Headline
CVE-2021-45331: Gitea 1.5.0 is released - Blog
An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges. If captured, the TOTP code for the 2FA can be submitted correctly more than once.
Fri Aug 10, 2018 by thehowl
The time has come for another major release! We are happy to present Gitea 1.5.0 to the world. In this release, we merged 258 pull requests – just a bit more than last time (236).
You can download one of our pre-built binaries from our downloads page - make sure to select the correct platform! For further details on how to install, follow our installation guide.
We’d like to thank all of our backers on Open Collective, who are helping us deliver a better piece of software.
With that out of the way, here’s what’s new in 1.5.0:
Topics (#3711)
You can now neatly organise your repositories using topics, similar to those on GitHub.
Thanks to @lunny
Emoji Completion (#3433)
The issue editor will now provide suggestions for completing emojis when starting to type an emoji shortcode - in a similar fashion to mention autocompletion, which we added in 1.4.0.
Thanks to @modmew8
Global Code Search (#3664)
We expanded our repo code search to allow for searching even MORE stuff - which is to say, your entire Gitea instance! If you go on Explore, you will now be able to search everywhere, if you have code search enabled.
Thanks to @lunny
FIDO U2F Authentication (#3971)
Boost your security by adding FIDO U2F for authentication. 🚀
Thanks to @JonasFranzDEV
Issue Due Date (#3794)
Deadlines: following them is both the Project Manager’s dream and the Developer’s nightmare. But, time and again it has been proven that they are, indeed, very useful, so now you can select due dates on issues to mark when they should be finished. Emphasis on the should there.
Thanks to @kolaente
Multiple Assignees (#3705)
In Gitea 1.5.0, you’ll be able to assign multiple people to a single issue. For cases where you’ll need more manpower in order to understand the cryptic code left by old developers of the legacy codebase.
Thanks to @kolaente
Label Descriptions (#3662)
Enhancement is a funny word, isn’t it? It’s sort of like a feature but it’s not as big as a feature. It might not be instantly clear to everyone who reads it, but you can help them understand through the use of the new descriptions!
Thanks to @lafriks
Total Tracked Time (#3341)
You can now track the total amount of time you spent on a single issue - or even an entire milestone.
Thanks to @JonasFranzDEV
Other changes
- You can now specify a second whitelist for protected branches, allowing you to select users who are able to merge PRs. (#3689)
- We did some optimisations on the repository search feature - users report up to a 3x reduction in disk usage by the indexer. (#3452)
- Power to webhooks! We added support for delete, fork, issues, issue_comment, and release webhooks, which have long been a requested feature ever since webhooks first came to Gogs. (#3929)
- Some changes were made to how Gitea handles messages with custom markup, such as commit messages and issue comments. Mentions, emails, links and so on should now be correctly handled. (#3354)
- If your team is used to placing issue references in square brackes (ie.
[JIRA-123]
), we now correctly parse that! (#3408) - From the admin panel, you can now run
git fsck
(health check) on all your repositories, as well as disable it entirely if desired. (#3606, #3607) - We added some new features to Gitea’s API, such as issue search and attachments. (#3478, #3612)
- Symlinks in a repository are now marked by a distinctive icon. (#3826)
- We’ll remember your preferred language so that you don’t have to change it for each browser that you use. (#3875)
- If you want to disable time tracking entirely, you can now do so from the app settings. (#3719)
- Various changes to improve consistency and grammar in the English localisation. (Various)
- You can now sort repos in Explore and the admin panel by stars or forks. (#3969)
- If you use drone, there is now a handy plugin to create releases and attachments: http://plugins.drone.io/drone-plugins/drone-gitea-release/
- Starting from 1.5.0, we’ll sign all our releases with our GPG Key, so you can be sure it’s us.
To see all user-facing changes that went into the release, check out our
full changelog.
A shoutout goes to those who reported and/or fixed security issues in this release:
- @cezar97 (#3878)
Deprecation notice: in the upcoming major release (1.6.0) we will drop support for Go 1.8 and also embedded TiDB.
Help us out!
Gitea is focused on community input and contributions. To keep a project like Gitea going we need people. LOTS of people. You can help in the following areas:
Programming
If you know Go or HTML/CSS/JavaScript, you may be interested in working on the code. Working on OSS may seem scary, but the best way is to try! Read the Gitea contribution guide, and then find an itch to scratch, or scratch your own!
Translating
Want to translate Gitea in your own language? Awesome! Join the Gitea project on Crowdin. As soon as your translation is approved, it will be pushed to the Gitea project to be used in future releases!
Documentation
Documentation is important, but also time consuming. If you enjoy writing and have a pretty good knowledge of English, or you would like to translate the English version to your native language, you’re very welcome to do so. Find our documentation on the main git repository here. Just fork, update the documentation and then create a pull request!
Support
Do you like people? Can you give calm and thought-out responses to users needing help? Then you can spend some time providing support to those who need it. Most answers can really be found in the documentation, so make sure to take some time to read it. Then, either join our chat or forums (linked below), or simply help us sort out issues and answer questions on the Gitea repository.
Donations
If you, or your company, want to help us out sustain our financial expenses, you can do so by donating on Open Collective.
… or reporting bugs
If you lack the time or knowledge to do any of the above, just using Gitea and sharing the word is enough to make us happy! One thing you can always do is to report any bugs you find on the Gitea issue tracker.
Before opening an issue, read the contribution guidelines about reporting bugs. After opening an issue, try to stick around a while to answer any questions we might have. Replies greatly help us find the root cause of an issue.
Thanks
This release would not have been possible without the pull requests from the following people:
- @0rzech
- @AleksandrBulyshchenko
- @alxwrd
- @andruwa13
- @appleboy
- @aswild
- @aunger
- @axifive
- @bkcsoft
- @BNolet
- @bugreport0
- @Bwko
- @cez81
- @charlesreid1
- @Chri-s
- @christopherjmedlin
- @cleverer
- @coolaj86
- @daviian
- @derkoe
- @devil418
- @dnmgns
- @domrim
- @dpeukert
- @ethantkoenig
- @FabioFortini
- @flufmonster
- @francoism90
- @funkyfuture
- @harryxu
- @HoffmannP
- @inful
- @InonS
- @jesselucas
- @JonasFranzDEV
- @kolaente
- @lafriks
- @liamcottam
- @lunny
- @marcinkuzminski
- @michaelkuhn
- @microbug
- @modmew8
- @monkeywithacupcake
- @mqudsi
- @naiba
- @neezer
- @nickolas360
- @phtan
- @pjeby
- @qianlei90
- @rvillablanca
- @sapk
- @sdwolfz
- @serverwentdown
- @Siosm
- @stevegt
- @tbraeutigam
- @techknowlogick
- @teepark
- @tf198
- @thehowl
- @Treora
- @tuxillo
- @vityafx
- @xwjdsh
PRs and issues merged in 1.5.0.
Get in touch
Need help with anything? You can come on our Discord server, or if you’re more old-fashioned you can also use our forums.