You can download one of our pre-built binaries from our [downloads page](https://dl.gitea.com/gitea/1.15.0/) - make sure to select the correct platform! For further details on how to install, follow our [installation guide](https://docs.gitea.com/installation/install-from-binary).
### :exclamation: Upgrade to the latest version of golang-jwt and increase minimum go to 1.16 ([#16590](https://github.com/go-gitea/gitea/pull/16590)) ([#16606](https://github.com/go-gitea/gitea/pull/16606)) ([#16710](https://github.com/go-gitea/gitea/pull/16710))
### :exclamation: Changed mapping of `:latest` on docker [#16421](https://github.com/go-gitea/gitea/pull/16421)
The docker tag logic has changed to map `:latest` to match the latest tag on the 1.15 branch and `:dev` to represent the latest build on the `main` branch. Users who wish to use the development version of Gitea - with all its latest features
should switch to use the `:dev` tag for docker. We would like to encourage at least some users to
consider using `:dev`.
### :exclamation: More restrictive app.ini permissions [#16266](https://github.com/go-gitea/gitea/pull/16266)
The default file permissions mode for `app.ini` has changed to `-rw-------` when Gitea creates this file.
Webhook payloads have been changed so that the `Secret` field is no longer passed as part of the payload and the history shows the real URL that was sent in the webhook.
We have added asymmetric JWT signing and Gitea will use an asymmetric keypair for JWT signing by default.
* Asymmetric algorithms require a secret asymmetric key pair to be in `JWT_SIGNING_PRIVATE_KEY_FILE` (by default `APP_DATA_PATH/jwt`), a pair will be generated if it is not present. (NB: this was originally in `CUSTOM_PATH` but was changed by [#16227](https://github.com/go-gitea/gitea/pull/16227))
* The original symmetric `JWT_SECRET` will only be used if `JWT_SIGNING_ALGORITHM` is set to `HS256` (previous default), `HS384` or `HS512`.
* As a result of the change of algorithm gitea OAuth2 tokens (and potentially the client secret) will need to be regenerated unless you change your `JWT_SIGNING_ALGORITHM` back to `HS256`.
* Legacy installations of Drone assume a short key length, however as no automated migrations are run by Drone you'll need to do them manually if the column type for `user_oauth_token` and `user_oauth_refresh` are limited to 500 characters.
```sql
-- an example manual migration for Drone database connected to postgresql
alter table users alter column user_oauth_token type bytea using convert_to(user_oauth_token, 'LATIN1');
alter table users alter column user_oauth_refresh type bytea using convert_to(user_oauth_refresh, 'LATIN1');
```
### :exclamation: Clean-up the settings hierarchy for issue_indexer queue [#16001](https://github.com/go-gitea/gitea/pull/16001)
We have changed the priority of settings below:
*`[queue.issue_indexer]``TYPE` now overrides `[indexers]``ISSUE_INDEXER_QUEUE_TYPE`
It is not expected that many people will experience effects from this change.
### :exclamation: Change default queue settings to be low go-routines [#15964](https://github.com/go-gitea/gitea/pull/15964)
We have changed the default configuration for queues to make them low goroutines by default:
* As a result of this PR instead of each queue having their own level db by default, the queues will use a common level db. It is recommended to ensure that queues are empty before upgrading using `gitea manager flush-queues` or on the admin pages.
* Starting workers are now 0 with boost workers at 1. If you have explicitly set BOOST_WORKERS = 0 you will need to explicitly set `WORKERS` to at least 1. Administrators of busy sites should tune their WORKERS, BOOST_WORKERS, & DATADIR parameters as needed.
middleware as one and move it before session middleware to reduce unnecessary memory usage. The
additional support for CORS on assets may cause some breakage for sites using CDN assets.
Administrators should change `[cors]` section in the app.ini to add the domains if enabled.
### :exclamation: Rename `StaticUrlPrefix` to `AssetUrlPrefix` [#15779](https://github.com/go-gitea/gitea/pull/15779)
This PR renames the template variable `StaticUrlPrefix` to `AssetUrlPrefix`. Administrators with Custom templates that use the
`StaticUrlPrefix` will need update these to use `AssetUrlPrefix`.
### :exclamation: Use `markup` class for rendering External markup [#15735](https://github.com/go-gitea/gitea/pull/15735)
This PR essentially changes the `markdown`
css class to `markup`. Administrators with css/less customization targeting the `.markdown` class
should update these to use `.markup`.
### :exclamation: Update Node to v12 [#15315](https://github.com/go-gitea/gitea/pull/15315)
This PR increases the minimum required node version for compiling the frontend to v12.
