* SECURITY

  * Respect approved email domain list for externally validated user registration (#15014)
  * Add reverse proxy configuration support for remote IP address detection (#14959)
  * Ensure validation occurs on clone addresses too (#14994)
* BREAKING
  * Restore Access.log following migration to Chi framework (Stops access logging of /api/internal routes) (#14475)
  * Migrate from Macaron to Chi framework (#14293)
  * Deprecate building for mips (#14174)
  * Consolidate Logos and update README header (#14136)
  * Inline manifest.json (#14038)
  * Store repository data in data path if not previously set (#13991)
  * Rename "gitea" png to "logo" (#13974)
  * Standardise logging of failed authentication attempts in internal SSH (#13962)
  * Add markdown support in organization description (#13549)
  * Improve users management through the CLI (#6001) (#10492)
* FEATURES
  * Create a new issue with reference to lines of code from file view (#14863)
  * Repository transfer has to be confirmed, if user can not create repo for new owner (#14792)
  * Allow blocking some email domains from registering an account (#14667)
  * Create a new issue based on reference to an issue comment (#14366)
  * Add support to migrate from gogs (#14342)
  * Add pager to the branches page (#14202)
  * Minimal OpenID Connect implementation (#14139)
  * Display current stopwatch in navbar (#14122)
  * Display SVG files as images instead of text (#14101)
  * Disable SSH key deletion of externally managed Keys (#13985)
  * Add support for ed25519_sk and ecdsa_sk SSH keys (#13462)
  * Add support for Mastodon OAuth2 provider (#13293)
  * Add gitea sendmail command (#13079)
  * Create DB session provider(based on xorm) (#13031)
  * Add dismiss review feature (#12674)
  * Make manual merge autodetection optional and add manual merge as merge method (#12543)
  * Dump github/gitlab/gitea repository data to a local directory and restore to gitea (#12244)
  * Create Rootless Docker image (#10154)
* API
  * Get pull, return head branch sha, even if deleted (#14931)
  * Export LFS & TimeTracking function status (#14753)
  * Show Gitea version in swagger (#14654)
  * Fix PATCH /repos/{owner}/{repo} panic (#14637)
  * Add Restricted Field to User (#14630)
  * Add support for ref parameter to get raw file API (#14602)
  * Add affected files of commits to commit struct (#14579)
  * Fix CJK fonts again and misc. font issues (#14575)
  * Add delete release by tag & delete tag (#14563) & (#13358)
  * Add pagination to ListBranches (#14524)
  * Add signoff option in commit form (#14516)
  * GetRelease by tag only return release (#14397)
  * Add MirrorInterval to the API (#14163)
  * Make BasicAuth Prefix case insensitive (#14106)
  * Add user filter to issueTrackedTimes, enable usage for issue managers (#14081)
  * Add ref to create/edit issue options & deprecated assignee (#13992)
  * Add Ref to Issue (#13946)
  * Expose default theme in meta and API (#13809)
  * Send error message when CSRF token is missing (#13676)
  * List, Check, Add & delete endpoints for repository teams (#13630)
  * Admin EditUser: Make FullName, Email, Website & Location optional (#13562)
  * Add more filters to issues search (#13514)
  * Add review request api (#11355)
* BUGFIXES
  * Move setting to enable closing issue via commit in non default branch to repo settings (#14965)
  * Show correct issues for team dashboard (#14952)
  * Ensure that new pull request button works on forked forks owned by owner of the root and reduce ambiguity (#14932)
  * Only allow issue labels from owner repository or organization (#14928)
  * Fix alignment of People and Teams right arrow on org homepage (#14924)
  * Fix overdue marking of closed issues and milestones (#14923)
  * Prevent panic when empty MilestoneID in repo/issue/list (#14911)
