This site uses cookies for analytics and to improve your experience. By clicking Accept, you consent to our use of cookies. Learn more in our privacy policy.

Home
About
System Admin
Tech
Home Lab
Rambles
Deals
Lifestyle
Threats
Weekly Digest
Advisories
Security
Phishing Updates
Threat Intelligence
Image Scraper
Contact

Gitea | v1.25.5

Gitea v1:25:5: security fixes, OAuth and permission fixes, git LFS mirroring and storage fixes, UI and editor improvements, dependency and packaging updates

Gitea v1.25.5 released on 13-03-2026


Gitea v1.25.5 is out now. It focuses on security hardening, toolchain and dependency updates, and a number of permission, storage and UI fixes that close several important attack surfaces.

For full details and upgrade instructions, consult the release notes on Gitea’s GitHub or the official Gitea pages; Gitea Cloud instances will be upgraded automatically during the scheduled maintenance window.

What’s in this release

  • Toolchain moved to Go 1.25.8 with related adjustments and dependency security bumps.
  • Security fixes including prevention of redirect bypasses via backslash-encoded paths and corrections to OAuth2 authorization code expiry, reuse and s256 handling.
  • Critical access fixes such as resolving a bug that allowed a user to change another user’s primary email, plus multiple permission and visibility corrections.

Upgrade notes

  • The built-in security-check has been made informational only; operators should review the toolchain and dependency changes before upgrading and follow the release notes for guidance.
  • Gitea Cloud instances will be automatically upgraded to v1.25.5 during the specified maintenance window; self-hosted operators should plan their own upgrade and rollback procedure if needed.

Share feedback or report any issues on Gitea’s GitHub so the community and maintainers can follow up on your experience.

0
0
0
0
Total
0
Shares
Share 0
Tweet 0
Pin it 0
Share 0