A regression was introduced in v12.0.0 that impacts instances using [server].ENABLE_ACME = true. It was fixed and will be released in Forgejo v12.0.1. In the meantime the workaround is to set [server].ACME_URL = https://acme-v02.api.letsencrypt.org/directory in app.ini.

Release notes

  • Breaking security features
    • PR: remove API authentication methods that uses the URL query. They are disabled by default and this only has an impact if [security].DISABLE_QUERY_AUTH_TOKEN=false is explicitly set. Read more in the v12.0 companion blog post.
  • Security features
  • Breaking features
    • PR: The forgejo docs command is deprecated and CLI errors are now displayed on stderr instead of stdout. These breaking changes happened because the package used to parse the command line arguments was upgraded from v2 to v3. A separate project was initiated to re-implement the docs command, but it is not yet production ready.
    • PR: remove the legacy TEST_CONFLICTING_PATCHES_WITH_GIT_APPLY setting
  • Breaking bug fixes
    • PR: fail if sha is not provided to the POST /repos/{owner}/{repo}/contents API endpoint. Although it was documented to be required, it was not enforced and clients that do not set the sha will no longer succeed.
  • User Interface features
    • PR: transform fediverse handles (ex. @[email protected] and [email protected]) into links to https://fedirect.toolforge.org. Read more in the v12.0 companion blog post.
    • PR: add user visibility description in the settings page.
    • PR: add model viewer for .glb (GLTF) model in file view. Read more in the v12.0 companion blog post.
    • PR: show size constraints of custom avatar.
    • PR: add links to milestones and projects in issue comments.
    • PR: global styling for the kbd tag.
    • PR: hints in empty usercards lists.
    • PR: the user profile has been redesigned. The most notable change is that actions have been moved to a dropdown and several new actions were added.
    • PR: improve the description in the packages settings.
    • PR: inline public ssh key in verification command.
    • PR: use switch element for markdown editor modes.
    • PR: make JS asset load error message translatable.
    • PR: improve performances by using git switch -c instead of git checkout -b.
    • PR: clarify the desired autocompletion type for the clone address in migrations.
    • PR: improve the clarity of the migration description textarea.
    • PR: automatically refresh workflows in the "Actions" list. Read more in the v12.0 companion blog post.
    • PR: improve error pages.
    • PR: improve the user experience to review individual commits in a pull request. Read more in the v12.0 companion blog post.
    • PR: use the available screen width when displaying Forgejo Actions logs.
    • PR: show if a commit is verified in the activity feed of a user or an organization.
    • PR: reimplemented editor Tab key handling with accessibility safeguards. Balance having the editor work as expected by developers (with Tab key affecting indentation) while also not impeding keyboard navigation. Read more in the v12.0 companion blog post
    • PR: redesign the migration selection page.
  • User Interface bug fixes
    • PR (backported): multiple ComboMarkdownEditors on one page interfere with each other.
    • PR (backported): pasting images into the comment editor will now show that image in the ‘dropzone’.
    • PR (backported): add missing trust status to pull review commits.
    • PR (backported): add missing lazy load attribute to images.
    • PR: retain sort type when viewing issue or pull requests.
    • PR: include enough activity for the entire heatmap.
    • PR: show warning in locked issue discussion.
    • PR: ensure consistent switch position in the markdown editor.
    • PR: display user-friendly message for range error.
    • PR: make limits clearer in the create repository form.
    • PR: don't put trailing slash in autogenerated name in the migration form.
    • PR: allow user with actions write permission to run a workflow from the web UI.
    • PR: ensure usercards in grid have the same width.
  • Localization
  • Features
    • PR: new GET /repos/{owner}/{repo}/git/blobs API endpoint to retrieve multiple blobs at once.
    • PR: always publish the link to the commit status.
    • PR: improve the performances of the generation of bundled assets.
    • PR: enable mlkem768x25519-sha256 by default for builtin ssh.
    • PR: support artifact uploads for OCI container packages.
    • PR: add admin user reset-mfa CLI command.
    • PR: update the list of ambigious characters.
    • PR: make Forgejo Actions server logs less noisy.
    • PR: allow searching issues by number, prioritize title matches when sorted by relevance.
    • PR: replace go-rpmutils library with our own. Read more in the v12.0 companion blog post.
    • PR: configurable default units for mirrors.
    • PR: a repository administrator has control over reindexing the issues.
    • PR: auto cleanup of offline runners.
    • PR: improved performances when checking for conflicts on pull requests. Read more in the v12.0 companion blog post.
    • PR: allow access to publicly available /api/v1/packages/{username} without a token.
    • PR: implement the GET /repos/{owner}/{repo}/actions/runs and GET /repos/{owner}/{repo}/actions/runs/{run_id} API endpoints.
    • PR: use git-replay for rebasing for better performances.
    • PR: send mail on failed or recovered Forgejo Actions run. Read more in the v12.0 companion blog post.
    • PR: Forgejo Actions failure, success, recover webhooks.
    • PR: add last_commit_when to API contents responses.
    • PR: include a default robots.txt to reduce the impact of crawlers. Read more in the v12.0 companion blog post.
    • PR: use XORM EngineGroup instead of single Engine connection. Read more in the v12.0 companion blog post.
    • PR: sync forks. Read more in the v12.0 companion blog post.
  • Bug fixes
    • PR (backported): pull requests were not blocked by review request for a whitelisted team.
    • PR (backported): several fixes of the ALT RPM package registry.
    • PR (backported): allow lowercase as well as uppercase token keyword in the auth header.
    • PR (backported): correctly mark reviews as stale for AGit pull requests.
    • PR (backported): user activation failed when an email address contained uppercase letters.
    • PR (backported): fix: load OldMilestone based on OldMilestoneID, not MilestoneID
    • PR: omit Content-Length on 307 redirects when serving direct manifest for containers.
    • PR: fix a bug causing the PASCAL-modifier to return camel-case.
    • PR: remove the trailing slash from the issuer in OAuth claims.
    • PR: return the correct AGit type in ssh_info.
    • PR: fix url validation in the webhook add/edit API.
    • PR: add error reporting to pull requests with invalid Forgejo Actions workflow files.
    • PR: allow instance API URLs in release assets.
    • PR: improve the dashboard loading performances.
    • PR: fix a border case where it was not possible to cancel a pull request review.
    • PR: fix acme renewal.
    • PR: migrate Maven packages to "groupId:artifactId" name concatenation, regenerate metadata and fix missing groupId.

2025-07-17

100% Completed

#8534 by 0ko was merged

2025-07-16 22:14:59 +02:00

2 approvals

#8514 by Beowulf was merged

2025-07-15 23:22:36 +02:00

2 approvals 1 waiting review