Merge tag 'v1.15.0' into wild/v1.15

* BREAKING
  * Make app.ini permissions more restrictive (go-gitea#16266)
  * Refactor Webhook + Add X-Hub-Signature (go-gitea#16176)
  * Add asymmetric JWT signing (go-gitea#16010)
  * Clean-up the settings hierarchy for issue_indexer queue (go-gitea#16001)
  * Change default queue settings to be low go-routines (go-gitea#15964)
  * Improve assets handler middleware (go-gitea#15961)
  * Rename StaticUrlPrefix to AssetUrlPrefix (go-gitea#15779)
  * Use a generic markup class to display externally rendered files and diffs (go-gitea#15735)
  * Add frontend testing, require node 12 (go-gitea#15315)
  * Move (custom) assets into subpath `/assets` (go-gitea#15219)
  * Use level config in log section when sub log section not set level (go-gitea#15176)
  * Links in markdown should be absolute to the repository not the server (go-gitea#15088)
  * Upgrade to the latest version of golang-jwt (go-gitea#16590) (go-gitea#16606)
  * Set minimum supported version of go to 1.16 (go-gitea#16710)
* SECURITY
  * Encrypt LDAP bind password in db with SECRET_KEY (go-gitea#15547)
  * Remove random password in Dockerfiles (go-gitea#15362)
  * Upgrade to the latest version of golang-jwt and increase minimum go to 1.15 (go-gitea#16590) (go-gitea#16606)
  * Correctly create of git-daemon-export-ok files (go-gitea#16508) (go-gitea#16514)
  * Don't show private user's repo in explore view (go-gitea#16550) (go-gitea#16554)
  * Update node tar dependency to 6.1.6 (go-gitea#16622) (go-gitea#16623)
* FEATURES
  * Update Go-Git to take advantage of LargeObjectThreshold (go-gitea#16316)
  * Support custom mime type mapping for text files (go-gitea#16304)
  * Link to previous blames in file blame page (go-gitea#16259)
  * Add LRU mem cache implementation (go-gitea#16226)
  * Localize Email Templates (go-gitea#16200)
  * Make command in authorized keys a template (go-gitea#16003)
  * Add possibility to make branch in branch page (go-gitea#15960)
  * Add email headers (go-gitea#15939)
  * Make tasklist checkboxes clickable (go-gitea#15791)
  * Add selecting tags on the compare page (go-gitea#15723)
  * Add cron job to delete old actions from database (go-gitea#15688)
  * On open repository open common cat file batch and batch-check (go-gitea#15667)
  * Add tag protection (go-gitea#15629)
  * Add push to remote mirror repository (go-gitea#15157)
  * Add Image Diff for SVG files (go-gitea#14867)
  * Add dashboard milestone search and repo milestone search by name. (go-gitea#14866)
  * Add LFS Migration and Mirror (go-gitea#14726)
  * Improve notifications for WIP draft PR's (go-gitea#14663)
  * Disable Stars config option (go-gitea#14653)
  * GPG Key Ownership verification with Signed Token (go-gitea#14054)
  * OAuth2 auto-register (go-gitea#5123)
* API
  * Return updated repository when changing repository using API (go-gitea#16420)
  * Let branch/tag name be a valid ref to get CI status (go-gitea#16400)
  * Add endpoint to get commits of PR (go-gitea#16300)
  * Allow COMMENT reviews to not specify a body (go-gitea#16229)
  * Add subject-type filter to list notification API endpoints (go-gitea#16177)
  * ListReleases add filter for draft and pre-releases (go-gitea#16175)
  * ListIssues add more filters (go-gitea#16174)
  * Issue Search Add filter for MilestoneNames (go-gitea#16173)
  * GET / SET User Settings (go-gitea#16169)
  * Expose repo.GetReviewers() & repo.GetAssignees() (go-gitea#16168)
  * User expose counters (go-gitea#16167)
  * Add repoGetTag (go-gitea#16166)
  * Add repoCreateTag (go-gitea#16165)
  * Creating a repo from a template repo via API (go-gitea#15958)
  * Add Active and ProhibitLogin to API (go-gitea#15689)
  * Add Location, Website and Description to API (go-gitea#15675)
  * Expose resolver via API (go-gitea#15167)
  * Swagger AccessToken fixes (go-gitea#16574) (go-gitea#16597)
  * Set AllowedHeaders on API CORS handler (go-gitea#16524) (go-gitea#16618)
* ENHANCEMENTS
  * Support HTTP/2 in Let's Encrypt (go-gitea#16371)
  * Introduce NotifySubjectType (go-gitea#16320)
  * Add forge emojies (go-gitea#16296)
