Fix changelog typo (#26973 )

1.20.4 changelog (#26966 )
Improve LDAP group config documentation (#21227 ) (#26921 )
2023-09-08 16:35:37 +08:00 · 2023-09-08 12:17:00 +08:00 · 2023-09-05 22:41:10 -04:00 · 2023-09-05 19:06:35 +00:00 · 2023-09-03 19:37:42 +00:00 · 2023-09-03 18:45:37 +00:00
173 changed files with 835 additions and 385 deletions
--- a/.gitea/issue_template.md
+++ b/.gitea/issue_template.md
@@ -5,7 +5,7 @@
    2. Please ask questions or configuration/deploy problems on our Discord
       server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
    3. Please take a moment to check that your issue doesn't already exist.
-    4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
+    4. Make sure it's not mentioned in the FAQ (https://docs.gitea.com/help/faq)
    5. Please give all relevant information below for bug reports, because
       incomplete details will be handled as an invalid report.
 -->
@@ -26,7 +26,7 @@
  - [ ] No
 - Log gist:
 <!-- It really is important to provide pertinent logs -->
-<!-- Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems -->
+<!-- Please read https://docs.gitea.com/administration/logging-config#collecting-logs-for-help -->
 <!-- In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini -->

 ## Description
--- a/.github/ISSUE_TEMPLATE/bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/bug-report.yaml
@@ -1,6 +1,6 @@
 name: Bug Report
 description: Found something you weren't expecting? Report it here!
-labels: kind/bug
+labels: ["kind/bug"]
 body:
 - type: markdown
  attributes:
@@ -14,12 +14,9 @@ body:
         server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
      3. Make sure you are using the latest release and
         take a moment to check that your issue hasn't been reported before.
-      4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
-      5. Please give all relevant information below for bug reports, because
+      4. Make sure it's not mentioned in the FAQ (https://docs.gitea.com/help/faq)
+      5. It's really important to provide pertinent details and logs (https://docs.gitea.com/help/support),
         incomplete details will be handled as an invalid report.
-      6. In particular it's really important to provide pertinent logs. You must give us DEBUG level logs.
-         Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
-         In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
 - type: textarea
  id: description
  attributes:
@@ -50,7 +47,7 @@ body:
  attributes:
    value: |
      It's really important to provide pertinent logs
-      Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
+      Please read https://docs.gitea.com/administration/logging-config#collecting-logs-for-help
      In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
 - type: input
  id: logs
@@ -89,6 +86,6 @@ body:
    description: What database system are you running?
    options:
    - PostgreSQL
-    - MySQL
+    - MySQL/MariaDB
    - MSSQL
    - SQLite
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -8,9 +8,9 @@ contact_links:
    about: Please ask questions and discuss configuration or deployment problems here.
  - name: Discourse Forum
    url: https://discourse.gitea.io
-    about: Questions and configuration or deployment problems can also be discussed on our forum.    
+    about: Questions and configuration or deployment problems can also be discussed on our forum.
  - name: Frequently Asked Questions
-    url: https://docs.gitea.io/en-us/faq
+    url: https://docs.gitea.com/help/faq
    about: Please check if your question isn't mentioned here.
  - name: Crowdin Translations
    url: https://crowdin.com/project/gitea
--- a/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
@@ -13,12 +13,12 @@ body:
      2. Please ask questions or configuration/deploy problems on our Discord
         server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
      3. Please take a moment to check that your issue doesn't already exist.
-      4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
+      4. Make sure it's not mentioned in the FAQ (https://docs.gitea.com/help/faq)
      5. Please give all relevant information below for bug reports, because
         incomplete details will be handled as an invalid report.
      6. In particular it's really important to provide pertinent logs. If you are certain that this is a javascript
         error, show us the javascript console. If the error appears to relate to Gitea the server you must also give us
-         DEBUG level logs. (See https://docs.gitea.io/en-us/logging-configuration/#debugging-problems)
+         DEBUG level logs. (See https://docs.gitea.com/administration/logging-config#collecting-logs-for-help)
 - type: textarea
  id: description
  attributes:
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,34 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.com).

