Forgejo

A self-hosted lightweight software forge

Get it on umbrelOS

Version15.0.2

CategoryDeveloper Tools

Source codePublic

Developed byForgejo Community 1 app

Submitted byJohn Wilddip 1 app

Compatible withumbrelOS 0.5 or later

Forgejo is a self-hosted lightweight software forge, designed to be a fully self-hosted, privacy-respecting alternative to GitHub, GitLab, and Bitbucket. It is a fork of Gitea with additional features and community-driven enhancements. Forgejo is written in Go and can run on low-resource hardware like a Raspberry Pi.

🔑 Key features include:

🏠 Fully self-hosted and private 🎯 Issue tracker and project management 👥 Account/Organization/Repository management 🕶️ Tor support 🛠️ Repository Git hooks/deploy keys 📝 Repository issues, pull requests, and wiki 👤 Add/Remove repository collaborators 🌐 Gravatar and custom source 🖥️ Admin panel ⚙️ Forgejo Actions for CI/CD 🚀 Lightweight and performant

🌍 Forgejo is brought to you by an inclusive community under the umbrella of Codeberg e.V., a democratic non-profit organization. It is 100% Free Software, focusing on security, scaling, federation, and privacy.

What's new

Version 15.0.2+3 days ago

This release includes security and bug fixes for Forgejo 15:

Prevents unauthorized Git HTTP writes to wiki repositories
Tightens LFS, scoped API token, and OAuth access checks
Strengthens Forgejo Actions artifact signature validation
Fixes stuck Actions approval state after denying pull request workflow trust
Fixes team member pagination, package cleanup, migration retry cleanup, and pending review request cleanup

Full release notes are available at https://codeberg.org/forgejo/forgejo/releases/tag/v15.0.2

Version 15.0.1+6 days ago

🚨 This release upgrades Forgejo to the latest LTS version and includes various new features, improvements, breaking API changes, and important security fixes:

Improved Forgejo Actions, including runner management, workflow scheduling/timezone support, reusable workflows, clearer logs, and new API endpoints
Improved repository and pull request workflows, including better reviews, conflict checks, markdown editing, file views, package handling, and accessibility
Added repo-specific access tokens and stricter public-only token enforcement; some API calls now require narrower scopes or return 404 instead of 403
Removed deprecated URL-query API authentication and tightened API requirements for file updates, template generation, and repository deletion
Users may need to sign in again after the upgrade because Forgejo's default cookie names changed
Fixed multiple permission and security issues in OAuth, attachments, projects, pull request automerge, release emails, redirects, tokens, secrets, and private repository access

Full release notes are available at https://forgejo.org/releases/

Version 11.0.11+last month

🚨 This release includes important security fixes:

Fixed PKCE challenge validation for OAuth identity provider when using the S256 algorithm
Fixed improper scope enforcement when using OAuth Bearer tokens with HTTP basic authentication
Fixed missing permission checks in attachment endpoints that allowed modifying attachments a user did not own
Fixed email notifications for new releases being sent to users who lost repository access or are inactive
Fixed missing permission checks in user/org-owned projects that allowed unauthorized changes to project state
Fixed missing permission check that allowed unauthorized cancellation of pull request automerge
Fixed path-traversal vulnerability in post-login redirect parameters that could allow arbitrary redirects

Full release notes are available at https://forgejo.org/releases/

Version 11.0.10+3 months ago

🚨 This release includes important security fixes:

Fixed excess creation of commit_status records
Upgraded Go version to 1.25.6, addressing denial of service vulnerabilities

Full release notes are available at https://forgejo.org/releases/

Version 11.0.8+5 months ago

🚨 This release includes important security fixes:

Fixed dependency repository permission checks in API operations
Prevented draft releases from being read before publication
Fixed misconfigured security checks on tag delete operations
Corrected enforcement of head branch protection rules during pull request updates
Fixed issue where issue owners could delete other users' comment edit history
Prevented bypassing of tag protection rules during tag deletion

Full release notes are available at https://forgejo.org/releases/

BudibaseThe low code platform you'll enjoy using

BFFlessSelf-hosted static site hosting platform

GitingestAn effortless way to make Git repositories LLM-friendly

MinIOThe Object Store for AI Data Infrastructure

InfluxDBHigh performance time series database

PortainerRun custom Docker containers on your Umbrel

Forgejo

Related