From 8dbd2da593a18a8c2109c9712d20e2fd2e0053d0 Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Thu, 5 Dec 2024 17:33:52 +0100
Subject: [PATCH] chore(release-notes): keep release notes in
 release-notes-published

As of Forgejo 8.0.1 the release notes were only available in the
description of the corresponding milestone which is problematic for:

- searching
- safekeeping

The release-notes-published directory is created to remedy those problems:

- a copy of all those release notes from the milestones descriptions
  is added.
- a reference is added to the RELEASE-NOTES.md file which will no
  longer be used.
- a symbolic link to the RELEASE-NOTES.md is added for completeness.
- the release process will be updated to populate release-notes-published.

The RELEASE-NOTES.md file is kept where it is because it is referenced
by a number of URLs.

The release-notes directory would have been a better name but it is
already used for in flight release notes waiting for the next
release. Renaming this directory or changing it is rather involved.
---
 RELEASE-NOTES.md                              |  24 ++--
 release-notes-published/7.0.10.md             |  13 ++
 release-notes-published/7.0.11.md             |  14 +++
 release-notes-published/7.0.7.md              |  13 ++
 release-notes-published/7.0.8.md              |  18 +++
 release-notes-published/7.0.9.md              |   9 ++
 release-notes-published/8.0.1.md              |  20 +++
 release-notes-published/8.0.2.md              |  24 ++++
 release-notes-published/8.0.3.md              |  10 ++
 release-notes-published/9.0.0.md              | 114 ++++++++++++++++++
 release-notes-published/9.0.1.md              |  33 +++++
 release-notes-published/9.0.2.md              |  26 ++++
 .../up-to-and-including-8.0.0.md              |   1 +
 13 files changed, 307 insertions(+), 12 deletions(-)
 create mode 100644 release-notes-published/7.0.10.md
 create mode 100644 release-notes-published/7.0.11.md
 create mode 100644 release-notes-published/7.0.7.md
 create mode 100644 release-notes-published/7.0.8.md
 create mode 100644 release-notes-published/7.0.9.md
 create mode 100644 release-notes-published/8.0.1.md
 create mode 100644 release-notes-published/8.0.2.md
 create mode 100644 release-notes-published/8.0.3.md
 create mode 100644 release-notes-published/9.0.0.md
 create mode 100644 release-notes-published/9.0.1.md
 create mode 100644 release-notes-published/9.0.2.md
 create mode 120000 release-notes-published/up-to-and-including-8.0.0.md

diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
index c5f3831cf9..a2749563d2 100644
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@@ -4,31 +4,31 @@ A minor or major Forgejo release is published every [three months](https://forge
 
 A [patch or minor release](https://semver.org/spec/v2.0.0.html) (e.g. upgrading from v7.0.0 to v7.0.1 or v7.1.0) does not require manual intervention. But [major releases](https://semver.org/spec/v2.0.0.html#spec-item-8) where the first version number changes (e.g. upgrading from v1.21 to v7.0) contain breaking changes and the release notes explain how to deal with them.
 
-The release notes of each release [are available in the corresponding milestone](https://codeberg.org/forgejo/forgejo/milestones), starting with [Forgejo 7.0.7](https://codeberg.org/forgejo/forgejo/milestone/7683) and [Forgejo 8.0.1](https://codeberg.org/forgejo/forgejo/milestone/7682).
+The release notes of each release [are available in the release-notes-published directory of this repository](release-notes-published), starting with [Forgejo 7.0.7](release-notes-published/7.0.7.md) and [Forgejo 8.0.1](release-notes-published/8.0.1.md).
 
 ## 9.0.2
 
-The Forgejo v9.0.2 release notes are [available in the v9.0.2 milestone](https://codeberg.org/forgejo/forgejo/milestone/8610).
+See the [Forgejo 9.0.2 release notes](release-notes-published/9.0.2.md).
 
 ## 9.0.1
 
-The Forgejo v9.0.1 release notes are [available in the v9.0.1 milestone](https://codeberg.org/forgejo/forgejo/milestone/8544).
+See the [Forgejo 9.0.1 release notes](release-notes-published/9.0.1.md).
 
 ## 9.0.0
 
-The Forgejo v9.0.0 release notes are [available in the v9.0.0 milestone](https://codeberg.org/forgejo/forgejo/milestone/7235).
+See the [Forgejo 9.0.0 release notes](release-notes-published/9.0.0.md).
 
 ## 8.0.3
 
-The Forgejo v8.0.3 release notes are [available in the v8.0.3 milestone](https://codeberg.org/forgejo/forgejo/milestone/8231).
+See the [Forgejo 8.0.3 release notes](release-notes-published/8.0.3.md).
 
 ## 8.0.2
 
-The Forgejo v8.0.2 release notes are [available in the v8.0.2 milestone](https://codeberg.org/forgejo/forgejo/milestone/7728).
+See the [Forgejo 8.0.2 release notes](release-notes-published/8.0.2.md).
 
 ## 8.0.1
 
-The Forgejo v8.0.1 release notes are [available in the v8.0.1 milestone](https://codeberg.org/forgejo/forgejo/milestone/7682).
+See the [Forgejo 8.0.1 release notes](release-notes-published/8.0.1.md).
 
 ## 8.0.0
 
@@ -169,23 +169,23 @@ A [companion blog post](https://forgejo.org/2024-07-release-v8-0/) provides addi
 
 ## 7.0.11
 
-The Forgejo v7.0.11 release notes are [available in the v7.0.11 milestone](https://codeberg.org/forgejo/forgejo/milestone/8609).
+See the [Forgejo 7.0.11 release notes](release-notes-published/7.0.11.md).
 
 ## 7.0.10
 
-The Forgejo v7.0.10 release notes are [available in the v7.0.10 milestone](https://codeberg.org/forgejo/forgejo/milestone/8286).
+See the [Forgejo 7.0.10 release notes](release-notes-published/7.0.10.md).
 
 ## 7.0.9
 
-The Forgejo v7.0.9 release notes are [available in the v7.0.9 milestone](https://codeberg.org/forgejo/forgejo/milestone/8232).
+See the [Forgejo 7.0.9 release notes](release-notes-published/7.0.9.md).
 
 ## 7.0.8
 
-The Forgejo v7.0.8 release notes are [available in the v7.0.8 milestone](https://codeberg.org/forgejo/forgejo/milestone/7729).
+See the [Forgejo 7.0.8 release notes](release-notes-published/7.0.8.md).
 
 ## 7.0.7
 
-The Forgejo v7.0.7 release notes are [available in the v7.0.7 milestone](https://codeberg.org/forgejo/forgejo/milestone/7683).
+See the [Forgejo 7.0.7 release notes](release-notes-published/7.0.7.md).
 
