Forgejo v12.0 is available

Forgejo v12.0 was released on 17 July 2025. You will find a short selection of the changes it introduces below and a complete list in the release notes.

A dedicated test instance is available to try it out. Before upgrading it is strongly recommended to make a full backup as explained in the upgrade guide and carefully read all breaking changes from the release notes. If in doubt, do not hesitate to ask for help on the Fediverse, or in the chat room.

This release marks the Forgejo v7.0 LTS series as End of Life. Forgejo v11.0 was published three months ago and will be supported until 15 July 2026, when Forgejo v16.0 is published. Admins of Forgejo instances with version v7.0 are recommended to upgrade to v11.0 as soon as possible as only it and v12.0 will receive security patches from now on.

Summary

User research and design is where Forgejo User eXperience (UX) and User Interface (UI) are discussed and improved. It is not about mimicking other forges but observing what users do and improve accordingly. For instance:

• Most Forgejo user have visited their profile page at least once and some may use it as their landing page. It is in constant need for improvement while minimizing the impact on habits that users developed over time. The redesign of the user profile was done in that spirit. It adds more actions while also making better use of the available space.
• There are a number of hidden features in Forgejo that only few people actually use because their UX is not good enough. The ability to review pull requests one commit at a time was among them and it was made easier to discover and more convenient to use.
• Forgejo Actions may be used to schedule jobs that run daily, just like cron. But failures could got unnoticed for a long time, waiting for a user to visit the actions page. By adding an option to the workflow, an email notification can now be sent when a job fails.

In large part because Forgejo is used at scale by Codeberg, performance issues are discovered that are not easily detected on smaller instances. For instance, each open pull request is checked for conflict every time a new commit is pushed to the target branch, blocking the ability to merge them. This I/O intensive and time consuming step is optimized, saving resources and allowing faster merges.

Forgejo security features rely on a mixture OpenPGP and SSH. Since SSH is more widely known, Forgejo is gradually implementing alternatives using SSH for tasks that previously required OpenPGP. In this release it is now possible to use SSH instead of OpenPGP for instance signing.

Excessive crawling is a recurring chore for all Forgejo instances, large and small. A robots.txt file is included by default to reduce the impact of crawlers by letting them know which URLs should be avoided.

Improved UX for per-commit reviews

When a pull request has a well organized series of commit, it may be convenient for the reviewer to focus on each of them individually instead of using the larger diff that shows all of them at once. It is already possible in Forgejo but it is also one of the lesser known features, in part because it was inconvenient to use and discover. This was improved as follows:

• The new next (“Next”) and previous (“Prev”) buttons can be used to navigate the list of commits which is more convenient than using the pull down menu.
• The review button (“Finish Review”) can be accessed from the per-commit review page instead of being inactive.
• The links in the pull request pages (conversation and list of commits) lead to the per-commit review page instead of the commit display page. Unless they were made redundant by a force push.
• The commit message is now displayed in the per-commit review page so the reviewer does not need to navigate away to find it.

Keeping forks in sync

If you have a fork and want to keep it synchronized with upstream, the new sync fork feature provides a way to do that. It also indicates whether your fork is behind and/or ahead and by how many commits.

glTF viewer

If you open a glTF model in Forgejo, you will now be able to preview this model in the Forgejo UI without having to download the model and open it in an external tool. Support for previewing other 3D formats is an open issue.

Forgejo Actions email notifications on failure

If a workflow fails, a mail will be sent provided the workflow contains enable-email-notifications: true. The recipient depends on the context:

• Pull requests: the user who opened the pull request.
• Push: the user who pushed the commit.
• Scheduled: the user who owns the repository or the contact email of the organization.
• Dispatch: the user who triggered the dispatch.

UI and UX improvements

• If you try to create a repository and you have hit the limit on the amount of repositories you are allowed to create, it is now clearer which limit you hit.
• The size and dimensions constraints of the custom avatar is now shown in the UI. You no longer have to find out about this requirement after failing to upload an avatar.
• Pasting images into the comment editor will now show that image in the ‘dropzone’.
• The user profile has been redesigned. The most notable change is that actions have been moved to a dropdown and several new actions were added.
• The ‘Write’/‘Preview’ switch has been reworked to use the new switch element.
• The migration screen was redesigned to make it more usable and make better use of the available screen space.

