Gitea 1.16.4 is released

Mon Mar 14, 2022 by 6543

We are proud to present the release of Gitea version 1.16.4.

We highly encourage users to update to this version for some important bug-fixes.

We have merged 17 pull requests to release this version.

We would like to give a special thanks to Maxim Suslov (independent security researcher), E99p1ant to report the security problems from huntr and thanks to @lunny, @zeripath and @6543 for submitting the security patches for this release.

You can download one of our pre-built binaries from our downloads page - make sure to select the correct platform! For further details on how to install, follow our installation guide.

We would also like to thank all of our supporters on Open Collective who are helping to sustain us financially.

Have you heard? We now have a swag shop! 👕 🍵

Breaking Change: Refactor mirror code & fix StartToMirror (#19075)

This PR will make old queue entrys unredable for the new version, make sure to flush the mirror sync queue before updating.

Breaking Change: Restrict email address validation (#19085)

Narrow the allowed chars a email address can have.

Breaking Change: Add pam account authorization check (#18904)

Users of the PAM module who rely on account modules not being checked will need to change their PAM configuration.

Changelog

1.16.4 - 2022-03-14

  • SECURITY
  • ENHANCEMENTS
  • BUGFIXES
    • Refactor mirror code & fix StartToMirror (#18904) (#19075)
    • Update the webauthn_credential_id_sequence in Postgres (#19048) (#19060)
    • Prevent 500 when there is an error during new auth source post (#19041) (#19059)
    • If rendering has failed due to a net.OpError stop rendering (attempt 2) (#19049) (#19056)
    • Fix flag validation (#19046) (#19051)
    • Add pam account authorization check (#19040) (#19047)
    • Ignore missing comment for user notifications (#18954) (#19043)
    • Set rel="nofollow noindex" on new issue links (#19023) (#19042)
    • Upgrading binding package (#19034) (#19035)
    • Don’t show context cancelled errors in attribute reader (#19006) (#19027)
    • Fix update hint bug (#18996) (#19002)
  • MISC