 ## 7.0.6
 
diff --git a/release-notes-published/7.0.10.md b/release-notes-published/7.0.10.md
new file mode 100644
index 0000000000..bbdc413a44
--- /dev/null
+++ b/release-notes-published/7.0.10.md
@@ -0,0 +1,13 @@
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Security bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5719) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5723)): <!--number 5723 --><!--line 0 --><!--description Rm9yZ2VqbyBnZW5lcmF0ZXMgYSB0b2tlbiB3aGljaCBpcyB1c2VkIHRvIGF1dGhlbnRpY2F0ZSB3ZWIgZW5kcG9pbnRzIHRoYXQgYXJlIG9ubHkgbWVhbnQgdG8gYmUgdXNlZCBpbnRlcm5hbGx5LCBmb3IgaW5zdGFuY2Ugd2hlbiB0aGUgU1NIIGRhZW1vbiBpcyB1c2VkIHRvIHB1c2ggYSBjb21taXQgd2l0aCBHaXQuIFRoZSB2ZXJpZmljYXRpb24gb2YgdGhpcyB0b2tlbiB3YXMgbm90IGRvbmUgaW4gY29uc3RhbnQgdGltZSBhbmQgd2FzIHN1c2NlcHRpYmxlIHRvIFt0aW1pbmcgYXR0YWNrc10oaHR0cHM6Ly9lbi53aWtpcGVkaWEub3JnL3dpa2kvVGltaW5nX2F0dGFjaykuIEEgcHJlLWNvbmRpdGlvbiBmb3Igc3VjaCBhbiBhdHRhY2sgaXMgdGhlIHByZWNpc2UgbWVhc3VyZW1lbnRzIG9mIHRoZSB0aW1lIGZvciBlYWNoIG9wZXJhdGlvbi4gU2luY2UgaXQgcmVxdWlyZXMgb2JzZXJ2aW5nIHRoZSB0aW1pbmcgb2YgbmV0d29yayBvcGVyYXRpb25zLCB0aGUgaXNzdWUgaXMgbWl0aWdhdGVkIHdoZW4gYSBGb3JnZWpvIGluc3RhbmNlIGlzIGFjY2Vzc2VkIG92ZXIgdGhlIGludGVybmV0IGJlY2F1c2UgdGhlIElTUCBpbnRyb2R1Y2UgdW5wcmVkaWN0YWJsZSByYW5kb20gZGVsYXlzLg==-->Forgejo generates a token which is used to authenticate web endpoints that are only meant to be used internally, for instance when the SSH daemon is used to push a commit with Git. The verification of this token was not done in constant time and was susceptible to [timing attacks](https://en.wikipedia.org/wiki/Timing_attack). A pre-condition for such an attack is the precise measurements of the time for each operation. Since it requires observing the timing of network operations, the issue is mitigated when a Forgejo instance is accessed over the internet because the ISP introduce unpredictable random delays.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5718) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5720)): <!--number 5720 --><!--line 0 --><!--description QmVjYXVzZSBvZiBhIG1pc3NpbmcgcGVybWlzc2lvbiBjaGVjaywgdGhlIGJyYW5jaCB1c2VkIHRvIHByb3Bvc2UgYSBwdWxsIHJlcXVlc3QgdG8gYSByZXBvc2l0b3J5IGNhbiBhbHdheXMgYmUgZGVsZXRlZCBieSB0aGUgdXNlciBwZXJmb3JtaW5nIHRoZSBtZXJnZS4gSXQgd2FzIGZpeGVkIHNvIHRoYXQgc3VjaCBhIGRlbGV0aW9uIGlzIG9ubHkgYWxsb3dlZCBpZiB0aGUgdXNlciBwZXJmb3JtaW5nIHRoZSBtZXJnZSBoYXMgd3JpdGUgcGVybWlzc2lvbiB0byB0aGUgcmVwb3NpdG9yeSBmcm9tIHdoaWNoIHRoZSBwdWxsIHJlcXVlc3Qgd2FzIG1hZGUu-->Because of a missing permission check, the branch used to propose a pull request to a repository can always be deleted by the user performing the merge. It was fixed so that such a deletion is only allowed if the user performing the merge has write permission to the repository from which the pull request was made.<!--description-->
+- Localization
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5182) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5401)): <!--number 5401 --><!--line 0 --><!--description VHJhbnNsYXRpb24gYmFja3BvcnRzIHRvIHY3-->Translation backports to v7<!--description-->
+- Included for completeness but not worth a release note
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5725): <!--number 5725 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWVybWFpZCB0byB2MTAuOS4zIFtTRUNVUklUWV0gKHY3LjAvZm9yZ2Vqbyk=-->Update dependency mermaid to v10.9.3 [SECURITY] (v7.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5241): <!--number 5241 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjIuNyAodjcuMC9mb3JnZWpvKQ==-->Update dependency go to v1.22.7 (v7.0/forgejo)<!--description-->
+<!--end release-notes-assistant-->
diff --git a/release-notes-published/7.0.11.md b/release-notes-published/7.0.11.md
new file mode 100644
index 0000000000..16a2b1ecc9
--- /dev/null
+++ b/release-notes-published/7.0.11.md
@@ -0,0 +1,14 @@
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Security bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5974) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5976)): <!--number 5976 --><!--line 0 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC8xY2UzM2FhMzhkMWQyNThkMTQ1MjNmZjJjN2MyZGJmMzM5ZjIyYjc0KSBpdCB3YXMgcG9zc2libGUgdG8gdXNlIGEgdG9rZW4gc2VudCB2aWEgZW1haWwgZm9yIHNlY29uZGFyeSBlbWFpbCB2YWxpZGF0aW9uIHRvIHJlc2V0IHRoZSBwYXNzd29yZCBpbnN0ZWFkLiAgSW4gb3RoZXIgd29yZHMsIGEgdG9rZW4gc2VudCBmb3IgIGEgZ2l2ZW4gYWN0aW9uIChyZWdpc3RyYXRpb24sIHBhc3N3b3JkIHJlc2V0IG9yIHNlY29uZGFyeSBlbWFpbCB2YWxpZGF0aW9uKSBjb3VsZCBiZSB1c2VkIHRvIHBlcmZvcm0gYSBkaWZmZXJlbnQgYWN0aW9uLiBJdCBpcyBubyBsb25nZXIgcG9zc2libGUgdG8gdXNlIGEgdG9rZW4gZm9yIGFuIGFjdGlvbiB0aGF0IGlzIGRpZmZlcmVudCBmcm9tIGl0cyBvcmlnaW5hbCBwdXJwb3NlLg==-->[commit](https://codeberg.org/forgejo/forgejo/commit/1ce33aa38d1d258d14523ff2c7c2dbf339f22b74) it was possible to use a token sent via email for secondary email validation to reset the password instead.  In other words, a token sent for  a given action (registration, password reset or secondary email validation) could be used to perform a different action. It is no longer possible to use a token for an action that is different from its original purpose.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5974) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5976)): <!--number 5976 --><!--line 1 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC8wNjFhYmU2MDA0NTIxMmFjZjhjM2Y1YzQ5YjVjYzc1OGI0Y2JjZGU5KSBhIGZvcmsgb2YgYSBwdWJsaWMgcmVwb3NpdG9yeSB3b3VsZCBzaG93IGluIHRoZSBsaXN0IG9mIGZvcmtzLCBldmVuIGlmIGl0cyBvd25lciB3YXMgbm90IGEgcHVibGljIHVzZXIgb3Igb3JnYW5pemF0aW9uLiBTdWNoIGEgZm9yayBpcyBub3cgaGlkZGVuIGZyb20gdGhlIGxpc3Qgb2YgZm9ya3Mgb2YgdGhlIHB1YmxpYyByZXBvc2l0b3J5Lg==-->[commit](https://codeberg.org/forgejo/forgejo/commit/061abe60045212acf8c3f5c49b5cc758b4cbcde9) a fork of a public repository would show in the list of forks, even if its owner was not a public user or organization. Such a fork is now hidden from the list of forks of the public repository.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5974) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5976)): <!--number 5976 --><!--line 2 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC8zZTNlZjc2ODA4MTAwY2IxYzg1MzM3ODczM2QwZjZhOTEwMzI0YWM2KSB0aGUgbWVtYmVycyBvZiBhbiBvcmdhbml6YXRpb24gdGVhbSB3aXRoIHJlYWQgYWNjZXNzIHRvIGEgcmVwb3NpdG9yeSAoZS5nLiB0byByZWFkIGlzc3VlcykgYnV0IG5vIHJlYWQgYWNjZXNzIHRvIHRoZSBjb2RlIGNvdWxkIHJlYWQgdGhlIFJTUyBvciBhdG9tIGZlZWRzIHdoaWNoIGluY2x1ZGUgdGhlIGNvbW1pdCBhY3Rpdml0eS4gUmVhZGluZyB0aGUgUlNTIG9yIGF0b20gZmVlZHMgaXMgbm93IGRlbmllZCB1bmxlc3MgdGhlIHRlYW0gaGFzIHJlYWQgcGVybWlzc2lvbnMgb24gdGhlIGNvZGUu-->[commit](https://codeberg.org/forgejo/forgejo/commit/3e3ef76808100cb1c853378733d0f6a910324ac6) the members of an organization team with read access to a repository (e.g. to read issues) but no read access to the code could read the RSS or atom feeds which include the commit activity. Reading the RSS or atom feeds is now denied unless the team has read permissions on the code.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5974) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5976)): <!--number 5976 --><!--line 3 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC85NTA4YWE3NzEzNjMyZWQ0MDEyNGE5MzNkOTFkNTc2NmNmMjM2OWMyKSB0aGUgdG9rZW5zIHVzZWQgd2hlbiBbcmVwbHlpbmcgYnkgZW1haWwgdG8gaXNzdWVzIG9yIHB1bGwgcmVxdWVzdHNdKGh0dHBzOi8vZm9yZ2Vqby5vcmcvZG9jcy92OS4wL3VzZXIvaW5jb21pbmcvKSB3ZXJlIHdlYWtlciB0aGFuIHRoZSBbcmZjMjEwNCByZWNvbW1lbmRhdGlvbnNdKGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2h0bWwvcmZjMjEwNCNzZWN0aW9uLTUpLiBUaGUgdG9rZW5zIGFyZSBub3cgdHJ1bmNhdGVkIHRvIDEyOCBiaXRzIGluc3RlYWQgb2YgODAgYml0cy4gSXQgaXMgbm8gbG9uZ2VyIHBvc3NpYmxlIHRvIHJlcGx5IHRvIGVtYWlscyBzZW50IGJlZm9yZSB0aGUgdXBncmFkZSBiZWNhdXNlIHRoZSB3ZWFrZXIgdG9rZW5zIGFyZSBpbnZhbGlkLg==-->[commit](https://codeberg.org/forgejo/forgejo/commit/9508aa7713632ed40124a933d91d5766cf2369c2) the tokens used when [replying by email to issues or pull requests](https://forgejo.org/docs/v9.0/user/incoming/) were weaker than the [rfc2104 recommendations](https://datatracker.ietf.org/doc/html/rfc2104#section-5). The tokens are now truncated to 128 bits instead of 80 bits. It is no longer possible to reply to emails sent before the upgrade because the weaker tokens are invalid.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5974) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5976)): <!--number 5976 --><!--line 4 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC83ODZkZmM3ZmI4MWVlNzZkNDI5MmNhNWZjYjMzZTZlYTdiZGNjYzI5KSBhIHJlZ2lzdGVyZWQgdXNlciBjb3VsZCBtb2RpZnkgdGhlIHVwZGF0ZSBmcmVxdWVuY3kgb2YgYW55IHB1c2ggbWlycm9yIChlLmcuIGV2ZXJ5IDRoIGluc3RlYWQgb2YgZXZlcnkgOGgpLiBUaGV5IGFyZSBub3cgb25seSBhYmxlIHRvIGRvIHRoYXQgaWYgdGhleSBoYXZlIGFkbWluaXN0cmF0aXZlIHBlcm1pc3Npb25zIG9uIHRoZSByZXBvc2l0b3J5Lg==-->[commit](https://codeberg.org/forgejo/forgejo/commit/786dfc7fb81ee76d4292ca5fcb33e6ea7bdccc29) a registered user could modify the update frequency of any push mirror (e.g. every 4h instead of every 8h). They are now only able to do that if they have administrative permissions on the repository.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5974) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5976)): <!--number 5976 --><!--line 5 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC9lNmJiZWNiMDJkNDc3MzBkM2NjNjMwZDQxOWZlMjdlZjJmYjVjYjM5KSBpdCB3YXMgcG9zc2libGUgdG8gdXNlIGJhc2ljIGF1dGhvcml6YXRpb24gKGkuZS4gdXNlcjpwYXNzd29yZCkgZm9yIHJlcXVlc3RzIHRvIHRoZSBBUEkgZXZlbiB3aGVuIHNlY3VyaXR5IGtleXMgd2VyZSBlbnJvbGxlZCBmb3IgYSB1c2VyLiBJdCBpcyBubyBsb25nZXIgcG9zc2libGUsIGFuIGFwcGxpY2F0aW9uIHRva2VuIG11c3QgYmUgdXNlZCBpbnN0ZWFkLg==-->[commit](https://codeberg.org/forgejo/forgejo/commit/e6bbecb02d47730d3cc630d419fe27ef2fb5cb39) it was possible to use basic authorization (i.e. user:password) for requests to the API even when security keys were enrolled for a user. It is no longer possible, an application token must be used instead.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5974) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5976)): <!--number 5976 --><!--line 6 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC83MDY3Y2M3ZGE0ZjE0NGNjOGEyZmQyYWU2ZTUzMDdlMDQ2NWFjZTdmKSBzb21lIG1hcmt1cCBzYW5pdGF0aW9uIHJ1bGVzIHdlcmUgbm90IGFzIHN0cm9uZyBhcyB0aGV5IGNvdWxkIGJlIChlLmcuIGFsbG93aW5nIGBlbW9qaSBzb21ldGhpbmdlbHNlYCBhcyB3ZWxsIGFzIGBlbW9qaWApLiBUaGUgcnVsZXMgYXJlIG5vdyBzdHJpY3RlciBhbmQgZG8gbm90IGFsbG93IGZvciBzdWNoIGNhc2VzLg==-->[commit](https://codeberg.org/forgejo/forgejo/commit/7067cc7da4f144cc8a2fd2ae6e5307e0465ace7f) some markup sanitation rules were not as strong as they could be (e.g. allowing `emoji somethingelse` as well as `emoji`). The rules are now stricter and do not allow for such cases.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5974) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5976)): <!--number 5976 --><!--line 7 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC9iNzAxOTY2NTNmOWQ3ZDNiOWQ0ZTcyZDExNGU1Y2M2ZjQ3Mjk4OGM0KSB3aGVuIEZvcmdlam8gaXMgY29uZmlndXJlZCB0byBlbmFibGUgaW5zdGFuY2Ugd2lkZSBzZWFyY2ggKGUuZy4gd2l0aCBbYmxldmVdKGh0dHBzOi8vYmxldmVzZWFyY2guY29tLykpLCByZXN1bHRzIGZvdW5kIGluIHRoZSByZXBvc2l0b3JpZXMgb2YgcHJpdmF0ZSBvciBsaW1pdGVkIHVzZXJzIHdlcmUgZGlzcGxheWVkIHRvIGFub255bW91cyB2aXNpdG9ycy4gVGhlIHJlc3VsdHMgZm91bmQgaW4gcHJpdmF0ZSBvciBsaW1pdGVkIG9yZ2FuaXphdGlvbnMgd2VyZSBub3QgZGlzcGxheWVkLiBUaGUgc2VhcmNoIHJlc3VsdHMgZm91bmQgaW4gdGhlIHJlcG9zaXRvcmllcyBvZiBwcml2YXRlIG9yIGxpbWl0ZWQgdXNlciBhcmUgbm8gbG9uZ2VyIGRpc3BsYXllZCB0byBhbm9ueW1vdXMgdmlzaXRvcnMu-->[commit](https://codeberg.org/forgejo/forgejo/commit/b70196653f9d7d3b9d4e72d114e5cc6f472988c4) when Forgejo is configured to enable instance wide search (e.g. with [bleve](https://blevesearch.com/)), results found in the repositories of private or limited users were displayed to anonymous visitors. The results found in private or limited organizations were not displayed. The search results found in the repositories of private or limited user are no longer displayed to anonymous visitors.<!--description-->
+<!--end release-notes-assistant-->
diff --git a/release-notes-published/7.0.7.md b/release-notes-published/7.0.7.md
new file mode 100644
index 0000000000..310d430304
--- /dev/null
+++ b/release-notes-published/7.0.7.md
@@ -0,0 +1,13 @@
+This is a security release. See the documentation for more information on the [upgrade procedure](https://forgejo.org/docs/v7.0/admin/upgrade/).
+
+- Security
+  A [change introduced in Forgejo v1.21](https://codeberg.org/forgejo/forgejo/pulls/1433) allows a Forgejo user with write permission on a repository description to [inject a client-side script into the web page viewed by the visitor](https://en.wikipedia.org/wiki/Cross-site_scripting). This XSS allows for `href` in anchor elements to be set to a `javascript:` URI in the repository description, which will execute the specified script upon clicking (and not upon loading). [`AllowStandardURLs`](https://pkg.go.dev/github.com/microcosm-cc/bluemonday#Policy.AllowStandardURLs) is now called for the repository description policy, which ensures that URIs in anchor elements are `mailto:`, `http://` or `https://` and thereby disallowing the `javascript:` URI.
+
+<!--start release-notes-assistant-->
+
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4896) ([backported](https://codeberg.org/forgejo/forgejo/pulls/4900)): <!--number 4900 --><!--line 0 --><!--description ZGlzYWxsb3cgamF2YXNjcmlwdDogVVJJIGluIHRoZSByZXBvc2l0b3J5IGRlc2NyaXB0aW9u-->disallow javascript: URI in the repository description<!--description-->
+- Localization
