peezy-tech/jojo
2
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2026-05-15 07:20:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 11
jojo/release-notes-published/15.0.1.md
forgejo-release-manager 993b419fe3 chore(release-notes): Forgejo v15.0.1 (#12314) 
https://codeberg.org/forgejo/forgejo/milestone/76566
Co-authored-by: viceice <michael.kriese@gmx.de>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12314
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2026-04-29 14:37:45 +02:00

29 lines
7.9 KiB
Markdown
Raw Blame History

<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Security bug fixes
- [PR](https://codeberg.org/forgejo/forgejo/pulls/12293): <!--number 12293 --><!--line 0 --><!--description V2hlbiBhIHB1bGwgcmVxdWVzdCBpcyBvcGVuZWQsIHRoZSBhdXRob3IgaXMgYWJsZSB0byBtYXJrIHRoYXQgcHVsbCByZXF1ZXN0IHRvICJBbGxvdyBlZGl0cyBmcm9tIG1haW50YWluZXJzIiwgd2hpY2ggZ3JhbnRzIHRoZSBtYWludGFpbmVycyBvZiB0aGUgcHVsbCByZXF1ZXN0J3MgcmVwbyBhY2Nlc3MgdG8gZWRpdCB0aGUgcHVsbCByZXF1ZXN0IGJyYW5jaCBjb250ZW50cy4gIEl0IGlzIHBvc3NpYmxlIHRvIGNyZWF0ZSBhIHB1bGwgcmVxdWVzdCB3aGVyZSB0aGUgcHVsbCByZXF1ZXN0IGF1dGhvciBkb2VzIG5vdCBoYXZlIHRoZSBhYmlsaXR5IHRvIGVkaXQgdGhlIHB1bGwgcmVxdWVzdCBicmFuY2guICBEdWUgdG8gYSBtaXNzaW5nIHNlY3VyaXR5IGNoZWNrIGZvciB0aGlzIGNhc2UsIG1haW50YWluZXJzIG9mIHRoZSBwdWxsIHJlcXVlc3QgcmVwbyB3b3VsZCBiZSBncmFudGVkIHRoZSBhYmlsaXR5IHRvIGVkaXQgdGhlIHB1bGwgcmVxdWVzdCBicmFuY2gsIGV2ZW4gaWYgdGhlIGF1dGhvciBvZiB0aGUgcHVsbCByZXF1ZXN0IGRpZCBub3QgaGF2ZSB0aGF0IGFiaWxpdHkuICBCeSBleHBsb2l0aW5nIHRoaXMgbWlzc2luZyBzZWN1cml0eSBjaGVjaywgYSB1c2VyIGNhbiBlZGl0IGFueSBicmFuY2ggaW4gYSByZXBvc2l0b3J5IGlmIHRoZXkncmUgYWJsZSB0byBmb3JrIHRoYXQgcmVwb3NpdG9yeS4gIFRoZSBpc3N1ZSBpcyBiZWluZyBmaXhlZCBieSByZXN0cmljdGluZyB0aGUgc2NvcGUgb2YgIkFsbG93IGVkaXRzIGZyb20gbWFpbnRhaW5lcnMiIHRvIG9ubHkgZ3JhbnQgdGhhdCBhY2Nlc3MgaWYgdGhlIHB1bGwgcmVxdWVzdCBhdXRob3IgYWxzbyBoYWQgYWNjZXNzIHRvIGVkaXQgdGhlIGJyYW5jaC4=-->When a pull request is opened, the author is able to mark that pull request to "Allow edits from maintainers", which grants the maintainers of the pull request's repo access to edit the pull request branch contents. It is possible to create a pull request where the pull request author does not have the ability to edit the pull request branch. Due to a missing security check for this case, maintainers of the pull request repo would be granted the ability to edit the pull request branch, even if the author of the pull request did not have that ability. By exploiting this missing security check, a user can edit any branch in a repository if they're able to fork that repository. The issue is being fixed by restricting the scope of "Allow edits from maintainers" to only grant that access if the pull request author also had access to edit the branch.<!--description-->
- Localization
- Backport of translations from Codeberg Translate: [#12306](https://codeberg.org/forgejo/forgejo/pulls/12306) (backport of [#12128](https://codeberg.org/forgejo/forgejo/pulls/12128))
- Bug fixes
- [PR](https://codeberg.org/forgejo/forgejo/pulls/11685) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12171)): <!--number 12171 --><!--line 0 --><!--description Zml4OiBhbHdheXMgaW5jbHVkZSBmaWxlcyBzZXQgdG8gYmUgZGV0ZWN0YWJsZSBmb3IgbGFuZ3VhZ2Ugc3RhdHM=-->fix: always include files set to be detectable for language stats<!--description-->
- [PR](https://codeberg.org/forgejo/forgejo/pulls/12079) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12166)): <!--number 12166 --><!--line 0 --><!--description RXhjbHVkZSBTU0ggY2VydGlmaWNhdGUgcHJpbmNpcGFscyBmcm9tIG91dHB1dCB3aGVuIHZpZXdpbmcgdXNlcidzIFNTSCBrZXlz-->Exclude SSH certificate principals from output when viewing user's SSH keys<!--description-->
- Included for completeness but not user-facing (chores, etc.)
