Forgejo v9.0 is available. It is the first version to be released under a copyleft license. Forgejo has early support for a soft-quota that can protect your server from high disk usage due to abuse. It also removes support for go-git, considered too hazardous for daily usage compared to Git. The translations saw an unprecedented number of improvements thanks to the hackathon organized by Codeberg.
Read more →The Forgejo v8.0.1 & v7.0.7 releases contain a security fix for a cross-site scripting (XSS) vulnerability that allowed repository owners to create links that executed javascript when clicking on them.
Read more →Forgejo v8.0 is available with new features (support for workflow dispatch, better defaults to avoid spam on new instances etc.), a new approach to UI and UX, careful upgrade of dependencies to improve stability and security. Foundation parts for ActivityPub based federation and data portability were merged in, bringing these features closer to completion, but they're not available yet.
Read more →Forgejo v7.0 is available with translations in Bulgarian, Esperanto, Filipino and Slovenian; SourceHut builds integration; support for the SHA-256 hash function in Git; source code search by default and more. It also is the first Long Term Support version and will receive updates until July 2025. The adoption of semantic versioning is the reason for the version bump from v1.21 to v7.0 and is compatible with existing tools.
Read more →The Forgejo v1.21.11-0 release contains two security fixes: a privilege escalation that allows any registered user to change the visibility of any public repository; and a cross-site scripting (XSS) vulnerability that enabled attackers to run unsandboxed client-side scripts on pages served from the forge's domain.
Read more →