| CARVIEW |
Select Language
HTTP/2 200
date: Wed, 23 Jul 2025 19:08:19 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
etag: W/"448d6d8b9458b289512b64b94ddd3714"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=Fm%2BLdrmpZ4LhL9KuxNhnU9Q5yGcConYtNpYKytZp57cG6K7qAFYgXIc%2FB1zJQVhgpA8%2BRsKcduSNgdbg3F6RhvZlqObVPZK1PZkYZaR72PBwAAuaVv7Ibv9%2BHoxOykRIle5UzKOKZaB9nDxl1fRSnSHhH%2BtHqisyLFsJVtLxn5l5NjsoFqMASFPcP%2FtE94LMHLyk6lBJtd3f7uQ5IGh2QWzlQAooLCdcm8BwQqWFvD203M2QFtKlyzIkisSDKPGepkfD5JKfVYVFTwiu9wFYNw%3D%3D--vKMjWsOyK%2F%2F%2BWbNS--MQcxy1YdV8n9E9DJINrI5Q%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.400213021.1753297699; Path=/; Domain=github.com; Expires=Thu, 23 Jul 2026 19:08:19 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Thu, 23 Jul 2026 19:08:19 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: B408:60C4C:53A23:689AF:68813323
Release 0.13.2 Β· gogs/gogs Β· GitHub
Loading
Skip to content
Navigation Menu
{{ message }}
-
Notifications
You must be signed in to change notification settings - Fork 5k
0.13.2
Compare
βΉοΈ Heads up! There is a new patch release 0.13.3 available, we recommend directly installing or upgrading to that version.
Warning
Due to changes to the release infrastructure, starting this release and going forward, pam tag will not be included for release archives that previously had it included.
Fixed
- Security: Path Traversal in file editing UI. GHSA-r7j8-5h9c-f6fx
- Security: Path Traversal in file update API. GHSA-qf5v-rp47-55gg
- Security: Argument Injection in the built-in SSH server. GHSA-vm62-9jw3-c8w3
- Security: Deletion of internal files. GHSA-ccqv-43vm-4f3w
- Security: Argument Injection during changes preview. GHSA-9pp6-wq8c-3w2c
- Security: Argument Injection when tagging new releases. GHSA-m27m-h5gj-wwmg
- Use the non-deprecated section name
[email]during installation for email settings. #7704 - Use the non-deprecated section name
[email] PASSWORDduring installation for email password. #7807 - Make purple template label color to actually use the hexcode of purple. #7722
Previous patch releases
0.13.0
Added
- Support using personal access token in the password field. #3866
- An unlisted option is added when create or migrate a repository. Unlisted repositories are public but not being listed for users without direct access in the UI. #5733
- New API endpoint
PUT /repos/:owner/:repo/contents/:pathfor creating and update repository contents. #5967 - New configuration option
[git.timeout] DIFFfor customizing operation timeout ofgit diff. #6315 - New configuration option
[server] SSH_SERVER_MACSfor setting list of accepted MACs for connections to builtin SSH server. #6434 - New configuration option
[repository] DEFAULT_BRANCHfor setting default branch name for new repositories. #7291 - New configuration option
[server] SSH_SERVER_ALGORITHMSfor specifying the list of accepted key exchange algorithms for connections to builtin SSH server. #7345 - Support specifying custom schema for PostgreSQL. #6695
- Support rendering Mermaid diagrams in Markdown. #6776
- Docker: Allow passing extra arguments to the
backupcommand. #7060 - New languages support: Mongolian, Romanian. #6510 #7082
Changed
- The default branch has been changed to
main. #6285 - MSSQL as database backend is deprecated, installation page no longer shows it as an option. Existing installations and manually craft configuration file continue to work. #6295
- Use Task as the build tool. #6297
- The required Go version to compile source code changed to 1.18.
- Access tokens are now stored using their SHA256 hashes instead of raw values. #7008
Fixed
- Unable to use LDAP authentication on ARM machines. #6761
- Unable to choose "Lookup Avatar by mail" in user settings without deleting custom avatar. #7267
- Mistakenly include the "data" directory under the custom directory in the Docker setup. #7343
- Unable to start after data recovery with an outdated migration version. #7125
Removed
β οΈ Migrations before 0.12 are removed, installations not on 0.12 should upgrade to it to run the migrations and then upgrade to 0.13.- Configuration section
[mailer]is no longer used, please use[email]. - Configuration section
[service]is no longer used, please use[auth]. - Configuration option
APP_NAMEis no longer used, please useBRAND_NAME. - Configuration option
[security] REVERSE_PROXY_AUTHENTICATION_USERis no longer used, please use[auth] REVERSE_PROXY_AUTHENTICATION_HEADER. - Configuration option
[auth] ACTIVE_CODE_LIVE_MINUTESis no longer used, please use[auth] ACTIVATE_CODE_LIVES. - Configuration option
[auth] RESET_PASSWD_CODE_LIVE_MINUTESis no longer used, please use[auth] RESET_PASSWORD_CODE_LIVES. - Configuration option
[auth] ENABLE_CAPTCHAis no longer used, please use[auth] ENABLE_REGISTRATION_CAPTCHA. - Configuration option
[auth] ENABLE_NOTIFY_MAILis no longer used, please use[user] ENABLE_EMAIL_NOTIFICATION. - Configuration option
[auth] REGISTER_EMAIL_CONFIRMis no longer used, please use[auth] REQUIRE_EMAIL_CONFIRMATION. - Configuration option
[session] GC_INTERVAL_TIMEis no longer used, please use[session] GC_INTERVAL. - Configuration option
[session] SESSION_LIFE_TIMEis no longer used, please use[session] MAX_LIFE_TIME. - Configuration option
[server] ROOT_URLis no longer used, please use[server] EXTERNAL_URL. - Configuration option
[server] LANDING_PAGEis no longer used, please use[server] LANDING_URL. - Configuration option
[database] DB_TYPEis no longer used, please use[database] TYPE. - Configuration option
[database] PASSWDis no longer used, please use[database] PASSWORD. - Remove option to use Makefile as the build tool. #6980
Assets 11
5 people reacted
You canβt perform that action at this time.