This release fixes two security issues and 21 bugs. Release notes: https://blog.gitea.io/2020/11/gitea-1.12.6-is-released/
Created attachment 219862 [details] patch to update gitea port to 1.12.6
Created attachment 219863 [details] patch for vuxml for the two vulns
A commit references this bug: Author: adamw Date: Sun Nov 22 15:48:14 UTC 2020 New revision: 556058 URL: https://svnweb.freebsd.org/changeset/ports/556058 Log: www/gitea: Update to 1.12.6 SECURITY Prevent git operations for inactive users (#13527) (#13537) Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13525) BUGFIXES API should only return Json (#13511) (#13564) Fix before and since query arguments at API (#13559) (#13560) Prevent panic on git blame by limiting lines to 4096 bytes at most (#13470) (#13492) Fix link detection in repository description with tailing ?_? (#13407) (#13408) Remove obsolete change of email on profile page (#13341) (#13348) Fix permission check on get Reactions API endpoints (#13344) (#13346) Add migrated pulls to pull request task queue (#13331) (#13335) API deny wrong pull creation options (#13308) (#13327) Fix initial commit page & binary munching problem (#13249) (#13259) Fix diff parsing (#13157) (#13136) (#13139) Return error 404 not 500 from API if team does not exist (#13118) (#13119) Prohibit automatic downgrades (#13108) (#13111) Fix GitLab Migration Option AuthToken (#13101) GitLab Label Color Normalizer (#12793) (#13100) Log the underlying panic in runMigrateTask (#13096) (#13098) Fix attachments list in edit comment (#13036) (#13097) Fix deadlock when deleting team user (#13093) Fix error create comment on outdated file (#13041) (#13042) Fix repository create/delete event webhooks (#13008) (#13027) Fix internal server error on README in submodule (#13006) (#13016) PR: 251296 Submitted by: maintainer MFH: 2020Q4 Security: https://github.com/go-gitea/gitea/pull/13527 https://github.com/go-gitea/gitea/pull/13521 Changes: head/www/gitea/Makefile head/www/gitea/distinfo
A commit references this bug: Author: adamw Date: Sun Nov 22 15:51:09 UTC 2020 New revision: 556060 URL: https://svnweb.freebsd.org/changeset/ports/556060 Log: MFH: r552525 r556058 Approved by: portmgr (with hat) www/gitea: Update to 1.12.5 Changes: https://github.com/go-gitea/gitea/releases/tag/v1.12.5 PR: 250372 Approved by: maintainer www/gitea: Update to 1.12.6 SECURITY Prevent git operations for inactive users (#13527) (#13537) Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13525) BUGFIXES API should only return Json (#13511) (#13564) Fix before and since query arguments at API (#13559) (#13560) Prevent panic on git blame by limiting lines to 4096 bytes at most (#13470) (#13492) Fix link detection in repository description with tailing ?_? (#13407) (#13408) Remove obsolete change of email on profile page (#13341) (#13348) Fix permission check on get Reactions API endpoints (#13344) (#13346) Add migrated pulls to pull request task queue (#13331) (#13335) API deny wrong pull creation options (#13308) (#13327) Fix initial commit page & binary munching problem (#13249) (#13259) Fix diff parsing (#13157) (#13136) (#13139) Return error 404 not 500 from API if team does not exist (#13118) (#13119) Prohibit automatic downgrades (#13108) (#13111) Fix GitLab Migration Option AuthToken (#13101) GitLab Label Color Normalizer (#12793) (#13100) Log the underlying panic in runMigrateTask (#13096) (#13098) Fix attachments list in edit comment (#13036) (#13097) Fix deadlock when deleting team user (#13093) Fix error create comment on outdated file (#13041) (#13042) Fix repository create/delete event webhooks (#13008) (#13027) Fix internal server error on README in submodule (#13006) (#13016) PR: 251296 Submitted by: maintainer Security: https://github.com/go-gitea/gitea/pull/13527 https://github.com/go-gitea/gitea/pull/13521 Changes: _U branches/2020Q4/ branches/2020Q4/www/gitea/Makefile branches/2020Q4/www/gitea/distinfo
Update committed and merged to quarterly, and VuXML entry added. Thanks for your work on this!