forgejo/release-notes-published/7.0.13.md

See also the [dedicated blog post](https://forgejo.org/2025-02-release-v10-0-1/).

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Security bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6845): <!--number 6845 --><!--line 0 --><!--description Zml4KHNlYyk6IEZvcmdlam8gQWN0aW9ucyB3ZWIgcm91dGVz-->Verify the ID of Forgejo Actions web endpoints belongs to the repository to prevent the deletion of runners or variables or the modification of variables. [Read more in the dedicated blog post](https://forgejo.org/2025-02-release-v1001/).<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6846): <!--number 6846 --><!--line 0 --><!--description Zml4KHNlYyk6IHBlcm1pc3Npb24gY2hlY2sgZm9yIHByb2plY3QgaXNzdWU=-->Enforce permissions on publicly available user or organizations projects to not leak information from issues and pull requests that belong to private repositories. [Read more in the dedicated blog post](https://forgejo.org/2025-02-release-v1001/).<!--description-->
- Bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6674) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6679)): <!--number 6679 --><!--line 0 --><!--description Zml4OiBsb2FkIHNldHRpbmdzIGZvciB2YWxpZCB1c2VyIGFuZCBlbWFpbCBjaGVjaw==-->fix: load settings for valid user and email check<!--description-->
- Included for completeness but not worth a release note
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6693): <!--number 6693 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kga2F0ZXggdG8gdjAuMTYuMjEgW1NFQ1VSSVRZXSAodjcuMC9mb3JnZWpvKQ==-->Update dependency katex to v0.16.21 [SECURITY] (v7.0/forgejo)<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6655) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6669)): <!--number 6669 --><!--line 0 --><!--description Y2hvcmUoc2VjdXJpdHkpOiB1cGRhdGUgc2VjdXJpdHkudHh0IHdpdGggbmV3IGV4cGlyYXRpb24gZGF0ZQ==-->chore(security): update security.txt with new expiration date<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6501): <!--number 6501 --><!--line 0 --><!--description Y2hvcmU6IHJlbW92ZSBpbGxlZ2FsIGdpdCB1c2FnZQ==-->chore: remove illegal git usage<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6483): <!--number 6483 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLWdpdC9nby1naXQvdjUgdG8gdjUuMTMuMSAodjcuMC9mb3JnZWpvKQ==-->Update module github.com/go-git/go-git/v5 to v5.13.1 (v7.0/forgejo)<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6324) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6325)): <!--number 6325 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZSk6IGxpbmsgdG8gdGhlIHN0YW5kYWxvbmUgcmVsZWFzZSBub3RlcyBmaWxl-->chore(release): link to the standalone release notes file<!--description-->
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6317): <!--number 6317 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvbmV0IHRvIHYwLjMzLjAgKHY3LjAvZm9yZ2Vqbyk=-->Update module golang.org/x/net to v0.33.0 (v7.0/forgejo)<!--description-->
<!--end release-notes-assistant-->
chore(release-notes): fix Forgejo v10.0.1 & v7.0.13 blog post URL (#6852) See https://codeberg.org/forgejo/website/pulls/554 and https://forgejo.codeberg.page/@pull_554/2025-02-release-v10-0-1/ Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6852 Reviewed-by: Robert Wolff <mahlzahn@posteo.de> Reviewed-by: 0ko <0ko@noreply.codeberg.org> Co-authored-by: Earl Warren <contact@earl-warren.org> Co-committed-by: Earl Warren <contact@earl-warren.org> 2025-02-08 13:54:11 +01:00			`See also the [dedicated blog post](https://forgejo.org/2025-02-release-v10-0-1/).`
chore(release-notes): Forgejo v7.0.13 (#6849) https://codeberg.org/forgejo/forgejo/milestone/9022 Co-authored-by: Earl Warren <contact@earl-warren.org> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6849 Reviewed-by: 0ko <0ko@noreply.codeberg.org> Co-authored-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org> Co-committed-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org> 2025-02-08 11:47:44 +01:00
			`<!--start release-notes-assistant-->`

