Forgejo v9.0 is available
Forgejo v9.0 was released 16 October 2024. You will find a short selection of the changes it introduces below and a complete list in the release notes.
If stability is more important than new features, consider using Forgejo v7.0 instead: it is a Long Term Support release that will receive bug fixes until 16 July 2025. Forgejo v9.0 will be supported until 15 January 2025, when Forgejo v10.0 is published.
A dedicated test instance is available to try it out. Before upgrading it is strongly recommended to make a full backup as explained in the upgrade guide and carefully read all breaking changes from the release notes. If in doubt, do not hesitate to ask for help on the Fediverse, or in the chat room.
Summary
Forgejo v9.0 is the first version to be released under a copyleft license, after a year of discussions. Among the motivations for this change is the realization that a pattern emerged over the years, exemplified by Redis, CockroachDB, Terraform and many others. They turned proprietary because people chose their own financial gain over the interest of the general public. Forgejo admins no longer have to worry about this sword of Damocles: relicensing it as a proprietary software is not allowed.
The removal of the go-git backend is part of a larger effort to make Forgejo easier to maintain, more robust and even smaller than it already is (~100MB). When presented with go-git as an alternative to Git, a Forgejo admin may overlook that it has less features and a history of corrupting repositories. It would have been possible to work on documentation and new tests to ensure administrators do not run into these pitfalls, but the effort would have been out of proportion compared to the benefits it provides.
The Forgejo localization community was created early 2024 with the ambitious goal of gaining enough momentum to sustain a long term effort. A daunting task considering there are over 5,000 strings to translate, verify and improve. There has been many calls for help in the past and the community keeps growing steadily. Fortunately, the translation hackathon (translathon) organized by Codeberg in October was exceptional. It attracted an unprecedented number of participants who improved or created thousands of translations.
New features
Below is short selection of the most notable changes. The complete list is available in the release notes.
- PR: Added the foundations of a flexible, configurable quota system.
- PR: Allow push mirrors to use an SSH key as the authentication method for the mirroring action instead of using user:password authentication. The SSH keypair is created by Forgejo and the destination repository must be configured with the public key to allow for push over SSH.
- PR: A release asset can be a URL instead of a file.
- PR: Accessibility keyboard support for test actions.
- PR (backported): “Assign to me” button on Pull Requests and Issues.
- PR: Support grouping by any path for arch package.
- PR: Add signature support for the RPM module.
- PR: commit The actions logs older than
[actions].LOG_RETENTION_DAYSdays are removed (the default is 365). - PR: commit issue Templates: add option to have dropdown printed list.
- PR: Logs journald integration.
- PR: Refactor repository migration items.
Copyleft
The impact of the license change has been carefully considered with regard to the variety of usages of Forgejo. Someone might have chosen to avoid copyleft software, for example because it is discouraged in a company. However, Forgejo depends on Git, one of the most successful pieces of copyleft software. Both Forgejo and Git must be used together, either as individual binaries or bundled into the official container images. The license of Git is GNU GPL v2, another version of the same copyleft license.
The majority of Forgejo’s codebase is still MIT-licensed, but it is expected that an increasing number of files will switch to GNU GPL v3+ over time. With the notable exception of the API swagger file that is and will stay MIT to clarify that the intent of the Forgejo authors is that it is used for interoperability with no restriction. It is not an original work and enforcing copyright on that file would probably be difficult anyway.
Quotas
Forgejo got early support for a soft-quota system that can protect your server from high disk usage due to abuse or user mistakes. This feature is still in development. If you will try to use it, consider sending us feedback via a discussion, or the Matrix channels.
Forgejo has chosen to use a “soft” quota implementation. It means that Forgejo checks the quota usage only before an action is executed, but it will allow a started action to complete.
In some cases (like pushing to Git repositories), it is hard to estimate the exact new size, because it depends on how much data is available and how much we can benefit from compression. As a result, it is possible to exceed the quota if the operation was started before the quota was used up. After the quota is exceeded, new operations that would increase the quota won’t be possible.
Furthermore, there is currently little support for early prevention of operations in the UI: The handling of, for example, web operations that are denied later is not yet optimal.
Read more in the Soft-Quota page of the documentation.
The multi-architecture OCI leak is fixed
When a multi-architecture container image is pushed to the Forgejo registry, the same tag is used but refers to different images. This is what Forgejo itself relies on to provide either arm64 or amd64 depending on the platform (e.g. docker pull codeberg.org/forgejo/forgejo:7).
This is implemented with an image index which points to image manifests. This level of indirection was unfortunately not taken into account when cleaning up dangling blobs. When a multi-architecture image was either deleted from the web interface or overridden by pushing new images with the same tag, the blobs were never deleted. This bug has been present in Forgejo since the beginning and went unnoticed for a long time, presumably because multi-architecture images are uncommon.
