Fri Mar 6, 2020 by zeripath

We are proud to present the release of Gitea version 1.11.2.

This release contains several important security fixes and multiple critical bug fixes. All users of Gitea are recommended to upgrade to this release.

(Further, there was a critical bug in our upgrade process present in versions v1.10.0 through v1.10.4, and v1.11.0 through v1.11.1 which could cause data loss. This bug was fixed in 1.11.2 and 1.10.5, should users require to upgrade via v1.10.)

We have merged 40 pull requests to release this version.

You can download one of our pre-built binaries from our downloads page - make sure to select the correct platform! For further details on how to install, follow our installation guide.

We would also like to thank all of our supporters on Open Collective who are helping to sustain us financially.

Breaking Change: Various fixes in login sources (#10428)

This PR has two major components:

A breaking change whereby users from external login sources (eg. PAM and SMTP authentication) will only be autoregistered if the username is valid i.e. [A-Za-z0-9_.-]+ .

. For PAM authentication pam_get_item(PAM_USER) will be called to allow PAM pipelines to adjust the username.

Critical Bugfix: Fix release attachments being deleted while upgrading (#10572) (#10573)

This PR fixes a critical error in migration models/migrations/v96.go first reported as #10526. This migration caused the permanent deletion of release attachments whilst upgrading to 1.10-rc1+. Unfortunately users affected by this bug will have had their release attachments deleted.

Users who have not upgraded to 1.10 or 1.11 yet should upgrade straight to 1.10.5 or 1.11.2. (In general users should always upgrade to the last patch version available for each minor version and not iterate through each patch version.)

Changelog