  * Fix migration context data (#14910)
  * Handle URLs with trailing slash (#14852)
  * Add CORS config on to /login/oauth/access_token endpoint (#14850)
  * Make searching issues by keyword case insensitive on DB (#14848)
  * Prevent use of double sub-path and incorrect asset path in manifest (#14827)
  * Fix link account ui (#14763)
  * Fix preview status switch button on wiki editor (#14742)
  * Fix github download on migration (#14703)
  * Fix svg spacing (#14638)
  * Prevent adding nil label to .AddedLabels or .RemovedLabels (#14623)
  * Truncated organizations name (#14615)
  * Exclude the current dump file from the dump (#14606)
  * Use OldRef instead of CommitSHA for DeleteBranch comments (#14604)
  * Ensure memcache caching works when TTL greater than 30 days (#14592)
  * Remove NULs byte arrays passed to PostProcess (#14587)
  * Restore detection of branches are equal on compare page (#14586)
  * Fix incorrect key name so registerManualConfirm works (#14455)
  * Fix close/reopen with comment (#14436)
  * Allow passcode invalid error to appear (#14371)
  * Escape branch names in compare url (#14364)
  * Label and milestone webhooks on issue/pull creation (#14363)
  * Handle NotifyCreateRef as create branch in feeds (#14245)
  * Prevent clipping input text in Chrome + Segoe UI Font (#14179)
  * Fix UI on edit auth source page (#14137)
  * Fix git.parseTagData (#14105)
  * Refactor get tag to remove unnecessary steps (#14058)
  * Fix integrations test error with space in CURDIR path (#14056)
  * Dropdown triangle fixes (#14028)
  * Fix label of --id in admin delete user (#14005)
  * Cause NotifyMigrateRepository to emit a repo create webhook (#14004)
  * Update HEAD to match defaultBranch in template generation (#13948)
  * Fix action avatar loading (#13909)
  * Fix issue participants (#13893)
  * Fix avatar template error (#13833)
  * Fix review request notification email links when external issue tracker is enabled (#13723)
  * Fix blame line alignment (#13542)
  * Include OriginalAuthor in Reaction constraint (#13505)
  * Comments on review should have the same sha (#13448)
  * Fix whitespace rendering in diff (#13415)
  * Fixed git args duplication (#13411)
  * Fix bug on release publisherid migrations (#13410)
  * Fix --port setting (#13288)
  * Keep database transactions not too big (#13254)
  * Git version check, ignore pre-releases constraints (#13234)
  * Handle and propagate errors when checking if paths are Dirs, Files or Exist (#13186)
  * Update Mirror IsEmpty status on synchronize (#13185)
  * Use GO variable in go-check target (#13146) (#13147)
* ENHANCEMENTS
  * UI style improvements
  * Support .mailmap in code activity stats (#15009)
  * Sort release attachments by name (#15008)
  * Add ui.explore settings to control view of explore pages (#14094)
  * Make internal SSH server host key path configurable (#14918)
  * Hide resync all ssh principals when using internal ssh server (#14904)
  * Add SameSite setting for cookies (#14900)
  * Move Bleve and Elastic code indexers to use a common cat-file --batch (#14781)
  * Add environment-to-ini to docker image (#14762)
  * Add preview support for wiki editor when disable simpleMDE (#14757)
  * Add easyMDE(simpleMDE) support for release content editor (#14744)
  * Organization removal confirmation using name not password (#14738)
  * Make branch names in PR description clickable (#14716)
  * Add Password Algorithm option to install page (#14701)
  * Add fullTextSearch to dropdowns by default (#14694)
  * Fix truncated organization names (#14655)
  * Whitespace in commits (#14650)
  * Sort / move project boards (#14634)
  * Make fileheader sticky in diffs (#14616)
  * Add helper descriptions on new repo page (#14591)
  * Move the stopwatches to the eventsource stream (#14588)