Automatically refreshing workflows

Endlessly staring at many workflows in the ‘Actions’ tab to see if they pass is a favorite activity of many developers. Forgejo now refreshes the status of these workflows every 30 seconds so you no longer have to open each workflow in a new tab or wear out your F5 key.

Localized relative time

In many places of the Forgejo UI you will find relative time, the logic of this component was provided by github/relative-time-element. Forgejo encountered two issues with this library: it was not possible to localize the relative time and there are cases that it does not show the correct relative time. This library is now replaced by Forgejo’s own implementation (1, 2) that allows for localized relative time and uses a simpler approach to calculating relative time that does not run into the same bugs the previous library did.

Faster conflict checking

Due to Forgejo’s nature it relies a lot on Git commands to perform its job in a efficient manner. Forgejo stores repositories as bare repositories and this means that it is not always possible to use commands that require a working tree. For certain operations a temporary clone is created for the sole purpose of using such Git operations. For large repositories this can end up causing a lot of I/O. One of such example was pull request conflict checking, which was reported by a user to cause I/O loads proportional to the amount of open pull requests. Upon re-examining available git commands git merge-tree --write-tree allows for conflict checking to happen without requiring a working tree. If Forgejo is run with a Git version greater or equal than 2.38 you will enjoy this improved performance.

API changes

• Two new API endpoints were added to retrieve actions runs of a repository and retrieve specific runs by their ID.
• A new API endpoint was added that is able to retrieve multiples blobs at once. This endpoint was added to help get support for Forgejo in Sveltia CMS.
• Endpoints that return the metadata of a file now also returns when the last commit was committed. This change helps GitNex with showing this information in directory listings of a repository, similar how Forgejo shows that information.
• It is now possible to lists packages and retrieve info about a package without a token if the profile is public. This is public information and was not required to be guarded behind a token check.

Redirecting fediverse handles

Forgejo will now transform fediverse handles (ex. @forgejo@floss.social and !forgejo@programming.dev) into links to https://fedirect.toolforge.org, a website hosted by Wikimedia, to redirect fediverse handles to their respective URLs via Webfinger. Forgejo is working on implementing proper federated mentions that will also notify users on other federated services, which the redirection does not do.

Tabs indentations in the comment editor

If you have typed comments and tried to use Tab you have noticed that it does nothing, this is frustrating especially if you try to type lists. Tab handling is now implemented in Forgejo to do indentations. A lot of time has been spent to make sure it is accessible and works in a consistent and expected behavior to address concerns raised last year in a previous implementation.

Relaxing the requirements on email addresses

In response to a security report Gitea restricted the allowed syntax of email addresses in early 2022 and some email addresses could not be used despite being conformant to the RFC. This change has now been reverted and the security issue that would allow for command injection was fixed, thus removing the need for strict requirements on the syntax of email addresses.

Instance signing with SSH

Commits that are created by Forgejo (e.g. file edits and merge commits) can be signed by the Forgejo instance via a GPG key. It is now also possible to instead use SSH signing, it has the unique capability of being done by a TPM via an ssh-agent. In addition the instance signing documentation was reworded to use clearer language and be easier to read for instance admins.

Removing deprecated API authentication methods

The API has several authentication methods, two of them are now removed after being deprecated in 2023. The two methods would look in the URL query for the access_token and token parameter. Passing authentication via the URL is not secure and can lead to them being logged and thus being exposed. It is now fully removed and there’s no option to enable these methods again.

Default robots.txt

Forgejo instances have in the last several months been hit hard by all sorts of new crawlers. One of the easiest way that crawlers disrupt Forgejo instances is by navigating to expensive to serve endpoints, creating many repo archives and filling disk space or getting lost in trying many different issue filters. Forgejo now serves a strong restrictive robots.txt, if no robots.txt is set. This should help with reducing the impact of crawlers that respect robots.txt by not navigating to endpoints that can disrupt Forgejo instances.