  * Implemented head_commit for webhooks (go-gitea#16282)
  * Upgrade Gliderlabs SSH to 0.3.3 and add FailedConnectionCallback (go-gitea#16278)
  * Add previous/next buttons to review comments (go-gitea#16273)
  * Review comments: break-word for long file names (go-gitea#16272)
  * Add configuration to restrict allowed user visibility modes (go-gitea#16271)
  * Add scroll-margin-top to account for sticky header (go-gitea#16269)
  * Add --quiet and --verbose to gitea web to control initial logging (go-gitea#16260)
  * Use gitea logging module for git module (go-gitea#16243)
  * Add tests for all webhooks (go-gitea#16214)
  * Add button to delete undeleted repositories from failed migrations (go-gitea#16197)
  * Speed up git diff highlight generation (go-gitea#16180)
  * Add OpenID claims "profile" and "email". (go-gitea#16141)
  * Reintroduce squash merge default comment as a config setting (go-gitea#16134)
  * Add sanitizer rules per renderer (go-gitea#16110)
  * Improve performance of dashboard list orgs (go-gitea#16099)
  * Refactor assert statements in tests (go-gitea#16089)
  * Add sso.Group, context.Auth, context.APIAuth to allow auth special routes (go-gitea#16086)
  * Remove unnecessary goroutine (go-gitea#16080)
  * Add attachments for PR reviews (go-gitea#16075)
  * Make the github migration less rate limit waiting to get comment per page from repository but not per issue (go-gitea#16070)
  * Add Visible modes function from Organisation to Users too (go-gitea#16069)
  * Add checkbox to delete pull branch after successful merge (go-gitea#16049)
  * Make commit info cancelable (go-gitea#16032)
  * Make modules/context.Context a context.Context (go-gitea#16031)
  * Unified custom config creation (go-gitea#16012)
  * Make sshd_config more flexible regarding connections (go-gitea#16009)
  * Append to existing trailers in generated squash commit message (go-gitea#15980)
  * Always store primary email address into email_address table and also the state (go-gitea#15956)
  * Load issue/PR context popup data only when needed (go-gitea#15955)
  * Remove remaining fontawesome usage in templates (go-gitea#15952)
  * Remove fomantic accordion module (go-gitea#15951)
  * Small refactoring of modules/private (go-gitea#15947)
  * Double the avatar size factor (go-gitea#15941)
  * Add curl to rootless docker image (go-gitea#15908)
  * Replace clipboard.js with async clipboard api (go-gitea#15899)
  * Allow custom highlight mapping beyond file extensions (go-gitea#15808)
  * Add trace logging to SSO methods (go-gitea#15803)
  * Refactor routers directory (go-gitea#15800)
  * Allow only internal registration (go-gitea#15795)
  * Add a new internal hook to save ssh log (go-gitea#15787)
  * Respect default merge message syntax when parsing item references (go-gitea#15772)
  * OAuth2 login: Set account link to "login" as default behavior (go-gitea#15768)
  * Use single shared random string generation function (go-gitea#15741)
  * Hold the event source when there are no listeners (go-gitea#15725)
  * Code comments improvements (go-gitea#15722)
  * Provide OIDC compliant user info endpoint (go-gitea#15721)
  * Fix webkit calendar icon color on arc-green (go-gitea#15713)
  * Improve Light Chroma style (go-gitea#15699)
  * Only use boost workers for leveldb shadow queues (go-gitea#15696)
  * Add compare tag dropdown to releases page (go-gitea#15695)
  * Add caret styling CSS (go-gitea#15651)
  * Remove x-ua-compatible meta tag (go-gitea#15640)
  * Refactor of link creation (go-gitea#15619)
  * Add a new table issue_index to store the max issue index so that issue could be deleted with no duplicated index (go-gitea#15599)
  * Rewrite of the LFS server (go-gitea#15523)
  * Display more repository type on admin repository management (go-gitea#15440)
  * Remove usage of some JS globals (go-gitea#15378)
  * SHA in merged commit comment should be rendered ui sha (go-gitea#15376)
  * Add well-known config for OIDC (go-gitea#15355)
  * Use route rather than use thus reducing the number of stack frames (go-gitea#15301)
  * Code Formats, Nits & Unused Func/Var deletions (go-gitea#15286)
