Forgejo 16.0 adds SSRF protection, granular notifications, and refined review tools

Forgejo v16.0 has been launched with security, workflow, and collaboration improvements for the self hosted code platform. Git mirrors now have stronger protection against server side request forgery, with fixes for cases where domain and network restrictions could be bypassed. Redirects are also disabled for Git operations over HTTP and HTTPS, meaning mirrors of renamed or transferred repositories must be updated manually. Users can now manage notifications separately for issues, pull requests, and releases, while administrators can track repository migration progress in batches. Git also checks incoming objects for inconsistencies before they can affect repository state. In Docker and Podman deployments using reverse proxy authentication, trusted proxy addresses must now be configured explicitly. Pull request reviews now support comments across multiple changed lines, with improved placement through reverse Git blame tracking. Repository administrators can also delete completed workf...

Read Original

Related