We are proud to present the release of Gitea version 1.18.0.
We highly encourage users to update to this version for some important bug-fixes, but make sure to check out the breaking changes.
We have merged [535](https://github.com/go-gitea/gitea/pulls?q=is%3Apr+milestone%3A1.18.0+is%3Amerged) pull requests to release this version.
<!-- Security Thanks! -->
We would like to thank [@pboguslawski](https://github.com/pboguslawski) for reporting the reverse proxy authentication issue, and [@zeripath](https://gitea.com/zeripath) for the subsequent fix.
We would also like to thank [@appleboy](https://gitea.com/appleboy) and [@silverwind](https://gitea.com/silverwind) for the other security fixes in this release.
You can download one of our pre-built binaries from our [downloads page](https://dl.gitea.com/gitea/1.18.0/) - make sure to select the correct platform! For further details on how to install, follow our [installation guide](https://docs.gitea.com/installation/install-from-binary).
* If you specify credentials for sending emails but the server doesn't support using them, Gitea will fail to start instead of sending mails unauthenticated.
* Use unique `mailer.PROTOCOL` for different mailers (SMTP family, sendmail, dummy), instead of `MAILER_TYPE`+`PROTOCOL`.
* The combined `mailer.HOST` option has been deprecated in favor of the new `mailer.SMTP_ADDR` and `mailer.SMTP_PORT` options.
* The `mailer.IS_TLS_ENABLED` option has been deprecated in favor of using the new `mailer.PROTOCOL` option, which accepts `smtp`, `smtps`, `smtp+startls`, or `smtp+unix` explicitly. If you don't know what protocol your provider uses but provide a port, you can leave it blank and it will be inferred by the given port. See the non-breaking changes section for more details on the new `smtp+unix` protocol.
* The `mailer.DISABLE_HELO` (default false) option has been replaced with `mailer.ENABLE_HELO` (default true). It still does the same thing, but the option was negated to be less confusing.
* The `mailer.SKIP_VERIFY` option has been replaced with `mailer.FORCE_TRUST_SERVER_CERT` to sound scarier, and to clarify what it does.
* The `mailer.USE_CERTIFICATE`, `mailer.CERT_FILE`, and `mailer.KEY_FILE` have been deprecated and renamed to `mailer.USE_CLIENT_CERT`, `mailer.CLIENT_CERT_FILE`, and `mailer.CLIENT_KEY_FILE`.
### :exclamation: Some configuration moved from config file to database ([#18058](https://github.com/go-gitea/gitea/pull/18058))
Two configurations, `picture.DISABLE_GRAVATAR` and `picture.ENABLE_FEDERATED_AVATAR`, have been copied to database config setting table so that admins can change them in the admin panel without restarting the gitea service.
The existing config settings in `app.ini` will be migrated to the database on first run after upgrading, then the database settings will take precedence.
### :rocket: Add color previews in markdown ([#21474](https://github.com/go-gitea/gitea/pull/21474))
It is now possible to see what a given color will look like in markdown, given you wrap the color inside `` ` ` ``:
![color preview screenshot 1](/demos/21474/1.png)
### :rocket: Package registry: Support for more registries ([#21393](https://github.com/go-gitea/gitea/pull/21393),[#20930](https://github.com/go-gitea/gitea/pull/20930),[#20688](https://github.com/go-gitea/gitea/pull/20688),[#20560](https://github.com/go-gitea/gitea/pull/20560))
With Gitea 1.18, the following new registries/functionalities are supported:
- Chocolatey/NuGet v2 API (.NET)
- Vagrant packages (language agnostic)
- npm unpublish (JS/TS)
- Pub packages (Dart)
This means that at the moment, the following languages/types can be stored as a package:
- Composer (PHP)
- Conan (C++)
- Container Images
- Generic (raw binaries)
- Helm Charts
- Maven (Java)
- npm (JavaScript)
- NuGet (.NET, C#/VB)
- Pub (Dart)
- PyPI (Python)
- RubyGems (Ruby)
- Vagrant Boxes
### :rocket: Add API endpoint to get changed files of a PR ([#21177](https://github.com/go-gitea/gitea/pull/21177))
The Gitea API now allows you to get a list of files that were changed in a given PR.
### :rocket: File tree on PRs ([#21012](https://github.com/go-gitea/gitea/pull/21012))
It is now easier than ever before to navigate inside the changes of a Pull Request:
![file tree screenshot 1](/demos/21012/1.png)
As you can see in the screenshot on the left, this tree represents the file structure of the changes, and can be used to navigate quickly to wherever you want to look.
Tip: The tree is sorted alphabetically, so if you know what you want to find, you'll be quickly able to.
### :rocket: Issue forms and PR forms ([#20987](https://github.com/go-gitea/gitea/pull/20987))
Gitea now supports issue and PR forms as an alternative to free-form markdown.
