diff --git a/release-notes-published/7.0.13.md b/release-notes-published/7.0.13.md new file mode 100644 index 0000000000..4f9708503f --- /dev/null +++ b/release-notes-published/7.0.13.md @@ -0,0 +1,19 @@ +See also the [dedicated blog post](https://forgejo.org/2025-02-release-v1001/). + + + +## Release notes + +- Security bug fixes + - [PR](https://codeberg.org/forgejo/forgejo/pulls/6845): Verify the ID of Forgejo Actions web endpoints belongs to the repository to prevent the deletion of runners or variables or the modification of variables. [Read more in the dedicated blog post](https://forgejo.org/2025-02-release-v1001/). + - [PR](https://codeberg.org/forgejo/forgejo/pulls/6846): Enforce permissions on publicly available user or organizations projects to not leak information from issues and pull requests that belong to private repositories. [Read more in the dedicated blog post](https://forgejo.org/2025-02-release-v1001/). +- Bug fixes + - [PR](https://codeberg.org/forgejo/forgejo/pulls/6674) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6679)): fix: load settings for valid user and email check +- Included for completeness but not worth a release note + - [PR](https://codeberg.org/forgejo/forgejo/pulls/6693): Update dependency katex to v0.16.21 [SECURITY] (v7.0/forgejo) + - [PR](https://codeberg.org/forgejo/forgejo/pulls/6655) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6669)): chore(security): update security.txt with new expiration date + - [PR](https://codeberg.org/forgejo/forgejo/pulls/6501): chore: remove illegal git usage + - [PR](https://codeberg.org/forgejo/forgejo/pulls/6483): Update module github.com/go-git/go-git/v5 to v5.13.1 (v7.0/forgejo) + - [PR](https://codeberg.org/forgejo/forgejo/pulls/6324) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6325)): chore(release): link to the standalone release notes file + - [PR](https://codeberg.org/forgejo/forgejo/pulls/6317): Update module golang.org/x/net to v0.33.0 (v7.0/forgejo) +