  * Let package git depend on setting but not opposite (go-gitea#15241)
  * Fixed sanitize errors (go-gitea#15240)
  * response simple text message for not html request when 404 (go-gitea#15229)
  * Remove file-loader dependency (go-gitea#15196)
  * Refactor renders (go-gitea#15175)
  * Add mimetype mapping settings (go-gitea#15133)
  * Add Status Updates whilst Gitea migrations are occurring (go-gitea#15076)
  * Reload locales in initialisation if needed by utilizing i18n.Reset (go-gitea#15073)
  * Counterwork seemingly unclickable repo button labels (go-gitea#15064)
  * Add DefaultMergeStyle option to repository (go-gitea#14789)
  * Added support for gopher URLs. (go-gitea#14749)
  * Rework repository archive (go-gitea#14723)
  * Add links to toggle WIP status (go-gitea#14677)
  * Add Tabular Diff for CSV files (go-gitea#14661)
  * Use milestone deadline when sorting issues (go-gitea#14551)
* BUGFIXES
  * Fix invalid params and typo of email templates (go-gitea#16394)
  * Fix activation of primary email addresses (go-gitea#16385)
  * Fix calculation for finalPage in repo-search component (go-gitea#16382)
  * Specify user in rootless container numerically (go-gitea#16361)
  * Detect encoding changes while parsing diff (go-gitea#16330)
  * Fix U2F error reasons always hidden (go-gitea#16327)
  * Prevent zombie processes (go-gitea#16314)
  * Escape reference to `user` table in models.SearchEmails (go-gitea#16313)
  * Fix default push instructions on empty repos (go-gitea#16302)
  * Fix modified files list in webhooks when there is a space (go-gitea#16288)
  * Fix webhook commits wrong hash on HEAD reset (go-gitea#16283)
  * Fuzzer finds an NPE due to incorrect URLPrefix (go-gitea#16249)
  * Don't WARN log UserNotExist errors on ExternalUserLogin failure (go-gitea#16238)
  * Do not show No match found for tribute (go-gitea#16231)
  * Fix "Copy Link" for pull requests (go-gitea#16230)
  * Fix diff expansion is missing final line in a file (go-gitea#16222)
  * Fix private repo permission problem (go-gitea#16142)
  * Fix not able to update local created non-urlencoded wiki pages (go-gitea#16139)
  * More efficiently parse shas for shaPostProcessor (go-gitea#16101)
  * Fix `doctor --run check-db-consistency --fix` with label fix (go-gitea#16094)
  * Prevent webhook action buttons from shifting (go-gitea#16087)
  * Change default TMPDIR path in rootless containers (go-gitea#16077)
  * Fix typo and add TODO notice (go-gitea#16064)
  * Use git log name-status in get last commit (go-gitea#16059)
  * Fix 500 Error with branch and tag sharing the same name (go-gitea#16040)
  * Fix get tag when migration (go-gitea#16014)
  * Add custom emoji support (go-gitea#16004)
  * Use filepath.ToSlash and Join in indexer defaults and queues (go-gitea#15971)
  * Add permission check for ``GenerateRepository`` (go-gitea#15946)
  * Ensure settings for Service and Mailer are read on the install page (go-gitea#15943)
  * Fix layout of milestone view (go-gitea#15927)
  * Unregister non-matching serviceworkers (go-gitea#15834)
  * Multiple Queue improvements: LevelDB Wait on empty, shutdown empty shadow level queue, reduce goroutines etc (go-gitea#15693)
  * Attachment support repository route (go-gitea#15580)
  * Fix missing icons and colorpicker when mounted on suburl (go-gitea#15501)
  * Create a session on ReverseProxy and ensure that ReverseProxy users cannot change username (go-gitea#15304)
  * Prevent double-login for Git HTTP and LFS and simplify login (go-gitea#15303)
  * Resolve Object { type: "error", data: undefined } in stopwatch.js (go-gitea#15278)
  * Fix heatmap activity (go-gitea#15252)
  * Remove vendored copy of fomantic-dropdown (go-gitea#15193)
  * Update repository size on cron gc task (go-gitea#15177)
  * Add NeedPostProcess for Parser interface to improve performance of csv parser and some external parser (go-gitea#15153)
  * Add code block highlight to orgmode back (go-gitea#14222)
  * Remove User.GetOrganizations() (go-gitea#14032)
  * Restore Accessibility for Dropdown (go-gitea#16576) (go-gitea#16617)
