Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package forgejo for openSUSE:Factory checked 
in at 2024-06-17 19:29:50
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/forgejo (Old)
 and      /work/SRC/openSUSE:Factory/.forgejo.new.19518 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "forgejo"

Mon Jun 17 19:29:50 2024 rev:8 rq:1181170 version:7.0.4

Changes:
--------
--- /work/SRC/openSUSE:Factory/forgejo/forgejo.changes  2024-05-23 
15:35:53.628994975 +0200
+++ /work/SRC/openSUSE:Factory/.forgejo.new.19518/forgejo.changes       
2024-06-17 19:30:21.452148313 +0200
@@ -1,0 +2,31 @@
+Sun Jun 16 12:52:27 UTC 2024 - Richard Rahl <rra...@disroot.org>
+
+- update to 7.0.4:
+  * Fixed: CVE-2024-24789: the archive/zip package's handling of certain types
+    of invalid zip files differs from the behavior of most zip implementations.
+    This misalignment could be exploited to create an zip file with contents 
that
+    vary depending on the implementation reading the file.
+  * the OAuth2 implementation does not always require authentication for public
+    clients, a requirement of RFC 6749 Section 10.2
+  * forgejo migrate-storage --type actions-artifacts always fails because it 
picks the wrong path.
+  * avatar files can be found in storage while they do not exist in the 
database.
+  * repository admins are always denied the right to force merge and instance 
admins
+    are subject to restrictions to merge that must only apply to repository 
admins.
+  * non conformance with the Nix tarball fetcher immutable link protocol.
+  * migrated activities (such as reviews) are mapped to the user who initiated 
the
+    migration rather than the Ghost user, if the external user cannot be 
mapped to a
+    local one. This mapping mismatch leads to internal server errors in some 
cases.
+  *  a v7.0.0 regression causes 
[admin].SEND_NOTIFICATION_EMAIL_ON_NEW_USER=true to always be ignored.
+  * using a subquery for user deletion is a performance bottleneck when using 
mariadb 10
+    because only mariadb 11 takes advantage of the available index.
+  * a v7.0.3 regression causes the expanding diffs in pull requests to fail 
with a 404 error.
+  * SourceHut Builds webhook fail when the triggers field is used.
+  * the label list rendering in the issue and pull request timeline is 
displayed on
+    multiple lines instead of a single one.
+  * Git hooks of this repository seem to be broken." warning when pushing more 
than one branch at a time.
+  * automerge does not happen when the approval count reaches the required 
threshold.
+  * the FORCE_PRIVATE=true setting is not consistently enforced.
+  * CSRF validation errors when OAuth is not enabled.
+  * headlines in rendered org-mode do not have a margin on the top
+
+-------------------------------------------------------------------

Old:
----
  forgejo-src-7.0.3.tar.gz
  forgejo-src-7.0.3.tar.gz.asc

New:
----
  forgejo-src-7.0.4.tar.gz
  forgejo-src-7.0.4.tar.gz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ forgejo.spec ++++++
--- /var/tmp/diff_new_pack.7TeoTi/_old  2024-06-17 19:30:23.820234982 +0200
+++ /var/tmp/diff_new_pack.7TeoTi/_new  2024-06-17 19:30:23.824235128 +0200
@@ -30,7 +30,7 @@
 %endif
 %endif
 Name:           forgejo
-Version:        7.0.3
+Version:        7.0.4
 Release:        0
 Summary:        Self-hostable forge
 License:        MIT

++++++ forgejo-src-7.0.3.tar.gz -> forgejo-src-7.0.4.tar.gz ++++++
/work/SRC/openSUSE:Factory/forgejo/forgejo-src-7.0.3.tar.gz 
/work/SRC/openSUSE:Factory/.forgejo.new.19518/forgejo-src-7.0.4.tar.gz differ: 
char 19, line 1

Reply via email to