- [PR](https://codeberg.org/forgejo/forgejo/pulls/12156) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12317)): <!--number 12317 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9mb3JnZWpvL2Zvcmdlam8tYnVpbGQtcHVibGlzaCBhY3Rpb24gdG8gdjUuNi4wIChmb3JnZWpvKQ==-->Update https://data.forgejo.org/forgejo/forgejo-build-publish action to v5.6.0 (forgejo)<!--description-->
- [PR](https://codeberg.org/forgejo/forgejo/pulls/12271) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12272)): <!--number 12272 --><!--line 0 --><!--description Zml4OiBhbGxvdyB2aWV3aW5nIEFjdGlvbnMgcnVuIHRyaWdnZXJlZCBieSBkZWxldGVkIHVzZXI=-->fix: allow viewing Actions run triggered by deleted user<!--description-->
- [PR](https://codeberg.org/forgejo/forgejo/pulls/12255): <!--number 12255 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgcG9zdGNzcyB0byB2OC41LjEwIFtTRUNVUklUWV0gKHYxNS4wL2Zvcmdlam8p-->Update dependency postcss to v8.5.10 [SECURITY] (v15.0/forgejo)<!--description-->
- [PR](https://codeberg.org/forgejo/forgejo/pulls/12235): <!--number 12235 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2phY2tjL3BneC92NSB0byB2NS45LjIgW1NFQ1VSSVRZXSAodjE1LjAvZm9yZ2Vqbyk=-->Update module github.com/jackc/pgx/v5 to v5.9.2 [SECURITY] (v15.0/forgejo)<!--description-->
- [PR](https://codeberg.org/forgejo/forgejo/pulls/12227) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12233)): <!--number 12233 --><!--line 0 --><!--description Zml4OiBjb21wYXJlIGJyYW5jaGVzIHdpdGggbmFtZXMgYGRpZmZgIG9yIGBwYXRjaGA=-->fix: compare branches with names `diff` or `patch`<!--description-->
- [PR](https://codeberg.org/forgejo/forgejo/pulls/12224) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12229)): <!--number 12229 --><!--line 0 --><!--description Zml4OiByZXNvbHZlIG91dGVyIHdvcmtmbG93IGNhbGwgdG8gc3VjY2Vzcywgbm90IGZhaWx1cmUsIG9uIGlubmVyIGpvYiBza2lw-->fix: resolve outer workflow call to success, not failure, on inner job skip<!--description-->
- [PR](https://codeberg.org/forgejo/forgejo/pulls/12218): <!--number 12218 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvaW1hZ2UgdG8gdjAuMzkuMCAodjE1LjAvZm9yZ2Vqbyk=-->Update module golang.org/x/image to v0.39.0 (v15.0/forgejo)<!--description-->
- [PR](https://codeberg.org/forgejo/forgejo/pulls/12213) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12216)): <!--number 12216 --><!--line 0 --><!--description Zml4OiBzZWNyZXQgbmFtZS1wcmVmaXggcmVnZXg=-->fix: secret name-prefix regex<!--description-->
- [PR](https://codeberg.org/forgejo/forgejo/pulls/12214) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12215)): <!--number 12215 --><!--line 0 --><!--description Zml4KHVpKTogYWxsb3cgY3JlYXRpbmcgZmlsZXMgd2l0aCBuYW1lIHN0YXJ0aW5nIHdpdGggZGFzaA==-->fix(ui): allow creating files with name starting with dash<!--description-->
- [PR](https://codeberg.org/forgejo/forgejo/pulls/12151) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12199)): <!--number 12199 --><!--line 0 --><!--description Zml4OiBDb2RlTWlycm9yIGUyZSB0ZXN0-->fix: CodeMirror e2e test<!--description-->
- [PR](https://codeberg.org/forgejo/forgejo/pulls/12183) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12185)): <!--number 12185 --><!--line 0 --><!--description Zml4KGkxOG4pOiBkb24ndCBsb2cgaGFybWxlc3MgbWlzc2luZyB0cmFuc2xhdGlvbnMgYXMgZXJyb3Jz-->fix(i18n): don't log harmless missing translations as errors<!--description-->
- [PR](https://codeberg.org/forgejo/forgejo/pulls/12177): <!--number 12177 --><!--line 0 --><!--description VXBkYXRlIGdpdGh1Yi5jb20vZ28tZ2l0L2dvLWdpdC92NSAoaW5kaXJlY3QpIHRvIHY1LjE4LjAgW1NFQ1VSSVRZXSAodjE1LjAvZm9yZ2VqbykgLSBhdXRvY2xvc2Vk-->Update github.com/go-git/go-git/v5 (indirect) to v5.18.0 [SECURITY] (v15.0/forgejo) - autoclosed<!--description-->
- [PR](https://codeberg.org/forgejo/forgejo/pulls/12154): <!--number 12154 --><!--line 0 --><!--description Y2hvcmU6IGJ1bXAgeG9ybSB0byB2MS4zLjktZm9yZ2Vqby4xMQ==-->chore: bump xorm to v1.3.9-forgejo.11<!--description-->
- [PR](https://codeberg.org/forgejo/forgejo/pulls/12144) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12150)): <!--number 12150 --><!--line 0 --><!--description Zml4OiBtYWtlIC9yZXBvcy9zZWFyY2g/dWlkPS0yIHJldHVybiB6ZXJvIHJlc3VsdHMsIG5vIHJlcG9zIHdpdGggdGhhdCBvd25lcg==-->fix: make /repos/search?uid=-2 return zero results, no repos with that owner<!--description-->
- [PR](https://codeberg.org/forgejo/forgejo/pulls/12143) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12147)): <!--number 12147 --><!--line 0 --><!--description Zml4OiBjb250aW51ZWQgQVBJIHJlc3BvbnNlIHByb2Nlc3NpbmcgYWZ0ZXIgZXJyb3IgaW4gYC9yZXBvcy9zZWFyY2hgIEFQSQ==-->fix: continued API response processing after error in `/repos/search` API<!--description-->
<!--end release-notes-assistant-->
Reference in a new issue View git blame Copy permalink