Mathieu Fenniak 4b83448b7d 2026-06-10 security patches (#13001) ... - fix: prevent stored XSS in user display name on Actions page - fix: LFS locks must belong to the intended repo, port from Gitea - fix: prevent unauthorized access to draft releases via API - fix: prevent writes to OpenID visibility which may affect other users - fix: prevent viewing private PRs that are linked to public issues on public projects Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13001 Reviewed-by: 0ko <0ko@noreply.codeberg.org> Reviewed-by: Beowulf <beowulf@beocode.eu>		2026-06-10 06:05:01 +02:00
..
activitypub	fix(activitypub): only return public activities on request (#12382)	2026-05-09 05:02:57 +02:00
admin	feat(api): add admin routes to manage user access tokens (#12323)	2026-05-11 16:55:22 +02:00
misc	feat: add /api/v1/actions/run endpoint (#12727)	2026-05-26 16:03:21 +02:00
notify	feat: remove admin-level permissions from repo-specific & public-only access tokens (#11468)	2026-03-04 16:17:41 +01:00
org	fix: continued API response processing after error in /repos/search API (#12143)	2026-04-16 17:59:37 +02:00
packages	fix(api): package name in route not properly unescaped (#11822)	2026-03-26 15:30:16 +01:00
repo	2026-06-10 security patches (#13001)	2026-06-10 06:05:01 +02:00
settings	chore: branding import path (#7337)	2025-03-27 19:40:14 +00:00
shared	feat: add /actions/runs/{id}/jobs (#11915)	2026-04-06 03:43:41 +02:00
swagger	feat(api): add REST API endpoints for Actions artifacts (#12140)	2026-04-20 05:10:54 +02:00
user	feat(api): add admin routes to manage user access tokens (#12323)	2026-05-11 16:55:22 +02:00
utils	feat: expose access token creation date in API responses (#12620)	2026-05-20 18:45:38 +02:00
api.go	feat(api): add new /repos/{owner}/{repo}/actions/runs/{run_id}/cancel API endpoint (#12957)	2026-06-09 04:00:56 +02:00