmxvdyBvZiBicmFuY2ggc2VsZWN0b3IgaW4gY29tbWl0IGdyYXBo-->fix(ui): prevent overflow of branch selector in commit graph<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6597) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6632)): <!--number 6632 --><!--line 0 --><!--description Rml4IG1lbnRpb24gYW5kIGVtb2ppIGV4cGFuc2lvbiAmIEltcHJvdmUgbGVhdmluZyBsaXN0IGNvbXBsZXRpb24=-->Fix mention and emoji expansion & Improve leaving list completion<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6613) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6614)): <!--number 6614 --><!--line 0 --><!--description SGlkZSBnaXQgbm90ZSBhZGQgYnV0dG9uIGZvciBjb21taXQsIGlmIGNvbW1pdCBhbHJlYWR5IGhhcyBhIG5vdGU=-->Hide git note add button for commit, if commit already has a note<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6595) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6601)): <!--number 6601 --><!--line 0 --><!--description Zml4OiBSZXNldCBjb250ZW50IG9mIGNvbW1lbnQgZWRpdCBmaWVsZCBvbiBjYW5jZWw=-->fix: Reset content of comment edit field on cancel<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6591) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6594)): <!--number 6594 --><!--line 0 --><!--description Zml4OiByZWR1Y2Ugbm9pc2UgZm9yIHRoZSB2MzAzIG1pZ3JhdGlvbg==-->fix: reduce noise for the v303 migration<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6569) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6587)): <!--number 6587 --><!--line 0 --><!--description dGVzdHMoZTJlKTogVmFyaW91cyBmaXhlcyB0byB2aXN1YWwgdGVzdGluZw==-->tests(e2e): Various fixes to visual testing<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6400) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6585)): <!--number 6585 --><!--line 0 --><!--description UmVmYWN0b3IgZTJlIHRlc3RzIHRvIHNpbXBsaWZ5IGF1dGhlbnRpY2F0aW9uIHNldHVw-->Refactor e2e tests to simplify authentication setup<!--description-->
<!--end release-notes-assistant-->