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4568) ([backported](https://codeberg.org/forgejo/forgejo/pulls/4882)): <!--number 4882 --><!--line 0 --><!--description aTE4bjogYmFja3BvcnQgb2YgIzQ1NjggIzQ2NjggYW5kICM0NzgzIHRvIHY3-->i18n: backport of #4568 #4668 and #4783 to v7<!--description-->
+<!--end release-notes-assistant-->
diff --git a/release-notes-published/7.0.8.md b/release-notes-published/7.0.8.md
new file mode 100644
index 0000000000..a679b0131c
--- /dev/null
+++ b/release-notes-published/7.0.8.md
@@ -0,0 +1,18 @@
+This is a security release. See the documentation for more information on the [upgrade procedure](https://forgejo.org/docs/v7.0/admin/upgrade/).
+
+- Security bug fixes
+  [The scope of application tokens was not verified](https://codeberg.org/forgejo/forgejo/pulls/5149) when writing containers or Conan packages. This is of no consequence when the user associated with the application token does not have write access to packages. If the user has write access to packages, such a token can be used to write containers and Conan packages. An application token that was used to write containers or Conan packages without the `package:write` scope will now fail with an unauthorized error. It must be re-created to include the `package:write` scope.
+
+
+<!--start release-notes-assistant-->
+
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- User Interface bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5029) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5033)): <!--number 5033 --><!--line 0 --><!--description W1BPUlRdIEZpeCBvdmVyZmxvdyBmb3IgaW1hZ2VzIG9uIHByb2plY3QgY2FyZHMgKGdpdGVhIzMxNjgzKQ==-->Overflow for images on project cards.<!--description-->
+- Bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5149) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5150)): <!--number 5150 --><!--line 0 --><!--description VGhlIHNjb3BlIG9mIGFwcGxpY2F0aW9uIHRva2VucyBpcyBub3QgdmVyaWZpZWQgd2hlbiB3cml0aW5nIGNvbnRhaW5lcnMgb3IgQ29uYW4gcGFja2FnZXMuIFRoaXMgaXMgb2Ygbm8gY29uc2VxdWVuY2Ugd2hlbiB0aGUgdXNlciBhc3NvY2lhdGVkIHdpdGggdGhlIGFwcGxpY2F0aW9uIHRva2VuIGRvZXMgbm90IGhhdmUgd3JpdGUgYWNjZXNzIHRvIHBhY2thZ2VzLiBJZiB0aGUgdXNlciBoYXMgd3JpdGUgYWNjZXNzIHRvIHBhY2thZ2VzLCBzdWNoIGEgdG9rZW4gY2FuIGJlIHVzZWQgdG8gd3JpdGUgY29udGFpbmVycyBhbmQgQ29uYW4gcGFja2FnZXMu-->The scope of application tokens is not verified when writing containers or Conan packages.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4885) ([backported](https://codeberg.org/forgejo/forgejo/pulls/4950)): <!--number 4950 --><!--line 0 --><!--description Zml4OiBSdW4gZnVsbCBQUiBjaGVja3Mgb24gYWdpdCBwdXNo-->Run full PR checks on AGit push.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3264) ([backported](https://codeberg.org/forgejo/forgejo/pulls/4999)): <!--number 4999 --><!--line 4 --><!--description LSBmaXg6IFtjb21taXRdKGh0dHBzOi8vY29kZWJlcmcub3JnL2Zvcmdlam8vZm9yZ2Vqby9jb21taXQvMzY0OTIyYzZlNGYyODI2NGFkZDllMjUwMWEzNTJjMjVhZDZhMDk5Mykgd2hlbiBhIHJlcG9zaXRvcnkgaXMgYWRvcHRlZCwgaXRzIG9iamVjdCBmb3JtYXQgaXMgbm90IHNldCBpbiB0aGUgZGF0YWJhc2Uu-->- [commit](https://codeberg.org/forgejo/forgejo/commit/364922c6e4f28264add9e2501a352c25ad6a0993) When a repository is adopted, its object format is not set in the database.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3264) ([backported](https://codeberg.org/forgejo/forgejo/pulls/4999)): <!--number 4999 --><!--line 5 --><!--description LSBmaXg6IFtjb21taXRdKGh0dHBzOi8vY29kZWJlcmcub3JnL2Zvcmdlam8vZm9yZ2Vqby9jb21taXQvZTdmMzMyYTU1ZDZhNDhhM2YzYjRmMmJmYTQzZDE4NDU1YWMwMGFjYykgZHVyaW5nIGEgbWlncmF0aW9uIGZyb20gYml0YnVja2V0LCBMRlMgZG93bmxvYWRzIGZhaWwu-->- [commit](https://codeberg.org/forgejo/forgejo/commit/e7f332a55d6a48a3f3b4f2bfa43d18455ac00acc) During a migration from bitbucket, LFS downloads fail.<!--description-->
+- Localization
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4889) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5138)): <!--number 5138 --><!--line 0 --><!--description QmFja3BvcnRzIG9mICM0ODg5IGFuZCAjNDk4NCB0byB2Nw==-->Backports of #4889 and #4984 to v7<!--description-->
diff --git a/release-notes-published/7.0.9.md b/release-notes-published/7.0.9.md
new file mode 100644
index 0000000000..2cfa328162
--- /dev/null
+++ b/release-notes-published/7.0.9.md
@@ -0,0 +1,9 @@
+<!--start release-notes-assistant-->
+
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Security
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5244) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5246)): <!--number 5246 --><!--line 0 --><!--description cmVwbGFjZSB2LWh0bWwgd2l0aCB2LXRleHQgaW4gYnJhbmNoIHNlYXJjaCBpbnB1dGJveCBmb3IgWFNTIHByb3RlY3Rpb24=-->replace v-html with v-text in branch search inputbox for XSS protection<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5201): <!--number 5201 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgd2VicGFjayB0byB2NS45NC4wIFtTRUNVUklUWV0gKHY3LjAvZm9yZ2Vqbyk=-->Upgrade [webpack to v5.94.0](https://github.com/webpack/webpack/releases/tag/v5.94.0) as a precaution to mitigate [CVE-2024-43788](https://github.com/advisories/GHSA-4vvj-4cpr-p986), although we were not yet able to confirm that this can be exploited in Forgejo.<!--description-->
+- Localization
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5070) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5181)): <!--number 5181 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
+<!--end release-notes-assistant-->
diff --git a/release-notes-published/8.0.1.md b/release-notes-published/8.0.1.md
new file mode 100644
index 0000000000..d3f536ea09
--- /dev/null
+++ b/release-notes-published/8.0.1.md
@@ -0,0 +1,20 @@
+This is a security release. See the documentation for more information on the [upgrade procedure](https://forgejo.org/docs/v8.0/admin/upgrade/).
+
+- Security bug fixes
+  A [change introduced in Forgejo v1.21](https://codeberg.org/forgejo/forgejo/pulls/1433) allows a Forgejo user with write permission on a repository description to [inject a client-side script into the web page viewed by the visitor](https://en.wikipedia.org/wiki/Cross-site_scripting). This XSS allows for `href` in anchor elements to be set to a `javascript:` URI in the repository description, which will execute the specified script upon clicking (and not upon loading). [`AllowStandardURLs`](https://pkg.go.dev/github.com/microcosm-cc/bluemonday#Policy.AllowStandardURLs) is now called for the repository description policy, which ensures that URIs in anchor elements are `mailto:`, `http://` or `https://` and thereby disallowing the `javascript:` URI.
+
+<!--start release-notes-assistant-->
+
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- User Interface bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4835) ([backported](https://codeberg.org/forgejo/forgejo/pulls/4848)): <!--number 4848 --><!--line 0 --><!--description RG8gbm90IGluY2x1ZGUgdHJhaWxpbmcgRU9MIGNoYXJhY3RlciB3aGVuIGNvdW50aW5nIGxpbmVz-->Do not include trailing EOL character when counting lines<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4836) ([backported](https://codeberg.org/forgejo/forgejo/pulls/4847)): <!--number 4847 --><!--line 0 --><!--description QWRkIGJhY2tncm91bmQgdG8gcmVhY3Rpb25zIG9uIGhvdmVy-->Add background to reactions on hover<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4806) ([backported](https://codeberg.org/forgejo/forgejo/pulls/4807)): <!--number 4807 --><!--line 0 --><!--description UHJldmVudCB1cHBlcmNhc2UgaW4gaGVhZGVyIG9mIGRhc2hib2FyZCBjb250ZXh0IHNlbGVjdG9y-->Prevent uppercase in header of dashboard context selector<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4754) ([backported](https://codeberg.org/forgejo/forgejo/pulls/4756)): <!--number 4756 --><!--line 0 --><!--description Rml4IHBhZ2UgbGF5b3V0IGluIGFkbWluIHNldHRpbmdz-->Fix page layout in admin settings<!--description-->
+- Bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4896) ([backported](https://codeberg.org/forgejo/forgejo/pulls/4901)): <!--number 4901 --><!--line 0 --><!--description ZGlzYWxsb3cgamF2YXNjcmlwdDogVVJJIGluIHRoZSByZXBvc2l0b3J5IGRlc2NyaXB0aW9u-->disallow javascript: URI in the repository description<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4852) ([backported](https://codeberg.org/forgejo/forgejo/pulls/4865)): <!--number 4865 --><!--line 0 --><!--description RW5zdXJlIGFsbCBmaWx0ZXJzIGFyZSBwZXJzaXN0ZW50IGluIGlzc3VlIGZpbHRlcnM=-->Ensure all filters are persistent in issue filters<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4828) ([backported](https://codeberg.org/forgejo/forgejo/pulls/4840)): <!--number 4840 --><!--line 0 --><!--description QWxsb3cgNCBjaGFyYWNodGVyIFNIQSBpbiBgL3NyYy9jb21taXRg-->Allow 4 charachter SHA in `/src/commit`<!--description-->
+- Localization
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4668) ([backported](https://codeberg.org/forgejo/forgejo/pulls/4881)): <!--number 4881 --><!--line 0 --><!--description aTE4bjogYmFja3BvcnQgb2YgIzQ2NjggYW5kICM0NzgzIHRvIHY4-->i18n: backport of #4668 and #4783 to v8<!--description-->
+<!--end release-notes-assistant-->
diff --git a/release-notes-published/8.0.2.md b/release-notes-published/8.0.2.md
new file mode 100644
index 0000000000..52f0783ad1
--- /dev/null
+++ b/release-notes-published/8.0.2.md
@@ -0,0 +1,24 @@
+This is a security release. See the documentation for more information on the [upgrade procedure](https://forgejo.org/docs/v8.0/admin/upgrade/).
+
+- Security
+  [The scope of application tokens was not verified](https://codeberg.org/forgejo/forgejo/pulls/5149) when writing containers or Conan packages. This is of no consequence when the user associated with the application token does not have write access to packages. If the user has write access to packages, such a token can be used to write containers and Conan packages. An application token that was used to write containers or Conan packages without the `package:write` scope will now fail with an unauthorized error. It must be re-created to include the `package:write` scope.
+
+<!--start release-notes-assistant-->
+
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- User Interface bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5029) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5032)): <!--number 5032 --><!--line 0 --><!--description W1BPUlRdIEZpeCBvdmVyZmxvdyBmb3IgaW1hZ2VzIG9uIHByb2plY3QgY2FyZHMgKGdpdGVhIzMxNjgzKQ==-->Overflow for images on project cards.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4798) ([backported](https://codeberg.org/forgejo/forgejo/pulls/4919)): <!--number 4919 --><!--line 0 --><!--description Zml4KHVpKTogYWxsb3cgdW5yZWFjdGluZyBmcm9tIGNvbW1lbnQgcG9wb3Zlcg==-->Allow unreacting from comment popover.<!--description-->
+- Bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5149) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5151)): <!--number 5151 --><!--line 0 --><!--description VGhlIHNjb3BlIG9mIGFwcGxpY2F0aW9uIHRva2VucyBpcyBub3QgdmVyaWZpZWQgd2hlbiB3cml0aW5nIGNvbnRhaW5lcnMgb3IgQ29uYW4gcGFja2FnZXMuIFRoaXMgaXMgb2Ygbm8gY29uc2VxdWVuY2Ugd2hlbiB0aGUgdXNlciBhc3NvY2lhdGVkIHdpdGggdGhlIGFwcGxpY2F0aW9uIHRva2VuIGRvZXMgbm90IGhhdmUgd3JpdGUgYWNjZXNzIHRvIHBhY2thZ2VzLiBJZiB0aGUgdXNlciBoYXMgd3JpdGUgYWNjZXNzIHRvIHBhY2thZ2VzLCBzdWNoIGEgdG9rZW4gY2FuIGJlIHVzZWQgdG8gd3JpdGUgY29udGFpbmVycyBhbmQgQ29uYW4gcGFja2FnZXMu-->The scope of application tokens is not verified when writing containers or Conan packages.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5065) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5080)): <!--number 5080 --><!--line 0 --><!--description d2hlbiBhIEZvcmdlam8gQWN0aW9ucyB3b3JrZmxvdyBpbmNsdWRlcyBhIGB3b3JrZmxvd19kaXNwYXRjaGAgd2l0aCBgaW5wdXRzYCBhbmQgb3RoZXIgZXZlbnRzIChmb3IgaW5zdGFuY2UgYHB1c2hgKSwgaXQgaXMgc2lsZW50bHkgaWdub3JlZCBiZWNhdXNlIG9mIGEgcGFyc2luZyBlcnJvci4=-->When a Forgejo Actions workflow includes a `workflow_dispatch` with `inputs` and other events (for instance `push`), it is silently ignored because of a parsing error.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5053): <!--number 5053 --><!--line 0 --><!--description W1BPUlRdIEZpeCBhdXRvbWVyZ2Ugb24gQUdpdCBQUnMgKGdpdGVhIzMxODgxKQ==-->Automerge on AGit pull requests is ignored.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4998) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5050)): <!--number 5050 --><!--line 0 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC83ZjFkYjFkZjNlZThkNjIwZjk5N2I4ZTcwYTQwYzJmNDhhZTk2YzBmKSBTaG93IGxvY2sgb3duZXIgaW5zdGVhZCBvZiByZXBvIG93bmVyIG9uIExGUyBzZXR0aW5nIHBhZ2Uu-->[commit](https://codeberg.org/forgejo/forgejo/commit/7f1db1df3ee8d620f997b8e70a40c2f48ae96c0f) Show lock owner instead of repo owner on LFS setting page.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4998) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5050)): <!--number 5050 --><!--line 1 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC9lYmZkYzY1OWQ4MTQ1NjFmODc4MzA5NGUyZWIyNjczOGE1NTAwZTU1KSBSZW5kZXIgcGxhaW4gdGV4dCBmaWxlIGlmIHRoZSBMRlMgb2JqZWN0IGRvZXNuJ3QgZXhpc3Qu-->[commit](https://codeberg.org/forgejo/forgejo/commit/ebfdc659d814561f8783094e2eb26738a5500e55) Render plain text file if the LFS object doesn't exist.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4998) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5050)): <!--number 5050 --><!--line 2 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC85ZTA2NmMzY2FkN2JiMWIzMGUyZGVmMzRiZDA2MDhhYWM4MjVjZjU4KSBGaXggcGFuaWMgb2Ygc3NoIHB1YmxpYyBrZXkgcGFnZSBhZnRlciBkZWxldGlvbiBvZiBhdXRoIHNvdXJjZS4=-->[commit](https://codeberg.org/forgejo/forgejo/commit/9e066c3cad7bb1b30e2def34bd0608aac825cf58) Panic of ssh public key page after deletion of an auth source.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4998) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5050)): <!--number 5050 --><!--line 3 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC9hOGUyNWU5MDdjNjYxNDA5NjFmMjhiYTkyNDAzMTc2YzgxNmRmYjYwKSBBZGQgbWlzc2luZyByZXBvc2l0b3J5IHR5cGUgZmlsdGVyIHBhcmFtZXRlcnMgdG8gcGFnZXIu-->[commit](https://codeberg.org/forgejo/forgejo/commit/a8e25e907c66140961f28ba92403176c816dfb60) Add missing repository type filter parameters to pager.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4907) ([backported](https://codeberg.org/forgejo/forgejo/pulls/4965)): <!--number 4965 --><!--line 0 --><!--description UmV2ZXJ0ZWQgYSBjaGFuZ2UgZnJvbSBHaXRlYSB3aGljaCBwcmV2ZW50ZWQgYWxsb3cvcmVqZWN0IHJldmlld3Mgb24gbWVyZ2VkIG9yIGNsb3NlZCBQUnMuIFRoaXMgY2hhbmdlIHdhcyBub3QgY29uc2lkZXJlZCBieSB0aGUgRm9yZ2VqbyBVSSB0ZWFtIGFuZCB0aGVyZSBpcyBhIGNvbnNlbnN1cyB0aGF0IGl0IGZlZWxzIGxpa2UgYSByZWdyZXNzaW9uLCBzaW5jZSBpdCBpbnRlcmZlcmVzIHdpdGggd29ya2Zsb3dzIGtub3duIHRvIGJlIHVzZWQgYnkgRm9yZ2VqbyB1c2VycyB3aXRob3V0IHByb3ZpZGluZyBhIHRhbmdpYmxlIGJlbmVmaXQu-->Reverted a change from Gitea which prevented allow/reject reviews on merged or closed PRs. This change was not considered by the Forgejo UI team and there is a consensus that it feels like a regression, since it interferes with workflows known to be used by Forgejo users without providing a tangible benefit.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4885) ([backported](https://codeberg.org/forgejo/forgejo/pulls/4951)): <!--number 4951 --><!--line 0 --><!--description Zml4OiBSdW4gZnVsbCBQUiBjaGVja3Mgb24gYWdpdCBwdXNo-->Run full PR checks on AGit push.<!--description-->