### :exclamation: Add `/assets` as root dir of public files [#15219](https://github.com/go-gitea/gitea/pull/15219)
This PR moves root directory of public files from `/` to `/assets`.
All pages and resources rendered from `custom/public` will now be rendered at `/assets` instead of `/`. This means that if you have a `impressum.html` - you need to update links to this to `/assets/impressum.html`. Similarly for users of STL renderers and external markup renderers.
Administrators should check custom templates to ensure that these are correct.
If you have previously placed `robots.txt` within `custom/public` you must move it to `custom` instead.
### :exclamation: Inherit log level in sub log section [#15176](https://github.com/go-gitea/gitea/pull/15176)
Sub loggers will inherit their log level from the main log level - previously these would default to `info`. Administrators should check their log configuration.
### :exclamation: Make links in markdown absolute to the repository not the server [#15088](https://github.com/go-gitea/gitea/pull/15088)
This PR changes the rendering of links in
markdown to make them absolute to the current repository in keeping with Github. This may change
rendering of some pages however, the previous behaviour was not compatible with Github so was a bug.
* Move (custom) assets into subpath `/assets` ([#15219](https://github.com/go-gitea/gitea/pull/15219))
* Use level config in log section when sub log section not set level ([#15176](https://github.com/go-gitea/gitea/pull/15176))
* Links in markdown should be absolute to the repository not the server ([#15088](https://github.com/go-gitea/gitea/pull/15088))
* Upgrade to the latest version of golang-jwt ([#16590](https://github.com/go-gitea/gitea/pull/16590)) ([#16606](https://github.com/go-gitea/gitea/pull/16606))
* Set minimum supported version of go to 1.16 ([#16710](https://github.com/go-gitea/gitea/pull/16710))
* SECURITY
* Encrypt LDAP bind password in db with SECRET_KEY ([#15547](https://github.com/go-gitea/gitea/pull/15547))
* Remove random password in Dockerfiles ([#15362](https://github.com/go-gitea/gitea/pull/15362))
* Upgrade to the latest version of golang-jwt and increase minimum go to 1.15 ([#16590](https://github.com/go-gitea/gitea/pull/16590)) ([#16606](https://github.com/go-gitea/gitea/pull/16606))
* Correctly create of git-daemon-export-ok files ([#16508](https://github.com/go-gitea/gitea/pull/16508)) ([#16514](https://github.com/go-gitea/gitea/pull/16514))
* Don't show private user's repo in explore view ([#16550](https://github.com/go-gitea/gitea/pull/16550)) ([#16554](https://github.com/go-gitea/gitea/pull/16554))
* Update node tar dependency to 6.1.6 ([#16622](https://github.com/go-gitea/gitea/pull/16622)) ([#16623](https://github.com/go-gitea/gitea/pull/16623))
* FEATURES
* Update Go-Git to take advantage of LargeObjectThreshold ([#16316](https://github.com/go-gitea/gitea/pull/16316))
* Support custom mime type mapping for text files ([#16304](https://github.com/go-gitea/gitea/pull/16304))
* Link to previous blames in file blame page ([#16259](https://github.com/go-gitea/gitea/pull/16259))
* Add LRU mem cache implementation ([#16226](https://github.com/go-gitea/gitea/pull/16226))
* Set AllowedHeaders on API CORS handler ([#16524](https://github.com/go-gitea/gitea/pull/16524)) ([#16618](https://github.com/go-gitea/gitea/pull/16618))
* ENHANCEMENTS
* Support HTTP/2 in Let's Encrypt ([#16371](https://github.com/go-gitea/gitea/pull/16371))
* Add attachments for PR reviews ([#16075](https://github.com/go-gitea/gitea/pull/16075))
* Make the github migration less rate limit waiting to get comment per page from repository but not per issue ([#16070](https://github.com/go-gitea/gitea/pull/16070))
* Add Visible modes function from Organisation to Users too ([#16069](https://github.com/go-gitea/gitea/pull/16069))
* Add checkbox to delete pull branch after successful merge ([#16049](https://github.com/go-gitea/gitea/pull/16049))
* Make commit info cancelable ([#16032](https://github.com/go-gitea/gitea/pull/16032))
* Make modules/context.Context a context.Context ([#16031](https://github.com/go-gitea/gitea/pull/16031))
* Remove x-ua-compatible meta tag ([#15640](https://github.com/go-gitea/gitea/pull/15640))