![issue forms screenshot 1](/demos/20987/1.png)
As you can see above, you can require with these forms that certain standards are being met, while being more user-friendly and intuitive at the same time.
### :rocket: LaTeX math rendering for Markdown ([#20571](https://github.com/go-gitea/gitea/pull/20571))
Gitea can now render mathematical formulas using latex syntax inside `$…$`, `$$…$$`, `\[…\]`, and `\(…\)` in markdown content.
* Remove ReverseProxy authentication from the API ([#22219](https://github.com/go-gitea/gitea/pull/22219)) ([#22251](https://github.com/go-gitea/gitea/pull/22251))
* Support Go Vulnerability Management ([#21139](https://github.com/go-gitea/gitea/pull/21139))
* Forbid HTML string tooltips ([#20935](https://github.com/go-gitea/gitea/pull/20935))
* Only show relevant repositories on explore page ([#19361](https://github.com/go-gitea/gitea/pull/19361))
* User keypairs and HTTP signatures for ActivityPub federation using go-ap ([#19133](https://github.com/go-gitea/gitea/pull/19133))
* Add sitemap support ([#18407](https://github.com/go-gitea/gitea/pull/18407))
* Allow creation of OAuth2 applications for orgs ([#18084](https://github.com/go-gitea/gitea/pull/18084))
* Add system setting table with cache and also add cache supports for user setting ([#18058](https://github.com/go-gitea/gitea/pull/18058))
* Add pages to view watched repos and subscribed issues/PRs ([#17156](https://github.com/go-gitea/gitea/pull/17156))
* Support Proxy protocol ([#12527](https://github.com/go-gitea/gitea/pull/12527))
* Implement sync push mirror on commit ([#19411](https://github.com/go-gitea/gitea/pull/19411))
* API
* Allow empty assignees on pull request edit ([#22150](https://github.com/go-gitea/gitea/pull/22150)) ([#22214](https://github.com/go-gitea/gitea/pull/22214))
* Make external issue tracker regexp configurable via API ([#21338](https://github.com/go-gitea/gitea/pull/21338))
* Add name field for org api ([#21270](https://github.com/go-gitea/gitea/pull/21270))
* Show teams with no members if user is admin ([#21204](https://github.com/go-gitea/gitea/pull/21204))
* Add latest commit's SHA to content response ([#20398](https://github.com/go-gitea/gitea/pull/20398))
* Add allow_rebase_update, default_delete_branch_after_merge to repository api response ([#20079](https://github.com/go-gitea/gitea/pull/20079))
* Add new endpoints for push mirrors management ([#19841](https://github.com/go-gitea/gitea/pull/19841))
* ENHANCEMENTS
* Add setting to disable the git apply step in test patch ([#22130](https://github.com/go-gitea/gitea/pull/22130)) ([#22170](https://github.com/go-gitea/gitea/pull/22170))
* Multiple improvements for comment edit diff ([#21990](https://github.com/go-gitea/gitea/pull/21990)) ([#22007](https://github.com/go-gitea/gitea/pull/22007))
* Fix button in branch list, avoid unexpected page jump before restore branch actually done ([#21562](https://github.com/go-gitea/gitea/pull/21562)) ([#21928](https://github.com/go-gitea/gitea/pull/21928))
* Fix flex layout for repo list icons ([#21896](https://github.com/go-gitea/gitea/pull/21896)) ([#21920](https://github.com/go-gitea/gitea/pull/21920))
* Fix vertical align of committer avatar rendered by email address ([#21884](https://github.com/go-gitea/gitea/pull/21884)) ([#21918](https://github.com/go-gitea/gitea/pull/21918))
* Fix setting HTTP headers after write ([#21833](https://github.com/go-gitea/gitea/pull/21833)) ([#21877](https://github.com/go-gitea/gitea/pull/21877))
* Color and Style enhancements (#21784, [#21799](https://github.com/go-gitea/gitea/pull/21799)) ([#21868](https://github.com/go-gitea/gitea/pull/21868))
* Ignore line anchor links with leading zeroes ([#21728](https://github.com/go-gitea/gitea/pull/21728)) ([#21776](https://github.com/go-gitea/gitea/pull/21776))
* Use CSS color-scheme instead of invert ([#21616](https://github.com/go-gitea/gitea/pull/21616)) ([#21623](https://github.com/go-gitea/gitea/pull/21623))
* Respect user's locale when rendering the date range in the repo activity page ([#21410](https://github.com/go-gitea/gitea/pull/21410))
* Refactor git command arguments and make all arguments to be safe to be used ([#21535](https://github.com/go-gitea/gitea/pull/21535))
* CSS color enhancements ([#21534](https://github.com/go-gitea/gitea/pull/21534))
* Add link to user profile in markdown mention only if user exists (#21533, [#21554](https://github.com/go-gitea/gitea/pull/21554))