  * Pass down SignedUserName down to AccessLogger context (go-gitea#16605) (go-gitea#16616)
  * Fix table alignment in markdown (go-gitea#16596) (go-gitea#16602)
  * Fix 500 on first wiki page (go-gitea#16586) (go-gitea#16598)
  * Lock goth/gothic and Re-attempt OAuth2 registration on login if registration failed at startup (go-gitea#16564) (go-gitea#16570)
  * Upgrade levelqueue to v0.4.0 (go-gitea#16560) (go-gitea#16561)
  * Handle too long PR titles correctly (go-gitea#16517) (go-gitea#16549)
  * Fix data race in bleve indexer (go-gitea#16474) (go-gitea#16509)
  * Restore CORS on git smart http protocol (go-gitea#16496) (go-gitea#16506)
  * Fix race in log (go-gitea#16490) (go-gitea#16505)
  * Fix prepareWikiFileName to respect existing unescaped files (go-gitea#16487) (go-gitea#16498)
  * Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end (go-gitea#16479) (go-gitea#16480)
  * Update notification table with only latest data (go-gitea#16445) (go-gitea#16469)
  * Fix crash following ldap authentication update (go-gitea#16447) (go-gitea#16448)
  * Fix direct creation of external users on admin page (partial go-gitea#16612) (go-gitea#16613)
  * Prevent 500 on draft releases without tag (go-gitea#16634) (go-gitea#16636)
  * Restore creation of git-daemon-export-ok files (go-gitea#16508) (go-gitea#16514)
  * Fix data race in bleve indexer (go-gitea#16474) (go-gitea#16509)
  * Restore CORS on git smart http protocol (go-gitea#16496) (go-gitea#16506)
  * Fix race in log (go-gitea#16490) (go-gitea#16505)
  * Fix prepareWikiFileName to respect existing unescaped files (go-gitea#16487) (go-gitea#16498)
  * Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end (go-gitea#16479) (go-gitea#16480)
  * Update notification table with only latest data (go-gitea#16445) (go-gitea#16469)
  * Fix crash following ldap authentication update (go-gitea#16447) (go-gitea#16448)
  * Restore compatibility with SQLServer 2008 R2 in migrations (go-gitea#16638)
  * Fix direct creation of external users on admin page (go-gitea#16613)
  * Fix go-git implementation of GetNote when passed a non-existent commit (go-gitea#16658) (go-gitea#16659)
  * Fix NPE in fuzzer (go-gitea#16680) (go-gitea#16682)
  * Set issue_index when finishing migration (go-gitea#16685) (go-gitea#16687)
  * Skip patch download when no patch file exists (go-gitea#16356) (go-gitea#16681)
  * Ensure empty lines are copiable and final new line too (go-gitea#16678) (go-gitea#16692)
  * Fix wrong user in OpenID response (go-gitea#16736) (go-gitea#16741)
  * Do not use thin scrollbars on Firefox (go-gitea#16738) (go-gitea#16745)
  * Recreate Tables should Recreate indexes on MySQL (go-gitea#16718) (go-gitea#16739)
  * Keep attachments on tasklist update (go-gitea#16750) (go-gitea#16757)
* TESTING
  * Bump `postgres` and `mysql` versions (go-gitea#15710)
  * Add tests for clone from wiki (go-gitea#15513)
  * Fix Benchmark tests, remove a broken one & add two new  (go-gitea#15250)
  * Create Proper Migration tests (go-gitea#15116)
* TRANSLATION
  * Use a special name for update default branch on repository setting (go-gitea#15893)
  * Fix mirror_lfs source string in en-US locale (go-gitea#15369)
* BUILD
  * Upgrade xorm to v1.1.1 (go-gitea#16339)
  * Disable legal comments in esbuild (go-gitea#15929)
  * Switch to Node 16 to build fronted  (go-gitea#15804)
  * Use esbuild to minify CSS (go-gitea#15756)
  * Use binary version of revive linter (go-gitea#15739)
  * Fix: npx webpack make: *** [Makefile:699: public/js/index.js] Error -… (go-gitea#15465)
  * Stop packaging node_modules in release tarballs (go-gitea#15273)
  * Introduce esbuild on webpack (go-gitea#14578)
* DOCS
  * Update queue workers documentation (go-gitea#15999)
  * Comment out app.example.ini (go-gitea#15807)
  * Improve logo customization docs (go-gitea#15754)
  * Add some response status on api docs (go-gitea#15399)
  * Rework Token API comments (go-gitea#15162)
  * Add better errors for disabled account recovery (go-gitea#15117)
* MISC
  * Remove utf8 option from installation page (go-gitea#16126)
  * Use Wants= over Requires= in systemd file (go-gitea#15897)

