We are proud to present the release of Gitea version 1.18.0.
We highly encourage users to update to this version for some important bug-fixes, but make sure to check out the breaking changes.
We have merged 535 pull requests to release this version.
We would like to thank @pboguslawski for reporting the reverse proxy authentication issue, and @zeripath for the subsequent fix.
We would also like to thank @appleboy and @silverwind for the other security fixes in this release.
We would also like to thank all of our supporters on Open Collective who are helping to sustain us financially.
Have you heard? We now have a swag shop! 👕 🍵
Now, let's get into the changes!
Access to the API was removed for ReverseProxy authentication. Users will now be required to use tokens or basic auth.
- If you specify credentials for sending emails but the server doesn't support using them, Gitea will fail to start instead of sending mails unauthenticated.
- Use unique
mailer.PROTOCOLfor different mailers (SMTP family, sendmail, dummy), instead of
- The combined
mailer.HOSToption has been deprecated in favor of the new
mailer.IS_TLS_ENABLEDoption has been deprecated in favor of using the new
mailer.PROTOCOLoption, which accepts
smtp+unixexplicitly. If you don't know what protocol your provider uses but provide a port, you can leave it blank and it will be inferred by the given port. See the non-breaking changes section for more details on the new
mailer.DISABLE_HELO(default false) option has been replaced with
mailer.ENABLE_HELO(default true). It still does the same thing, but the option was negated to be less confusing.
mailer.SKIP_VERIFYoption has been replaced with
mailer.FORCE_TRUST_SERVER_CERTto sound scarier, and to clarify what it does.
mailer.KEY_FILEhave been deprecated and renamed to
picture.ENABLE_FEDERATED_AVATAR, have been copied to database config setting table so that admins can change them in the admin panel without restarting the gitea service.
The existing config settings in
app.ini will be migrated to the database on first run after upgrading, then the database settings will take precedence.
Gitea 1.18 completelely removes U2F support. Users should migrate to webauthn if they haven't already.
Any user with custom templates will be affected by this and will need to replace
MD5 function was removed due being insecure, and due to being unused with the new approach.
Any user with custom templates will be affected by this and will need to remove any occurrence of the
It is now possible to see what a given color will look like in markdown, given you wrap the color inside
With Gitea 1.18, the following new registries/functionalities are supported:
- Chocolatey/NuGet v2 API (.NET)
- Vagrant packages (language agnostic)
- npm unpublish (JS/TS)
- Pub packages (Dart)
This means that at the moment, the following languages/types can be stored as a package:
- Composer (PHP)
- Conan (C++)
- Container Images
- Generic (raw binaries)
- Helm Charts
- Maven (Java)
- NuGet (.NET, C#/VB)
- Pub (Dart)
- PyPI (Python)
- RubyGems (Ruby)
- Vagrant Boxes
The Gitea API now allows you to get a list of files that were changed in a given PR.
It is now easier than ever before to navigate inside the changes of a Pull Request:
As you can see in the screenshot on the left, this tree represents the file structure of the changes, and can be used to navigate quickly to wherever you want to look.
Tip: The tree is sorted alphabetically, so if you know what you want to find, you'll be quickly able to.
Gitea now supports issue and PR forms as an alternative to free-form markdown.
As you can see above, you can require with these forms that certain standards are being met, while being more user-friendly and intuitive at the same time.
Gitea can now render mathematical formulas using latex syntax inside
\(…\) in markdown content.
Gitea now tries to match a user's language setting with specially named READMEs to determine which to display.
For example, if a user is using
zh-CN as language, then the following READMEs will be considered in that order:
You can now send a request to someone (who has no account on your instance yet) to join a team via email.
Once they are invited, they can register and join the team via link.
Previously, Gitea used a rather erroneous system to detect invisible/confusable characters.
The algorithm was now updated to a version that resembles the behavior of Visual Studio Code, which should hopefully produce fewer errors.
Users can now enable and use code search across an entire user or organization.
Say goodbye to having to guess if, and where, some text might be located inside the specific repos.
To use this feature, you need to have an indexer configured.
Gitea can now serve a sitemap automatically, to let search engines know what content is available.
Previously, all configurations were done inside your
This isn't necessarily the case anymore, as Gitea now also has a database table
system_setting that can be used to store settings.
This table has two benefits:
- The app.ini won't grow as much anymore as it did previously
- Settings inside the database can also be updated while the instance is running, even from the UI where set up
At the moment, only two settings (
picture.enable_federated_avatar) have been migrated to the database table.
Gitea can now sync push mirrors whenever a new commit is pushed.
Look for the new checkbox in
Mirror Settings to enable it.
As many admins of instances with open registration will have noticed already:
From time to time, spam users will register.
Previously, admins had a hard time removing such a user.
This is now much easier, as you can purge any trace of a user simply by executing
gitea admin user delete --purge $USER. \
Alternatively, you can also check
Purge User inside the UI when deleting that user from the admin dashboard.
- Add color previews in markdown (#21474)
- Allow package version sorting (#21453)
- Add support for Chocolatey/NuGet v2 API (#21393)
- Add API endpoint to get changed files of a PR (#21177)
- Add filetree on left of diff view (#21012)
- Support Issue forms and PR forms (#20987)
- Add support for Vagrant packages (#20930)
- Add support for
- Add badge capabilities to users (#20607)
- Add issue filter for Author (#20578)
- Add KaTeX rendering to Markdown. (#20571)
- Add support for Pub packages (#20560)
- Support localized README (#20508)
- Add support mCaptcha as captcha provider (#20458)
- Add team member invite by email (#20307)
- Added email notification option to receive all own messages (#20179)
- Switch Unicode Escaping to a VSCode-like system (#19990)
- Add user/organization code search (#19977)
- Only show relevant repositories on explore page (#19361)
- User keypairs and HTTP signatures for ActivityPub federation using go-ap (#19133)
- Add sitemap support (#18407)
- Allow creation of OAuth2 applications for orgs (#18084)
- Add system setting table with cache and also add cache supports for user setting (#18058)
- Add pages to view watched repos and subscribed issues/PRs (#17156)
- Support Proxy protocol (#12527)
- Implement sync push mirror on commit (#19411)
- Allow empty assignees on pull request edit (#22150) (#22214)
- Make external issue tracker regexp configurable via API (#21338)
- Add name field for org api (#21270)
- Show teams with no members if user is admin (#21204)
- Add latest commit's SHA to content response (#20398)
- Add allow_rebase_update, default_delete_branch_after_merge to repository api response (#20079)
- Add new endpoints for push mirrors management (#19841)
- Add setting to disable the git apply step in test patch (#22130) (#22170)
- Multiple improvements for comment edit diff (#21990) (#22007)
- Fix button in branch list, avoid unexpected page jump before restore branch actually done (#21562) (#21928)
- Fix flex layout for repo list icons (#21896) (#21920)
- Fix vertical align of committer avatar rendered by email address (#21884) (#21918)
- Fix setting HTTP headers after write (#21833) (#21877)
- Color and Style enhancements (#21784, #21799) (#21868)
- Ignore line anchor links with leading zeroes (#21728) (#21776)
- Quick fixes monaco-editor error: "vs.editor.nullLanguage" (#21734) (#21738)
- Use CSS color-scheme instead of invert (#21616) (#21623)
- Respect user's locale when rendering the date range in the repo activity page (#21410)
commits-tablecolumn width (#21564)
- Refactor git command arguments and make all arguments to be safe to be used (#21535)
- CSS color enhancements (#21534)
- Add link to user profile in markdown mention only if user exists (#21533, #21554)
- Add option to skip index dirs (#21501)
- Diff file tree tweaks (#21446)
- Localize all timestamps (#21440)
codehighlighting in issue titles (#21432)
- Use Name instead of DisplayName in LFS Lock (#21415)
- Consolidate more CSS colors into variables (#21402)
- Redirect to new repository owner (#21398)
- Use ISO date format instead of hard-coded English date format for date range in repo activity page (#21396)
- Use weighted algorithm for string matching when finding files in repo (#21370)
- Show private data in feeds (#21369)
- Refactor parseTreeEntries, speed up tree list (#21368)
- Add GET and DELETE endpoints for Docker blob uploads (#21367)
- Add nicer error handling on template compile errors (#21350)
ToCommitfunction for speed (#21337)
- Support instance-wide OAuth2 applications (#21335)
- Record OAuth client type at registration (#21316)
- Add new CSS variables --color-accent and --color-small-accent (#21305)
- Improve error descriptions for unauthorized_client (#21292)
- Case-insensitive "find files in repo" (#21269)
- Consolidate more CSS rules, fix inline code on arc-green (#21260)
- Log real ip of requests from ssh (#21216)
- Save files in local storage as group readable (#21198)
- Enable fluid page layout on medium size viewports (#21178)
- File header tweaks (#21175)
- Added missing headers on user packages page (#21172)
- Display image digest for container packages (#21170)
- Skip dirty check for team forms (#21154)
- Keep path when creating a new branch (#21153)
- Remove fomantic image module (#21145)
- Make labels clickable in the comments section. (#21137)
- Sort branches and tags by date descending (#21136)
- Better repo API unit checks (#21130)
- Improve commit status icons (#21124)
- Limit length of repo description and repo url input fields (#21119)
- Show .editorconfig errors in frontend (#21088)
- Allow poster to choose reviewers (#21084)
- Remove black labels and CSS cleanup (#21003)
- Make e-mail sanity check more precise (#20991)
- Use native inputs in whitespace dropdown (#20980)
- Enhance package date display (#20928)
- Display total blob size of a package version (#20927)
- Show language name on hover (#20923)
- Show instructions for all generic package files (#20917)
- Refactor AssertExistsAndLoadBean to use generics (#20797)
- Move the official website link at the footer of gitea (#20777)
- Add support for full name in reverse proxy auth (#20776)
- Remove useless JS operation for relative time tooltips (#20756)
- Replace some icons with SVG (#20741)
- Change commit status icons to SVG (#20736)
- Improve single repo action for issue and pull requests (#20730)
- Allow multiple files in generic packages (#20661)
- Add option to create new issue from /issues page (#20650)
- Background color of private list-items updated (#20630)
- Added search input field to issue filter (#20623)
- Increase default item listing size
ISSUE_PAGING_NUMto 20 (#20547)
- Modify milestone search keywords to be case insensitive again (#20513)
- Show hint to link package to repo when viewing empty repo package list (#20504)
- Add Tar ZSTD support (#20493)
- Make code review checkboxes clickable (#20481)
- Add "X-Gitea-Object-Type" header for GET
- Display project in issue list (#20434)
- Prepend commit message to template content when opening a new PR (#20429)
- Replace fomantic popup module with tippy.js (#20428)
- Allow to specify colors for text in markup (#20363)
- Allow access to the Public Organization Member lists with minimal permissions (#20330)
- Use default values when provided values are empty (#20318)
- Vertical align navbar avatar at middle (#20302)
- Delete cancel button in repo creation page (#21381)
- Include login_name in adminCreateUser response (#20283)
- fix: icon margin in user/settings/repos (#20281)
- Remove blue text on migrate page (#20273)
- Modify milestone search keywords to be case insensitive (#20266)
- Move some files into models' sub packages (#20262)
- Add tooltip to repo icons in explore page (#20241)
- Remove deprecated licenses (#20222)
- Webhook for Wiki changes (#20219)
- Share HTML template renderers and create a watcher framework (#20218)
- Allow enable LDAP source and disable user sync via CLI (#20206)
- Adds a checkbox to select all issues/PRs (#20177)
- Disable status checks in template if none found (#20088)
- Allow manager logging to set SQL (#20064)
- Add order by for assignee no sort issue (#20053)
- Take a stab at porting existing components to Vue3 (#20044)
- Add doctor command to write commit-graphs (#20007)
- Add support for authentication based on reverse proxy email (#19949)
- Enable spellcheck for EasyMDE, use contenteditable mode (#19776)
- Allow specifying SECRET_KEY_URI, similar to INTERNAL_TOKEN_URI (#19663)
- Rework mailer settings (#18982)
- Add option to purge users (#18064)
- Add author search input (#21246)
- Make rss/atom identifier globally unique (#21550)
- Auth interface return error when verify failure (#22119) (#22259)
- Use complete SHA to create and query commit status (#22244) (#22257)
- Update bleve and zapx to fix unaligned atomic (#22031) (#22218)
- Prevent panic in doctor command when running default checks (#21791) (#21807)
- Load GitRepo in API before deleting issue (#21720) (#21796)
- Ignore line anchor links with leading zeroes (#21728) (#21776)
- Set last login when activating account (#21731) (#21755)
- Fix UI language switching bug (#21597) (#21749)
- Quick fixes monaco-editor error: "vs.editor.nullLanguage" (#21734) (#21738)
- Allow local package identifiers for PyPI packages (#21690) (#21727)
- Deal with markdown template without metadata (#21639) (#21654)
- Fix opaque background on mermaid diagrams (#21642) (#21652)
- Fix repository adoption on Windows (#21646) (#21650)
- Sync git hooks when config file path changed (#21619) (#21626)
- Fix 500 on PR files API (#21602) (#21607)
- Fix viewing user subscriptions (#21482)
- Fix mermaid-related bugs (#21431)
- Fix branch dropdown shifting on page load (#21428)
- Fix default theme-auto selector when nologin (#21346)
- Fix and improve incorrect error messages (#21342)
- Fix formatted link for PR review notifications to matrix (#21319)
- Center-aligning content of WebAuthN page (#21127)
- Remove follow from commits by file (#20765)
- Fix commit status popup (#20737)
- Fix init mail render logic (#20704)
- Use correct page size for link header pagination (#20546)
- Preserve unix socket file (#20499)
- Use tippy.js for context popup (#20393)
- Add missing parameter for error in log message (#20144)
- Do not allow organisation owners add themselves as collaborator (#20043)
- Rework file highlight rendering and fix yaml copy-paste (#19967)
- Improve code diff highlight, fix incorrect rendered diff result (#19958)