Gitea 1.20.1 is now released including [21](https://github.com/go-gitea/gitea/pulls?q=is%3Apr+milestone%3A1.20.1+is%3Aclosed) merged PRs.
We urge you to update **as soon as possible**.
1.20.0 has a critical security bug related to one of the new changes:
> ### :warning: Any URL scheme may be used for links ([#24805](https://github.com/go-gitea/gitea/pull/24805))
It was even possible to use the `javascript:`, `vbscript:` and `data:` URL schemes, which can directly execute code on your computer.
This should not be possible as it means clicking on a link by a user you don't trust can compromise your entire system (although the latter two schemes are only a risk in older browsers).
<!-- Security Thanks! -->
Thanks to Holger Just for discovering and disclosing the issue to us!
You can download Gitea 1.20.1 for example from our [downloads page](https://dl.gitea.com/gitea/1.20.1/). Please read our [installation guide](https://docs.gitea.com/1.20/installation/install-from-binary) for more information on installation.