* BREAKING
* Make app.ini permissions more restrictive (#16266)
* Refactor Webhook + Add X-Hub-Signature (#16176)
* Add asymmetric JWT signing (#16010)
* Clean-up the settings hierarchy for issue_indexer queue (#16001)
* Change default queue settings to be low go-routines (#15964)
* Improve assets handler middleware (#15961)
* Rename StaticUrlPrefix to AssetUrlPrefix (#15779)
* Use a generic markup class to display externally rendered files and diffs (#15735)
* Add frontend testing, require node 12 (#15315)
* Move (custom) assets into subpath `/assets` (#15219)
* Use level config in log section when sub log section not set level (#15176)
* Links in markdown should be absolute to the repository not the server (#15088)
* Upgrade to the latest version of golang-jwt (#16590) (#16606)
* Set minimum supported version of go to 1.16 (#16710)
* SECURITY
* Encrypt LDAP bind password in db with SECRET_KEY (#15547)
* Remove random password in Dockerfiles (#15362)
* Upgrade to the latest version of golang-jwt and increase minimum go to 1.15 (#16590) (#16606)
* Correctly create of git-daemon-export-ok files (#16508) (#16514)
* Don't show private user's repo in explore view (#16550) (#16554)
* Update node tar dependency to 6.1.6 (#16622) (#16623)
* FEATURES
* Update Go-Git to take advantage of LargeObjectThreshold (#16316)
* Support custom mime type mapping for text files (#16304)
* Link to previous blames in file blame page (#16259)
* Add LRU mem cache implementation (#16226)
* Localize Email Templates (#16200)
* Make command in authorized keys a template (#16003)
* Add possibility to make branch in branch page (#15960)
* Add email headers (#15939)
* Make tasklist checkboxes clickable (#15791)
* Add selecting tags on the compare page (#15723)
* Add cron job to delete old actions from database (#15688)
* On open repository open common cat file batch and batch-check (#15667)
* Add tag protection (#15629)
* Add push to remote mirror repository (#15157)
* Add Image Diff for SVG files (#14867)
* Add dashboard milestone search and repo milestone search by name. (#14866)
* Add LFS Migration and Mirror (#14726)
* Improve notifications for WIP draft PR's (#14663)
* Disable Stars config option (#14653)
* GPG Key Ownership verification with Signed Token (#14054)
* OAuth2 auto-register (#5123)
* API
* Return updated repository when changing repository using API (#16420)
* Let branch/tag name be a valid ref to get CI status (#16400)
* Add endpoint to get commits of PR (#16300)
* Allow COMMENT reviews to not specify a body (#16229)
* Add subject-type filter to list notification API endpoints (#16177)
* ListReleases add filter for draft and pre-releases (#16175)
* ListIssues add more filters (#16174)
* Issue Search Add filter for MilestoneNames (#16173)
* GET / SET User Settings (#16169)
* Expose repo.GetReviewers() & repo.GetAssignees() (#16168)
* User expose counters (#16167)
* Add repoGetTag (#16166)
* Add repoCreateTag (#16165)
* Creating a repo from a template repo via API (#15958)
* Add Active and ProhibitLogin to API (#15689)
* Add Location, Website and Description to API (#15675)
* Expose resolver via API (#15167)
* Swagger AccessToken fixes (#16574) (#16597)
* Set AllowedHeaders on API CORS handler (#16524) (#16618)
* ENHANCEMENTS
* Support HTTP/2 in Let's Encrypt (#16371)
* Introduce NotifySubjectType (#16320)
* Add forge emojies (#16296)
* Implemented head_commit for webhooks (#16282)
* Upgrade Gliderlabs SSH to 0.3.3 and add FailedConnectionCallback (#16278)
* Add previous/next buttons to review comments (#16273)
* Review comments: break-word for long file names (#16272)
* Add configuration to restrict allowed user visibility modes (#16271)
* Add scroll-margin-top to account for sticky header (#16269)
* Add --quiet and --verbose to gitea web to control initial logging (#16260)
* Use gitea logging module for git module (#16243)
* Add tests for all webhooks (#16214)
* Add button to delete undeleted repositories from failed migrations (#16197)
* Speed up git diff highlight generation (#16180)
* Add OpenID claims "profile" and "email". (#16141)
* Reintroduce squash merge default comment as a config setting (#16134)
* Add sanitizer rules per renderer (#16110)
* Improve performance of dashboard list orgs (#16099)
* Refactor assert statements in tests (#16089)
* Add sso.Group, context.Auth, context.APIAuth to allow auth special routes (#16086)
* Remove unnecessary goroutine (#16080)
* Add attachments for PR reviews (#16075)
* Make the github migration less rate limit waiting to get comment per page from repository but not per issue (#16070)
