gitea v1.22.4 版本更新介绍

发布日期: 2024-11-25
版本号: v1.22.4

本次更新主要涉及安全修复、性能优化及多项错误修复。安全方面修复了基础认证与WebAuthn的兼容性问题，并优化了内部路由机制。性能方面移除了归档下载的事务处理以提升效率。错误修复涵盖Docker镜像拉取签名缺失、权限校验异常、子模块解析问题、API创建PR失败、界面菜单显示错误、定时任务清理异常等多个模块，同时完善了OpenID规范支持及日志提示功能。其他改进包括冗余代码清理、开发环境更新及用户登录提示优化。部署于Gitea Cloud的实例将在维护窗口自动升级至此版本。

更新内容 （中文）

• 安全
  • 修复结合 WebAuthn 的基础认证 (#32531) (#32536)
  • 重构内部路由逻辑（部分回溯移植，认证令牌常量时间比较）(#32473) (#32479)
• 性能
  • 移除归档下载的事务处理 (#32186) (#32520)
• 错误修复
  • 修复启用 SERVE_DIRECT 时拉取 Docker 镜像出现 missing signature key 错误的问题 (#32365) (#32397)
  • 修复选择无拉取请求权限单元用户时获取审阅者失败的问题 (#32415) (#32616)
  • 修复向临时目录添加索引文件的问题 (#32360) (#32593)
  • 修复通过 API 在复刻仓库创建 PR 的问题 (#31863) (#32591)
  • 修复组织项目视图页面缺失菜单选项卡的问题 (#32313) (#32592)
  • 支持向 \/userinfo 发送 HTTP POST 请求，遵循 OpenID Core 规范 (#32578) (#32594)
  • 修复 Debian 包清理定时任务 (#32351) (#32590)
  • 修复 GetInactiveUsers 方法 (#32540) (#32588)
  • 允许 actions 用户通过 JWT 令牌登录 (#32527) (#32580)
  • 修复子模块解析问题 (#32571) (#32577)
  • 重构复刻查找逻辑并修复可能弱化权限检查的缺陷 (#32528) (#32547)
  • 修复部分未遵循组织全名设置的场景 (#32243) (#32550)
  • 重构推送镜像查找逻辑并添加更新检查 (#32539) (#32549)
  • 修复结合 WebAuthn 的基础认证问题（重复条目）(#32531) (#32536)
  • 修复 v4 版本大于 8MB 的构件上传问题 (#31664) (#32523)
  • 修复 OAuth2 错误处理未立即返回的问题 (#32514) (#32516)
  • 修复提交信息过长时未触发动作的问题 (#32498) (#32507)
  • 修复启用 Actions 的仓库被删除后仪表板动态页面的 GetRepoLink 空指针异常 (#32501) (#32502)
  • 修复启用 SERVE_DIRECT 时拉取 Docker 镜像出现 missing signature key 错误的问题（重复条目）(#32397) (#32397)
  • 修复用户搜索 API 权限检查并限制 \/user\/search 返回用户数量 (#32310)
  • 修复 SearchIssues 接口的 Swagger 文档 (#32208) (#32298)
  • 修复下拉内容溢出问题 (#31610) (#32250)
  • 禁用 OAuth 检查当 OAuth 未启用时 (#32368) (#32480)
  • 适配 Cargo 注册表的重命名依赖项 (#32430) (#32478)
  • 修复初始隐藏时 Mermaid 图表高度异常 (#32457) (#32464)
  • 修复重新推送标签时版本发布损坏的问题 (#32435) (#32449)
  • 为 Discord Webhook 推送事件仅提供提交摘要 (#32432) (#32447)
  • 获取分配者时仅在组织仓库下查询团队表 (#32414) (#32426)
  • 修复镜像仓库的 created_unix 时间戳 (#32342) (#32406)
  • 重新适配 UI.ExploreDefaultSort 设置 (#32357) (#32385)
  • 修复编辑含非图片附件评论时图片损坏问题 (#32319) (#32345)
  • 修复禁用两步验证的缺陷 (#32320) (#32330)
  • 创建构件时始终更新过期时间 (#32281) (#32285)
  • 修复会话持有者空指针异常 (#32258) (#32266) (#32282)
  • 仅当用户应接收不同名称时执行重命名 (#32247) (#32249)
  • 修复私有/归档过滤器的复选框问题 (#32236) (#32240)
  • 添加禁用镜像仓库 Actions 单元的医生检查 (#32424) (#32497)
  • 快速修复里程碑截止日期 9999 问题 (#32423)
  • 使 show stats 在仅修改单个文件时正常工作 (#32244) (#32268)
  • 使 owner\/repo\/pulls 接口使用 PR 读取权限 (#32254) (#32265)
  • 即使由 ActionsUser 推送变更也更新计划任务 (#32246) (#32252)
• 其他
  • 移除冗余代码：所有仓库页面调用的 GetPushMirrorsByRepoID (#32560) (#32567)
  • 优化部分内容过滤规则 (#32534)
  • 更新 v1.22.x 的 Nix 开发环境 (#32495)
  • 删除非活跃用户时添加警告日志 (#32318) (#32321)
  • 升级 github.com/go-enry/go-enry 至 v2.9.1 (#32295) (#32296)
  • 当用户尝试使用非根 URL 登录/注册时显示警告 (#32272) (#32273)