+- Localization
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4984) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5116)): <!--number 5116 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4889) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5114)): <!--number 5114 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
diff --git a/release-notes-published/8.0.3.md b/release-notes-published/8.0.3.md
new file mode 100644
index 0000000000..5dea61f08a
--- /dev/null
+++ b/release-notes-published/8.0.3.md
@@ -0,0 +1,10 @@
+<!--start release-notes-assistant-->
+
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Security
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5244) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5247)): <!--number 5247 --><!--line 0 --><!--description cmVwbGFjZSB2LWh0bWwgd2l0aCB2LXRleHQgaW4gYnJhbmNoIHNlYXJjaCBpbnB1dGJveCBmb3IgWFNTIHByb3RlY3Rpb24=-->replace v-html with v-text in branch search inputbox for XSS protection<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5202): <!--number 5202 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgd2VicGFjayB0byB2NS45NC4wIFtTRUNVUklUWV0gKHY4LjAvZm9yZ2Vqbyk=-->Upgrade [webpack to v5.94.0](https://github.com/webpack/webpack/releases/tag/v5.94.0) as a precaution to mitigate [CVE-2024-43788](https://github.com/advisories/GHSA-4vvj-4cpr-p986), although we were not yet able to confirm that this can be exploited in Forgejo.<!--description-->
+- Localization
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5182) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5230)): <!--number 5230 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5070) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5161)): <!--number 5161 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
+<!--end release-notes-assistant-->
diff --git a/release-notes-published/9.0.0.md b/release-notes-published/9.0.0.md
new file mode 100644
index 0000000000..9fca889b79
--- /dev/null
+++ b/release-notes-published/9.0.0.md
@@ -0,0 +1,114 @@
+A [companion blog post](https://forgejo.org/2024-10-release-v9-0/) provides additional context on this major release.
+
+<!--start release-notes-assistant-->
+
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Breaking changes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4724): <!--number 4724 --><!--line 0 --><!--description T0lEQyBpbnRlZ3JhdGlvbnMgdGhhdCBQT1NUIHRvIGAvbG9naW4vb2F1dGgvaW50cm9zcGVjdGAgd2l0aG91dCBzZW5kaW5nIEhUVFAgYmFzaWMgYXV0aGVudGljYXRpb24gd2lsbCBub3cgZmFpbCB3aXRoIGEgNDAxIEhUVFAgVW5hdXRob3JpemVkIGVycm9yLiBUbyBmaXggdGhlIGVycm9yLCB0aGUgY2xpZW50IG11c3QgYmVnaW4gc2VuZGluZyBIVFRQIGJhc2ljIGF1dGhlbnRpY2F0aW9uIHdpdGggYSB2YWxpZCBjbGllbnQgSUQgYW5kIHNlY3JldC4gVGhpcyBlbmRwb2ludCB3YXMgcHJldmlvdXNseSBhdXRoZW50aWNhdGVkIHZpYSB0aGUgaW50cm9zcGVjdGlvbiB0b2tlbiBpdHNlbGYsIHdoaWNoIGlzIGxlc3Mgc2VjdXJlLg==-->OIDC integrations that POST to `/login/oauth/introspect` without sending HTTP basic authentication will now fail with a 401 HTTP Unauthorized error. To fix the error, the client must begin sending HTTP basic authentication with a valid client ID and secret. This endpoint was previously authenticated via the introspection token itself, which is less secure.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5515) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5526)): <!--number 5526 --><!--line 0 --><!--description KipGaXhpbmcgdGhpcyBidWcgaXMgYSBicmVha2luZyBjaGFuZ2UgYmVjYXVzZSBleGlzdGluZyB0b2tlbnMgd2l0aCBhIHB1YmxpYyBzY29wZSB3aWxsIG5vIGxvbmdlciByZXR1cm4gcHJpdmF0ZSByZXNvdXJjZXMuIFRoZXkgaGF2ZSB0byBiZSBkZWxldGVkIGFuZCByZS1jcmVhdGVkIHdpdGhvdXQgdGhlIHB1YmxpYyBzY29wZSB0byByZXN0b3JlIHRoZWlyIG9yaWdpbmFsIGJlaGF2aW9yKiouIFRoZSBwdWJsaWMgc2NvcGUgb2YgYW4gYXBwbGljYXRpb24gdG9rZW4gZG9lcyBub3QgZmlsdGVyIG91dCBwcml2YXRlIHJlcG9zaXRvcmllcywgb3JnYW5pemF0aW9ucyBvciBwYWNrYWdlcyBpbiBzb21lIGNhc2VzLiBUaGlzIHNjb3BlIGlzIG5vdCB0aGUgZGVmYXVsdCwgaXQgaGFzIHRvIGJlIG1hbnVhbGx5IHNldCB2aWEgdGhlIHdlYiBVSSBvciB0aGUgQVBJLiBXaGVuIHRoZSBwdWJsaWMgc2NvcGUgaXMgZXhwbGljaXRseSBhZGRlZCB0byBhbiBhcHBsaWNhdGlvbiB0b2tlbiB0aGF0IGlzIGFsbG93ZWQgdG8gbGlzdCB0aGUgcmVwb3NpdG9yaWVzIGFuZCBwYWNrYWdlcyBvZiBhIHVzZXIgb3IgYW4gb3JnYW5pemF0aW9uLCBpdCBpcyBtZWFudCBhcyBhIHJlc3RyaWN0aW9uLiBGb3IgaW5zdGFuY2UgaWYgYSB1c2VyIGhhcyB0d28gcmVwb3NpdG9yaWVzLCBvbmUgcHJpdmF0ZSBhbmQgdGhlIG90aGVyIHB1YmxpY2x5IHZpc2libGUsIGEgdG9rZW4gd2l0aCB0aGUgcHVibGljIHNjb3BlIHVzZWQgd2l0aCB0aGUgQVBJIGVuZHBvaW50IGxpc3RpbmcgdGhlIHJlcG9zaXRvcmllcyB0aGF0IGJlbG9uZyB0byB0aGlzIHVzZXIgbXVzdCBvbmx5IHJldHVybiB0aGUgcHVibGljbHkgdmlzaWJsZSBvbmUgYW5kIG5vdCByZXZlYWwgdGhlIGV4aXN0ZW5jZSBvZiB0aGUgcHJpdmF0ZSBvbmUu-->**Fixing this bug is a breaking change because existing tokens with a public scope will no longer return private resources. They have to be deleted and re-created without the public scope to restore their original behavior**. The public scope of an application token does not filter out private repositories, organizations or packages in some cases. This scope is not the default, it has to be manually set via the web UI or the API. When the public scope is explicitly added to an application token that is allowed to list the repositories and packages of a user or an organization, it is meant as a restriction. For instance if a user has two repositories, one private and the other publicly visible, a token with the public scope used with the API endpoint listing the repositories that belong to this user must only return the publicly visible one and not reveal the existence of the private one.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4941): <!--number 4941 --><!--line 0 --><!--description RHJvcCBzdXBwb3J0IHRvIGJ1aWxkIEZvcmdlam8gd2l0aCB0aGUgb3B0aW9uYWwgZ28tZ2l0IEdpdCBiYWNrZW5kLiBJdCBvbmx5IGFmZmVjdHMgdXNlcnMgd2hvIGJ1aWx0IEZvcmdlam8gbWFudWFsbHkgdXNpbmcgYFRBR1M9Z29naXRzYCwgd2hpY2ggbm8gbG9uZ2VyIGhhcyBhbnkgZWZmZWN0LiBNb3ZpbmcgZm9yd2FyZCwgd2Ugb25seSBzdXBwb3J0IHRoZSBkZWZhdWx0IGJhY2tlbmQgdXNpbmcgdGhlIGdpdCBiaW5hcnkuIFBsZWFzZSBnZXQgaW4gdG91Y2ggaWYgeW91IHVzZWQgdGhlIGdvLWdpdCBiYWNrZW5kIGFuZCByZXF1aXJlIGFueSBhc3Npc3RhbmNlIG1vdmluZyBhd2F5IGZyb20gaXQu-->Drop support to build Forgejo with the optional go-git Git backend. It only affects users who built Forgejo manually using `TAGS=gogits`, which no longer has any effect. Moving forward, we only support the default backend using the git binary. Please get in touch if you used the go-git backend and require any assistance moving away from it.<!--description-->
+- User Interface features
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5286): <!--number 5286 --><!--line 0 --><!--description c2V0IGNyZWF0ZWRfYnkgYXMgdGhlIGRlZmF1bHQgZmlsdGVyIGZvciAvaXNzdWVzIGFuZCAvcHVsbHM=-->Set created_by as the default filter for /issues and /pulls.<!--description-->
+  Note that this also affects /org/*/pulls and /org/*/issues, but for them this default might be reverted back in the future releases.
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5270): <!--number 5270 --><!--line 0 --><!--description c2V0IGZ1enp5IGFzIGRlZmF1bHQgZm9yIGlzc3VlIHNlYXJjaA==-->Set fuzzy as default for issue search.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5214): <!--number 5214 --><!--line 0 --><!--description dWk6IEltcHJvdmUgY29tbWl0IGdyYXBoIGxheW91dA==-->Improve commit graph layout.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5205): <!--number 5205 --><!--line 0 --><!--description bWVybWFpZDogW0FkZCBzdXBwb3J0IGZvciBpY29uaWZ5IGljb25zXShodHRwczovL2dpdGh1Yi5jb20vbWVybWFpZC1qcy9tZXJtYWlkL3B1bGwvNTc5Myku-->mermaid: [Add support for iconify icons](https://github.com/mermaid-js/mermaid/pull/5793).<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5205): <!--number 5205 --><!--line 1 --><!--description bWVybWFpZDogW0FsbG93IG11bHRpLWxpbmUgcmVsYXRpb25zaGlwIGxhYmVsc10oaHR0cHM6Ly9naXRodWIuY29tL21lcm1haWQtanMvbWVybWFpZC9wdWxsLzU3MTEpLg==-->mermaid: [Allow multi-line relationship labels](https://github.com/mermaid-js/mermaid/pull/5711).<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5205): <!--number 5205 --><!--line 2 --><!--description bWVybWFpZDogW0FkZHMgYXJjaGl0ZWN0dXJlIGRpYWdyYW1zIHdoaWNoIGFsbG93cyB1c2VycyB0byBzaG93IHJlbGF0aW9ucyBiZXR3ZWVuIHNlcnZpY2VzXShodHRwczovL2dpdGh1Yi5jb20vbWVybWFpZC1qcy9tZXJtYWlkL3B1bGwvNTQ1Miku-->mermaid: [Adds architecture diagrams which allows users to show relations between services](https://github.com/mermaid-js/mermaid/pull/5452).<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5110): <!--number 5110 --><!--line 0 --><!--description SW1wcm92ZSBkaWZmcyBnZW5lcmF0ZWQgYnkgRm9yZ2Vqbw==-->Improve diffs generated by Forgejo.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5002): <!--number 5002 --><!--line 0 --><!--description ZmVhdCh1aSk6IEFkZCBgcmVsPSJub2ZvbGxvdyJgIHRvIGluLWxpc3QgbGFiZWxz-->Add `rel="nofollow"` to in-list labels.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4782): <!--number 4782 --><!--line 0 --><!--description RGlzdGluZ3Vpc2ggYmV0d2VlbiBuZXcgdGFncywgcmVsZWFzZXMgYW5kIHByZS1yZWxlYXNlcyBvbiBhY3Rpdml0eSBwYWdl-->Distinguish between new tags, releases and pre-releases on activity page.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4749): <!--number 4749 --><!--line 0 --><!--description aGlnaGxpZ2h0ZWQgY29kZSBzZWFyY2ggcmVzdWx0cw==-->Highlighted code search results.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4710): <!--number 4710 --><!--line 0 --><!--description UmVmYWN0b3IgcmVwbyBtaWdyYXRpb24gaXRlbXM=-->Refactor repo migration items.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4697): <!--number 4697 --><!--line 0 --><!--description ZmVhdChVSSk6IGFkZCBwYWNrYWdlIGNvdW50ZXIgdG8gcmVwby91c2VyL29yZyBvdmVydmlldyBwYWdlcw==-->Add package counter to repo/user/org overview pages.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4571): <!--number 4571 --><!--line 0 --><!--description UmVwbGFjZSBgdnVlLWJhci1ncmFwaGAgd2l0aCBgY2hhcnQuanNg-->Replace `vue-bar-graph` with `chart.js`.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4541): <!--number 4541 --><!--line 0 --><!--description ZmVhdCh1aSk6IGFkZCBtb3JlIGVtb2ppIGFuZCBjb2RlIGJsb2NrIHJlbmRlcmluZyBpbiBpc3N1ZXM=-->Add more emoji and code block rendering in issues.<!--description-->
+- User Interface bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5261): <!--number 5261 --><!--line 0 --><!--description Rml4IGJhZCBzcGFjaW5nIG9uIG5ldyByZWxlYXNlIHBhZ2U=-->Bad spacing on new release page.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5180): <!--number 5180 --><!--line 0 --><!--description Rml4IG1pbGVzdG9uZSBhc3NpZ25tZW50IGluIG5ldyBpc3N1ZQ==-->Milestone assignment in new issue.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4928): <!--number 4928 --><!--line 0 --><!--description Z2l0LWdyZXA6IGVuc3VyZSBib3VuZGVkIGRlZmF1bHQgZm9yIE1hdGNoZXNQZXJGaWxl-->git-grep: ensure bounded default for MatchesPerFile.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4597): <!--number 4597 --><!--line 0 --><!--description Rml4IGdvIHRvIGNpdGF0aW9uIGJ1dHRvbg==-->Incorrect go to citation button.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4538): <!--number 4538 --><!--line 0 --><!--description Zml4KHVpKTogSFRNWCBzdXBwb3J0IGZvciBwcm9maWxlIGNhcmQ=-->Incorrect HTMX support for profile card.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4490): <!--number 4490 --><!--line 0 --><!--description W2FjY2Vzc2liaWxpdHldIEFkZCBrZXlib2FyZCBzdXBwb3J0IGZvciB0ZXN0IGFjdGlvbnM=-->Accessibility keyboard support for test actions.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4455): <!--number 4455 --><!--line 0 --><!--description VXBkYXRlIHB1bGwgcmVxdWVzdCBpY29ucw==-->Update pull request icons.<!--description-->
+- Features
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5482) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5524)): <!--number 5524 --><!--line 0 --><!--description ZmVhdDogIkFzc2lnbiB0byBtZSIgYnV0dG9uIG9uIFBSIGFuZCBJc3N1ZXMgIzUyMTU=-->"Assign to me" button on PR and Issues.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5351) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5407)): <!--number 5407 --><!--line 0 --><!--description ZmVhdDogIGFkZCBhcmNoaXRlY3R1cmUtc3BlY2lmaWMgcmVtb3ZhbCBzdXBwb3J0IGZvciBhcmNoIHBhY2thZ2U=-->Add architecture-specific removal support for arch package.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5372) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5406)): <!--number 5406 --><!--line 0 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC85ZDM0NzMxMTk4OTNmZmRlMGFiMzZkOThlN2EwZTQxYzVkMGJhOWEzKSBBZGQgYmluIHRvIENvbXBvc2VyIE1ldGFkYXRhLg==-->[commit](https://codeberg.org/forgejo/forgejo/commit/9d3473119893ffde0ab36d98e7a0e41c5d0ba9a3) Add bin to Composer Metadata.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5383): <!--number 5383 --><!--line 0 --><!--description aTE4bjogVVggaW1wcm92ZW1lbnRzOiBUZWFtIHBlcm1pc3Npb25zIGFuZCBpc3N1ZSBjbG9zaW5n-->Internationalization user experience improvements on team permissions and issue closing.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5325): <!--number 5325 --><!--line 2 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC8yZGEwZWJiZDIzMTRmMTJiMjg3Njk0YzM3OGE4ODgzMTFkZDMzN2JjKSBTdXBwb3J0IGFsbG93ZWQgaG9zdHMgZm9yIG1pZ3JhdGlvbnMgdG8gd29yayB3aXRoIHByb3h5Lg==-->[commit](https://codeberg.org/forgejo/forgejo/commit/2da0ebbd2314f12b287694c378a888311dd337bc) Support allowed hosts for migrations to work with proxy.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5125): <!--number 5125 --><!--line 0 --><!--description VHJpdmlhbCBkZWZhdWx0IHF1b3RhIGNvbmZpZ3VyYXRpb24=-->Trivial default quota configuration.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5120): <!--number 5120 --><!--line 0 --><!--description TGFuZ3VhZ2UgZGV0ZWN0aW9uIGluIHRoZSByZXBvc2l0b3J5IGxlYXJuZWQgYWJvdXQgdGhlIGZvbGxvd2luZyBsYW5ndWFnZXM6IFtMdWF1XShodHRwczovL2dpdGh1Yi5jb20vZ2l0aHViLWxpbmd1aXN0L2xpbmd1aXN0L3B1bGwvNjYxMiksIFtCUU5dKGh0dHBzOi8vZ2l0aHViLmNvbS9naXRodWItbGluZ3Vpc3QvbGluZ3Vpc3QvcHVsbC82NjIzKSwgW0Nyb24gdGFibGVdKGh0dHBzOi8vZ2l0aHViLmNvbS9naXRodWItbGluZ3Vpc3QvbGluZ3Vpc3QvcHVsbC82NzU5KSwgW05NT0RMXShodHRwczovL2dpdGh1Yi5jb20vZ2l0aHViLWxpbmd1aXN0L2xpbmd1aXN0L3B1bGwvNjc3NiksIFtQa2xdKGh0dHBzOi8vZ2l0aHViLmNvbS9naXRodWItbGluZ3Vpc3QvbGluZ3Vpc3QvcHVsbC82NzMwKSwgW3RlbXBsXShodHRwczovL2dpdGh1Yi5jb20vZ2l0aHViLWxpbmd1aXN0L2xpbmd1aXN0L3B1bGwvNjc5OCksIFtGSVJSVExdKGh0dHBzOi8vZ2l0aHViLmNvbS9naXRodWItbGluZ3Vpc3QvbGluZ3Vpc3QvcHVsbC82ODQ4KSwgW0p1bGlhIFJFUExdKGh0dHBzOi8vZ2l0aHViLmNvbS9naXRodWItbGluZ3Vpc3QvbGluZ3Vpc3QvcHVsbC82ODU5KSwgW0NhZGR5ZmlsZV0oaHR0cHM6Ly9naXRodWIuY29tL2dpdGh1Yi1saW5ndWlzdC9saW5ndWlzdC9wdWxsLzY4NjIpLg==-->Language detection in the repository learned about the following languages: [Luau](https://github.com/github-linguist/linguist/pull/6612), [BQN](https://github.com/github-linguist/linguist/pull/6623), [Cron table](https://github.com/github-linguist/linguist/pull/6759), [NMODL](https://github.com/github-linguist/linguist/pull/6776), [Pkl](https://github.com/github-linguist/linguist/pull/6730), [templ](https://github.com/github-linguist/linguist/pull/6798), [FIRRTL](https://github.com/github-linguist/linguist/pull/6848), [Julia REPL](https://github.com/github-linguist/linguist/pull/6859), [Caddyfile](https://github.com/github-linguist/linguist/pull/6862).<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5120): <!--number 5120 --><!--line 1 --><!--description VGhlIGZvbGxvd2luZyBleHRlbnNpb25zIG9yIGZpbGVuYW1lcyBpbiBhIHJlcG9zaXRvcnkgYXJlIGFzc29jaWF0ZWQgd2l0aCB0aGUgbWF0Y2hpbmcgbGFuZ3VhZ2U6IFsuc3VibGltZS1jb2xvci1zY2hlbWVdKGh0dHBzOi8vZ2l0aHViLmNvbS9naXRodWItbGluZ3Vpc3QvbGluZ3Vpc3QvcHVsbC82NzU4KSwgW01PRFVMRS5iYXplbC5sb2NrXShodHRwczovL2dpdGh1Yi5jb20vZ2l0aHViLWxpbmd1aXN0L2xpbmd1aXN0L3B1bGwvNjc4MyksIFtDYXJnby50b21sLm9yaWddKGh0dHBzOi8vZ2l0aHViLmNvbS9naXRodWItbGluZ3Vpc3QvbGluZ3Vpc3QvcHVsbC82Nzg3KSwgW3RzeF0oaHR0cHM6Ly9naXRodWIuY29tL2dpdGh1Yi1saW5ndWlzdC9saW5ndWlzdC9wdWxsLzY3ODgpLCBbanVzdGZpbGVdKGh0dHBzOi8vZ2l0aHViLmNvbS9naXRodWItbGluZ3Vpc3QvbGluZ3Vpc3QvcHVsbC82Nzk1KSwgWy56aWcuem9uXShodHRwczovL2dpdGh1Yi5jb20vZ2l0aHViLWxpbmd1aXN0L2xpbmd1aXN0L3B1bGwvNjgyMCksIFsuZW52cmNdKGh0dHBzOi8vZ2l0aHViLmNvbS9naXRodWItbGluZ3Vpc3QvbGluZ3Vpc3QvcHVsbC82ODY1KS4=-->The following extensions or filenames in a repository are associated with the matching language: [.sublime-color-scheme](https://github.com/github-linguist/linguist/pull/6758), [MODULE.bazel.lock](https://github.com/github-linguist/linguist/pull/6783), [Cargo.toml.orig](https://github.com/github-linguist/linguist/pull/6787), [tsx](https://github.com/github-linguist/linguist/pull/6788), [justfile](https://github.com/github-linguist/linguist/pull/6795), [.zig.zon](https://github.com/github-linguist/linguist/pull/6820), [.envrc](https://github.com/github-linguist/linguist/pull/6865).<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5090): <!--number 5090 --><!--line 0 --><!--description UmVtb3ZlIHN1cHBvcnQgZm9yIENvdWNoYmFzZSBhcyBhIHNlc3Npb24gcHJvdmlkZXI7IGl0IGluc3RlYWQgd2lsbCBub3cgZmFsbGJhY2sgdG8gdGhlIGZpbGUgcHJvdmlkZXIuIFRoZSByYXRpb25hbGUgZm9yIHJlbW92aW5nIENvdWNoYmFzZSBzdXBwb3J0IGlzIHRoYXQgaXQncyBub3QgZnJlZSBzb2Z0d2FyZSwgaHR0cHM6Ly93d3cuY291Y2hiYXNlLmNvbS9ibG9nL2NvdWNoYmFzZS1hZG9wdHMtYnNsLWxpY2Vuc2UvLCBhbmQgdGhlcmVmb3JlIGNhbm5vdCBiZSB0ZXN0ZWQgaW4gRm9yZ2VqbyBhbmQgbmVpdGhlciBzaG91bGQgYmUgc3VwcG9ydGVkLg==-->Remove support for Couchbase as a session provider; it instead will now fallback to the file provider. The rationale for removing Couchbase support is that it's not free software, https://www.couchbase.com/blog/couchbase-adopts-bsl-license/, and therefore cannot be tested in Forgejo and neither should be supported.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4967): <!--number 4967 --><!--line 0 --><!--description Z2l0LWdyZXA6IGFsbG93IHNlYXJjaGluZyBmb3Igd29yZHMgd2l0aCBpbml0aWFsIGRhc2hlcw==-->git-grep: allow searching for words with initial dashes.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4927): <!--number 4927 --><!--line 0 --><!--description Z2l0LWdyZXA6IHNraXAgYmluYXJ5IGZpbGVz-->git-grep: skip binary files.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4924): <!--number 4924 --><!--line 1 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC9iZjczNzNhMjUyMGFlNTZhMWRjMDA0MTZlZmEwMmRlOTc0OWI2M2QzKSBGb3JnZWpvIEFjdGlvbnMgbG9ncyBhcmUgY29tcHJlc3NlZCBieSBkZWZhdWx0LiBJdCBjYW4gYmUgZGlzYWJsZWQgYnkgc2V0dGluZyBgW2FjdGlvbnNdLkxPR19DT01QUkVTU0lPTj1ub25lYC4=-->[commit](https://codeberg.org/forgejo/forgejo/commit/bf7373a2520ae56a1dc00416efa02de9749b63d3) Forgejo Actions logs are compressed by default. It can be disabled by setting `[actions].LOG_COMPRESSION=none`.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4903): <!--number 4903 --><!--line 0 --><!--description c3VwcG9ydCBncm91cGluZyBieSBhbnkgcGF0aCBmb3IgYXJjaCBwYWNrYWdl-->Support grouping by any path for arch package.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4891): <!--number 4891 --><!--line 0 --><!--description UGVyZm9ybWFuY2U6IFJlbW92ZSBleHBlbnNpdmUgbmVhcmVzdCBicmFuY2ggY2FsY3VsYXRhdGlvbnMgKGAkLkJyYW5jaE5hbWVgKSBmcm9tIGNvbW1pdCBkaWZmIHZpZXcgKGAvOm93bmVyLzpyZXBvL2NvbW1pdC86Y29tbWl0YCk=-->Remove expensive nearest branch calculatations (`$.BranchName`) from commit diff view (`/:owner/:repo/commit/:commit`).<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4819): <!--number 4819 --><!--line 0 --><!--description QWxsb3cgcHVzaCBtaXJyb3JzIHRvIHVzZSBhIFNTSCBrZXkgYXMgdGhlIGF1dGhlbnRpY2F0aW9uIG1ldGhvZCBmb3IgdGhlIG1pcnJvcmluZyBhY3Rpb24gaW5zdGVhZCBvZiB1c2luZyB1c2VyOnBhc3N3b3JkIGF1dGhlbnRpY2F0aW9uLiBUaGUgU1NIIGtleXBhaXIgaXMgY3JlYXRlZCBieSBGb3JnZWpvIGFuZCB0aGUgZGVzdGluYXRpb24gcmVwb3NpdG9yeSBtdXN0IGJlIGNvbmZpZ3VyZWQgd2l0aCB0aGUgcHVibGljIGtleSB0byBhbGxvdyBmb3IgcHVzaCBvdmVyIFNTSC4=-->Allow push mirrors to use a SSH key as the authentication method for the mirroring action instead of using user:password authentication. The SSH keypair is created by Forgejo and the destination repository must be configured with the public key to allow for push over SSH.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4801): <!--number 4801 --><!--line 5 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC8xMWI2MjUzZTc1MzJiYTExZGVlOGJjMzFkNGMyNjJiMTAyNjc0YTRkKSBVc2UgVVRDIGFzIGEgdGltZXpvbmUgd2hlbiBydW5uaW5nIHNjaGVkdWxlZCBhY3Rpb25zIHRhc2tzLg==-->[commit](https://codeberg.org/forgejo/forgejo/commit/11b6253e7532ba11dee8bc31d4c262b102674a4d) Use UTC as a timezone when running scheduled actions tasks.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4801): <!--number 4801 --><!--line 6 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC9mZWI0M2IyNTg0YjdmNjRlYzdmOTk1MmFmMmI1MGIyMjEwZTZlNmNmKSBUaGUgYWN0aW9ucyBsb2dzIG9sZGVyIHRoYW4gYFthY3Rpb25zXS5MT0dfUkVURU5USU9OX0RBWVNgIGRheXMgYXJlIHJlbW92ZWQgKHRoZSBkZWZhdWx0IGlzIDM2NSku-->[commit](https://codeberg.org/forgejo/forgejo/commit/feb43b2584b7f64ec7f9952af2b50b2210e6e6cf) The actions logs older than `[actions].LOG_RETENTION_DAYS` days are removed (the default is 365).<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4780): <!--number 4780 --><!--line 0 --><!--description QWRkIHNpZ25hdHVyZSBzdXBwb3J0IGZvciB0aGUgUlBNIG1vZHVsZQ==-->Add signature support for the RPM module.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4766): <!--number 4766 --><!--line 0 --><!--description QWxsb3cgY29sb3IgYW5kIGJhY2tncm91bmQtY29sb3Igc3R5bGUgcHJvcGVydGllcyBmb3IgdGFibGUgY2VsbHM=-->Allow color and background-color style properties for table cells.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4716): <!--number 4716 --><!--line 0 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC84ZDIzNDMzZGFiMDhmY2JiODA0M2U1ZDIzOTE3MWZiYTU5YzUzMTA4KTogc3VwcG9ydCBwdWxsX3JlcXVlc3RfdGFyZ2V0IGV2ZW50IGZvciBjb21taXQgc3RhdHVzLg==-->[commit](https://codeberg.org/forgejo/forgejo/commit/8d23433dab08fcbb8043e5d239171fba59c53108): support pull_request_target event for commit status.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4716): <!--number 4716 --><!--line 2 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC9jYjkwNzFiYmY0MzM3MTVmMGUxNmUzOWNiNjAxMjZiNjVmODIzNmEwKTogc3VwcG9ydCBkZWxldGUgdXNlciBlbWFpbCBpbiBhZG1pbiBwYW5lbC4=-->[commit](https://codeberg.org/forgejo/forgejo/commit/cb9071bbf433715f0e16e39cb60126b65f8236a0): support delete user email in admin panel.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4704): <!--number 4704 --><!--line 0 --><!--description W1NFQ10gTm90aWZ5IG93bmVyIGFib3V0IFRPVFAgZW5yb2xsbWVudA==-->Notify owner about TOTP enrollment.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4635): <!--number 4635 --><!--line 0 --><!--description RW1haWwgbm90aWZpY2F0aW9ucyBhcmUgbm93IHNlbnQgd2hlbiBhY2NvdW50IHNlY3VyaXR5IGNoYW5nZXMgYXJlIG1hZGU6IHBhc3N3b3JkIGNoYW5nZWQsIHByaW1hcnkgZW1haWwgY2hhbmdlZCAoZW1haWwgc2VudCB0byBvbGQgcHJpbWFyeSBtYWlsKSwgVE9UUCBkaXNhYmxlZCBvciBhIHNlY3VyaXR5IGtleSByZW1vdmVkLg==-->Email notifications are now sent when account security changes are made: password changed, primary email changed (email sent to old primary mail), TOTP disabled or a security key removed.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4633): <!--number 4633 --><!--line 0 --><!--description RW5hYmxlIGBJTlZBTElEQVRFX1JFRlJFU0hfVE9LRU5TYA==-->Enable `INVALIDATE_REFRESH_TOKENS`.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4625): <!--number 4625 --><!--line 0 --><!--description ZmVhdCh1aSk6IHNvcnQgbWlsZXN0b25lcyBieSBuYW1lIGJ5IGRlZmF1bHQgaW5zdGVhZCBvZiB0aGUgZHVlIGRhdGU=-->Sort milestones by name by default instead of the due date.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4607): <!--number 4607 --><!--line 0 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC8yMWZkZDI4ZjA4NGU3ZjFhZWYzMDljOWViZDc1OTlmZmE2OTg2NDUzKSBhbGxvdyBzeW5jaHJvbml6aW5nIHVzZXIgc3RhdHVzIGZyb20gT0F1dGgyIGxvZ2luIHByb3ZpZGVycy4=-->[commit](https://codeberg.org/forgejo/forgejo/commit/21fdd28f084e7f1aef309c9ebd7599ffa6986453) allow synchronizing user status from OAuth2 login providers.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4607): <!--number 4607 --><!--line 1 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC8wMDRjYzZkYzBhYjdjYzljMzI0Y2NiNGVjZDQyMGM2YWVlYjIwNTAwKSBhZGQgb3B0aW9uIHRvIGNoYW5nZSBtYWlsIGZyb20gdXNlciBkaXNwbGF5IG5hbWUu-->[commit](https://codeberg.org/forgejo/forgejo/commit/004cc6dc0ab7cc9c324ccb4ecd420c6aeeb20500) add option to change mail from user display name.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4607): <!--number 4607 --><!--line 2 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC9kMDIyN2MyMzZhYTE5NWJkMDM5OTAyMTBmOTY4YjhlNTJlYjIwYjc5KSBpc3N1ZSBUZW1wbGF0ZXM6IGFkZCBvcHRpb24gdG8gaGF2ZSBkcm9wZG93biBwcmludGVkIGxpc3Qu-->[commit](https://codeberg.org/forgejo/forgejo/commit/d0227c236aa195bd03990210f968b8e52eb20b79) issue Templates: add option to have dropdown printed list.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4605): <!--number 4605 --><!--line 0 --><!--description dGhlIGRlZmF1bHQgc2V0dGluZyBhdHRhY2htZW50LkFMTE9XRURfVFlQRVMgd2FzIGFkanVzdGVkIHRvIGFsbG93IC53ZWJwIGF0dGFjaG1lbnRzIGluIGlzc3VlcyAtIGEgbW9yZSBlZmZpY2llbnQgZm9ybWF0IGZvciBpbWFnZXMgbGlrZSBzY3JlZW5zaG90cy4gQWxsIGF0dGFjaG1lbnRzIGFyZSB0cmVhdGVkIGFzIG5vcm1hbCBmaWxlcyBhbmQgYXJlIG5vdCByZS1lbmNvZGVkIGJ5IEZvcmdlam8uIElmIHlvdSBoYXZlIGN1c3RvbWl6ZWQgdGhpcyBzZXR0aW5nLCB5b3UgbWF5IGFsc28gd2FudCB0byBhZGQgLndlYnAgdG8gaXQgZm9yIHRoZSBiZW5lZml0IG9mIHlvdXIgdXNlcnMsIGFzIHdlbGwgYXMgdG8gcmVkdWNlIHNlcnZlciB0cmFmZmljIGFuZCBzdG9yYWdlIHVzYWdlLg==-->the default setting attachment.ALLOWED_TYPES was adjusted to allow .webp attachments in issues - a more efficient format for images like screenshots. All attachments are treated as normal files and are not re-encoded by Forgejo. If you have customized this setting, you may also want to add .webp to it for the benefit of your users, as well as to reduce server traffic and storage usage.