Gitea v1.26.4 released on 21-06-2026

Gitea v1.26.4 is out now. It prevents disabled user accounts being automatically reactivated during OAuth2 callbacks, closing a security regression and preserving administrator intent.
See the full release details on the project’s release endpoint: https://api.github.com/repos/go-gitea/gitea/releases/latest
What’s in this release
- Security fix: do not auto-reactivate disabled users on OAuth2 callback (#38009, #38183)
- Bugfix: improved git log walk context error handling to reduce unexpected errors when traversing commit history (#38182, #38185)
- Maintenance/security patch — instances on Gitea Cloud will be automatically upgraded during the scheduled maintenance window (no manual action required for hosted users)
Upgrade notes
- No breaking changes or deprecations are listed in the release notes; see the release page for full details and upgrade instructions.
- No rollback-specific notes were provided; if you need to revert, follow your normal backup or rollback procedures.
Let us know how the upgrade went and whether the fixes address any issues you were seeing.