* Add Visible modes function from Organisation to Users too (#16069)
* Add checkbox to delete pull branch after successful merge (#16049)
* Make commit info cancelable (#16032)
* Make modules/context.Context a context.Context (#16031)
* Unified custom config creation (#16012)
* Make sshd_config more flexible regarding connections (#16009)
* Append to existing trailers in generated squash commit message (#15980)
* Always store primary email address into email_address table and also the state (#15956)
* Load issue/PR context popup data only when needed (#15955)
* Remove remaining fontawesome usage in templates (#15952)
* Remove fomantic accordion module (#15951)
* Small refactoring of modules/private (#15947)
* Double the avatar size factor (#15941)
* Add curl to rootless docker image (#15908)
* Replace clipboard.js with async clipboard api (#15899)
* Allow custom highlight mapping beyond file extensions (#15808)
* Add trace logging to SSO methods (#15803)
* Refactor routers directory (#15800)
* Allow only internal registration (#15795)
* Add a new internal hook to save ssh log (#15787)
* Respect default merge message syntax when parsing item references (#15772)
* OAuth2 login: Set account link to "login" as default behavior (#15768)
* Use single shared random string generation function (#15741)
* Hold the event source when there are no listeners (#15725)
* Code comments improvements (#15722)
* Provide OIDC compliant user info endpoint (#15721)
* Fix webkit calendar icon color on arc-green (#15713)
* Improve Light Chroma style (#15699)
* Only use boost workers for leveldb shadow queues (#15696)
* Add compare tag dropdown to releases page (#15695)
* Add caret styling CSS (#15651)
* Remove x-ua-compatible meta tag (#15640)
* Refactor of link creation (#15619)
* Add a new table issue_index to store the max issue index so that issue could be deleted with no duplicated index (#15599)
* Rewrite of the LFS server (#15523)
* Display more repository type on admin repository management (#15440)
* Remove usage of some JS globals (#15378)
* SHA in merged commit comment should be rendered ui sha (#15376)
* Add well-known config for OIDC (#15355)
* Use route rather than use thus reducing the number of stack frames (#15301)
* Code Formats, Nits & Unused Func/Var deletions (#15286)
* Let package git depend on setting but not opposite (#15241)
* Fixed sanitize errors (#15240)
* response simple text message for not html request when 404 (#15229)
* Remove file-loader dependency (#15196)
* Refactor renders (#15175)
* Add mimetype mapping settings (#15133)
* Add Status Updates whilst Gitea migrations are occurring (#15076)
* Reload locales in initialisation if needed by utilizing i18n.Reset (#15073)
* Counterwork seemingly unclickable repo button labels (#15064)
* Add DefaultMergeStyle option to repository (#14789)
* Added support for gopher URLs. (#14749)
* Rework repository archive (#14723)
* Add links to toggle WIP status (#14677)
* Add Tabular Diff for CSV files (#14661)
* Use milestone deadline when sorting issues (#14551)
* BUGFIXES
* Fix invalid params and typo of email templates (#16394)
* Fix activation of primary email addresses (#16385)
* Fix calculation for finalPage in repo-search component (#16382)
* Specify user in rootless container numerically (#16361)
* Detect encoding changes while parsing diff (#16330)
* Fix U2F error reasons always hidden (#16327)
* Prevent zombie processes (#16314)
* Escape reference to `user` table in models.SearchEmails (#16313)
* Fix default push instructions on empty repos (#16302)
* Fix modified files list in webhooks when there is a space (#16288)
* Fix webhook commits wrong hash on HEAD reset (#16283)
* Fuzzer finds an NPE due to incorrect URLPrefix (#16249)
* Don't WARN log UserNotExist errors on ExternalUserLogin failure (#16238)
* Do not show No match found for tribute (#16231)
* Fix "Copy Link" for pull requests (#16230)
* Fix diff expansion is missing final line in a file (#16222)
* Fix private repo permission problem (#16142)
* Fix not able to update local created non-urlencoded wiki pages (#16139)
* More efficiently parse shas for shaPostProcessor (#16101)
* Fix `doctor --run check-db-consistency --fix` with label fix (#16094)
* Prevent webhook action buttons from shifting (#16087)
* Change default TMPDIR path in rootless containers (#16077)
* Fix typo and add TODO notice (#16064)
* Use git log name-status in get last commit (#16059)
* Fix 500 Error with branch and tag sharing the same name (#16040)
* Fix get tag when migration (#16014)
