mirror of
				https://codeberg.org/forgejo/forgejo.git
				synced 2025-10-25 11:33:11 +00:00 
			
		
		
		
	chore(release-notes): Forgejo v11.0.1 (#7764)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7764 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org> Co-committed-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
This commit is contained in:
		
					parent
					
						
							
								5ac2c0a2ba
							
						
					
				
			
			
				commit
				
					
						481c7aaf19
					
				
			
		
					 1 changed files with 31 additions and 0 deletions
				
			
		
							
								
								
									
										31
									
								
								release-notes-published/11.0.1.md
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										31
									
								
								release-notes-published/11.0.1.md
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,31 @@ | |||
| 
 | ||||
| 
 | ||||
| <!--start release-notes-assistant--> | ||||
| 
 | ||||
| ## Release notes | ||||
| <!--URL:https://codeberg.org/forgejo/forgejo--> | ||||
| - Security bug fixes | ||||
|   - [PR](https://codeberg.org/forgejo/forgejo/pulls/7752) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7753)): <!--number 7753 --><!--line 0 --><!--description Zml4KHNlYyk6IG9ubHkgZGVncmFkZSBwZXJtaXNzaW9uIGNoZWNrIGZvciBnaXQgcHVzaA==-->If [LFS](https://git-lfs.com/) is enabled on a Forgejo instance with `[server].LFS_START_SERVER = true` (this is not the default), it was possible for a registered user to upload LFS files to a repository to which they only had read access. It was not possible for an anonymous user to do the same, even if they had read access to a public repository. The permissions are now correctly enforced and uploading LFS files is only allowed for registered users with write permission to the associated repository. Files that were uploaded to LFS in this way will not be obtained when someone does a `git clone` or `git fetch` on the associated repository. It was also not possible to exploit the incorrect permission check to delete or override an existing LFS file. These are orphaned LFS files that can be removed from the `/settings/lfs` panel of the associated repository.<!--description--> | ||||
| - Security features | ||||
|   - [PR](https://codeberg.org/forgejo/forgejo/pulls/7693) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7756)): <!--number 7756 --><!--line 0 --><!--description Zml4KHNlYyk6IGNvbnNpZGVyIHdlYmF1dGhuIGZvciBleHRlcm5hbCBsb2dpbg==-->A user account with 2fa (two factor authentication) enrolled with a security key was not enforced when using an external account (e.g. Codeberg or GitHub). The security key is now required even when login in from an external account or linking a new external account to an existing local account, just as it is required when login in with a user and password. This problem did not exist with 2fa enrolled with [TOTP](https://en.wikipedia.org/wiki/Time-based_one-time_password).<!--description--> | ||||
| - User Interface bug fixes | ||||
|   - [PR](https://codeberg.org/forgejo/forgejo/pulls/7650) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7652)): <!--number 7652 --><!--line 0 --><!--description Zml4OiBkaXNwbGF5IHRoZSBsaXN0IG9mIHRhc2tzIGluIHRoZSBydW5uZXIgZWRpdCBwYWdl-->fix: display the list of tasks in the runner edit page<!--description--> | ||||
|   - [PR](https://codeberg.org/forgejo/forgejo/pulls/7581) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7589)): <!--number 7589 --><!--line 0 --><!--description Zml4KHVpKTogdXNlIGdhcCBpbiBzd2l0Y2ggaXRlbXM=-->fix(ui): use gap in switch items<!--description--> | ||||
|   - [PR](https://codeberg.org/forgejo/forgejo/pulls/7584) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7585)): <!--number 7585 --><!--line 0 --><!--description Zml4KHVpL3ByKTogdXNlIGV5ZSBpY29uIGZvciByZXZpZXdz-->fix(ui/pr): use eye icon for reviews<!--description--> | ||||
|   - [PR](https://codeberg.org/forgejo/forgejo/pulls/7583): <!--number 7583 --><!--line 0 --><!--description Zml4KHVpKTogcmVzY29wZSBtZW51IGhlaWdodCBwYXRjaCB0byBvdmVyZmxvdyBtZW51-->fix(ui): rescope menu height patch to overflow menu<!--description--> | ||||