Forgejo build time optimization

The build process compresses the frontend assets via gzip into the Forgejo binary with vfsgen so that Forgejo can serve these assets. The build process now compresses the frontend assets with Zstd, which is 4x faster than gzip. As an added benefit, assets are now served via Zstd with a fallback to on-the-fly gzip for browsers that do not support Zstd. It also resulted in reducing the Forgejo binary by 2 MiB.

One of Forgejo’s dependencies, specifically go-rpmutils, contained a dependency that is a CGO wrapper around Zstd’s reference library. Although Forgejo’s did not use this CGO dependency, Go unconditionally compiled it and it took almost as long as compiling the CGO SQLite3 driver. Forgejo now has a fork of go-rpmutils without this CGO dependency, resulting in a shorter build time of Forgejo.

xorm EngineGroup connections for optimized database query routing and load balancing

With this addition, read-only queries are automatically routed to database read-replicas in a load-balanced way, keeping the primary free for writes. Multiple load balancing policies can be selected.

Note: This requires a HA database setup with multiple nodes (at least 3) and only works with Postgres or MySQL.

Reducing the usage of Fomantic.

Forgejo uses Fomantic-UI for historical reasons. In many cases it is not needed, does not provide good accessibility and lock components behind a javascript requirement that could also have been implemented via CSS and semantic HTML. In this release, there are two changes that reduce the use of Fomantic.

• The module that dims the entire page and displays a modal has been replaced with Forgejo’s own dimming module. This allows browser testing to happen and avoid regressions.
• Fomantic-UI comes with a lot of CSS, Forgejo does not use all this CSS. Unused font size classes were removed. This reduces the size of the compiled CSS file and ensures that we do not accidentally depend on it in the future.

Container images based on Alpine 3.22

The v12 container images are built from the latest Alpine 3.22 patch release. It includes:

• Git 2.49.1
• GnuPG 2.4.7
• SQLite 3.49.2
• OpenSSH 10.0

Release schedule and Long Term Support

The time based release schedule was established to publish a release every three months. Patch releases will be published more frequently, depending on the severity of the bug or security fixes they contain.

Version	Release date	End Of Life
11.0 (LTS)	16 April 2025	16 July 2026
12.0	17 July 2025	16 October 2025
13.0	16 October 2025	15 January 2026

12.0-test daily releases

Releases are built daily from the latest changes found in the v12.0/forgejo development branch. They are deployed to the https://v12.next.forgejo.org instance for manual verification in case a bug fix is of particular interest ahead of the next patch release. It can also be installed locally with:

• OCI images: root and rootless
• Binaries

Their names are staying the same but they are replaced by new builds every day.

Get Forgejo v12.0

See the download page for instructions on how to install Forgejo, and read the release notes for more information.

Upgrading

Carefully read the breaking bug fixes section of the release notes.

The actual upgrade process is as simple as replacing the binary or container image with the corresponding Forgejo binary or container image. If you’re using the container images, you can use the 12.0 tag to stay up to date with the latest 12.0.Y patch release automatically.

Make sure to check the Forgejo upgrade documentation for recommendations on how to properly backup your instance before the upgrade.

Contribute to Forgejo

If you have any feedback or suggestions for Forgejo do not hold back, it is also your project. Open an issue in the issue tracker for feature requests or bug reports, reach out on the Fediverse, or drop into the Matrix space (main chat room) and say hi!

Donate

Forgejo is proud to be funded transparently. Additionally, it accept donations through Liberapay. It is also possible to donate to Codeberg e.V. in case the Liberapay option does not work out for you, and part of the funding is used to compensate for work on Forgejo.

However, the Liberapay team allows for money to go directly to developers without a round-trip to Codeberg. Additionally, Liberapay allows for a steady and reliable funding stream next to other options, a crucial aspect for the project. The distribution of funds through Liberapay is transparently controlled using the decision-making process, and Forgejo contributors are encouraged to consider applying to benefit from this funding opportunity.

Thank you for using Forgejo and considering a donation, in case your financial situation allows you to.