From bccf6cd9bb7301f6c471b6d9ce3dc77094d68b6a Mon Sep 17 00:00:00 2001 From: forgejo-release-manager Date: Sat, 20 Sep 2025 08:51:49 +0200 Subject: [PATCH] chore(release-notes): Forgejo v12.0.4 (#9368) https://codeberg.org/forgejo/forgejo/milestone/26795 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9368 Reviewed-by: 0ko <0ko@noreply.codeberg.org> Co-authored-by: forgejo-release-manager Co-committed-by: forgejo-release-manager --- release-notes-published/12.0.4.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 release-notes-published/12.0.4.md diff --git a/release-notes-published/12.0.4.md b/release-notes-published/12.0.4.md new file mode 100644 index 0000000000..cf8a6c3cb8 --- /dev/null +++ b/release-notes-published/12.0.4.md @@ -0,0 +1,20 @@ + + + + +## Release notes + +- Security bug fixes + - [PR](https://codeberg.org/forgejo/forgejo/pulls/9362) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9364)): Do not display the title of unsubscribed issues or pull requests in the notification web page . The title of some random issues or pull requests from repositories were accidentally displayed in the notifications of a user. It was a rare occurrence, caused by an incorrect comparison of two unrelated unique identifiers that are unlikely to match (the id of the notification and the id of a repository). If the issue or the pull request belonged to a private repository to which the user had no read access, only the title was leaked. The user was denied permission to view the issue or the pull request when clicking on the link displayed in the notifications web page. +- Bug fixes + - [PR](https://codeberg.org/forgejo/forgejo/pulls/9219) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9233)): fix: package cleanup rules are not applied when there are more than 200 packages (depends on `MAX_RESPONSE_ITEMS`) + - [PR](https://codeberg.org/forgejo/forgejo/pulls/9252) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9263)): fix: `[quota.default].TOTAL` config setting supports unit suffixes + - [PR](https://codeberg.org/forgejo/forgejo/pulls/9234) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9255)): fix: quotas double counting repo size when calculating size:all + - [PR](https://codeberg.org/forgejo/forgejo/pulls/9202) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9223)): fix: LFS GC is never running because of a bug in the parsing of the INI file + - [PR](https://codeberg.org/forgejo/forgejo/pulls/9201) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9214)): fix(api): set default pagination and Link header for `repoListTags` +- Included for completeness but not user-facing (chores, etc.) + - [PR](https://codeberg.org/forgejo/forgejo/pulls/9241) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9243)): chore: fix transient error in TestPatchStatus tests (take 2) + - [PR](https://codeberg.org/forgejo/forgejo/pulls/9236) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9239)): chore: fix transient error in TestPatchStatus tests + - [PR](https://codeberg.org/forgejo/forgejo/pulls/9205) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9207)): chore: build-release must close the cascading pull request + - [PR](https://codeberg.org/forgejo/forgejo/pulls/9191): Update https://data.forgejo.org/infrastructure/next-digest action to v1.2.2 (v12.0/forgejo) +