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4542): <!--number 4542 --><!--line 0 --><!--description Q29udmVydCBtaWxlc3RvbmUgdG8gSFRNWA==-->Convert milestone to HTMX.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4516): <!--number 4516 --><!--line 0 --><!--description dXNlIHRoZSBmdWxsIHVzZXIgbmFtZSBpbiBlbWFpbHMgdG8gYWRkcmVzcyB0aGUgcmVjaXBpZW50LCB3aGVuIGF2YWlsYWJsZQ==-->Use the full user name in emails to address the recipient, when available.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4449): <!--number 4449 --><!--line 0 --><!--description RW5oYW5jaW5nIEdpdGVhIE9BdXRoMiBQcm92aWRlciB3aXRoIEdyYW51bGFyIFNjb3BlcyBmb3IgUmVzb3VyY2UgQWNjZXNz-->Enhancing OAuth2 Provider with Granular Scopes for Resource Access.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4429): <!--number 4429 --><!--line 0 --><!--description W2Rpc3BsYXkgVVJMcyBpbiAuc2gtc2Vzc2lvbiBmaWxlc10oaHR0cHM6Ly9naXRodWIuY29tL2J1aWxka2l0ZS90ZXJtaW5hbC10by1odG1sL3B1bGwvMTYzKQ==-->[Display URLs in .sh-session files](https://github.com/buildkite/terminal-to-html/pull/163).<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4367): <!--number 4367 --><!--line 0 --><!--description VGhlIGNhY2hpbmcgb2YgY29udHJpYnV0b3Igc3RhdHMgd2FzIGltcHJvdmVkICh0aGUgZGF0YSB1c2VkIGJ5IGAvPHVzZXI+LzxyZXBvPi9hY3Rpdml0eS9yZWNlbnQtY29tbWl0c2ApIHRvIHVzZSB0aGUgY29uZmlndXJlZCBjYWNoZSBUVEwgZnJvbSB0aGUgY29uZmlnIChgW2NhY2hlXS5JVEVNX1RUTGApIGluc3RlYWQgb2YgYSBoYXJkY29kZWQgVFRMIG9mIHRlbiBtaW51dGVzLiBUaGUgY29tcHV0YXRpb24gb2YgdGhpcyBvcGVyYXRpb24gaXMgY29tcHV0YXRpb25hbGx5IGhlYXZ5IGFuZCBtYWtlcyBhIGxvdCBvZiByZXF1ZXN0cyB0byB0aGUgZGF0YWJhc2UgYW5kIEdpdCBvbiByZXBvc2l0b3JpZXMgd2l0aCBhIGxvdCBvZiBjb21taXRzLiBJdCBzaG91bGQgYmUgY2FjaGVkIGZvciBsb25nZXIgdGhhbiB3aGF0IHdhcyBwcmV2aW91c2x5IGhhcmRjb2RlZCwgdGVuIG1pbnV0ZXMu-->The caching of contributor stats was improved (the data used by `/<user>/<repo>/activity/recent-commits`) to use the configured cache TTL from the config (`[cache].ITEM_TTL`) instead of a hardcoded TTL of ten minutes. The computation of this operation is computationally heavy and makes a lot of requests to the database and Git on repositories with a lot of commits. It should be cached for longer than what was previously hardcoded, ten minutes.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4266): <!--number 4266 --><!--line 0 --><!--description LSBhZGQgc3VwcG9ydCBmb3IgTEZTIHNlcnZlciBpbXBsZW1lbnRhdGlvbnMgd2hpY2ggaGF2ZSBiYXRjaCBBUEkgcmVzcG9uc2VzIGluIGFuIG9sZGVyL2RlcHJlY2F0ZWQgc2NoZW1h-->Add support for LFS server implementations which have batch API responses in an older/deprecated schema.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4218): <!--number 4218 --><!--line 0 --><!--description W0Zvcmdlam8gQWN0aW9ucyBhcnRpZmFjdHNdKGh0dHBzOi8vZm9yZ2Vqby5vcmcvZG9jcy9uZXh0L3VzZXIvYWN0aW9ucy8jYXJ0aWZhY3RzKSBzdXBwb3J0IFtyYW5nZSByZXF1ZXN0c10oaHR0cHM6Ly9lbi53aWtpcGVkaWEub3JnL3dpa2kvQnl0ZV9zZXJ2aW5nKSB0byByZXN1bWUgYSBkb3dubG9hZA==-->[Forgejo Actions artifacts](https://forgejo.org/docs/next/user/actions/#artifacts) support [range requests](https://en.wikipedia.org/wiki/Byte_serving) to resume a download.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4212): <!--number 4212 --><!--line 0 --><!--description QWRkZWQgdGhlIGZvdW5kYXRpb25zIG9mIGEgZmxleGlibGUsIGNvbmZpZ3VyYWJsZSBxdW90YSBzeXN0ZW0=-->Added the foundations of a flexible, configurable quota system.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/2869): <!--number 2869 --><!--line 0 --><!--description bG9nOiBqb3VybmFsZCBpbnRlZ3JhdGlvbg==-->Logs journald integration.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/1445): <!--number 1445 --><!--line 0 --><!--description YSByZWxlYXNlIGFzc2V0IGNhbiBiZSBhIFVSTCBpbnN0ZWFkIG9mIGEgZmlsZQ==-->A release asset can be a URL instead of a file.<!--description-->
+- Bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5529) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5565)): <!--number 5565 --><!--line 0 --><!--description RG9uJ3QgYWxsb3cgb3duZXIgdGVhbSB3aXRoIGluY29ycmVjdCB1bml0IGFjY2VzcyAoaW5jbHVkZXMgZG9jdG9yIGZpeCk=-->Don't allow owner team with incorrect unit access (includes doctor fix).<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5470) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5547)): <!--number 5547 --><!--line 0 --><!--description Zml4OiBkb24ndCBjYW5jZWwgc2NoZWR1bGUgd29ya2Zsb3dzIG9uIHB1c2ggdG8gbWFpbiBicmFuY2g=-->Schedule workflows are canceled when pushing to the default branch.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5492) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5507)): <!--number 5507 --><!--line 0 --><!--description Zml4OiBjb3JyZWN0IERpc2NvcmQgd2ViaG9vayBKU09OIGZvciBpc3N1ZSBldmVudHM=-->Incorrect Discord webhook JSON for issue events.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5372) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5406)): <!--number 5406 --><!--line 1 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC9mNzA5ZGUyNDAzOWFiN2U2MDVkM2UwOWUzYjYxMjQwODM2MzgxNjAzKSBGaXggd3JvbmcgbGFzdCBtb2RpZnkgdGltZS4=-->[commit](https://codeberg.org/forgejo/forgejo/commit/f709de24039ab7e605d3e09e3b61240836381603) wrong last modify time.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5372) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5406)): <!--number 5406 --><!--line 2 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC8yNjc1YTI0NjQ5YWYyZmZmMzRmNWM3ZTQxNmQ2ZmY3ODU5MWQ4ZDljKSBSZXBvIEFjdGl2aXR5OiBjb3VudCBuZXcgaXNzdWVzIHRoYXQgd2VyZSBjbG9zZWQu-->[commit](https://codeberg.org/forgejo/forgejo/commit/2675a24649af2fff34f5c7e416d6ff78591d8d9c) Repo Activity: count new issues that were closed.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5372) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5406)): <!--number 5406 --><!--line 3 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC81MjYwNTQzMzJhY2IyMjFlMDYxZDM5MDBiYmEyZGM2ZTAxMmRhNTJkKSBGaXggaW5jb3JyZWN0IC90b2tlbnMgYXBpLg==-->[commit](https://codeberg.org/forgejo/forgejo/commit/526054332acb221e061d3900bba2dc6e012da52d) incorrect /tokens API.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5372) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5406)): <!--number 5406 --><!--line 4 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC8wY2FmZWM0YzdhMmZhZjgxMDk1M2U5ZDUyMmZhZjVkYzAxOWUxNTIyKSBEbyBub3QgZXNjYXBlIHJlbGF0aXZlIHBhdGggaW4gUlBNIHByaW1hcnkgaW5kZXgu-->[commit](https://codeberg.org/forgejo/forgejo/commit/0cafec4c7a2faf810953e9d522faf5dc019e1522) Do not escape relative path in RPM primary index.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5325): <!--number 5325 --><!--line 0 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC9lYjc2NWRhYmZkNDNlMzUzYmQyMjA4ZTgzNzViMTAyOTM1ZDBmMTAzKSBIYW5kbGUgaW52YWxpZCB0YXJnZXQgd2hlbiBjcmVhdGluZyByZWxlYXNlcyB1c2luZyBBUEku-->[commit](https://codeberg.org/forgejo/forgejo/commit/eb765dabfd43e353bd2208e8375b102935d0f103) Handle invalid target when creating releases using API.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5325): <!--number 5325 --><!--line 1 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC81YWYxNjhmYjkyZTVkZDNiMGM4MWQ5N2JhMjdhNmYxOTczOWJlZjE4KSAvcmVwb3Mve293bmVyfS97cmVwb30vcHVsbHMve2luZGV4fS9maWxlcyBlbmRwb2ludCBub3QgcG9wdWxhdGluZyBwcmV2aW91c19maWxlbmFtZS4=-->[commit](https://codeberg.org/forgejo/forgejo/commit/5af168fb92e5dd3b0c81d97ba27a6f19739bef18) /repos/{owner}/{repo}/pulls/{index}/files endpoint not populating previous_filename.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5269): <!--number 5269 --><!--line 0 --><!--description SW1wcm92ZSB0ZXh0YXJlYSBwYXN0ZSAocGFydCBvZiBnaXRlYSMzMTk0OCk=-->Improve textarea paste.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5195): <!--number 5195 --><!--line 0 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC8xOTY5MDdlMzU5NDIwZjYzMDAzZjg4NGQxY2Y4MjdiNGE0ZDdhNGU1KSBIYW5kbGUgImNsb3NlIiBhY3Rpb25hYmxlIHJlZmVyZW5jZXMgZm9yIG1hbnVhbCBtZXJnZXMu-->[commit](https://codeberg.org/forgejo/forgejo/commit/196907e359420f63003f884d1cf827b4a4d7a4e5) Handle "close" actionable references for manual merges.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5195): <!--number 5195 --><!--line 1 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC80NmIxZjJlN2U0ZTc5NTMzMWYyOGY3NDY2NjA5NGM5NDE2NDk5ZTAzKSBUZWFtIGFkbWlucyBhcmUgYWxsb3dlZCB0byBzZWFyY2ggdGVhbSBtZW1iZXJzIHZpYSB0aGUgQVBJLg==-->[commit](https://codeberg.org/forgejo/forgejo/commit/46b1f2e7e4e795331f28f74666094c9416499e03) Team admins are allowed to search team members via the API.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5109): <!--number 5109 --><!--line 0 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC8zYWRlNGQ5YjJiZmE2YWU4NGExZGVkOTMyOTA3YTUzMDYwNTY1NTc1KSBEb24ndCByZXR1cm4gNTAwIGlmIG1pcnJvciB1cmwgY29udGFpbnMgc3BlY2lhbCBjaGFycw==-->[commit](https://codeberg.org/forgejo/forgejo/commit/3ade4d9b2bfa6ae84a1ded932907a53060565575) Don't return 500 if mirror url contains special chars.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5109): <!--number 5109 --><!--line 1 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC9kZGE1MzU2OWIxYjcwNTA3NDY5ZmMyOTY4ODFlZWM4OTYwNmFiOWMzKSBGaXggYWdpdCBhdXRvbWVyZ2U=-->[commit](https://codeberg.org/forgejo/forgejo/commit/dda53569b1b70507469fc296881eec89606ab9c3) Agit automerge is not working properly.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5075): <!--number 5075 --><!--line 0 --><!--description aW1wcm92ZSB0aGUgZGlzcGxheSBvZiBQUiAmIGlzc3VlIHNob3J0IGxpbmtz-->Improve the display of PR & issue short links.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4978): <!--number 4978 --><!--line 0 --><!--description TWlncmF0ZSBzY29wZWQgR2l0TGFiIGxhYmVscyBhcyBzY29wZWQgRm9yZ2VqbyBsYWJlbHM=-->Migrate scoped GitLab labels as scoped Forgejo labels.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4924): <!--number 4924 --><!--line 0 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC85ODEyYjdhZjkxYjY5Mzg2YzVkNGMwODk4MmFlY2U3YmQ4ZjlhMTc0KSAvcmVwb3Mve293bmVyfS97cmVwb30vcHVsbHMve2luZGV4fSBbcmVxdWVzdGVkX3Jldmlld2VycyBjb250YWlucyBudWxsIGZvciB0ZWFtc10oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2lzc3Vlcy80MTA4KS4=-->[commit](https://codeberg.org/forgejo/forgejo/commit/9812b7af91b69386c5d4c08982aece7bd8f9a174) /repos/{owner}/{repo}/pulls/{index} [requested_reviewers contains null for teams](https://codeberg.org/forgejo/forgejo/issues/4108).<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4809): <!--number 4809 --><!--line 0 --><!--description dmFsaWRhdGUgdGl0bGUgbGVuZ3RoIHdoZW4gdXBkYXRpbmcgYW4gaXNzdWU=-->Validate title length when updating an issue.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4801): <!--number 4801 --><!--line 0 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC8wZGJjNjIzMDI4NmUxMTNhY2NiYzZkNWU4MjljZThkYWUxZDFmNWQ0KSBIaWRlIHRoZSAiRGV0YWlscyIgbGluayBvZiBjb21taXQgc3RhdHVzIHdoZW4gdGhlIHVzZXIgY2Fubm90IGFjY2VzcyBhY3Rpb25zLg==-->[commit](https://codeberg.org/forgejo/forgejo/commit/0dbc6230286e113accbc6d5e829ce8dae1d1f5d4) Hide the "Details" link of commit status when the user cannot access actions.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4801): <!--number 4801 --><!--line 1 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC82ZTYzYWZlMzFmNDNlYWY1ZmY3Yzg1OTVkZGVhZjg1MTVjMmRjMGMwKSBUaGUgQVBJIGVuZHBvaW50IHRvIGdldCB0aGUgYWN0aW9ucyByZWdpc3RyYXRpb24gdG9rZW4gaXMgR0VUIC9yZXBvcy97b3duZXJ9L3tyZXBvfS9hY3Rpb25zL3J1bm5lcnMvcmVnaXN0cmF0aW9uLXRva2VuIGFuZCBub3QgR0VUIC9yZXBvcy97b3duZXJ9L3tyZXBvfS9ydW5uZXJzL3JlZ2lzdHJhdGlvbi10b2tlbi4=-->[commit](https://codeberg.org/forgejo/forgejo/commit/6e63afe31f43eaf5ff7c8595ddeaf8515c2dc0c0) The API endpoint to get the actions registration token is GET /repos/{owner}/{repo}/actions/runners/registration-token and not GET /repos/{owner}/{repo}/runners/registration-token.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4801): <!--number 4801 --><!--line 2 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC82ZTYzYWZlMzFmNDNlYWY1ZmY3Yzg1OTVkZGVhZjg1MTVjMmRjMGMwKSBSdW5uZXIgcmVnaXN0cmF0aW9uIHRva2VuIHZpYSBBUEkgaXMgYnJva2VuIGZvciByZXBvIGxldmVsIHJ1bm5lcnMu-->[commit](https://codeberg.org/forgejo/forgejo/commit/6e63afe31f43eaf5ff7c8595ddeaf8515c2dc0c0) Runner registration token via API is broken for repo level runners.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4801): <!--number 4801 --><!--line 3 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC9jNzg0YTU4NzQwNjZjYTFhMWZkNTE4NDA4ZDU3NjdiNGViNTdiZDY5KSBEZWxldGVkIHByb2plY3RzIGNhdXNlcyBiYWQgcG9wb3ZlciB0ZXh0IG9uIGlzc3Vlcy4=-->[commit](https://codeberg.org/forgejo/forgejo/commit/c784a5874066ca1a1fd518408d5767b4eb57bd69) Deleted projects causes bad popover text on issues.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4801): <!--number 4801 --><!--line 4 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC80MmJiNTFhZjliODI4MzA3MWUxNWFjNjQ3MGFkYTk4MjRkODdjZDQwKSBEaXN0aW5ndWlzaCBMRlMgb2JqZWN0IGVycm9ycyB0byBpZ25vcmUgbWlzc2luZyBvYmplY3RzIGR1cmluZyBtaWdyYXRpb24u-->[commit](https://codeberg.org/forgejo/forgejo/commit/42bb51af9b8283071e15ac6470ada9824d87cd40) Distinguish LFS object errors to ignore missing objects during migration.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4801): <!--number 4801 --><!--line 7 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC82MzI4ZjY0OGRlY2MyNzU0ZWYxMGVlNWNhNmNhOTc4NWExNTY2MTRjKSBXaGVuIHZpZXdpbmcgdGhlIHJldmlzaW9uIGhpc3Rvcnkgb2Ygd2lraSBwYWdlcywgdGhlIHBhZ2luYXRpb24gbGlua3MgYXJlIGJyb2tlbjogaW5zdGVhZCBvZiBvcmcvcmVwby93aWtpL1BhZ2U/YWN0aW9uPV9yZXZpc2lvbiZwYWdlPTIsIHRoZSBsaW5rIGlzIG9ubHkgb3JnL3JlcG8vd2lraS9QYWdlP3BhZ2U9MiwgdGh1cyBicmluZ2luZyB0aGUgdXNlciBiYWNrIHRvIHRoZSB3aWtpIHBhZ2Uu-->[commit](https://codeberg.org/forgejo/forgejo/commit/6328f648decc2754ef10ee5ca6ca9785a156614c) When viewing the revision history of wiki pages, the pagination links are broken: instead of org/repo/wiki/Page?action=_revision&page=2, the link is only org/repo/wiki/Page?page=2, thus bringing the user back to the wiki page.