Skip to main content

Gitea 1.23.6 is released

· 2 min read
lunny
lunny
Gitea maintainer
1.23.6Release

We are proud to present the release of Gitea version 1.23.6.

This update addresses three critical security issues, so we strongly recommend all users upgrade as soon as possible.

We have merged 18 pull requests to release this version.

The pure SSH implementation now uses internal router endpoints instead of external routers. Thanks to @florolf for reporting the issue and to @wxiaoguang for providing the fix.

This release also addresses the following security vulnerabilities:

  • CVE-2025-30204 in jwt and CVE-2025-29923 in go-redis – thanks to @TheFox0x7 for the fix. -CVE-2025-22870 in golang.org/x/crypto and golang.org/x/net – fixed for security hardening. Thanks again to @wxiaoguang for the contribution.

How to install or update

Download our pre-built binaries from the Gitea downloads page — make sure to select the version compatible with your platform. For a step-by-step guide on installation or upgrades, check out our installation documentation

Special Thanks

We would also like to thank all of our supporters on Open Collective who are helping to sustain us financially.

Looking for a seamless, hassle-free solution to manage your Git repositories? Discover Gitea Cloud — A fully-managed, scalable platform designed to streamline your development workflow.

Changelog

1.23.6 - 2025-03-24

Contributors

An icon showing wave propagation

Join our community

Gitea is open source. Star our GitHub repo, and join our community on Discord!

Go to GitHub  >Join Discord  >
An icon showing a paper plane

Subscribe to our newsletter

Stay up to date with all things Gitea