Forgejo v15.0 Released: 100th Version Brings Enhanced Security and Usability Features
Key Takeaways
- ▸Forgejo v15.0 introduces repository-specific access tokens, restricting token permissions to designated repositories while maintaining read-only access to public repositories
- ▸Auto-linking containers to repositories eliminates manual configuration steps for administrators uploading packages via the registry
- ▸Forgejo Actions now supports reusable workflow expansion, OpenID Connect authentication, and ephemeral runners for secure autoscaling
Summary
Forgejo, the lightweight, community-developed self-hosted code collaboration platform, has released version 15.0, marking its 100th release. The new version focuses on refining day-to-day usability and security while introducing advanced capabilities for Forgejo Actions. Key improvements include repository-specific access tokens for more secure API interactions, auto-linking containers to repositories, enhanced UI for issue filtering and releases lists, and improved Git workflow capabilities such as modifiable Git notes in pull request views.
The release introduces several breaking changes that require administrator attention. Default cookie names have been stripped of branding, requiring users to re-login unless manually configured otherwise. Docker rootless deployments must migrate their config file location from /etc/gitea/app.ini to /var/lib/gitea/custom/conf/app.ini, as backward compatibility logic has been removed. Repository-specific access tokens represent a significant authorization shift, with changes applied across many APIs to align security expectations.
- Multiple breaking changes require administrator preparation, including default cookie name changes and Docker rootless config file migration
- UI enhancements improve issue filtering and Git workflow management, with more detailed error messages for debugging access issues
Editorial Opinion
Forgejo v15.0 demonstrates the project's commitment to balancing security improvements with practical usability enhancements for self-hosted deployments. The introduction of repository-specific access tokens is a significant security win that aligns with modern API security best practices, though the breaking changes—particularly around cookies and Docker configuration—will require careful planning for administrators. The expanded Actions capabilities suggest Forgejo is actively competing with commercial platforms by offering enterprise-grade CI/CD features to the open-source community.
