Forgejo v13.0 is available

Forgejo v13.0 was released on 16 October 2025. You will find a short selection of the changes it introduces below and a complete list in the release notes.

A dedicated test instance is available to try it out. Before upgrading it is strongly recommended to make a full backup as explained in the upgrade guide and carefully read all breaking changes from the release notes. If in doubt, do not hesitate to ask for help in the chat room.

Summary

Content moderation is one of the main roadblocks for federation. A first step is now available to users and admins. It was completed while ActivityPub related pull requests were worked on in parallel and merged.

Security was improved under the hood for Forgejo Actions secrets now using a more secure module introduced in 2024 and already in use for TOTP secrets since Forgejo v10. In addition it is now possible to require 2FA instance wide.

Forgejo Actions usability was improved with access to all run attempts of each workflow: they were stored but not available via the web UI. The workflow files are now statically checked, for early detection of errors such as the usage of a wrong context in an expression like ${{ forgejo.server_url }}.

Reporting abusive content

Moderation on public Forgejo instance is a hard and time-consuming task as there are no builtin tools to help with this. Although self-moderation allows users with no elevated privileges to block abusive behavior, it is sometime necessary to get an instance administrator involved.

It is now possible to report users, organizations, repositories, issues, pull request or comments that should be looked at by instance administrators. A category and an explanation of why the content is problematic must be attached.

Reporting abusive content

Those reports are then made available in the admin interface.

Administrative interface for abusive content reports

When multiple reports are submitted for the same content, they are grouped and the counter from the right side shows how many open reports are linked to that content. Clicking on this counter will open a details page where the full details of all grouped reports can be viewed.

Migration from Pagure

Repositories from Pagure can be migrated to Forgejo. It can be used, for instance, in the context of the transition of Fedora from Pagure to Forgejo that was decided in December 2024.

Icon of pagure in the migration page

Configurable global 2FA enforcement

The [security].GLOBAL_TWO_FACTOR_REQUIREMENT setting was added to require two factor authentication (TOTP, etc.) for either all users or instance administrators.

Admin panel showing global 2FA enforcement

Avatar image privacy

Uploaded avatar images can sometimes contain unexpected metadata such as the location where the image was created, or the device the image was created with, stored in a format called EXIF. Forgejo now removes EXIF data when custom user and repository images are uploaded in order to reduce the risk of personally identifiable information being leaked unexpectedly.

A new CLI subcommand forgejo doctor avatar-strip-exif can be used to strip EXIF information from all existing avatars; we recommend that administrators run this command once after upgrade in order to minimize this risk for existing stored files.

View previous Forgejo Actions attempts

It is now possible to view previous logs for Actions runs that have been retried.

Run attempt dropdown

Static check of Actions workflow files

Forgejo Actions workflows are statically verified in the web UI for common errors such as using an incorrect context (e.g. ${{ badcontext.FORGEJO_REPOSITORY }}) or a typo in a required keyword (e.g. ruins-on: instead of runs-on:). It is reported in the action page and the web page that displays the file in the repository.

This is in addition to similar tooling provided by the Forgejo runner itself and helps detect errors as soon as possible.

Workflow validation error example

Show CI status on force push

When force-pushing to a pull request, a line is added to the conversation view to compare the two. However, the CI status of commits in such line was hidden behind an additional click. It is now displayed next to the SHA of each commit, similar to commits from normal pushes.

CI status in the pull request conversation page

Markdown editor bold & italic keyboard shortcuts

Keyboard shortcuts were implemented in the markdown editor for formatting features Bold and Italic so that they can be used more quickly. Behavior of using shortcuts is the same as clicking the buttons.

Tooltip showing how to use keyboard shortcuts for bold and italics

Timestamps on release attachments

The time when a release attachment was uploaded is now shown among other information about it.

Timestamp tooltip on a release attachment

Tags are shown in commit lists

When viewing repository’s commits, tags are now shown next to the commits they are associated with.

Tags shown in the list of commits

Logger mode settings LOGGER_<NAME>_MODE

The logger settings were renamed from logger.<name>.MODE to LOGGER_<NAME>_MODE to help setting them with environment variables when using a container image. For instance:

docker run --rm -e FORGEJO__log__LOGGER_ACCESS_MODE=file ... codeberg.org/forgejo/forgejo:13

Configuration files using logger.<name>.MODE are still supported but they are no longer documented. This change is specially useful when the name of the setting goes through various transformations that convert lowercase to uppercase, such as the Forgejo helm chart.

Release schedule and Long Term Support

The time based release schedule was established to publish a release every three months. Patch releases will be published more frequently, depending on the severity of the bug or security fixes they contain.

VersionRelease dateEnd Of Life
11.0 (LTS)16 April 202516 July 2026
13.016 October 202515 January 2026
14.015 January 202616 April 2026

13.0-test daily releases

Releases are built daily from the latest changes found in the v13.0/forgejo development branch. They are deployed to the https://v13.next.forgejo.org instance for manual verification in case a bug fix is of particular interest ahead of the next patch release. It can also be installed locally with:

Their names are staying the same but they are replaced by new builds every day.

Get Forgejo v13.0

See the download page for instructions on how to install Forgejo, and read the release notes for more information.

Upgrading

Carefully read the breaking bug fixes section of the release notes.

The actual upgrade process is as simple as replacing the binary or container image with the corresponding Forgejo binary or container image. If you’re using the container images, you can use the 13.0 tag to stay up to date with the latest 13.0.Y patch release automatically.

Make sure to check the Forgejo upgrade documentation for recommendations on how to properly backup your instance before the upgrade.

Contribute to Forgejo

If you have any feedback or suggestions for Forgejo do not hold back, it is also your project. Open an issue in the issue tracker for feature requests or bug reports, reach out on the Fediverse, or drop into the Matrix space (main chat room) and say hi!

Forgejo is proud to be funded transparently. Additionally, it accept donations through Liberapay. It is also possible to donate to Codeberg e.V. in case the Liberapay option does not work out for you, and part of the funding is used to compensate for work on Forgejo.

However, the Liberapay team allows for money to go directly to developers without a round-trip to Codeberg. Additionally, Liberapay allows for a steady and reliable funding stream next to other options, a crucial aspect for the project. The distribution of funds through Liberapay is transparently controlled using the decision-making process, and Forgejo contributors are encouraged to consider applying to benefit from this funding opportunity.

Thank you for using Forgejo and considering a donation, in case your financial situation allows you to.