Skip to content

Commit 2c749ce

Browse files
lunnybircni
andauthored
update changelog for 1.26.2 (go-gitea#37797)
Signed-off-by: Nicolas <bircni@icloud.com> Co-authored-by: Nicolas <bircni@icloud.com>
1 parent f540f57 commit 2c749ce

1 file changed

Lines changed: 20 additions & 18 deletions

File tree

CHANGELOG.md

Lines changed: 20 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -4,41 +4,47 @@ This changelog goes through the changes that have been made in each release
44
without substantial changes to our git log; to see the highlights of what has
55
been added to each release, please refer to the [blog](https://blog.gitea.com).
66

7-
## [1.26.2](https://github.com/go-gitea/gitea/releases/tag/1.26.2) - 2026-05-06
7+
## [1.26.2](https://github.com/go-gitea/gitea/releases/tag/1.26.2) - 2026-05-20
8+
9+
* SECURITY
10+
* fix(permissions): Fix reading permission (#37769)
11+
* fix(actions): make artifact signature payloads unambiguous (#37707)
12+
* fix: Unify public-only token filtering in API queries and repo access checks (#37118)
13+
* fix: Add missed token scope checking (#37735)
14+
* fix(oauth): bind token exchanges to the original client request (#37704)
15+
* fix(oauth): strengthen PKCE validation and refresh token replay protection (#37706)
16+
* fix(web): enforce token scopes on raw, media, and attachment downloads (#37698)
17+
* fix(security): enforce wiki git writes and LFS token access at request time (#37695)
18+
* feat(api): encrypt AWS creds (#37679)
19+
* fix(deps): update dependency mermaid to v11.15.0 [security], add e2e test
20+
* fix(packages): Add label for private and internal package and fix composor package source permission check (#37610)
21+
* fix(git): Fix smart http request scope bug (#37583)
22+
* Fix basic auth bug (#37503)
23+
* Fix allow maintainer edit permission check (#37479) (#37484)
24+
* Fix URL sanitization to handle schemeless credentials (#37440) (#37471)
25+
* Fix attachment Content-Security-Policy (#37455) (#37464)
26+
* chore(deps): bump go-git/go-git/v5 to 5.19.0 (#37608)
827

928
* BUGFIXES
1029
* fix(pull): handle empty pull request files view to allow reviews (#37783)
1130
* fix(markup): make RenderString never fail (#37779)
1231
* fix: add natural sort to sortTreeViewNodes (#37772)
1332
* fix: package creation unique conflict (#37774)
14-
* fix(permissions): Fix reading permission (#37769)
15-
* fix(actions): make artifact signature payloads unambiguous (#37707)
16-
* fix: Unify public-only token filtering in API queries and repo access checks (#37118)
1733
* fix!: add DEFAULT_TITLE_SOURCE setting for pull request title default behavior (#37465)
18-
* fix: Add missed token scope checking (#37735)
1934
* fix: Allow direct commits for unprotected files with push restrictions (#37657)
20-
* fix(oauth): bind token exchanges to the original client request (#37704)
2135
* fix(actions): wrong assumption that run id always >= job id (#37737)
22-
* fix(oauth): strengthen PKCE validation and refresh token replay protection (#37706)
23-
* fix(web): enforce token scopes on raw, media, and attachment downloads (#37698)
2436
* fix(auth): set User-Agent on avatar fetch and sync avatar on link-account register (#37564) (#37588)
25-
* fix(security): enforce wiki git writes and LFS token access at request time (#37695)
2637
* fix(actions): deadlock between PrepareRunAndInsert and UpdateTaskByState (#37692)
2738
* fix(repo): /generate must sync the branch table for the new repo (#37693)
28-
* feat(api): encrypt AWS creds (#37679)
2939
* build: Fix snap build (1.26)
3040
* fix(actions): run TransferLogs on UpdateLog{Rows:[], NoMore:true} (#37631)
31-
* fix(deps): update dependency mermaid to v11.15.0 [security], add e2e test
3241
* fix show correct mergebase
33-
* fix(packages): Add label for private and internal package and fix composor package source permission check (#37610)
3442
* fix: make clone URL respect public URL detection setting (#37615)
35-
* chore(deps): bump go-git/go-git/v5 to 5.19.0 (#37608)
3643
* fix: "run as root" check (#37622)
3744
* chore(deps): update dependency go to v1.26.3 (#37601)
3845
* Compare dropdown fails when selecting branch with no common merge-base (#37470)
3946
* fix: treat email addresses case-insensitively (#37600)
4047
* fix(actions): fix blank lines after ::endgroup:: (#37597)
41-
* fix(git): Fix smart http request scope bug (#37583)
4248
* fix(actions): report individual step status in workflow job API response (#37592)
4349
* fix: Invalid UTF-8 commit messages in JSON API responses (#37542)
4450
* fix: use consistent GetUser family functions (#37553)
@@ -51,15 +57,11 @@ been added to each release, please refer to the [blog](https://blog.gitea.com).
5157
* Fix merge autodetect can't close other PRs but only the last one when multiple PRs are pushed at once (#37512) (#37516)
5258
* Fix update branch protection order (#37508) (#37513)
5359
* Fix mCaptcha broken after Vite migration (#37492) (#37509)
54-
* Fix basic auth bug (#37503)
5560
* Fix review submission from single-commit PR view (#37475) (#37485)
56-
* Fix allow maintainer edit permission check (#37479) (#37484)
57-
* Fix URL sanitization to handle schemeless credentials (#37440) (#37471)
5861
* Fix scheduled action panic with null event payload (#37459) (#37466)
5962
* Make GetPossibleUserByID can handle deleted user (#37430) (#37431)
6063
* Remove excessive quote from terraform instructions (#37424) (#37426)
6164
* Fix color regressions, add `priority` color (#37417) (#37421)
62-
* Fix attachment Content-Security-Policy (#37455) (#37464)
6365

6466
* MISC
6567
* Add CurrentURL template variable back (#37444) (#37449)

0 commit comments

Comments
 (0)