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4801): <!--number 4801 --><!--line 8 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC8yMzEwNTU2MTU4ZDcwYmYxZGJmY2E5NmRjOTI4ZTFiZTNkM2Y0MWJlKSBBbHNvIHJlbmFtZSB0aGUgaGVhZCBicmFuY2ggb2Ygb3BlbiBwdWxsIHJlcXVlc3RzIHdoZW4gcmVuYW1pbmcgYSBicmFuY2gu-->[commit](https://codeberg.org/forgejo/forgejo/commit/2310556158d70bf1dbfca96dc928e1be3d3f41be) Also rename the head branch of open pull requests when renaming a branch.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4716): <!--number 4716 --><!--line 1 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC9lZTExYTI2M2Y4YzlkZTMzZDQyZmMxMTc0NDNmNDA1NGEzMTFjODc1KTogYWRkIHJldHVybiB0eXBlIHRvIEdldFJhd0ZpbGVPckxGUyBhbmQgR2V0UmF3RmlsZS4=-->[commit](https://codeberg.org/forgejo/forgejo/commit/ee11a263f8c9de33d42fc117443f4054a311c875): add return type to GetRawFileOrLFS and GetRawFile.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4716): <!--number 4716 --><!--line 3 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC9mNjE4NzNjN2U0MmI2MTM0MDVkMzY3NDIxYWQxOWRiODBmODMxMDUzKTogcHJvcGVybHkgZmlsdGVyIGlzc3VlIGxpc3QgZ2l2ZW4gbm8gYXNzaWduZWVzIGZpbHRlci4=-->[commit](https://codeberg.org/forgejo/forgejo/commit/f61873c7e42b613405d367421ad19db80f831053): properly filter issue list given no assignees filter.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4698): <!--number 4698 --><!--line 0 --><!--description Y3JvbiB0YXNrIHRvIGNsZWFudXAgZGFuZ2xpbmcgY29udGFpbmVyIGltYWdlcyB3aXRoIHZlcnNpb24gc2hhMjU2Oio=-->Cron task to cleanup dangling container images with version sha256:*.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4619): <!--number 4619 --><!--line 0 --><!--description ZmVhdChjbGkpOiBhbGxvdyB1cGRhdGVzIHRvIHJ1bm5lcnMnIHNlY3JldHM=-->Allow updates to runners' secrets.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4487): <!--number 4487 --><!--line 0 --><!--description RG8gbm90IGZpcmUgd2ViaG9vayBub3RpZmljYXRpb25zIGZvciB1cGRhdGVzIGFuZCBkZWxldGlvbnMgb2YgY29tbWVudHMgdGhhdCBhcmUgcGFydCBvZiBhbiBvbmdvaW5nIHJldmlldyAoYSByZXZpZXcgdGhhdCBpcyBzdGlsbCBpbiBkcmFmdCkuIEFsc28sIGNvbnRlbnQgaGlzdG9yeSB3aWxsIG5vdCBiZSBzYXZlZCBmb3Igc3VjaCBjb21tZW50cywgdG8gYXZvaWQgZXhwb3NpbmcgZml4aW5nIGVtYmFycmFzc2luZyB0eXBvcyB5b3UndmUgaGF2ZSBtYWRlIHdoaWxlIHRoZSByZXZpZXcgd2FzIHN0aWxsIHBlbmRpbmcu-->Do not fire webhook notifications for updates and deletions of comments that are part of an ongoing review (a review that is still in draft). Also, content history will not be saved for such comments, to avoid exposing fixing embarrassing typos you've have made while the review was still pending.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4427): <!--number 4427 --><!--line 0 --><!--description Rml4ZWQgc29jaWFsIG1lZGlhIHByZXZpZXdzIGZvciBsaW5rcyB0byB3aWtpIHBhZ2VzLg==-->Fixed social media previews for links to wiki pages.<!--description-->
+- Localization
+  - Updates of translations from [Codeberg Translate](https://translate.codeberg.org/projects/forgejo/forgejo/).
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4980): <!--number 4980 --><!--line 0 --><!--description aTE4bjogSW1wcm92ZSBjbGFyaXR5IG9mIGNvbmZpcm1hdGlvbiBlbWFpbCBtZXNzYWdlcw==-->Improve the clarity of confirmation in email messages.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5523) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5534)): <!--number 5534 --><!--line 0 --><!--description aTE4bjogRmluZSB0dW5lIGxhbmd1YWdlIGZvciB1bml0cw==-->Fine tune language for units.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5537) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5538)): <!--number 5538 --><!--line 0 --><!--description aTE4bjogSW1wcm92ZSB0cmFuc2xhdGlvbiBzdHJpbmdzIGZvciB3ZWJob29rIGV2ZW50cw==-->Improve translation strings for webhook events.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4829): <!--number 4829 --><!--line 0 --><!--description QWxsb3cgZGlmZmVyZW50IHRyYW5zbGF0aW9ucyBvZiBjcmVhdGlvbiBsaW5rcyBhbmQgdGl0bGVz-->Allow different translations of creation links and titles.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4599): <!--number 4599 --><!--line 0 --><!--description RW5nbGlzaCBpbXByb3ZlbWVudHM=-->English strings improvements for internationalization.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4596): <!--number 4596 --><!--line 0 --><!--description RW5jb3VyYWdlIHBhcnRpY2lwYXRpb24gaW4gdGhlIGxvY2FsaXphdGlvbiBvZiBGb3JnZWpvIGluIGxhbmd1YWdlIHNldHRpbmdz-->Encourage participation in the localization of Forgejo in language settings.<!--description-->
+<!--end release-notes-assistant-->
diff --git a/release-notes-published/9.0.1.md b/release-notes-published/9.0.1.md
new file mode 100644
index 0000000000..1cd9a56170
--- /dev/null
+++ b/release-notes-published/9.0.1.md
@@ -0,0 +1,33 @@
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Security bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5719) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5724)): <!--number 5724 --><!--line 0 --><!--description Rm9yZ2VqbyBnZW5lcmF0ZXMgYSB0b2tlbiB3aGljaCBpcyB1c2VkIHRvIGF1dGhlbnRpY2F0ZSB3ZWIgZW5kcG9pbnRzIHRoYXQgYXJlIG9ubHkgbWVhbnQgdG8gYmUgdXNlZCBpbnRlcm5hbGx5LCBmb3IgaW5zdGFuY2Ugd2hlbiB0aGUgU1NIIGRhZW1vbiBpcyB1c2VkIHRvIHB1c2ggYSBjb21taXQgd2l0aCBHaXQuIFRoZSB2ZXJpZmljYXRpb24gb2YgdGhpcyB0b2tlbiB3YXMgbm90IGRvbmUgaW4gY29uc3RhbnQgdGltZSBhbmQgd2FzIHN1c2NlcHRpYmxlIHRvIFt0aW1pbmcgYXR0YWNrc10oaHR0cHM6Ly9lbi53aWtpcGVkaWEub3JnL3dpa2kvVGltaW5nX2F0dGFjaykuIEEgcHJlLWNvbmRpdGlvbiBmb3Igc3VjaCBhbiBhdHRhY2sgaXMgdGhlIHByZWNpc2UgbWVhc3VyZW1lbnRzIG9mIHRoZSB0aW1lIGZvciBlYWNoIG9wZXJhdGlvbi4gU2luY2UgaXQgcmVxdWlyZXMgb2JzZXJ2aW5nIHRoZSB0aW1pbmcgb2YgbmV0d29yayBvcGVyYXRpb25zLCB0aGUgaXNzdWUgaXMgbWl0aWdhdGVkIHdoZW4gYSBGb3JnZWpvIGluc3RhbmNlIGlzIGFjY2Vzc2VkIG92ZXIgdGhlIGludGVybmV0IGJlY2F1c2UgdGhlIElTUCBpbnRyb2R1Y2UgdW5wcmVkaWN0YWJsZSByYW5kb20gZGVsYXlzLg==-->Forgejo generates a token which is used to authenticate web endpoints that are only meant to be used internally, for instance when the SSH daemon is used to push a commit with Git. The verification of this token was not done in constant time and was susceptible to [timing attacks](https://en.wikipedia.org/wiki/Timing_attack). A pre-condition for such an attack is the precise measurements of the time for each operation. Since it requires observing the timing of network operations, the issue is mitigated when a Forgejo instance is accessed over the internet because the ISP introduce unpredictable random delays.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5718) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5721)): <!--number 5721 --><!--line 0 --><!--description QmVjYXVzZSBvZiBhIG1pc3NpbmcgcGVybWlzc2lvbiBjaGVjaywgdGhlIGJyYW5jaCB1c2VkIHRvIHByb3Bvc2UgYSBwdWxsIHJlcXVlc3QgdG8gYSByZXBvc2l0b3J5IGNhbiBhbHdheXMgYmUgZGVsZXRlZCBieSB0aGUgdXNlciBwZXJmb3JtaW5nIHRoZSBtZXJnZS4gSXQgd2FzIGZpeGVkIHNvIHRoYXQgc3VjaCBhIGRlbGV0aW9uIGlzIG9ubHkgYWxsb3dlZCBpZiB0aGUgdXNlciBwZXJmb3JtaW5nIHRoZSBtZXJnZSBoYXMgd3JpdGUgcGVybWlzc2lvbiB0byB0aGUgcmVwb3NpdG9yeSBmcm9tIHdoaWNoIHRoZSBwdWxsIHJlcXVlc3Qgd2FzIG1hZGUu-->Because of a missing permission check, the branch used to propose a pull request to a repository can always be deleted by the user performing the merge. It was fixed so that such a deletion is only allowed if the user performing the merge has write permission to the repository from which the pull request was made.<!--description-->
+- Bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5439) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5708)): <!--number 5708 --><!--line 0 --><!--description Rml4IGJvb2xlYW4gaW5wdXRzIGluIHdvcmtmbG93X2Rpc3BhdGNo-->Fix boolean inputs in workflow_dispatch<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5634) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5636)): <!--number 5636 --><!--line 0 --><!--description cGFja2FnZSBhcmNoICBkYXRhYmFzZSBub3QgdXBkYXRpbmcgd2hlbiB1cGxvYWRpbmcgImFueSIgYXJjaGl0ZWN0dXJl-->package arch  database not updating when uploading "any" architecture<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5627) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5631)): <!--number 5631 --><!--line 0 --><!--description Y29ycmVjdCBTUUwgcXVlcnkgZm9yIGFjdGl2ZSBpc3N1ZXM=-->correct SQL query for active issues<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5626) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5629)): <!--number 5629 --><!--line 0 --><!--description c3BlY2lmeSBkZWZhdWx0IHZhbHVlIGZvciBgRVhQTE9SRV9ERUZBVUxUX1NPUlRgLg==-->specify default value for `EXPLORE_DEFAULT_SORT`.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5613) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5624)): <!--number 5624 --><!--line 0 --><!--description Zml4OiBBZGQgYHJlY2VudHVwZGF0ZWRgIGFzIHJlY29nbml6ZWQgc29ydCBvcHRpb24=-->fix: Add `recentupdated` as recognized sort option<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5616): <!--number 5616 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWVybWFpZCB0byB2MTEuMy4wICh2OS4wL2Zvcmdlam8p-->Update dependency mermaid to v11.3.0 (v9.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5587) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5588)): <!--number 5588 --><!--line 0 --><!--description RG9ja2VyZmlsZTogdXNlIGFscGluZTozLjIwIGluc3RlYWQgb2YgZ29sYW5nOjEuMjMtYWxwaW5lMy4yMA==-->Dockerfile: use alpine:3.20 instead of golang:1.23-alpine3.20<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5585) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5586)): <!--number 5586 --><!--line 0 --><!--description RG9ja2VyZmlsZTogdW5uZWNlc3NhcnkgY29udGFpbmVyIGltYWdlIGxheWVyIGR1cGxpY2F0aW9u-->Dockerfile: unnecessary container image layer duplication<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5647): <!--number 5647 --><!--line 0 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC8xOTEzMzk5ZDgxNzY5NDRmMTcwZDRmMWMwMzJkYzM3MDAzYWFhZmMwKSBBbHdheXMgdXBkYXRlIGV4cGlyYXRpb24gdGltZSB3aGVuIGNyZWF0aW5nIGFuIGFydGlmYWN0-->[commit](https://codeberg.org/forgejo/forgejo/commit/1913399d8176944f170d4f1c032dc37003aaafc0) Always update expiration time when creating an artifact<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5647): <!--number 5647 --><!--line 1 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC80ZmUzMTFlN2MwMjkyZTNhYzc5ZjhiYzA2M2YxYmNhY2VmNDQ5NGYwKSBVcGRhdGUgc2NoZWR1bGVkIHRhc2tzIGV2ZW4gaWYgY2hhbmdlcyBhcmUgcHVzaGVkIGJ5ICJBY3Rpb25zVXNlciI=-->[commit](https://codeberg.org/forgejo/forgejo/commit/4fe311e7c0292e3ac79f8bc063f1bcacef4494f0) Update scheduled tasks even if changes are pushed by "ActionsUser"<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5715): <!--number 5715 --><!--line 0 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC83Njg0MDJjODg0MWRiNWU4YWNjOTc5MTkxNDliYTMyOWQ1MTI0ZTE3KSBGaXggZGlzYWJsZSAyZmEgYnVn-->[commit](https://codeberg.org/forgejo/forgejo/commit/768402c8841db5e8acc97919149ba329d5124e17) Fix disable 2fa bug<!--description-->
+- Localization
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5583) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5680)): <!--number 5680 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
+- Included for completeness but not worth a release note
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5702) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5710)): <!--number 5710 --><!--line 0 --><!--description Zml4OiB1c2UgYnVmZmVyZWQgaXRlcmF0ZSBmb3IgZGViaWFuIHNlYXJjaHBhY2thZ2Vz-->fix: use buffered iterate for debian searchpackages<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5688) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5691)): <!--number 5691 --><!--line 0 --><!--description Zml4OiBtYWtlIGJyYW5jaCBwcm90ZWN0aW9uIHdvcmsgZm9yIG5ldyBicmFuY2hlcw==-->fix: make branch protection work for new branches<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5651) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5656)): <!--number 5656 --><!--line 0 --><!--description bGluayB0byBzZWN1cml0eSBwb2xpY3kgaW4gc2VjdXJpdHkudHh0-->link to security policy in security.txt<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5653) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5655)): <!--number 5655 --><!--line 0 --><!--description Zml4OiBkb24ndCBzaG93IHRydW5jYXRlZCBjb21tZW50cyBpbiBSU1MvQXRvbSBmZWVkcw==-->fix: don't show truncated comments in RSS/Atom feeds<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5652) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5654)): <!--number 5654 --><!--line 0 --><!--description Zml4OiB0eXBvIG9uIHJlbGVhc2VzIGZvciBzb3VyY2UgY29kZSBkb3dubG9hZHM=-->fix: typo on releases for source code downloads<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5640) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5645)): <!--number 5645 --><!--line 0 --><!--description UmV2ZXJ0ICJhZGQgZ2FwIGJldHdlZW4gYnJhbmNoIGRyb3Bkb3duIGFuZCBQUiBidXR0b24i-->Revert "add gap between branch dropdown and PR button"<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5615) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5618)): <!--number 5618 --><!--line 0 --><!--description Zml4OiBEb24ndCBkb3VibGUgZXNjYXBlIGRlbGV0ZSBicmFuY2ggdGV4dA==-->fix: Don't double escape delete branch text<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5595) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5596)): <!--number 5596 --><!--line 0 --><!--description Zml4OiBBZGQgc2VydmVyIGxvZ2dpbmcgZm9yIE9BdXRoIHNlcnZlciBlcnJvcnM=-->fix: Add server logging for OAuth server errors<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5592) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5594)): <!--number 5594 --><!--line 0 --><!--description Zm9yZ2Vqby1jbGkgaXMgbm93IGEgc3ltbGluayBhbmQgY2Fubm90IGJlIHVzZWQgZm9yIHNhbml0eSBjaGVja3M=-->forgejo-cli is now a symlink and cannot be used for sanity checks<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5491) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5575)): <!--number 5575 --><!--line 0 --><!--description Zml4OiBjb3JyZWN0IGRvY3VtZW50YXRpb24gZm9yIG5vbiAyMDAgcmVzcG9uc2VzIGluIHN3YWdnZXI=-->fix: correct documentation for non 200 responses in swagger<!--description-->
