Gitea 1.16.5 is released

Thu Mar 24, 2022 by zeripath

We are proud to present the release of Gitea version 1.16.5.

We strongly advise users to update to this version for some important bug-fixes and several security fixes.

We have merged 23 pull requests to release this version.

We would like to give a special thanks to @kdumont, @zeripath, @rajbabai8 for reporting the security problems from huntr and internally, and thanks to @zeripath for submitting the security patches for this release.

You can download one of our pre-built binaries from our downloads page - make sure to select the correct platform! For further details on how to install, follow our installation guide.

We would also like to thank all of our supporters on Open Collective who are helping to sustain us financially.

Have you heard? We now have a swag shop! 👕 🍵

Breaking Change: Bump to build with go1.18 (#19120 et al) (#19127)

Go 1.18 has been released and with its release 1.16 has been deprecated. In order to be able to build with 1.18 several packages have had to be updated. This PR collates these together and changes our build process to build with 1.18.

Changelog

1.16.5 - 2022-03-23

  • BREAKING
  • SECURITY
    • Prevent redirect to Host (2) (#19175) (#19186)
    • Try to prevent autolinking of displaynames by email readers (#19169) (#19183)
    • Clean paths when looking in Storage (#19124) (#19179)
    • Do not send notification emails to inactive users (#19131) (#19139)
    • Do not send activation email if manual confirm is set (#19119) (#19122)
  • ENHANCEMENTS
    • Use the new/choose link for New Issue on project page (#19172) (#19176)
  • BUGFIXES
    • Fix showing issues in your repositories (#18916) (#19191)
    • Fix compare link in active feeds for new branch (#19149) (#19185)
    • Redirect .wiki/* ui link to /wiki (#18831) (#19184)
    • Ensure deploy keys with write access can push (#19010) (#19182)
    • Ensure that setting.LocalURL always has a trailing slash (#19171) (#19177)
    • Cleanup protected branches when deleting users & teams (#19158) (#19174)
    • Use IterateBufferSize whilst querying repositories during adoption check (#19140) (#19160)
    • Fix NPE /repos/issues/search when not signed in (#19154) (#19155)
    • Use custom favicon when viewing static files if it exists (#19130) (#19152)
    • Fix the editor height in review box (#19003) (#19147)
    • Ensure isSSH is set whenever DISABLE_HTTP_GIT is set (#19028) (#19146)
    • Fix wrong scopes caused by empty scope input (#19029) (#19145)
    • Make migrations SKIP_TLS_VERIFY apply to git too (#19132) (#19141)
    • Handle email address not exist (#19089) (#19121)
  • MISC