|   - [PR](https://codeberg.org/forgejo/forgejo/pulls/7576): <!--number 7576 --><!--line 0 --><!--description Zml4KHVpKTogc2hvdyBjb21taXQgaWNvbiBpbiBicmFuY2ggZHJvcGRvd24gYnV0dG9uIHdoZW4gdmlld2luZyBhIGNvbW1pdA==-->fix(ui): show commit icon in branch dropdown button when viewing a commit<!--description--> | ||||
| - Localization | ||||
|   - [PR](https://codeberg.org/forgejo/forgejo/pulls/7743): <!--number 7743 --><!--line 0 --><!--description aTE4bjogYmFja3BvcnQgb2YgdHJhbnNsYXRpb24gdXBkYXRlcw==-->i18n: backport of translation updates<!--description--> | ||||
| - Bug fixes | ||||
|   - [PR](https://codeberg.org/forgejo/forgejo/pulls/7594) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7599)): <!--number 7599 --><!--line 0 --><!--description Zml4KGkxOG4pOiBwcmV2ZW50IGluY29ycmVjdCBsb2dnaW5nIG9uIHN0cmluZ3MgbWlzc2luZyBpbiBKU09OIGxvY2FsZXM=-->fix(i18n): prevent incorrect logging on strings missing in JSON locales<!--description--> | ||||
| - Included for completeness but not worth a release note | ||||
|   - [PR](https://codeberg.org/forgejo/forgejo/pulls/7715) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7729)): <!--number 7729 --><!--line 0 --><!--description Y2hvcmU6IHJlcGxhY2UgYGdpdGh1Yi5jb20vZ28tdGVzdGZpeHR1cmVzL3Rlc3RmaXh0dXJlc2A=-->chore: replace `github.com/go-testfixtures/testfixtures`<!--description--> | ||||
|   - [PR](https://codeberg.org/forgejo/forgejo/pulls/7720) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7723)): <!--number 7723 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZSk6IG5leHQtZGlnZXN0IG1vdmVkIHRvIGludmlzaWJsZS5mb3JnZWpvLm9yZw==-->chore(release): next-digest moved to invisible.forgejo.org<!--description--> | ||||
|   - [PR](https://codeberg.org/forgejo/forgejo/pulls/7685) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7694)): <!--number 7694 --><!--line 0 --><!--description Zml4OiB1c2UgYGxpbmd1aXN0LWdlbmVyYXRlZGAgZm9yIGxhbmd1YWdlIHN0YXRz-->fix: use `linguist-generated` for language stats<!--description--> | ||||
|   - [PR](https://codeberg.org/forgejo/forgejo/pulls/7687) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7691)): <!--number 7691 --><!--line 0 --><!--description Y2hvcmU6IHR1bmUgZG93biByZW1vdGUgdXNlciBwcm9tb3Rpb24gZGVidWcgbWVzc2FnZSBzaG93biBhcyBlcnJvcg==-->chore: tune down remote user promotion debug message shown as error<!--description--> | ||||
|   - [PR](https://codeberg.org/forgejo/forgejo/pulls/7683) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7688)): <!--number 7688 --><!--line 0 --><!--description Zml4OiBzZXQgZGVmYXVsdCByZXN0cmljdGVkIGZvciBPQXV0aDIgdXNlcg==-->fix: set default restricted for OAuth2 user<!--description--> | ||||
|   - [PR](https://codeberg.org/forgejo/forgejo/pulls/7648) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7649)): <!--number 7649 --><!--line 0 --><!--description Y2hvcmU6IG1lcmdlIHRlc3RzLkFkZEZpeHR1cmVzIGFuZCB1bml0dGVzdC5PdmVycmlkZUZpeHR1cmVz-->chore: merge tests.AddFixtures and unittest.OverrideFixtures<!--description--> | ||||
|   - [PR](https://codeberg.org/forgejo/forgejo/pulls/7616) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7642)): <!--number 7642 --><!--line 0 --><!--description Zml4KHVpKTogbWFrZSBwYWdpbmF0aW9uIGxhYmVscyBhbHdheXMgdmlzaWJsZSB0byBzY3JlZW5yZWFkZXI=-->fix(ui): make pagination labels always visible to screenreader<!--description--> | ||||
|   - [PR](https://codeberg.org/forgejo/forgejo/pulls/7597) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7601)): <!--number 7601 --><!--line 0 --><!--description Zml4OiBkZWxheS13cml0ZSB0cmFjZS5kYXQgZm9yIGZvcmdlam8gZGlhZ25vc2lz-->fix: delay-write trace.dat for forgejo diagnosis<!--description--> | ||||
|   - [PR](https://codeberg.org/forgejo/forgejo/pulls/7563): <!--number 7563 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL21hdHRuL2dvLXNxbGl0ZTMgdG8gdjEuMTQuMjggKHYxMS4wL2Zvcmdlam8p-->Update module github.com/mattn/go-sqlite3 to v1.14.28 (v11.0/forgejo)<!--description--> | ||||
| <!--end release-notes-assistant--> | ||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue