Skip to main content

Gitea 1.22.4 is released

· 4 min read
lunny
lunny
Gitea maintainer
1.22.4Release

We are proud to present the release of Gitea version 1.22.4.

We highly encourage users to update to this version for one security bug-fixes.

We have merged 48 pull requests to release this version.

We would like to give a special thanks to forgejo for reporting the timing attack against internal token which are fixed by #32473. Another security fix is webauthn inconsistent checking which are fixed by #32531. Thanks to @wxiaoguang and @lunny for fixing the problem.

You can download one of our pre-built binaries from our downloads page - make sure to select the correct platform! For further details on how to install, follow our installation guide.

We would also like to thank all of our supporters on Open Collective who are helping to sustain us financially.

Are you looking for a seamless, hassle-free solution to manage your Git repositories? Look no further! Gitea Cloud is here to revolutionize your development experience.

Changelog

1.22.4 - 2024-11-26

  • SECURITY
    • Fix basic auth with webauthn (#32531) (#32536)
    • Refactor internal routers (partial backport, auth token const time comparing) (#32473) (#32479)
  • PERFORMANCE
  • BUGFIXES
    • Fix missing signature key error when pulling Docker images with SERVE_DIRECT enabled (#32365) (#32397)
    • Fix get reviewers fails when selecting user without pull request permissions unit (#32415) (#32616)
    • Fix adding index files to tmp directory (#32360) (#32593)
    • Fix PR creation on forked repositories via API (#31863) (#32591)
    • Fix missing menu tabs in organization project view page (#32313) (#32592)
    • Support HTTP POST requests to /userinfo, aligning to OpenID Core specification (#32578) (#32594)
    • Fix debian package clean up cron job (#32351) (#32590)
    • Fix GetInactiveUsers (#32540) (#32588)
    • Allow the actions user to login via the jwt token (#32527) (#32580)
    • Fix submodule parsing (#32571) (#32577)
    • Refactor find forks and fix possible bugs that weaken permissions check (#32528) (#32547)
    • Fix some places that don't respect org full name setting (#32243) (#32550)
    • Refactor push mirror find and add check for updating push mirror (#32539) (#32549)
    • Fix basic auth with webauthn (#32531) (#32536)
    • Fix artifact v4 upload above 8MB (#31664) (#32523)
    • Fix oauth2 error handle not return immediately (#32514) (#32516)
    • Fix action not triggered when commit message is too long (#32498) (#32507)
    • Fix GetRepoLink nil pointer dereference on dashboard feed page when repo is deleted with actions enabled (#32501) (#32502)
    • Fix missing signature key error when pulling Docker images with SERVE_DIRECT enabled (#32397) (#32397)
    • Fix the permission check for user search API and limit the number of returned users for /user/search (#32310)
    • Fix SearchIssues swagger docs (#32208) (#32298)
    • Fix dropdown content overflow (#31610) (#32250)
    • Disable Oauth check if oauth disabled (#32368) (#32480)
    • Respect renamed dependencies of Cargo registry (#32430) (#32478)
    • Fix mermaid diagram height when initially hidden (#32457) (#32464)
    • Fix broken releases when re-pushing tags (#32435) (#32449)
    • Only provide the commit summary for Discord webhook push events (#32432) (#32447)
    • Only query team tables if repository is under org when getting assignees (#32414) (#32426)
    • Fix created_unix for mirroring (#32342) (#32406)
    • Respect UI.ExploreDefaultSort setting again (#32357) (#32385)
    • Fix broken image when editing comment with non-image attachments (#32319) (#32345)
    • Fix disable 2fa bug (#32320) (#32330)
    • Always update expiration time when creating an artifact (#32281) (#32285)
    • Fix null errors on conversation holder (#32258) (#32266) (#32282)
    • Only rename a user when they should receive a different name (#32247) (#32249)
    • Fix checkbox bug on private/archive filter (#32236) (#32240)
    • Add a doctor check to disable the "Actions" unit for mirrors (#32424) (#32497)
    • Quick fix milestone deadline 9999 (#32423)
    • Make show stats work when only one file changed (#32244) (#32268)
    • Make owner/repo/pulls handlers use "PR reader" permission (#32254) (#32265)
    • Update scheduled tasks even if changes are pushed by "ActionsUser" (#32246) (#32252)
  • MISC
    • Remove unnecessary code: GetPushMirrorsByRepoID called on all repo pages (#32560) (#32567)
    • Improve some sanitizer rules (#32534)
    • Update nix development environment vor v1.22.x (#32495)
    • Add warn log when deleting inactive users (#32318) (#32321)
    • Update github.com/go-enry/go-enry to v2.9.1 (#32295) (#32296)
    • Warn users when they try to use a non-root-url to sign in/up (#32272) (#32273)

Contributors

An icon showing wave propagation

Join our community

Gitea is open source. Star our GitHub repo, and join our community on Discord!

Go to GitHub  >Join Discord  >
An icon showing a paper plane

Subscribe to our newsletter

Stay up to date with all things Gitea