  * Add Content-Length header to HEAD requests (#14542)
  * Add Image Diff options in Diff view (#14450)
  * Improve Description in new/ edit Project template (#14429)
  * Allow ssh-keygen on Windows to detect ssh key type (#14413)
  * Display error if twofaSecret cannot be retrieved (#14372)
  * Sort issue search results by revelance (#14353)
  * Implement ghost comment mitigation (#14349)
  * Upgrade blevesearch dependency to v2.0.1 (#14346)
  * Add edit, delete and reaction support to code review comments on issue page (#14339)
  * Merge default and system webhooks under one menu (#14244)
  * Add option for administrator to reset user 2FA (#14243)
  * Add option to change username to the admin panel (#14229)
  * Check for 'main' as potential default branch name (#14193)
  * Project: show referenced PRs in issue cards (#14183)
  * Use caddy's certmagic library for extensible/robust ACME handling (#14177)
  * CLI support for OAuth sources custom icons (#14166)
  * Custom icons for OAuth sources (#14161)
  * Team dashboards (#14159)
  * KanBan: be able to set default board (#14147)
  * Disable Fomantic's custom scrollbars (#14109)
  * Add UI to delete tracked times (#14100)
  * Rework heatmap permissions (#14080)
  * Issue and pull request filters on organization dashboard (#14072)
  * Fix webhook list styling (#14001)
  * Show dropdown with all statuses for commit (#13977)
  * Show status check for merged PRs (#13975)
  * Diff stat improvements (#13954)
  * Report permissions denied in internal SSH (#13953)
  * Markdown task list improvements (#13952)
  * Heatmap days clickable (#13935)
  * chore: use octicon-mirror for feeds display (#13928)
  * Move diff split code into own template file (#13919)
  * Markdown: Enable wrapping in code blocks and a color tweak (#13894)
  * Do not reload page after adding comments in Pull Request reviews (#13877)
  * Add pull request manually merge instruction (#13840)
  * add thumbnail preview section to issue attachments (#13826)
  * Move Repo APIFormat to convert package (#13787)
  * Move notification APIFormat (#13783)
  * Swap swagger-ui with swagger-ui-dist (#13777)
  * User Settings: Ignore empty language codes & validate (#13755)
  * Improve migrate page and add card CSS (#13751)
  * Add block on official review requests branch protection (#13705)
  * Add review requested filter on pull request overview (#13701)
  * Use chronological commit order in default squash message (#13696)
  * Clickable links in pull request (and issue) titles (#13695)
  * Support shortened commit SHAs in URLs (#13686)
  * Use native git variants by default with go-git variants as build tag (#13673)
  * Don't render dropdown when only 1 merge style is available (#13670)
  * Move webhook type from int to string (#13664)
  * Direct avatar rendering (#13649)
  * Verify password for local-account activation (#13631)
  * Prevent clone protocol button flash on page load (#13626)
  * Remove fetch request from heatmap (#13623)
  * Refactor combine label comments with tests (#13619)
  * Move metrics from macaron to chi (#13601)
  * Issue and Pulls lists rework (#13594)
  * HTTP cache rework and enable caching for storage assets (#13569)
  * Use mount but not register for chi routes (#13555)
  * Use monaco for the git hook editor (#13552)
  * Make heatmap colors more distinct (#13533)
  * Lazy-load issue reviewers and assignees avatars (#13526)
  * Change search and filter icons to SVG (#13473)
  * Create tag on ui (#13467)
  * updateSize when create a repo with init commit (#13441)
  * Added title and action buttons to Project view page (#13437)
  * Override fomantic monospace fonts and set size (#13435)
  * Rework focused comment styling (#13434)
  * Tags cleanup (#13428)
  * Various style tweaks (#13418)
  * Refactor push update (#13381)
  * Comment box tweaks and SVG dropdown triangles (#13376)