* Refactor of link creation ([#15619](https://github.com/go-gitea/gitea/pull/15619))
* Add a new table issue_index to store the max issue index so that issue could be deleted with no duplicated index ([#15599](https://github.com/go-gitea/gitea/pull/15599))
* Rewrite of the LFS server ([#15523](https://github.com/go-gitea/gitea/pull/15523))
* Display more repository type on admin repository management ([#15440](https://github.com/go-gitea/gitea/pull/15440))
* Remove usage of some JS globals ([#15378](https://github.com/go-gitea/gitea/pull/15378))
* SHA in merged commit comment should be rendered ui sha ([#15376](https://github.com/go-gitea/gitea/pull/15376))
* Add well-known config for OIDC ([#15355](https://github.com/go-gitea/gitea/pull/15355))
* Use route rather than use thus reducing the number of stack frames ([#15301](https://github.com/go-gitea/gitea/pull/15301))
* Remove vendored copy of fomantic-dropdown ([#15193](https://github.com/go-gitea/gitea/pull/15193))
* Update repository size on cron gc task ([#15177](https://github.com/go-gitea/gitea/pull/15177))
* Add NeedPostProcess for Parser interface to improve performance of csv parser and some external parser ([#15153](https://github.com/go-gitea/gitea/pull/15153))
* Add code block highlight to orgmode back ([#14222](https://github.com/go-gitea/gitea/pull/14222))
* Restore Accessibility for Dropdown ([#16576](https://github.com/go-gitea/gitea/pull/16576)) ([#16617](https://github.com/go-gitea/gitea/pull/16617))
* Pass down SignedUserName down to AccessLogger context ([#16605](https://github.com/go-gitea/gitea/pull/16605)) ([#16616](https://github.com/go-gitea/gitea/pull/16616))
* Fix table alignment in markdown ([#16596](https://github.com/go-gitea/gitea/pull/16596)) ([#16602](https://github.com/go-gitea/gitea/pull/16602))
* Fix 500 on first wiki page ([#16586](https://github.com/go-gitea/gitea/pull/16586)) ([#16598](https://github.com/go-gitea/gitea/pull/16598))
* Lock goth/gothic and Re-attempt OAuth2 registration on login if registration failed at startup ([#16564](https://github.com/go-gitea/gitea/pull/16564)) ([#16570](https://github.com/go-gitea/gitea/pull/16570))
* Upgrade levelqueue to v0.4.0 ([#16560](https://github.com/go-gitea/gitea/pull/16560)) ([#16561](https://github.com/go-gitea/gitea/pull/16561))
* Handle too long PR titles correctly ([#16517](https://github.com/go-gitea/gitea/pull/16517)) ([#16549](https://github.com/go-gitea/gitea/pull/16549))
* Fix data race in bleve indexer ([#16474](https://github.com/go-gitea/gitea/pull/16474)) ([#16509](https://github.com/go-gitea/gitea/pull/16509))
* Restore CORS on git smart http protocol ([#16496](https://github.com/go-gitea/gitea/pull/16496)) ([#16506](https://github.com/go-gitea/gitea/pull/16506))
* Fix race in log ([#16490](https://github.com/go-gitea/gitea/pull/16490)) ([#16505](https://github.com/go-gitea/gitea/pull/16505))
* Fix prepareWikiFileName to respect existing unescaped files ([#16487](https://github.com/go-gitea/gitea/pull/16487)) ([#16498](https://github.com/go-gitea/gitea/pull/16498))
* Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end ([#16479](https://github.com/go-gitea/gitea/pull/16479)) ([#16480](https://github.com/go-gitea/gitea/pull/16480))
* Update notification table with only latest data ([#16445](https://github.com/go-gitea/gitea/pull/16445)) ([#16469](https://github.com/go-gitea/gitea/pull/16469))
* Fix crash following ldap authentication update ([#16447](https://github.com/go-gitea/gitea/pull/16447)) ([#16448](https://github.com/go-gitea/gitea/pull/16448))
* Fix direct creation of external users on admin page (partial [#16612](https://github.com/go-gitea/gitea/pull/16612)) ([#16613](https://github.com/go-gitea/gitea/pull/16613))
* Prevent 500 on draft releases without tag ([#16634](https://github.com/go-gitea/gitea/pull/16634)) ([#16636](https://github.com/go-gitea/gitea/pull/16636))
* Restore creation of git-daemon-export-ok files ([#16508](https://github.com/go-gitea/gitea/pull/16508)) ([#16514](https://github.com/go-gitea/gitea/pull/16514))
* Fix data race in bleve indexer ([#16474](https://github.com/go-gitea/gitea/pull/16474)) ([#16509](https://github.com/go-gitea/gitea/pull/16509))
