-
Gravity Bot released this
2026-03-14 01:49:27 +00:00 | 10 commits to main since this releaseUpstream: Forgejo 14.0.2 → 14.0.3
Security Fixes (7)
- PKCE OAuth validation for S256 algorithm
- OAuth Bearer token scope enforcement via HTTP basic auth
- Attachment permission checks on web endpoints
- Release notification access control for removed/inactive users
- Project state modification permission checks (open/closed via IDOR)
- PR automerge cancellation permission checks
- Post-login redirect path traversal prevention
Bug Fixes
- Search sort options / syntax hints
- Modal display on small viewports, input fields in table/link insertion modals
- Label overflow in PR CI checks on mobile
- /v2 endpoint basic auth + WWW-Authenticate headers
- GitLab import crashes (issues + releases with 4+ assets)
- MR number remapping in GitLab comment imports
- Multi-platform container image cleanup
- Dynamic matrix 'needs' access restoration
- SQLite "database is locked" timeout defaults
- Atom feed compare link generation (absolute URLs)
- Repo avatar upload behavior
- RPM registry instructions
- dbfs error diagnostics
- Action job approval handling
Maintenance
- Go updated to v1.25.8
- Dependency security updates (svgo, circl, minimatch, webpack, chi)
Fork: Neptune Forgejo
All 10 custom template overrides verified compatible — no changes needed.
Custom features verified:
- Catppuccin themes (4 flavors × 14 accents + auto variants)
- Theme preview & review system (user + admin)
- Copy Logs + Expand/Collapse All (action runs)
- Fetch & Switch buttons (clone panel, branch list, PR header)
- PR checkout button
- Custom branding (Bros Ninja logo/favicon)
- Footer version badge
- Action runner (v6)
Infrastructure
- Added
publish.ymlCI workflow for automated tag creation and release promotion - Added
VERSIONfile for version detection
Tasks
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads