0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-22 07:13:02 -05:00

[DOCS] RELEASE-NOTES.md (squash) 1.20.5-0 is a security release

This commit is contained in:
Loïc Dachary 2023-10-05 09:53:42 +02:00
parent ce5541c78b
commit 5dd66c06e3
No known key found for this signature in database
GPG key ID: 992D23B392F9E4F2

View file

@ -36,16 +36,20 @@ $ git clone https://codeberg.org/forgejo/forgejo/
$ git -C forgejo log --oneline --no-merges v1.20.4-1..v1.20.5-0 $ git -C forgejo log --oneline --no-merges v1.20.4-1..v1.20.5-0
``` ```
This stable release includes bug fixes. This stable release contains **important security fixes**, as explained in the [v1.20.5-0 companion blog post](https://forgejo.org/2023-10-release-v1205-0/).
* Recommended Action * Recommended Action
We recommend that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.20/admin/upgrade/) to the latest version. We **strongly recommend** that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.20/admin/upgrade/) to the latest version as soon as possible.
* [Forgejo Semantic Version](https://forgejo.org/docs/v1.20/user/semver/) * [Forgejo Semantic Version](https://forgejo.org/docs/v1.20/user/semver/)
The semantic version was updated to `5.0.5+0-gitea-1.20.5` The semantic version was updated to `5.0.5+0-gitea-1.20.5`
* Security fix
* When a user logs into Forgejo, they can click the **Remember This Device** checkbox and their browser will store a **Long-term authentication** token provided by the server, in a cookie that will allow them to stay logged in for an extended period of time. The implementation was inherently insecure and was [reworked](https://codeberg.org/forgejo/forgejo/commit/51988ef52bc93b63184d28395d10bf3b76914ad0). Read more about this issue in the [v1.20.5-0 blog post](https://forgejo.org/2023-10-release-v1205-0/).
* Bug fixes * Bug fixes
The most prominent ones are described here, others can be found in the list of commits included in the release as described above. The most prominent ones are described here, others can be found in the list of commits included in the release as described above.