Forgejo will remove dangling blobs when it starts as well as in the existing daily container image cleanup. This will show in the logs with when looking for grep -i CleanupSHA256:
2024/10/15 00:00:00 ...er/cleanup_sha256.go:106:cleanupSHA256() [I] Nothing to cleanup
2024/10/15 00:00:00 ...er/cleanup_sha256.go:29:CleanupSHA256() [I] Finished to cleanup dangling images with a sha256:* version
The time required for the cleanup to complete should be under a minute, even if ten of thousands of blobs were leaked. It is however recommended to give it a try using a backup of the Forgejo instance to be sure. For instance when https://code.forgejo.org was upgraded, it cleaned up a few thousand dangling blobs for a total of around 50GB within less than 15 seconds. To accommodate large instances such as Codeberg, blobs are cleaned up 500 at a time.
Removal of go-git support
Forgejo used to have 2 Git backends: the normal git and go-git which is a Git implementation in pure Go. This the benefit of being a little bit faster than Git on Windows.
Supporting go-git would mean holding Forgejo back. Every Git Feature that Forgejo wants to use also needs to be implemented in go-git. For example: setting git notes in the Web UI is currently not possible in go-git. In addition go-git may lead to data loss and repository corruption (one example). It is not widely used and does not have extensive testing (see the latest example of such corruption).
For these reasons, go-git was removed from the codebase. It only affects users who built Forgejo manually using TAGS=gogit, which no longer has any effect. This removal only happened in the development branch and not in the existing stable Forgejo branches, up to v8.0/forgejo included.
Transparent removal of Couchbase
Using Couchbase as a session provider was removed. This is not a breaking change because it will transparently fallback to the file provider. The rationale for removing Couchbase support is that it is not free software and therefore cannot be tested in Forgejo and neither should be supported.
Gitea compatibility
Forgejo v9.0 has automated upgrade tests from Gitea v1.22 to Forgejo v9.0.
- An instance running Gitea versions up to v1.21 can be upgraded to Forgejo v7.0 or v8.0
- An instance running Gitea v1.22 can be upgraded to Forgejo v8.0 or Forgejo v9.0
Read more about Gitea compatibility in the blog post explaining the hard fork that happened in February 2024.
Release schedule and Long Term Support
The time based release schedule was established to publish a release every three months. Patch releases will be published more frequently, depending on the severity of the bug or security fixes they contain.
| Date | Version | Release date | End Of Life |
|---|---|---|---|
| 2024 Q1 | 7.0.0 | 23 April 2024 | 16 July 2025 |
| 2024 Q2 | 8.0.0 | 30 July 2024 | 16 October 2024 |
| 2024 Q3 | 9.0.0 | 16 October 2024 | 15 January 2025 |
| 2025 Q1 | 10.0.0 | 15 January 2025 | 16 April 2025 |
9.0-test daily releases
Releases are built daily from the latest changes found in the v9.0/forgejo development branch. They are deployed to the https://v9.next.forgejo.org instance for manual verification in case a bug fix is of particular interest ahead of the next patch release. It can also be installed locally with:
Their names are staying the same but they are replaced by new builds every day.
Localization
This release contains many translation additions and improvements done by contributors on Codeberg Translate, and numerous improvements to the UX and translatability of English locale.
Translation updates and some improvements of English locale were also ported to v7.0 where there was no risk of regressions.
The translation hackathon (translathon) organized by Codeberg in October resulted in many new contributors joining and making thousands of additions and improvements.
Get Forgejo v9.0
See the download page for instructions on how to install Forgejo, and read the release notes for more information.
Upgrading
Carefully read the breaking changes section of the release notes.
The actual upgrade process is as simple as replacing the binary or container image
with the corresponding Forgejo binary
or container image.
If you’re using the container images, you can use the
9.0 tag
to stay up to date with the latest 9.0.Y patch release automatically.
Make sure to check the Forgejo upgrade documentation for recommendations on how to properly backup your instance before the upgrade.
Contribute to Forgejo
If you have any feedback or suggestions for Forgejo do not hold back, it is also your project. Open an issue in the issue tracker for feature requests or bug reports, reach out on the Fediverse, or drop into the Matrix space (main chat room) and say hi!
Donate
Forgejo is proud to be funded transparently. Additionally it accept donations through Liberapay. It is also possible to donate to Codeberg e.V. in case the Liberapay option does not work out for you, and part of the funding is used to compensate for work on Forgejo.
However, the Liberapay team allows for money to go directly to developers without a round-trip to Codeberg. Additionally, Liberapay allows for a steady and reliable funding stream next to other options, a crucial aspect for the project. The distribution of funds through Liberapay is transparently controlled using the decision-making process, and Forgejo contributors are encouraged to consider applying to benefit from this funding opportunity.
Thank you for using Forgejo and considering a donation, in case your financial situation allows you to.