Author: aswild

.drone.yml

@@ -15,12 +15,12 @@ trigger:
 steps:
   - name: deps-frontend
     pull: always
-    image: node:16
+    image: node:14
     commands:
       - make node_modules
 
   - name: lint-frontend
-    image: node:16
+    image: node:14
     commands:
       - make lint-frontend
     depends_on: [deps-frontend]
@@ -58,7 +58,7 @@ steps:
       TAGS: bindata gogit sqlite sqlite_unlock_notify
 
   - name: checks-frontend
-    image: node:16
+    image: node:14
     commands:
       - make checks-frontend
     depends_on: [deps-frontend]
@@ -71,20 +71,20 @@ steps:
     depends_on: [lint-backend]
 
   - name: test-frontend
-    image: node:16
+    image: node:14
     commands:
       - make test-frontend
     depends_on: [lint-frontend]
 
   - name: build-frontend
-    image: node:16
+    image: node:14
     commands:
       - make frontend
     depends_on: [test-frontend]
 
   - name: build-backend-no-gcc
     pull: always
-    image: golang:1.14 # this step is kept as the lowest version of golang that we support
+    image: golang:1.16 # this step is kept as the lowest version of golang that we support
     environment:
       GO111MODULE: on
       GOPROXY: off
@@ -404,7 +404,7 @@ steps:
 
   - name: update
     pull: default
-    image: alpine:3.14
+    image: alpine:3.13
     commands:
       - ./build/update-locales.sh
 
@@ -503,7 +503,7 @@ steps:
     pull: always
     image: techknowlogick/xgo:go-1.16.x
     commands:
-      - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get install -y nodejs
+      - curl -sL https://deb.nodesource.com/setup_14.x | bash - && apt-get install -y nodejs
       - export PATH=$PATH:$GOPATH/bin
       - make release
     environment:
@@ -599,7 +599,7 @@ steps:
     pull: always
     image: techknowlogick/xgo:go-1.16.x
     commands:
-      - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get install -y nodejs
+      - curl -sL https://deb.nodesource.com/setup_14.x | bash - && apt-get install -y nodejs
       - export PATH=$PATH:$GOPATH/bin
       - make release
     environment:

.eslintrc

@@ -2,6 +2,7 @@ root: true
 reportUnusedDisableDirectives: true
 
 ignorePatterns:
+  - /web_src/js/vendor
   - /templates/base/head.tmpl
   - /templates/repo/activity.tmpl
   - /templates/repo/view_file.tmpl

CHANGELOG.md

@@ -4,7 +4,7 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).
 
-## [1.15.0-rc1](https://github.com/go-gitea/gitea/releases/tag/v1.15.0-rc1) - 2021-07-15
+## [1.15.0](https://github.com/go-gitea/gitea/releases/tag/v1.15.0) - 2021-08-21
 