* Restore CORS on git smart http protocol ([#16496](https://github.com/go-gitea/gitea/pull/16496)) ([#16506](https://github.com/go-gitea/gitea/pull/16506))
* Fix race in log ([#16490](https://github.com/go-gitea/gitea/pull/16490)) ([#16505](https://github.com/go-gitea/gitea/pull/16505))
* Fix prepareWikiFileName to respect existing unescaped files ([#16487](https://github.com/go-gitea/gitea/pull/16487)) ([#16498](https://github.com/go-gitea/gitea/pull/16498))
* Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end ([#16479](https://github.com/go-gitea/gitea/pull/16479)) ([#16480](https://github.com/go-gitea/gitea/pull/16480))
* Update notification table with only latest data ([#16445](https://github.com/go-gitea/gitea/pull/16445)) ([#16469](https://github.com/go-gitea/gitea/pull/16469))
* Fix crash following ldap authentication update ([#16447](https://github.com/go-gitea/gitea/pull/16447)) ([#16448](https://github.com/go-gitea/gitea/pull/16448))
* Restore compatibility with SQLServer 2008 R2 in migrations ([#16638](https://github.com/go-gitea/gitea/pull/16638))
* Fix direct creation of external users on admin page ([#16613](https://github.com/go-gitea/gitea/pull/16613))
* Fix go-git implementation of GetNote when passed a non-existent commit ([#16658](https://github.com/go-gitea/gitea/pull/16658)) ([#16659](https://github.com/go-gitea/gitea/pull/16659))
* Fix NPE in fuzzer ([#16680](https://github.com/go-gitea/gitea/pull/16680)) ([#16682](https://github.com/go-gitea/gitea/pull/16682))
* Set issue_index when finishing migration ([#16685](https://github.com/go-gitea/gitea/pull/16685)) ([#16687](https://github.com/go-gitea/gitea/pull/16687))
* Skip patch download when no patch file exists ([#16356](https://github.com/go-gitea/gitea/pull/16356)) ([#16681](https://github.com/go-gitea/gitea/pull/16681))
* Ensure empty lines are copiable and final new line too ([#16678](https://github.com/go-gitea/gitea/pull/16678)) ([#16692](https://github.com/go-gitea/gitea/pull/16692))
* Fix wrong user in OpenID response ([#16736](https://github.com/go-gitea/gitea/pull/16736)) ([#16741](https://github.com/go-gitea/gitea/pull/16741))
* Do not use thin scrollbars on Firefox ([#16738](https://github.com/go-gitea/gitea/pull/16738)) ([#16745](https://github.com/go-gitea/gitea/pull/16745))
* Recreate Tables should Recreate indexes on MySQL ([#16718](https://github.com/go-gitea/gitea/pull/16718)) ([#16739](https://github.com/go-gitea/gitea/pull/16739))
* Keep attachments on tasklist update ([#16750](https://github.com/go-gitea/gitea/pull/16750)) ([#16757](https://github.com/go-gitea/gitea/pull/16757))
* TESTING
* Bump `postgres` and `mysql` versions ([#15710](https://github.com/go-gitea/gitea/pull/15710))
* Add tests for clone from wiki ([#15513](https://github.com/go-gitea/gitea/pull/15513))
* Fix Benchmark tests, remove a broken one & add two new ([#15250](https://github.com/go-gitea/gitea/pull/15250))
* Comment out app.example.ini ([#15807](https://github.com/go-gitea/gitea/pull/15807))
* Improve logo customization docs ([#15754](https://github.com/go-gitea/gitea/pull/15754))
* Add some response status on api docs ([#15399](https://github.com/go-gitea/gitea/pull/15399))
* Rework Token API comments ([#15162](https://github.com/go-gitea/gitea/pull/15162))
* Add better errors for disabled account recovery ([#15117](https://github.com/go-gitea/gitea/pull/15117))
* MISC
* Remove utf8 option from installation page ([#16126](https://github.com/go-gitea/gitea/pull/16126))
* Use Wants= over Requires= in systemd file ([#15897](https://github.com/go-gitea/gitea/pull/15897))
### … or reporting bugs
If you lack the time or knowledge to do any of the above, just using Gitea and sharing the word is enough to make us happy! One thing you can always do is to report any bugs you find on the [Gitea issue tracker](https://github.com/go-gitea/gitea/issues).
Before opening an issue, read the [contribution guidelines about reporting bugs](https://github.com/go-gitea/gitea/blob/master/CONTRIBUTING.md#bug-reports). After opening an issue, try to stick around a while to answer any questions we might have. Replies greatly help us find the root cause of an issue.
## Thanks
This release would not have been possible without the pull requests from the following people: