mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-01 13:44:06 +01:00
Merge pull request '[DOCS] RELEASE-NOTES: 1.19.3-0' (#703) from dachary/forgejo:doc-release-notes-1.19 into forgejo-development
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/703
This commit is contained in:
commit
0312983dcb
1 changed files with 29 additions and 0 deletions
|
@ -4,6 +4,35 @@ A Forgejo release is published shortly after a Gitea release is published and th
|
|||
|
||||
The Forgejo admin should carefully read the required manual actions before upgrading. A point release (e.g. v1.19.1 or v1.19.2) does not require manual actions but others might (e.g. v1.18.0, v1.19.0).
|
||||
|
||||
## 1.19.3-0
|
||||
|
||||
The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.19/forgejo) included in the `Forgejo v1.19.3-0` release can be reviewed from the command line with:
|
||||
|
||||
```shell
|
||||
$ git clone https://codeberg.org/forgejo/forgejo/
|
||||
$ git -C forgejo log --oneline --no-merges v1.19.2-0..v1.19.3-0
|
||||
```
|
||||
|
||||
This stable release contains security fixes.
|
||||
|
||||
* Recommended Action
|
||||
|
||||
We recommend that all Forgejo installations are upgraded to the latest version.
|
||||
|
||||
* [Forgejo Semantic Version](https://forgejo.org/docs/v1.19/user/semver/)
|
||||
|
||||
The semantic version was updated from `4.2.0+0-gitea-1.19.2` to `4.2.1+0-gitea-1.19.3` because of the rebuild with [Go version 1.20.4](https://github.com/golang/go/issues?q=milestone%3AGo1.20.4+label%3ACherryPickApproved).
|
||||
|
||||
* Security fixes
|
||||
|
||||
* Forgejo was recompiled with Go version v1.20.4 published 2 May 2023. It fixes [three vulnerabilities](https://github.com/golang/go/issues?q=milestone%3AGo1.20.4+label%3ACherryPickApproved) ([CVE-2023-29400](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400), [CVE-2023-24540](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540), [CVE-2023-24539](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539)) related to the [html/template](https://pkg.go.dev/html/template) package. The [Forgejo security team](https://forgejo.org/.well-known/security.txt) analyzed the security fixes it contains and concluded that Forgejo is not affected but recommended a rebuild as a precaution.
|
||||
|
||||
* Bug fixes
|
||||
|
||||
The most prominent one is described here, others can be found in the list of commits included in the release as described above.
|
||||
|
||||
* [Allow user that are not signed in to browse the tag list](https://codeberg.org/forgejo/forgejo/commit/e76b3f72b23bf778a562682d829744451b27d615). Requiring users to be signed in to view the tag list was a regression introduced in Forgejo v1.19.2-0.
|
||||
|
||||
## 1.19.2-0
|
||||
|
||||
The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.19/forgejo) included in the `Forgejo v1.19.2-0` release can be reviewed from the command line with:
|
||||
|
|
Loading…
Reference in a new issue