  * Various style fixes (#13372)
  * Change repo home page icons to SVG (#13364)
  * Use CSS Vars for primary color (#13361)
  * Refactor image paste code (#13354)
  * Switch from SimpleMDE to EasyMDE (#13333)
  * Group Label Changed Comments in timeline (#13304)
  * Make the logger an interface (#13294)
  * Fix PR/Issue titles on mobile (#13292)
  * Rearrange the order of the merged by etc. in locale (#13284)
  * Replace footer and modal icons with SVG (#13245)
  * Issues overview should not show issues from archived repos (#13220)
  * Show stale label for stale code comment which is marked as resolved (#13213)
  * Use CSS Variables for fonts, remove postcss-loader (#13204)
  * Add mentionable teams to tributeValues and change team mention rules to gh's style (#13198)
  * Move install pages out of main macaron routes (#13195)
  * Update outdated label to use Fomantic UI style (#13181)
  * Added option to disable webhooks (#13176)
  * Change order of possible-owner organizations to alphabetical (#13160)
  * Log IP on SSH authentication failure for Built-in SSH server (#13150)
  * Added option to disable migrations (#13114)
  * New "Add Mirror" Button in the Organization view (#13105)
  * Manually approve new registration (#13083)
  * Cron job to cleanup hook_task table (#13080)
  * Use the headline comment of pull-request as the squash commit's message (#13071)
  * Clarify the suffices and prefixes of setting.AppSubURL and setting.AppURL (#12999)
  * Slightly simplify the queue settings code to help reduce the risk of problems (#12976)
  * Add precise search type for Elastic Search (#12869)
  * Move APIFormat functions into convert package (#12856)
  * Multiple GitGraph improvements: Exclude PR heads, Add branch/PR links, Show only certain branches, (#12766)
  * Add TrN for repository limit (#12492)
  * Refactor doctor (#12264)
  * Add the tag list page to the release page (#12096)
  * Redirect on changed user and org name (#11649)
  * load U2F js only on pages which need it (#11585)
  * Make archival asynchronous (#11296)
  * Introduce go chi web framework as frontend of macaron, so that we can move routes from macaron to chi step by step (#7420)
  * Improve vfsgen to not unzip bindata files but send to browser directly (#7109)
  * Enhance release list (#6025)
* DOCS
  * Swagger show models by default (#14880)
  * Add missing repo.projects unit into swagger (#14876)
  * Update docs and comments to remove macaron (#14491)
  * Issue template addition: Are you using Gitea behind CloudFlare? (#14098)
  * Generate man pages (#13901)
  * Reformat/fine-tune docs (#13897)
  * Added Table of Contents to long documentation pages (#13890)
  * Add docs command (#13429)
  * Update external-renderers.en-us.md (#13165)
* MISC
  * Add builds for apple M1 (darwin arm64) (#14951)
  * Migrate to use jsoniter instead of encoding/json (#14841)
  * Reduce make verbosity (#13803)
  * Add git command error directory on log (#13194)
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE2PlnLXfAu2CgJMI+395goAk+uSYFAmBV/eMACgkQ395goAk+
uSYQ9xAAj1LTzWStHW1yBpXYE8I1OIaCLimnO0UaVDJ1j6mz15rCEpPR5efYaR1v
+C5MV7fo/65qghC5dfssUP5NtgVgcB/UCzLiY0AZwizZGpMy7y6IdTEPZEN24pRw
kiSDsXGvzh292o1ShJEXr6PD+M/p/5tJHsathqjESLciBv+s3KXng3DR4qOTtu8P
2WBctH/7OVWuUnngdltcHwHIoVCqitk/yoVRinCtREm9IuY4O872MnDK8q5Yvvej
3O6TIBPRU7UtkLyanMGSv4c4cIAw8lFgs5oJ0FizfcL77008hwKxj7bqlmIEKVcC
PmhWRGlTRfwchZtEFAguiwnBRCl+VJ+xGneojjFSBS2WV0HQoKxeCkkqKchgQnMD
1XAn5Qlm0CFTZZ17xA40P7V+2zseRzSCwbrEzW8yesx4SqfUHsPq65bx+kLe0SvJ
/SpFw7RIDStGLm6nCa9PFtNGEZEnmkMK8DdpxsI9FjEyCrD0wzOQ35K6ASThYKrb
R+AGbAFrffWrJG8YetauJ7eRyYwFjxs8KL9OUh0sTHOQd4D5FJ77MWV9SNbEYhxg
LT6eVBVp/QvbxRpEdm/BcKYXZkF8uajRT7bm+M4Sr2PzU0prrrYNh5UBUcPWQoK1
hW+3paP/J/dOeVxyEkCzO18B5zLZSEOUc3fHqCIHZ3nC2IsDfTY=
=7dzB
-----END PGP SIGNATURE-----