Gitea v1.26.4 released on 21-06-2026

Gitea v1.26.4 is out now. It patches a security issue that could automatically reactivate disabled user accounts during an OAuth2 callback and improves git log traversal error handling, which matters for administrators and operators integrating with external OAuth2/OIDC providers or running large repositories.
Head to the Gitea project releases on GitHub or your usual update channels for the full notes and downloads; Gitea Cloud instances will be upgraded automatically during the provider’s scheduled maintenance window.
What’s in this release
- Security: prevent automatic reactivation of disabled users on OAuth2 callback (fixes: #38009, PR #38183)
- Bugfix: improved git log traversal context/error handling (PRs #38182, #38185)
- Gitea Cloud rollout notice: Cloud instances will be automatically upgraded to v1.26.4 during the provider’s maintenance window
Upgrade notes
- If you integrate Gitea with external OAuth2/OIDC providers, upgrade to v1.26.4 promptly and review any automation or custom OAuth hooks that assume callback-driven reactivation of accounts.
- Gitea Cloud users: expect the update to be applied for you. Self-hosted users should plan to upgrade manually to receive the fixes.
Share any comments on your upgrade experience or report issues on the project’s issue tracker so others can benefit from what you found.