* Add option to skip index dirs ([#21501](https://github.com/go-gitea/gitea/pull/21501))
* Diff file tree tweaks ([#21446](https://github.com/go-gitea/gitea/pull/21446))
* Localize all timestamps ([#21440](https://github.com/go-gitea/gitea/pull/21440))
* Add `code` highlighting in issue titles ([#21432](https://github.com/go-gitea/gitea/pull/21432))
* Use Name instead of DisplayName in LFS Lock ([#21415](https://github.com/go-gitea/gitea/pull/21415))
* Consolidate more CSS colors into variables ([#21402](https://github.com/go-gitea/gitea/pull/21402))
* Redirect to new repository owner ([#21398](https://github.com/go-gitea/gitea/pull/21398))
* Use ISO date format instead of hard-coded English date format for date range in repo activity page ([#21396](https://github.com/go-gitea/gitea/pull/21396))
* Use weighted algorithm for string matching when finding files in repo ([#21370](https://github.com/go-gitea/gitea/pull/21370))
* Show private data in feeds ([#21369](https://github.com/go-gitea/gitea/pull/21369))
* Refactor parseTreeEntries, speed up tree list ([#21368](https://github.com/go-gitea/gitea/pull/21368))
* Add GET and DELETE endpoints for Docker blob uploads ([#21367](https://github.com/go-gitea/gitea/pull/21367))
* Add nicer error handling on template compile errors ([#21350](https://github.com/go-gitea/gitea/pull/21350))
* Add `stat` to `ToCommit` function for speed ([#21337](https://github.com/go-gitea/gitea/pull/21337))
* Support instance-wide OAuth2 applications ([#21335](https://github.com/go-gitea/gitea/pull/21335))
* Record OAuth client type at registration ([#21316](https://github.com/go-gitea/gitea/pull/21316))
* Add new CSS variables --color-accent and --color-small-accent ([#21305](https://github.com/go-gitea/gitea/pull/21305))
* Improve error descriptions for unauthorized_client ([#21292](https://github.com/go-gitea/gitea/pull/21292))
* Case-insensitive "find files in repo" ([#21269](https://github.com/go-gitea/gitea/pull/21269))
* Consolidate more CSS rules, fix inline code on arc-green ([#21260](https://github.com/go-gitea/gitea/pull/21260))
* Log real ip of requests from ssh ([#21216](https://github.com/go-gitea/gitea/pull/21216))
* Save files in local storage as group readable ([#21198](https://github.com/go-gitea/gitea/pull/21198))
* Enable fluid page layout on medium size viewports ([#21178](https://github.com/go-gitea/gitea/pull/21178))
* Make rss/atom identifier globally unique ([#21550](https://github.com/go-gitea/gitea/pull/21550))
* BUGFIXES
* Auth interface return error when verify failure ([#22119](https://github.com/go-gitea/gitea/pull/22119)) ([#22259](https://github.com/go-gitea/gitea/pull/22259))
* Use complete SHA to create and query commit status ([#22244](https://github.com/go-gitea/gitea/pull/22244)) ([#22257](https://github.com/go-gitea/gitea/pull/22257))
* Update bleve and zapx to fix unaligned atomic ([#22031](https://github.com/go-gitea/gitea/pull/22031)) ([#22218](https://github.com/go-gitea/gitea/pull/22218))
* Prevent panic in doctor command when running default checks ([#21791](https://github.com/go-gitea/gitea/pull/21791)) ([#21807](https://github.com/go-gitea/gitea/pull/21807))
* Load GitRepo in API before deleting issue ([#21720](https://github.com/go-gitea/gitea/pull/21720)) ([#21796](https://github.com/go-gitea/gitea/pull/21796))
* Ignore line anchor links with leading zeroes ([#21728](https://github.com/go-gitea/gitea/pull/21728)) ([#21776](https://github.com/go-gitea/gitea/pull/21776))
* Set last login when activating account ([#21731](https://github.com/go-gitea/gitea/pull/21731)) ([#21755](https://github.com/go-gitea/gitea/pull/21755))
* Fix UI language switching bug ([#21597](https://github.com/go-gitea/gitea/pull/21597)) ([#21749](https://github.com/go-gitea/gitea/pull/21749))
* Allow local package identifiers for PyPI packages ([#21690](https://github.com/go-gitea/gitea/pull/21690)) ([#21727](https://github.com/go-gitea/gitea/pull/21727))
* Deal with markdown template without metadata ([#21639](https://github.com/go-gitea/gitea/pull/21639)) ([#21654](https://github.com/go-gitea/gitea/pull/21654))
* Fix opaque background on mermaid diagrams ([#21642](https://github.com/go-gitea/gitea/pull/21642)) ([#21652](https://github.com/go-gitea/gitea/pull/21652))
* Fix repository adoption on Windows ([#21646](https://github.com/go-gitea/gitea/pull/21646)) ([#21650](https://github.com/go-gitea/gitea/pull/21650))