Gitea 云服务 上的实例将在指定维护窗口期间自动升级至该版本。

更新内容 （原始）

• SECURITY
  • Fix basic auth with webauthn (#32531) (#32536)
  • Refactor internal routers (partial backport, auth token const time comparing) (#32473) (#32479)
• PERFORMANCE
  • Remove transaction for archive download (#32186) (#32520)
• BUGFIXES
  • Fix missing signature key error when pulling Docker images with SERVE_DIRECT enabled (#32365) (#32397)
  • Fix get reviewers fails when selecting user without pull request permissions unit (#32415) (#32616)
  • Fix adding index files to tmp directory (#32360) (#32593)
  • Fix PR creation on forked repositories via API (#31863) (#32591)
  • Fix missing menu tabs in organization project view page (#32313) (#32592)
  • Support HTTP POST requests to /userinfo, aligning to OpenID Core specification (#32578) (#32594)
  • Fix debian package clean up cron job (#32351) (#32590)
  • Fix GetInactiveUsers (#32540) (#32588)
  • Allow the actions user to login via the jwt token (#32527) (#32580)
  • Fix submodule parsing (#32571) (#32577)
  • Refactor find forks and fix possible bugs that weaken permissions check (#32528) (#32547)
  • Fix some places that don’t respect org full name setting (#32243) (#32550)
  • Refactor push mirror find and add check for updating push mirror (#32539) (#32549)
  • Fix basic auth with webauthn (#32531) (#32536)
  • Fix artifact v4 upload above 8MB (#31664) (#32523)
  • Fix oauth2 error handle not return immediately (#32514) (#32516)
  • Fix action not triggered when commit message is too long (#32498) (#32507)
  • Fix GetRepoLink nil pointer dereference on dashboard feed page when repo is deleted with actions enabled (#32501) (#32502)
  • Fix missing signature key error when pulling Docker images with SERVE_DIRECT enabled (#32397) (#32397)
  • Fix the permission check for user search API and limit the number of returned users for /user/search (#32310)
  • Fix SearchIssues swagger docs (#32208) (#32298)
  • Fix dropdown content overflow (#31610) (#32250)
  • Disable Oauth check if oauth disabled (#32368) (#32480)
  • Respect renamed dependencies of Cargo registry (#32430) (#32478)
  • Fix mermaid diagram height when initially hidden (#32457) (#32464)
  • Fix broken releases when re-pushing tags (#32435) (#32449)
  • Only provide the commit summary for Discord webhook push events (#32432) (#32447)
  • Only query team tables if repository is under org when getting assignees (#32414) (#32426)
  • Fix created_unix for mirroring (#32342) (#32406)
  • Respect UI.ExploreDefaultSort setting again (#32357) (#32385)
  • Fix broken image when editing comment with non-image attachments (#32319) (#32345)
  • Fix disable 2fa bug (#32320) (#32330)
  • Always update expiration time when creating an artifact (#32281) (#32285)
  • Fix null errors on conversation holder (#32258) (#32266) (#32282)
  • Only rename a user when they should receive a different name (#32247) (#32249)
  • Fix checkbox bug on private/archive filter (#32236) (#32240)
  • Add a doctor check to disable the “Actions” unit for mirrors (#32424) (#32497)
  • Quick fix milestone deadline 9999 (#32423)
  • Make show stats work when only one file changed (#32244) (#32268)
  • Make owner/repo/pulls handlers use “PR reader” permission (#32254) (#32265)
  • Update scheduled tasks even if changes are pushed by “ActionsUser” (#32246) (#32252)
• MISC
  • Remove unnecessary code: GetPushMirrorsByRepoID called on all repo pages (#32560) (#32567)
  • Improve some sanitizer rules (#32534)
  • Update nix development environment vor v1.22.x (#32495)
  • Add warn log when deleting inactive users (#32318) (#32321)
  • Update github.com/go-enry/go-enry to v2.9.1 (#32295) (#32296)
  • Warn users when they try to use a non-root-url to sign in/up (#32272) (#32273)

Instances on Gitea Cloud will be automatically upgraded to this version during the specified maintenance window.

下载链接

• gitea-1.22.4-darwin-10.12-amd64
• gitea-1.22.4-darwin-10.12-amd64.asc
• gitea-1.22.4-darwin-10.12-amd64.sha256
• gitea-1.22.4-darwin-10.12-amd64.sha256.asc
• gitea-1.22.4-darwin-10.12-amd64.xz
• gitea-1.22.4-darwin-10.12-amd64.xz.asc
• gitea-1.22.4-darwin-10.12-amd64.xz.sha256
• gitea-1.22.4-darwin-10.12-amd64.xz.sha256.asc
• gitea-1.22.4-darwin-10.12-arm64
• gitea-1.22.4-darwin-10.12-arm64.asc
• gitea-1.22.4-darwin-10.12-arm64.sha256
• gitea-1.22.4-darwin-10.12-arm64.sha256.asc
• gitea-1.22.4-darwin-10.12-arm64.xz
• gitea-1.22.4-darwin-10.12-arm64.xz.asc
• gitea-1.22.4-darwin-10.12-arm64.xz.sha256
• gitea-1.22.4-darwin-10.12-arm64.xz.sha256.asc
• gitea-1.22.4-gogit-windows-4.0-386.exe
• gitea-1.22.4-gogit-windows-4.0-386.exe.asc
• gitea-1.22.4-gogit-windows-4.0-386.exe.sha256
• gitea-1.22.4-gogit-windows-4.0-386.exe.sha256.asc
• gitea-1.22.4-gogit-windows-4.0-386.exe.xz
• gitea-1.22.4-gogit-windows-4.0-386.exe.xz.asc
• gitea-1.22.4-gogit-windows-4.0-386.exe.xz.sha256
• gitea-1.22.4-gogit-windows-4.0-386.exe.xz.sha256.asc
• gitea-1.22.4-gogit-windows-4.0-amd64.exe
• gitea-1.22.4-gogit-windows-4.0-amd64.exe.asc
• gitea-1.22.4-gogit-windows-4.0-amd64.exe.sha256
• gitea-1.22.4-gogit-windows-4.0-amd64.exe.sha256.asc
• gitea-1.22.4-gogit-windows-4.0-amd64.exe.xz
• gitea-1.22.4-gogit-windows-4.0-amd64.exe.xz.asc
• gitea-1.22.4-gogit-windows-4.0-amd64.exe.xz.sha256
• gitea-1.22.4-gogit-windows-4.0-amd64.exe.xz.sha256.asc
• gitea-1.22.4-linux-amd64
• gitea-1.22.4-linux-amd64.asc
• gitea-1.22.4-linux-amd64.sha256
• gitea-1.22.4-linux-amd64.sha256.asc
• gitea-1.22.4-linux-amd64.xz
• gitea-1.22.4-linux-amd64.xz.asc
• gitea-1.22.4-linux-amd64.xz.sha256
• gitea-1.22.4-linux-amd64.xz.sha256.asc
• gitea-1.22.4-linux-arm-5
• gitea-1.22.4-linux-arm-5.asc
• gitea-1.22.4-linux-arm-5.sha256
• gitea-1.22.4-linux-arm-5.sha256.asc
• gitea-1.22.4-linux-arm-5.xz
• gitea-1.22.4-linux-arm-5.xz.asc
• gitea-1.22.4-linux-arm-5.xz.sha256
• gitea-1.22.4-linux-arm-5.xz.sha256.asc
• gitea-1.22.4-linux-arm-6
• gitea-1.22.4-linux-arm-6.asc
• gitea-1.22.4-linux-arm-6.sha256
• gitea-1.22.4-linux-arm-6.sha256.asc
• gitea-1.22.4-linux-arm-6.xz
• gitea-1.22.4-linux-arm-6.xz.asc
• gitea-1.22.4-linux-arm-6.xz.sha256
• gitea-1.22.4-linux-arm-6.xz.sha256.asc
• gitea-1.22.4-linux-arm64
• gitea-1.22.4-linux-arm64.asc
• gitea-1.22.4-linux-arm64.sha256
• gitea-1.22.4-linux-arm64.sha256.asc
• gitea-1.22.4-linux-arm64.xz
• gitea-1.22.4-linux-arm64.xz.asc
• gitea-1.22.4-linux-arm64.xz.sha256
• gitea-1.22.4-linux-arm64.xz.sha256.asc
• gitea-1.22.4-windows-4.0-386.exe
• gitea-1.22.4-windows-4.0-386.exe.asc
• gitea-1.22.4-windows-4.0-386.exe.sha256
• gitea-1.22.4-windows-4.0-386.exe.sha256.asc
• gitea-1.22.4-windows-4.0-386.exe.xz
• gitea-1.22.4-windows-4.0-386.exe.xz.asc
• gitea-1.22.4-windows-4.0-386.exe.xz.sha256
• gitea-1.22.4-windows-4.0-386.exe.xz.sha256.asc
• gitea-1.22.4-windows-4.0-amd64.exe
• gitea-1.22.4-windows-4.0-amd64.exe.asc
• gitea-1.22.4-windows-4.0-amd64.exe.sha256
• gitea-1.22.4-windows-4.0-amd64.exe.sha256.asc
• gitea-1.22.4-windows-4.0-amd64.exe.xz
• gitea-1.22.4-windows-4.0-amd64.exe.xz.asc
• gitea-1.22.4-windows-4.0-amd64.exe.xz.sha256
• gitea-1.22.4-windows-4.0-amd64.exe.xz.sha256.asc
• gitea-docs-1.22.4.tar.gz
• gitea-docs-1.22.4.tar.gz.asc
• gitea-docs-1.22.4.tar.gz.sha256
• gitea-docs-1.22.4.tar.gz.sha256.asc
• gitea-src-1.22.4.tar.gz
• gitea-src-1.22.4.tar.gz.asc
• gitea-src-1.22.4.tar.gz.sha256
• gitea-src-1.22.4.tar.gz.sha256.asc