Forgejo v16.0 has been launched with security, workflow, and collaboration improvements for the self hosted code platform. Git mirrors now have stronger protection against server side request forgery, with fixes for cases where domain and network restrictions could be bypassed. Redirects are also disabled for Git operations over HTTP and HTTPS, meaning mirrors of renamed or transferred repositories must be updated manually. Users can now manage notifications separately for issues, pull requests, and releases, while administrators can track repository migration progress in batches. Git also checks incoming objects for inconsistencies before they can affect repository state. In Docker and Podman deployments using reverse proxy authentication, trusted proxy addresses must now be configured explicitly. Pull request reviews now support comments across multiple changed lines, with improved placement through reverse Git blame tracking. Repository administrators can also delete completed workf...
Related
xAI has open-sourced Grok Build after backlash over secretly uploading users’ repositories
xAI has released the full source code of Grok Build, its AI coding agent, after Cereblab researchers found that the tool was uploading users’ entire Git repositories to company con...
Hack revealed AI music platform Suno scraped millions of songs from YouTube, Deezer & more
Apparently, the popular AI music platform Suno was hacked in November 2025 through a supply chain attack that exposed an employee’s credentials, according to a report from 404 Medi...
Forgejo 16.0 adds SSRF protection, granular notifications, and refined review tools
Forgejo v16.0 has been launched with security, workflow, and collaboration improvements for the self hosted code platform. Git mirrors now have stronger protection against server s...