web/forgejo
8
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-02-23 03:45:47 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
forgejo/release-notes-published/7.0.13.md
Earl Warren 97f743a89e chore(release-notes): fix Forgejo v10.0.1 & v7.0.13 blog post URL (again) [skip ci] (#6857) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6857
Reviewed-by: Emily <emilylange@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
2025-02-08 13:17:25 +00:00

3.1 KiB
Raw Blame History

See also the dedicated blog post.

Release notes

  • Security bug fixes
    • PR: Verify the ID of Forgejo Actions web endpoints belongs to the repository to prevent the deletion of runners or variables or the modification of variables. Read more in the dedicated blog post.
    • PR: Enforce permissions on publicly available user or organizations projects to not leak information from issues and pull requests that belong to private repositories. Read more in the dedicated blog post.
  • Bug fixes
    • PR (backported): fix: load settings for valid user and email check
  • Included for completeness but not worth a release note
    • PR: Update dependency katex to v0.16.21 [SECURITY] (v7.0/forgejo)
    • PR (backported): chore(security): update security.txt with new expiration date
    • PR: chore: remove illegal git usage
    • PR: Update module github.com/go-git/go-git/v5 to v5.13.1 (v7.0/forgejo)
    • PR (backported): chore(release): link to the standalone release notes file
    • PR: Update module golang.org/x/net to v0.33.0 (v7.0/forgejo)