Merge pull request '[DOCS] RELEASE-NOTES.md (squash) v1.21.5-0 (squash) go-git' (#2271) from earl-warren/forgejo:wip-release-notes-1.21 into forgejo-development

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2271
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
This commit is contained in:
Earl Warren 2024-01-31 17:00:32 +00:00
commit d405e13322

View file

@ -13,7 +13,7 @@ $ git clone https://codeberg.org/forgejo/forgejo/
$ git -C forgejo log --oneline --no-merges v1.21.4-0..v1.21.5-0
```
This stable release includes security and bug fixes as well as documentation improvements.
This stable release includes bug fixes as well as documentation improvements.
* Recommended Action
@ -27,6 +27,7 @@ This stable release includes security and bug fixes as well as documentation imp
The most prominent ones are described here, others can be found in the list of commits included in the release as described above.
* [Upgrade go-git to v5.11.0](https://codeberg.org/forgejo/forgejo/commit/faafccbcc7942b39cbc43f8014a435de4cc30f62). Although go-git is not used by Forgejo in a way that meets the requirements for the [CVE-2023-49568](https://github.com/advisories/GHSA-mw99-9chc-xw7r) and [DoS](https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r) vulnerabilities to be possible, it is upgraded to v5.11.0 which mitigates the issue, as a precaution.
* [Fix markdown relative links rendering](https://codeberg.org/forgejo/forgejo/commit/f8c9ff55b98adfbfbcc24efd178c114006f28336)
* [Fix NPE in `UsernameSubRoute`](https://codeberg.org/forgejo/forgejo/commit/3c7a955f05ec4c29f3c4f7412c45129b74c33e5c)
* [Fix duplication when blocking multiple users](https://codeberg.org/forgejo/forgejo/commit/3d3790ef4c6cdbcbe0cf7ec80627596f44701977)