## Release notes - Security bug fixes - [PR](https://codeberg.org/forgejo/forgejo/pulls/12028): Update dependency go to v1.25.9 (v14.0/forgejo) - User Interface bug fixes - [PR](https://codeberg.org/forgejo/forgejo/pulls/11614) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11725)): Make overflow-menu Web Component scroll / overflow with JS off - Localization - Updates from from Codeberg Translate: [#12039](https://codeberg.org/forgejo/forgejo/pulls/12039) (backport of [#11460](https://codeberg.org/forgejo/forgejo/pulls/11460), [#11810](https://codeberg.org/forgejo/forgejo/pulls/11810)) - Bug fixes - [PR](https://codeberg.org/forgejo/forgejo/pulls/11821) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11850)): fix: out of synchronization error after interrupting a PR merge by user-agent disconnect - [PR](https://codeberg.org/forgejo/forgejo/pulls/11623) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11742)): fix: comment attachment API is more restrictive than the web UI - [PR](https://codeberg.org/forgejo/forgejo/pulls/11642) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11658)): fix: don't trip deleting attachment with missing permission error - Included for completeness but not user-facing (chores, etc.) - [PR](https://codeberg.org/forgejo/forgejo/pulls/11885): Update dependency happy-dom to v20.8.9 [SECURITY] (v14.0/forgejo) - [PR](https://codeberg.org/forgejo/forgejo/pulls/11296) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11317)): PAM: portable error reporting - [PR](https://codeberg.org/forgejo/forgejo/pulls/11899): Update github.com/go-git/go-git/v5 (indirect) to v5.17.1 [SECURITY] (v14.0/forgejo) - [PR](https://codeberg.org/forgejo/forgejo/pulls/11838): Update dependency happy-dom to v20.8.8 [SECURITY] (v14.0/forgejo) - [PR](https://codeberg.org/forgejo/forgejo/pulls/11828): Update module golang.org/x/net to v0.51.0 [SECURITY] (v14.0/forgejo) - [PR](https://codeberg.org/forgejo/forgejo/pulls/11820): Update module golang.org/x/image to v0.38.0 [SECURITY] (v14.0/forgejo) - [PR](https://codeberg.org/forgejo/forgejo/pulls/11801) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11802)): ci: update tests to run debian trixie, remove manual installation from `testing` - [PR](https://codeberg.org/forgejo/forgejo/pulls/11733) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11737)): fix: prevent container registry headers from leaking into other registries - [PR](https://codeberg.org/forgejo/forgejo/pulls/11691) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11722)): fix: remove template file from generated repo - [PR](https://codeberg.org/forgejo/forgejo/pulls/11624) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11626)): chore(deps): bump xorm to v1.3.9-forgejo.8 - [PR](https://codeberg.org/forgejo/forgejo/pulls/11616) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11625)): fix: remove second challenge from WWW-Authenticate header - [PR](https://codeberg.org/forgejo/forgejo/pulls/11588) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11613)): fix: webhook/discord: omit empty embeds.footer from the payload for Spacebar compatibility - [PR](https://codeberg.org/forgejo/forgejo/pulls/11585) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11596)): fix(issue-search): delete issue from indexer on DeleteIssue - [PR](https://codeberg.org/forgejo/forgejo/pulls/11442) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11594)): fix: enforce package quota against package owner, not uploader