* Add custom emoji support (#16004)
* Use filepath.ToSlash and Join in indexer defaults and queues (#15971)
* Add permission check for ``GenerateRepository`` (#15946)
* Ensure settings for Service and Mailer are read on the install page (#15943)
* Fix layout of milestone view (#15927)
* Unregister non-matching serviceworkers (#15834)
* Multiple Queue improvements: LevelDB Wait on empty, shutdown empty shadow level queue, reduce goroutines etc (#15693)
* Attachment support repository route (#15580)
* Fix missing icons and colorpicker when mounted on suburl (#15501)
* Create a session on ReverseProxy and ensure that ReverseProxy users cannot change username (#15304)
* Prevent double-login for Git HTTP and LFS and simplify login (#15303)
* Resolve Object { type: "error", data: undefined } in stopwatch.js (#15278)
* Fix heatmap activity (#15252)
* Remove vendored copy of fomantic-dropdown (#15193)
* Update repository size on cron gc task (#15177)
* Add NeedPostProcess for Parser interface to improve performance of csv parser and some external parser (#15153)
* Add code block highlight to orgmode back (#14222)
* Remove User.GetOrganizations() (#14032)
* Restore Accessibility for Dropdown (#16576) (#16617)
* Pass down SignedUserName down to AccessLogger context (#16605) (#16616)
* Fix table alignment in markdown (#16596) (#16602)
* Fix 500 on first wiki page (#16586) (#16598)
* Lock goth/gothic and Re-attempt OAuth2 registration on login if registration failed at startup (#16564) (#16570)
* Upgrade levelqueue to v0.4.0 (#16560) (#16561)
* Handle too long PR titles correctly (#16517) (#16549)
* Fix data race in bleve indexer (#16474) (#16509)
* Restore CORS on git smart http protocol (#16496) (#16506)
* Fix race in log (#16490) (#16505)
* Fix prepareWikiFileName to respect existing unescaped files (#16487) (#16498)
* Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end (#16479) (#16480)
* Update notification table with only latest data (#16445) (#16469)
* Fix crash following ldap authentication update (#16447) (#16448)
* Fix direct creation of external users on admin page (partial #16612) (#16613)
* Prevent 500 on draft releases without tag (#16634) (#16636)
* Restore creation of git-daemon-export-ok files (#16508) (#16514)
* Fix data race in bleve indexer (#16474) (#16509)
* Restore CORS on git smart http protocol (#16496) (#16506)
* Fix race in log (#16490) (#16505)
* Fix prepareWikiFileName to respect existing unescaped files (#16487) (#16498)
* Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end (#16479) (#16480)
* Update notification table with only latest data (#16445) (#16469)
* Fix crash following ldap authentication update (#16447) (#16448)
* Restore compatibility with SQLServer 2008 R2 in migrations (#16638)
* Fix direct creation of external users on admin page (#16613)
* Fix go-git implementation of GetNote when passed a non-existent commit (#16658) (#16659)
* Fix NPE in fuzzer (#16680) (#16682)
* Set issue_index when finishing migration (#16685) (#16687)
* Skip patch download when no patch file exists (#16356) (#16681)
* Ensure empty lines are copiable and final new line too (#16678) (#16692)
* Fix wrong user in OpenID response (#16736) (#16741)
* Do not use thin scrollbars on Firefox (#16738) (#16745)
* Recreate Tables should Recreate indexes on MySQL (#16718) (#16739)
* Keep attachments on tasklist update (#16750) (#16757)
* TESTING
* Bump `postgres` and `mysql` versions (#15710)
* Add tests for clone from wiki (#15513)
* Fix Benchmark tests, remove a broken one & add two new (#15250)
* Create Proper Migration tests (#15116)
* TRANSLATION
* Use a special name for update default branch on repository setting (#15893)
* Fix mirror_lfs source string in en-US locale (#15369)
* BUILD
* Upgrade xorm to v1.1.1 (#16339)
* Disable legal comments in esbuild (#15929)
* Switch to Node 16 to build fronted (#15804)
* Use esbuild to minify CSS (#15756)
* Use binary version of revive linter (#15739)
* Fix: npx webpack make: *** [Makefile:699: public/js/index.js] Error -… (#15465)
* Stop packaging node_modules in release tarballs (#15273)
* Introduce esbuild on webpack (#14578)
* DOCS
* Update queue workers documentation (#15999)
* Comment out app.example.ini (#15807)
* Improve logo customization docs (#15754)
* Add some response status on api docs (#15399)
* Rework Token API comments (#15162)
* Add better errors for disabled account recovery (#15117)
* MISC
* Remove utf8 option from installation page (#16126)
* Use Wants= over Requires= in systemd file (#15897)
-----BEGIN PGP SIGNATURE-----