CHANGELOG.md 2.2 KB

Changelog

All notable changes to Gogs are documented in this file.

0.12.0+dev (master)

Added

  • Allow admin to remove observers from the repository. #5803
  • Use Last-Modified HTTP header for raw files. #5811
  • Support syntax highlighting for SAS code files (i.e. .r, .sas, .tex, .yaml). #5856
  • Able to fill in pull request title with a template. #5901
  • Able to override static files under public/ directory, please refer to documentation for usage. #5920

Changed

  • All assets are now embedded into binary and served from memory by default. Set [server] LOAD_ASSETS_FROM_DISK = true to load them from disk. #5920
  • Application and Go versions are removed from page footer and only show in the admin dashboard.
  • Build tag for running as Windows Service has been changed from miniwinsvc to minwinsvc.

Fixed

  • [Security] Potential open redirection with i18n.
  • [Security] Potential ability to delete files outside a repository.
  • [Security] Potential RCE on mirror repositories. #5767
  • [Security] Potential XSS attack with raw markdown API. #5907
  • Open/close milestone redirects to a 404 page. #5677
  • Disallow multiple tokens with same name. #5587 #5820
  • Enable Federated Avatar Lookup could cause server to crash. #5848
  • Private repositories are hidden in the organization's view. #5869
  • Server error when changing email address in user settings page. #5899

Removed

  • Configuration option [other] SHOW_FOOTER_VERSION

Older change logs can be found on GitHub.