 * BREAKING
   * Make app.ini permissions more restrictive (#16266)
@@ -19,9 +19,15 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
   * Move (custom) assets into subpath `/assets` (#15219)
   * Use level config in log section when sub log section not set level (#15176)
   * Links in markdown should be absolute to the repository not the server (#15088)
+  * Upgrade to the latest version of golang-jwt (#16590) (#16606)
+  * Set minimum supported version of go to 1.16 (#16710)
 * SECURITY
   * Encrypt LDAP bind password in db with SECRET_KEY (#15547)
   * Remove random password in Dockerfiles (#15362)
+  * Upgrade to the latest version of golang-jwt and increase minimum go to 1.15 (#16590) (#16606)
+  * Correctly create of git-daemon-export-ok files (#16508) (#16514)
+  * Don't show private user's repo in explore view (#16550) (#16554)
+  * Update node tar dependency to 6.1.6 (#16622) (#16623)
 * FEATURES
   * Update Go-Git to take advantage of LargeObjectThreshold (#16316)
   * Support custom mime type mapping for text files (#16304)
@@ -42,7 +48,7 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
   * Add LFS Migration and Mirror (#14726)
   * Improve notifications for WIP draft PR's (#14663)
   * Disable Stars config option (#14653)
-  * Add option to provide signature for a token to verify key ownership (#14054)
+  * GPG Key Ownership verification with Signed Token (#14054)
   * OAuth2 auto-register (#5123)
 * API
   * Return updated repository when changing repository using API (#16420)
@@ -62,6 +68,8 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
   * Add Active and ProhibitLogin to API (#15689)
   * Add Location, Website and Description to API (#15675)
   * Expose resolver via API (#15167)
+  * Swagger AccessToken fixes (#16574) (#16597)
+  * Set AllowedHeaders on API CORS handler (#16524) (#16618)
 * ENHANCEMENTS
   * Support HTTP/2 in Let's Encrypt (#16371)
   * Introduce NotifySubjectType (#16320)
@@ -187,6 +195,41 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
   * Add NeedPostProcess for Parser interface to improve performance of csv parser and some external parser (#15153)
   * Add code block highlight to orgmode back (#14222)
   * Remove User.GetOrganizations() (#14032)
+  * Restore Accessibility for Dropdown (#16576) (#16617)
+  * Pass down SignedUserName down to AccessLogger context (#16605) (#16616)
+  * Fix table alignment in markdown (#16596) (#16602)
+  * Fix 500 on first wiki page (#16586) (#16598)
+  * Lock goth/gothic and Re-attempt OAuth2 registration on login if registration failed at startup (#16564) (#16570)
+  * Upgrade levelqueue to v0.4.0 (#16560) (#16561)
+  * Handle too long PR titles correctly (#16517) (#16549)
+  * Fix data race in bleve indexer (#16474) (#16509)
+  * Restore CORS on git smart http protocol (#16496) (#16506)
+  * Fix race in log (#16490) (#16505)
+  * Fix prepareWikiFileName to respect existing unescaped files (#16487) (#16498)
+  * Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end (#16479) (#16480)
+  * Update notification table with only latest data (#16445) (#16469)
+  * Fix crash following ldap authentication update (#16447) (#16448)
+  * Fix direct creation of external users on admin page (partial #16612) (#16613)
+  * Prevent 500 on draft releases without tag (#16634) (#16636)
+  * Restore creation of git-daemon-export-ok files (#16508) (#16514)
+  * Fix data race in bleve indexer (#16474) (#16509)
+  * Restore CORS on git smart http protocol (#16496) (#16506)
+  * Fix race in log (#16490) (#16505)
+  * Fix prepareWikiFileName to respect existing unescaped files (#16487) (#16498)
+  * Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end (#16479) (#16480)
+  * Update notification table with only latest data (#16445) (#16469)
+  * Fix crash following ldap authentication update (#16447) (#16448)
+  * Restore compatibility with SQLServer 2008 R2 in migrations (#16638)
+  * Fix direct creation of external users on admin page (#16613)
+  * Fix go-git implementation of GetNote when passed a non-existent commit (#16658) (#16659)
+  * Fix NPE in fuzzer (#16680) (#16682)
+  * Set issue_index when finishing migration (#16685) (#16687)
+  * Skip patch download when no patch file exists (#16356) (#16681)
+  * Ensure empty lines are copiable and final new line too (#16678) (#16692)
+  * Fix wrong user in OpenID response (#16736) (#16741)
+  * Do not use thin scrollbars on Firefox (#16738) (#16745)
+  * Recreate Tables should Recreate indexes on MySQL (#16718) (#16739)
+  * Keep attachments on tasklist update (#16750) (#16757)
 * TESTING
   * Bump `postgres` and `mysql` versions (#15710)
   * Add tests for clone from wiki (#15513)
@@ -197,7 +240,6 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
   * Fix mirror_lfs source string in en-US locale (#15369)
 * BUILD
   * Upgrade xorm to v1.1.1 (#16339)
-  * Alpine 3.14 released (#16170)
   * Disable legal comments in esbuild (#15929)
   * Switch to Node 16 to build fronted  (#15804)
   * Use esbuild to minify CSS (#15756)
@@ -216,6 +258,28 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
   * Remove utf8 option from installation page (#16126)
   * Use Wants= over Requires= in systemd file (#15897)
 
+## [1.14.6](https://github.com/go-gitea/gitea/releases/tag/v1.14.6) - 2021-08-04
+
+* SECURITY
+  * Bump github.com/markbates/goth from v1.67.1 to v1.68.0 (#16538) (#16540)
+  * Switch to maintained JWT lib (#16532) (#16535)
+  * Upgrade to latest version of golang-jwt (as forked for 1.14) (#16590) (#16607)
+* BUGFIXES
+  * Add basic edit ldap auth test & actually fix #16252 (#16465) (#16495)
+  * Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end (#16479) (#16481)
+
+## [1.14.5](https://github.com/go-gitea/gitea/releases/tag/v1.14.5) - 2021-07-16
+
+* SECURITY
+  * Hide mirror passwords on repo settings page (#16022) (#16355)
+  * Update bluemonday to v1.0.15 (#16379) (#16380)
+* BUGFIXES
+  * Retry rename on lock induced failures (#16435) (#16439)
+  * Validate issue index before querying DB (#16406) (#16410)
+  * Fix crash following ldap authentication update (#16447) (#16449)
+* ENHANCEMENTS
+  * Redirect on bad CSRF instead of presenting bad page (#14937) (#16378)
+
 ## [1.14.4](https://github.com/go-gitea/gitea/releases/tag/v1.14.4) - 2021-07-06
 
 * BUGFIXES

Dockerfile

@@ -1,7 +1,7 @@
 
 ###################################
 #Build stage
-FROM golang:1.16-alpine3.14 AS build-env
+FROM golang:1.16-alpine3.13 AS build-env
 
 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@@ -26,7 +26,7 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go
 
-FROM alpine:3.14
+FROM alpine:3.13
 LABEL maintainer="[email protected]"
 
 RUN set -x && \

Dockerfile.rootless

@@ -1,7 +1,7 @@
 
 ###################################
 #Build stage
-FROM golang:1.16-alpine3.14 AS build-env
+FROM golang:1.16-alpine3.13 AS build-env
 
 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@@ -25,7 +25,7 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go
 
-FROM alpine:3.14
+FROM alpine:3.13
 LABEL maintainer="[email protected]"
 
 EXPOSE 2222 3000

Makefile

@@ -29,7 +29,7 @@ HAS_GO = $(shell hash $(GO) > /dev/null 2>&1 && echo "GO" || echo "NOGO" )
 COMMA := ,
 
 XGO_VERSION := go-1.16.x
-MIN_GO_VERSION := 001014000
+MIN_GO_VERSION := 001016000
 MIN_NODE_VERSION := 012017000
 
 DOCKER_IMAGE ?= aswild/gitea
@@ -217,7 +217,7 @@ help:
 go-check:
 	$(eval GO_VERSION := $(shell printf "%03d%03d%03d" $(shell $(GO) version | grep -Eo '[0-9]+\.[0-9.]+' | tr '.' ' ');))
 	@if [ "$(GO_VERSION)" -lt "$(MIN_GO_VERSION)" ]; then \
-		echo "Gitea requires Go 1.14 or greater to build. You can get it at https://golang.org/dl/"; \
+		echo "Gitea requires Go 1.16 or greater to build. You can get it at https://golang.org/dl/"; \
 		exit 1; \
 	fi
 
@@ -729,6 +729,7 @@ fomantic:
 	cd $(FOMANTIC_WORK_DIR) && npm install --no-save
 	cp -f $(FOMANTIC_WORK_DIR)/theme.config.less $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/theme.config
 	cp -rf $(FOMANTIC_WORK_DIR)/_site $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/
+	cp -f web_src/js/vendor/dropdown.js $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/definitions/modules
 	cd $(FOMANTIC_WORK_DIR) && npx gulp -f node_modules/fomantic-ui/gulpfile.js build
 
 .PHONY: webpack

cmd/serv.go

@@ -23,7 +23,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/services/lfs"
 
-	"github.com/dgrijalva/jwt-go"
+	"github.com/golang-jwt/jwt"
 	jsoniter "github.com/json-iterator/go"
 	"github.com/kballard/go-shellquote"
 	"github.com/urfave/cli"

docs/config.yaml

@@ -18,8 +18,8 @@ params:
   description: Git with a cup of tea
   author: The Gitea Authors
   website: https://docs.gitea.io
-  version: 1.14.4
-  minGoVersion: 1.14
+  version: 1.14.6
+  minGoVersion: 1.16
   goVersion: 1.16
   minNodeVersion: 12.17
 

docs/content/doc/advanced/adding-legal-pages.en-us.md

@@ -32,7 +32,7 @@ You absolutely must not place a general ToS or privacy statement that implies th
 Create or append to `/path/to/custom/templates/custom/extra_links_footer.tmpl`:
 
 ```go
-<a class="item" href="{{AppSubUrl}}/privacy.html">Privacy Policy</a>
+<a class="item" href="{{AppSubUrl}}/assets/privacy.html">Privacy Policy</a>
 ```
 
 Restart Gitea to see the changes.

docs/content/doc/advanced/customizing-gitea.en-us.md

@@ -102,7 +102,7 @@ For instance, let's say you are in Germany and must add the famously legally-req
 just place it under your "$GITEA_CUSTOM/public/" directory (for instance `$GITEA_CUSTOM/public/impressum.html`) and put a link to it in either `$GITEA_CUSTOM/templates/custom/extra_links.tmpl` or `$GITEA_CUSTOM/templates/custom/extra_links_footer.tmpl`.
 
 To match the current style, the link should have the class name "item", and you can use `{{AppSubUrl}}` to get the base URL:
-`<a class="item" href="{{AppSubUrl}}/impressum.html">Impressum</a>`
+`<a class="item" href="{{AppSubUrl}}/assets/impressum.html">Impressum</a>`
 
 For more information, see [Adding Legal Pages](https://docs.gitea.io/en-us/adding-legal-pages).
 
@@ -174,21 +174,21 @@ You can display STL file directly in Gitea by adding:
 
   if ($('.view-raw>a[href$=".stl" i]').length) {
     $("body").append(
-      '<link href="/Madeleine.js/src/css/Madeleine.css" rel="stylesheet">'
+      '<link href="/assets/Madeleine.js/src/css/Madeleine.css" rel="stylesheet">'
     );
     Promise.all([
-      lS("/Madeleine.js/src/lib/stats.js"),
-      lS("/Madeleine.js/src/lib/detector.js"),
-      lS("/Madeleine.js/src/lib/three.min.js"),
-      lS("/Madeleine.js/src/Madeleine.js"),
+      lS("/assets/Madeleine.js/src/lib/stats.js"),
+      lS("/assets/Madeleine.js/src/lib/detector.js"),
+      lS("/assets/Madeleine.js/src/lib/three.min.js"),
+      lS("/assets/Madeleine.js/src/Madeleine.js"),
     ]).then(function () {
       $(".view-raw")
         .attr("id", "view-raw")
         .attr("style", "padding: 0;margin-bottom: -10px;");
       new Madeleine({
         target: "view-raw",
         data: $('.view-raw>a[href$=".stl" i]').attr("href"),
-        path: "/Madeleine.js/src",
+        path: "/assets/Madeleine.js/src",
       });
       $('.view-raw>a[href$=".stl"]').remove();
     });

docs/content/doc/advanced/customizing-gitea.zh-cn.md

@@ -61,7 +61,7 @@ Gitea 引用 `custom` 目录中的自定义配置文件来覆盖配置、模板
 "custom/public/"目录下（比如 `custom/public/impressum.html`）并且将它与 `custom/templates/custom/extra_links.tmpl` 链接起来即可。
 
 这个链接应当使用一个名为“item”的 class 来匹配当前样式，您可以使用 `{{AppSubUrl}}` 来获取 base URL:
-`<a class="item" href="{{AppSubUrl}}/impressum.html">Impressum</a>`
+`<a class="item" href="{{AppSubUrl}}/assets/impressum.html">Impressum</a>`
 
 同理，您可以将页签添加到 `extra_tabs.tmpl` 中，使用同样的方式来添加页签。它的具体样式需要与
 `templates/repo/header.tmpl` 中已有的其他选项卡的样式匹配

docs/content/doc/advanced/external-renderers.en-us.md

@@ -164,5 +164,5 @@ And so you could write some CSS:
 
 Add your stylesheet to your custom directory e.g `custom/public/css/my-style-XXXXX.css` and import it using a custom header file `custom/templates/custom/header.tmpl`:
 ```html
-<link type="text/css" href="{{AppSubUrl}}/css/my-style-XXXXX.css" />
+<link type="text/css" href="{{AppSubUrl}}/assets/css/my-style-XXXXX.css" />
 ```

go.mod

@@ -10,7 +10,7 @@ require (
 	gitea.com/go-chi/cache v0.0.0-20210110083709-82c4c9ce2d5e
 	gitea.com/go-chi/captcha v0.0.0-20210110083842-e7696c336a1e
 	gitea.com/go-chi/session v0.0.0-20210108030337-0cb48c5ba8ee
-	gitea.com/lunny/levelqueue v0.3.0
+	gitea.com/lunny/levelqueue v0.4.1
 	github.com/Microsoft/go-winio v0.5.0 // indirect
 	github.com/NYTimes/gziphandler v1.1.1
 	github.com/ProtonMail/go-crypto v0.0.0-20210705153151-cc34b1f6908b // indirect
@@ -28,7 +28,6 @@ require (
 	github.com/couchbase/gomemcached v0.1.2 // indirect
 	github.com/couchbase/goutils v0.0.0-20210118111533-e33d3ffb5401 // indirect
 	github.com/denisenkom/go-mssqldb v0.10.0
-	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/djherbis/buffer v1.2.0
 	github.com/djherbis/nio/v3 v3.0.1
 	github.com/dustin/go-humanize v1.0.0
@@ -51,6 +50,7 @@ require (
 	github.com/gogs/chardet v0.0.0-20191104214054-4b6791f73a28
 	github.com/gogs/cron v0.0.0-20171120032916-9f6c956d3e14
 	github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85
+	github.com/golang-jwt/jwt v3.2.2+incompatible
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/go-github/v32 v32.1.0
 	github.com/google/go-querystring v1.1.0 // indirect
@@ -75,7 +75,7 @@ require (
 	github.com/lafriks/xormstore v1.4.0
 	github.com/lib/pq v1.10.2
 	github.com/lunny/dingtalk_webhook v0.0.0-20171025031554-e3534c89ef96
-	github.com/markbates/goth v1.67.1
+	github.com/markbates/goth v1.68.0
 	github.com/mattn/go-isatty v0.0.13
 	github.com/mattn/go-runewidth v0.0.13 // indirect
 	github.com/mattn/go-sqlite3 v1.14.7
@@ -143,3 +143,5 @@ require (
 )
 
 replace github.com/hashicorp/go-version => github.com/6543/go-version v1.3.1
+
+replace github.com/golang-jwt/jwt v3.2.1+incompatible => github.com/golang-jwt/jwt v3.2.2+incompatible