+<!--end release-notes-assistant-->
diff --git a/release-notes-published/9.0.2.md b/release-notes-published/9.0.2.md
new file mode 100644
index 0000000000..4a10e4981c
--- /dev/null
+++ b/release-notes-published/9.0.2.md
@@ -0,0 +1,26 @@
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Security bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5974) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5975)): <!--number 5975 --><!--line 0 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC8xY2UzM2FhMzhkMWQyNThkMTQ1MjNmZjJjN2MyZGJmMzM5ZjIyYjc0KSBpdCB3YXMgcG9zc2libGUgdG8gdXNlIGEgdG9rZW4gc2VudCB2aWEgZW1haWwgZm9yIHNlY29uZGFyeSBlbWFpbCB2YWxpZGF0aW9uIHRvIHJlc2V0IHRoZSBwYXNzd29yZCBpbnN0ZWFkLiAgSW4gb3RoZXIgd29yZHMsIGEgdG9rZW4gc2VudCBmb3IgIGEgZ2l2ZW4gYWN0aW9uIChyZWdpc3RyYXRpb24sIHBhc3N3b3JkIHJlc2V0IG9yIHNlY29uZGFyeSBlbWFpbCB2YWxpZGF0aW9uKSBjb3VsZCBiZSB1c2VkIHRvIHBlcmZvcm0gYSBkaWZmZXJlbnQgYWN0aW9uLiBJdCBpcyBubyBsb25nZXIgcG9zc2libGUgdG8gdXNlIGEgdG9rZW4gZm9yIGFuIGFjdGlvbiB0aGF0IGlzIGRpZmZlcmVudCBmcm9tIGl0cyBvcmlnaW5hbCBwdXJwb3NlLg==-->[commit](https://codeberg.org/forgejo/forgejo/commit/1ce33aa38d1d258d14523ff2c7c2dbf339f22b74) it was possible to use a token sent via email for secondary email validation to reset the password instead.  In other words, a token sent for  a given action (registration, password reset or secondary email validation) could be used to perform a different action. It is no longer possible to use a token for an action that is different from its original purpose.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5974) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5975)): <!--number 5975 --><!--line 1 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC8wNjFhYmU2MDA0NTIxMmFjZjhjM2Y1YzQ5YjVjYzc1OGI0Y2JjZGU5KSBhIGZvcmsgb2YgYSBwdWJsaWMgcmVwb3NpdG9yeSB3b3VsZCBzaG93IGluIHRoZSBsaXN0IG9mIGZvcmtzLCBldmVuIGlmIGl0cyBvd25lciB3YXMgbm90IGEgcHVibGljIHVzZXIgb3Igb3JnYW5pemF0aW9uLiBTdWNoIGEgZm9yayBpcyBub3cgaGlkZGVuIGZyb20gdGhlIGxpc3Qgb2YgZm9ya3Mgb2YgdGhlIHB1YmxpYyByZXBvc2l0b3J5Lg==-->[commit](https://codeberg.org/forgejo/forgejo/commit/061abe60045212acf8c3f5c49b5cc758b4cbcde9) a fork of a public repository would show in the list of forks, even if its owner was not a public user or organization. Such a fork is now hidden from the list of forks of the public repository.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5974) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5975)): <!--number 5975 --><!--line 2 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC8zZTNlZjc2ODA4MTAwY2IxYzg1MzM3ODczM2QwZjZhOTEwMzI0YWM2KSB0aGUgbWVtYmVycyBvZiBhbiBvcmdhbml6YXRpb24gdGVhbSB3aXRoIHJlYWQgYWNjZXNzIHRvIGEgcmVwb3NpdG9yeSAoZS5nLiB0byByZWFkIGlzc3VlcykgYnV0IG5vIHJlYWQgYWNjZXNzIHRvIHRoZSBjb2RlIGNvdWxkIHJlYWQgdGhlIFJTUyBvciBhdG9tIGZlZWRzIHdoaWNoIGluY2x1ZGUgdGhlIGNvbW1pdCBhY3Rpdml0eS4gUmVhZGluZyB0aGUgUlNTIG9yIGF0b20gZmVlZHMgaXMgbm93IGRlbmllZCB1bmxlc3MgdGhlIHRlYW0gaGFzIHJlYWQgcGVybWlzc2lvbnMgb24gdGhlIGNvZGUu-->[commit](https://codeberg.org/forgejo/forgejo/commit/3e3ef76808100cb1c853378733d0f6a910324ac6) the members of an organization team with read access to a repository (e.g. to read issues) but no read access to the code could read the RSS or atom feeds which include the commit activity. Reading the RSS or atom feeds is now denied unless the team has read permissions on the code.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5974) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5975)): <!--number 5975 --><!--line 3 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC85NTA4YWE3NzEzNjMyZWQ0MDEyNGE5MzNkOTFkNTc2NmNmMjM2OWMyKSB0aGUgdG9rZW5zIHVzZWQgd2hlbiBbcmVwbHlpbmcgYnkgZW1haWwgdG8gaXNzdWVzIG9yIHB1bGwgcmVxdWVzdHNdKGh0dHBzOi8vZm9yZ2Vqby5vcmcvZG9jcy92OS4wL3VzZXIvaW5jb21pbmcvKSB3ZXJlIHdlYWtlciB0aGFuIHRoZSBbcmZjMjEwNCByZWNvbW1lbmRhdGlvbnNdKGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2h0bWwvcmZjMjEwNCNzZWN0aW9uLTUpLiBUaGUgdG9rZW5zIGFyZSBub3cgdHJ1bmNhdGVkIHRvIDEyOCBiaXRzIGluc3RlYWQgb2YgODAgYml0cy4gSXQgaXMgbm8gbG9uZ2VyIHBvc3NpYmxlIHRvIHJlcGx5IHRvIGVtYWlscyBzZW50IGJlZm9yZSB0aGUgdXBncmFkZSBiZWNhdXNlIHRoZSB3ZWFrZXIgdG9rZW5zIGFyZSBpbnZhbGlkLg==-->[commit](https://codeberg.org/forgejo/forgejo/commit/9508aa7713632ed40124a933d91d5766cf2369c2) the tokens used when [replying by email to issues or pull requests](https://forgejo.org/docs/v9.0/user/incoming/) were weaker than the [rfc2104 recommendations](https://datatracker.ietf.org/doc/html/rfc2104#section-5). The tokens are now truncated to 128 bits instead of 80 bits. It is no longer possible to reply to emails sent before the upgrade because the weaker tokens are invalid.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5974) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5975)): <!--number 5975 --><!--line 4 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC83ODZkZmM3ZmI4MWVlNzZkNDI5MmNhNWZjYjMzZTZlYTdiZGNjYzI5KSBhIHJlZ2lzdGVyZWQgdXNlciBjb3VsZCBtb2RpZnkgdGhlIHVwZGF0ZSBmcmVxdWVuY3kgb2YgYW55IHB1c2ggbWlycm9yIChlLmcuIGV2ZXJ5IDRoIGluc3RlYWQgb2YgZXZlcnkgOGgpLiBUaGV5IGFyZSBub3cgb25seSBhYmxlIHRvIGRvIHRoYXQgaWYgdGhleSBoYXZlIGFkbWluaXN0cmF0aXZlIHBlcm1pc3Npb25zIG9uIHRoZSByZXBvc2l0b3J5Lg==-->[commit](https://codeberg.org/forgejo/forgejo/commit/786dfc7fb81ee76d4292ca5fcb33e6ea7bdccc29) a registered user could modify the update frequency of any push mirror (e.g. every 4h instead of every 8h). They are now only able to do that if they have administrative permissions on the repository.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5974) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5975)): <!--number 5975 --><!--line 5 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC9lNmJiZWNiMDJkNDc3MzBkM2NjNjMwZDQxOWZlMjdlZjJmYjVjYjM5KSBpdCB3YXMgcG9zc2libGUgdG8gdXNlIGJhc2ljIGF1dGhvcml6YXRpb24gKGkuZS4gdXNlcjpwYXNzd29yZCkgZm9yIHJlcXVlc3RzIHRvIHRoZSBBUEkgZXZlbiB3aGVuIHNlY3VyaXR5IGtleXMgd2VyZSBlbnJvbGxlZCBmb3IgYSB1c2VyLiBJdCBpcyBubyBsb25nZXIgcG9zc2libGUsIGFuIGFwcGxpY2F0aW9uIHRva2VuIG11c3QgYmUgdXNlZCBpbnN0ZWFkLg==-->[commit](https://codeberg.org/forgejo/forgejo/commit/e6bbecb02d47730d3cc630d419fe27ef2fb5cb39) it was possible to use basic authorization (i.e. user:password) for requests to the API even when security keys were enrolled for a user. It is no longer possible, an application token must be used instead.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5974) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5975)): <!--number 5975 --><!--line 6 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC83MDY3Y2M3ZGE0ZjE0NGNjOGEyZmQyYWU2ZTUzMDdlMDQ2NWFjZTdmKSBzb21lIG1hcmt1cCBzYW5pdGF0aW9uIHJ1bGVzIHdlcmUgbm90IGFzIHN0cm9uZyBhcyB0aGV5IGNvdWxkIGJlIChlLmcuIGFsbG93aW5nIGBlbW9qaSBzb21ldGhpbmdlbHNlYCBhcyB3ZWxsIGFzIGBlbW9qaWApLiBUaGUgcnVsZXMgYXJlIG5vdyBzdHJpY3RlciBhbmQgZG8gbm90IGFsbG93IGZvciBzdWNoIGNhc2VzLg==-->[commit](https://codeberg.org/forgejo/forgejo/commit/7067cc7da4f144cc8a2fd2ae6e5307e0465ace7f) some markup sanitation rules were not as strong as they could be (e.g. allowing `emoji somethingelse` as well as `emoji`). The rules are now stricter and do not allow for such cases.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5974) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5975)): <!--number 5975 --><!--line 7 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC9iNzAxOTY2NTNmOWQ3ZDNiOWQ0ZTcyZDExNGU1Y2M2ZjQ3Mjk4OGM0KSB3aGVuIEZvcmdlam8gaXMgY29uZmlndXJlZCB0byBlbmFibGUgaW5zdGFuY2Ugd2lkZSBzZWFyY2ggKGUuZy4gd2l0aCBbYmxldmVdKGh0dHBzOi8vYmxldmVzZWFyY2guY29tLykpLCByZXN1bHRzIGZvdW5kIGluIHRoZSByZXBvc2l0b3JpZXMgb2YgcHJpdmF0ZSBvciBsaW1pdGVkIHVzZXJzIHdlcmUgZGlzcGxheWVkIHRvIGFub255bW91cyB2aXNpdG9ycy4gVGhlIHJlc3VsdHMgZm91bmQgaW4gcHJpdmF0ZSBvciBsaW1pdGVkIG9yZ2FuaXphdGlvbnMgd2VyZSBub3QgZGlzcGxheWVkLiBUaGUgc2VhcmNoIHJlc3VsdHMgZm91bmQgaW4gdGhlIHJlcG9zaXRvcmllcyBvZiBwcml2YXRlIG9yIGxpbWl0ZWQgdXNlciBhcmUgbm8gbG9uZ2VyIGRpc3BsYXllZCB0byBhbm9ueW1vdXMgdmlzaXRvcnMu-->[commit](https://codeberg.org/forgejo/forgejo/commit/b70196653f9d7d3b9d4e72d114e5cc6f472988c4) when Forgejo is configured to enable instance wide search (e.g. with [bleve](https://blevesearch.com/)), results found in the repositories of private or limited users were displayed to anonymous visitors. The results found in private or limited organizations were not displayed. The search results found in the repositories of private or limited user are no longer displayed to anonymous visitors.<!--description-->
+- Bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5941) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5945)): <!--number 5945 --><!--line 0 --><!--description Zml4OiBoYW5kbGUgcmVuYW1lZCBkZXBlbmRlbmN5IGZvciBjYXJnbyByZWdpc3RyeQ==-->fix: handle renamed dependency for cargo registry.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5795) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5800)): <!--number 5800 --><!--line 0 --><!--description Zml4OiBzdXBwb3J0IGB3d3cuZ2l0aHViLmNvbWAgZm9yIG1pZ3JhdGlvbnM=-->support `www.github.com` for migrations.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5887): <!--number 5887 --><!--line 0 --><!--description Zml4OiBNb3ZlIGZvcmdvdF9wYXNzd29yZC1saW5rIHRvIGZpeCBsb2dpbiB0YWIgb3JkZXI=-->move forgot_password-link to fix login tab order.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5850) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5879)): <!--number 5879 --><!--line 0 --><!--description W1BPUlRdIEZpeCBjb2RlIG93bmVycyB3aWxsIG5vdCBiZSBtZW50aW9uZWQgd2hlbiBhIHB1bGwgcmVxdWVzdCBjb21lcyBmcm9tIGEgZm9ya2VkIHJlcG9zaXRvcnkgKGdpdGVhIzMwNDc2KQ==-->code owners will not be mentioned when a pull request comes from a forked repository.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5831) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5834)): <!--number 5834 --><!--line 0 --><!--description Zml4OiBsYWJlbHMgYXJlIG1pc3NpbmcgaW4gdGhlIHB1bGwgcmVxdWVzdCBwYXlsb2FkIHJlbW92aW5nIGEgbGFiZWw=-->labels are missing in the pull request payload removing a label.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5778) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5810)): <!--number 5810 --><!--line 0 --><!--description SW4gYSBGb3JnZWpvIEFjdGlvbnMgd29ya2Zsb3csIHRoZSBgdW5sYWJlbGVkYCBldmVudCB0eXBlIGZvciBwdWxsIHJlcXVlc3RzIHdhcyBpbmNvcnJlY3RseSBtYXBwZWQgdG8gdGhlIGxhYmVsZWQgZXZlbnQgdHlwZS4=-->in a Forgejo Actions workflow, the `unlabeled` event type for pull requests was incorrectly mapped to the labeled event type.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5778) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5810)): <!--number 5810 --><!--line 1 --><!--description V2hlbiBhIEZvcmdlam8gQWN0aW9ucyBpc3N1ZSBvciBwdWxsIHJlcXVlc3Qgd29ya2Zsb3cgaXMgdHJpZ2dlcmVkIGJ5IGFuIGBsYWJlbGVkYCBvciBgdW5sYWJlbGVkYCBldmVudCB0eXBlLCBpdCBtaXNzZXMgaW5mb3JtYXRpb24gYWJvdXQgdGhlIGxhYmVsIGFkZGVkIG9yIHJlbW92ZWQuIEl0IGlzIG5vdyBhdmFpbGFibGUgaW4gdGhlIGBsYWJlbGAgZGF0YSBtZW1iZXIgb2YgdGhlIGV2ZW50IHBheWxvYWQu-->when a Forgejo Actions issue or pull request workflow is triggered by an `labeled` or `unlabeled` event type, it misses information about the label added or removed. It is now available in the `label` data member of the event payload.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5778) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5810)): <!--number 5810 --><!--line 2 --><!--description VGhlIHB1bGwgcmVxdWVzdCB3b3JrZmxvdyBtdXN0IGFsd2F5cyB1cGRhdGUgdGhlIGhlYWQgU0hBIGNvbW1pdCBzdGF0dXMuIE5vdCBqdXN0IHdoZW4gdGhlIFBSIGlzIHN5bmNocm9uaXplZCwgb3BlbmVkIG9yIGNsb3NlZC4gT3RoZXJ3aXNlIGl0IG1ha2VzIGl0IGltcG9zc2libGUgdG8gZGVmaW5lIGEgam9iIHRvIGJlIGEgcmVxdWlyZWQgY2hlY2sgKGZvciBpbnN0YW5jZSBhIGpvYiB0aGF0IGlzIHRyaWdnZXJlZCB3aGVuIGxhYmVscyBhcmUgbW9kaWZpZWQgYW5kIHZlcmlmaWVzIHRoYXQgYSBnaXZlbiBjb21iaW5hdGlvbiBpcyBwcmVzZW50KS4=-->the pull request workflow must always update the head SHA commit status. Not just when the PR is synchronized, opened or closed. Otherwise, a job that is run more often than on commits (e.g. checking for specific labels or approvals) cannot be defined as a required check.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5746) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5759)): <!--number 5759 --><!--line 0 --><!--description Zml4IGdpdC1ncmVwIGZvciBjb2RlIHNlYXJjaCB3aGVuIGdpdCB2ZXJzaW9uIGlzIGJlbG93IDIuMzg=-->fix git-grep for code search when git version is below 2.38.<!--description-->
+- Localization
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5681) ([backported](https://codeberg.org/forgejo/forgejo/pulls/5748)): <!--number 5748 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate.<!--description-->
+<!--end release-notes-assistant-->
diff --git a/release-notes-published/up-to-and-including-8.0.0.md b/release-notes-published/up-to-and-including-8.0.0.md
new file mode 120000
index 0000000000..a2fdedd0e1
--- /dev/null
+++ b/release-notes-published/up-to-and-including-8.0.0.md
@@ -0,0 +1 @@
+../RELEASE-NOTES.md
\ No newline at end of file