			`## Release notes`
			`<!--URL:https://codeberg.org/forgejo/forgejo-->`
			`- Security bug fixes`
			`- [PR](https://codeberg.org/forgejo/forgejo/pulls/6845): <!--number 6845 --><!--line 0 --><!--description Zml4KHNlYyk6IEZvcmdlam8gQWN0aW9ucyB3ZWIgcm91dGVz-->Verify the ID of Forgejo Actions web endpoints belongs to the repository to prevent the deletion of runners or variables or the modification of variables. [Read more in the dedicated blog post](https://forgejo.org/2025-02-release-v1001/).<!--description-->`
			`- [PR](https://codeberg.org/forgejo/forgejo/pulls/6846): <!--number 6846 --><!--line 0 --><!--description Zml4KHNlYyk6IHBlcm1pc3Npb24gY2hlY2sgZm9yIHByb2plY3QgaXNzdWU=-->Enforce permissions on publicly available user or organizations projects to not leak information from issues and pull requests that belong to private repositories. [Read more in the dedicated blog post](https://forgejo.org/2025-02-release-v1001/).<!--description-->`
			`- Bug fixes`
			`- [PR](https://codeberg.org/forgejo/forgejo/pulls/6674) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6679)): <!--number 6679 --><!--line 0 --><!--description Zml4OiBsb2FkIHNldHRpbmdzIGZvciB2YWxpZCB1c2VyIGFuZCBlbWFpbCBjaGVjaw==-->fix: load settings for valid user and email check<!--description-->`
			`- Included for completeness but not worth a release note`
			`- [PR](https://codeberg.org/forgejo/forgejo/pulls/6693): <!--number 6693 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kga2F0ZXggdG8gdjAuMTYuMjEgW1NFQ1VSSVRZXSAodjcuMC9mb3JnZWpvKQ==-->Update dependency katex to v0.16.21 [SECURITY] (v7.0/forgejo)<!--description-->`
			`- [PR](https://codeberg.org/forgejo/forgejo/pulls/6655) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6669)): <!--number 6669 --><!--line 0 --><!--description Y2hvcmUoc2VjdXJpdHkpOiB1cGRhdGUgc2VjdXJpdHkudHh0IHdpdGggbmV3IGV4cGlyYXRpb24gZGF0ZQ==-->chore(security): update security.txt with new expiration date<!--description-->`
			`- [PR](https://codeberg.org/forgejo/forgejo/pulls/6501): <!--number 6501 --><!--line 0 --><!--description Y2hvcmU6IHJlbW92ZSBpbGxlZ2FsIGdpdCB1c2FnZQ==-->chore: remove illegal git usage<!--description-->`
			`- [PR](https://codeberg.org/forgejo/forgejo/pulls/6483): <!--number 6483 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLWdpdC9nby1naXQvdjUgdG8gdjUuMTMuMSAodjcuMC9mb3JnZWpvKQ==-->Update module github.com/go-git/go-git/v5 to v5.13.1 (v7.0/forgejo)<!--description-->`
			`- [PR](https://codeberg.org/forgejo/forgejo/pulls/6324) ([backported](https://codeberg.org/forgejo/forgejo/pulls/6325)): <!--number 6325 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZSk6IGxpbmsgdG8gdGhlIHN0YW5kYWxvbmUgcmVsZWFzZSBub3RlcyBmaWxl-->chore(release): link to the standalone release notes file<!--description-->`
			`- [PR](https://codeberg.org/forgejo/forgejo/pulls/6317): <!--number 6317 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvbmV0IHRvIHYwLjMzLjAgKHY3LjAvZm9yZ2Vqbyk=-->Update module golang.org/x/net to v0.33.0 (v7.0/forgejo)<!--description-->`
			`<!--end release-notes-assistant-->`