+## [1.20.4](https://github.com/go-gitea/gitea/releases/tag/v1.20.4) - 2023-09-08
+
+* SECURITY
+  * Check blocklist for emails when adding them to account (#26812) (#26831)
+* ENHANCEMENTS
+  * Add `branch_filter` to hooks API endpoints (#26599) (#26632)
+  * Fix incorrect "tabindex" attributes (#26733) (#26734)
+  * Use line-height: normal by default (#26635) (#26708)
+  * Fix unable to display individual-level project (#26198) (#26636)
+* BUGFIXES
+  * Fix wrong review requested number (#26784) (#26880)
+  * Avoid double-unescaping of form value (#26853) (#26863)
+  * Redirect from `{repo}/issues/new` to `{repo}/issues/new/choose` when blank issues are disabled (#26813) (#26847)
+  * Sync tags when adopting repos (#26816) (#26834)
+  * Fix verifyCommits error when push a new branch (#26664) (#26810)
+  * Include the GITHUB_TOKEN/GITEA_TOKEN secret for fork pull requests (#26759) (#26806)
+  * Fix some slice append usages (#26778) (#26798)
+  * Add fix incorrect can_create_org_repo for org owner team (#26683) (#26791)
+  * Fix bug for ctx usage (#26763)
+  * Make issue template field template access correct template data (#26698) (#26709)
+  * Use correct minio error (#26634) (#26639)
+  * Ignore the trailing slashes when comparing oauth2 redirect_uri (#26597) (#26618)
+  * Set errwriter for urfave/cli v1 (#26616)
+  * Fix reopen logic for agit flow pull request (#26399) (#26613)
+  * Fix context filter has no effect in dashboard (#26695) (#26811)
+  * Fix being unable to use a repo that prohibits accepting PRs as a PR source. (#26785) (#26790)
+  * Fix Page Not Found error (#26768)
+
 ## [1.20.3](https://github.com/go-gitea/gitea/releases/tag/v1.20.3) - 2023-08-20

 * BREAKING
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -60,7 +60,7 @@
 ## Introduction

 This document explains how to contribute changes to the Gitea project. \
-It assumes you have followed the [installation instructions](https://docs.gitea.io/en-us/). \
+It assumes you have followed the [installation instructions](https://docs.gitea.com/category/installation). \
 Sensitive security-related issues should be reported to [security@gitea.io](mailto:security@gitea.io).

 For configuring IDEs for Gitea development, see the [contributed IDE configurations](contrib/ide/).
--- a/README.md
+++ b/README.md
@@ -86,7 +86,7 @@ When building from the official source tarballs which include pre-built frontend

 Parallelism (`make -j <num>`) is not supported.

-More info: https://docs.gitea.io/en-us/install-from-source/
+More info: https://docs.gitea.com/installation/install-from-source

 ## Using

@@ -110,13 +110,13 @@ Translations are done through Crowdin. If you want to translate to a new languag

 You can also just create an issue for adding a language or ask on discord on the #translation channel. If you need context or find some translation issues, you can leave a comment on the string or ask on Discord. For general translation questions there is a section in the docs. Currently a bit empty but we hope to fill it as questions pop up.

-https://docs.gitea.io/en-us/contributing/translation-guidelines/
+https://docs.gitea.com/contributing/localization

 [![Crowdin](https://badges.crowdin.net/gitea/localized.svg)](https://crowdin.com/project/gitea)

 ## Further information

-For more information and instructions about how to install Gitea, please look at our [documentation](https://docs.gitea.io/en-us/).
+For more information and instructions about how to install Gitea, please look at our [documentation](https://docs.gitea.com).
 If you have questions that are not covered by the documentation, you can get in contact with us on our [Discord server](https://discord.gg/Gitea) or create  a post in the [discourse forum](https://discourse.gitea.io/).

 We maintain a list of Gitea-related projects at [gitea/awesome-gitea](https://gitea.com/gitea/awesome-gitea).
--- a/README_ZH.md
+++ b/README_ZH.md
@@ -68,7 +68,7 @@ Gitea 的首要目标是创建一个极易安装，运行非常快速，安装

 ## 文档

-关于如何安装请访问我们的 [文档站](https://docs.gitea.io/zh-cn/)，如果没有找到对应的文档，你也可以通过 [Discord - 英文](https://discord.gg/gitea) 和 QQ群 328432459 来和我们交流。
+关于如何安装请访问我们的 [文档站](https://docs.gitea.com/zh-cn/category/installation)，如果没有找到对应的文档，你也可以通过 [Discord - 英文](https://discord.gg/gitea) 和 QQ群 328432459 来和我们交流。

 ## 贡献流程

--- a/contrib/gitea-monitoring-mixin/config.libsonnet
+++ b/contrib/gitea-monitoring-mixin/config.libsonnet
@@ -7,7 +7,7 @@
    dashboardTimezone: 'default',
    dashboardRefresh: '1m',

-    // please see https://docs.gitea.io/en-us/config-cheat-sheet/#metrics-metrics
+    // please see https://docs.gitea.com/administration/config-cheat-sheet#metrics-metrics
    // Show issue by repository metrics with format gitea_issues_by_repository{repository="org/repo"} 5.
    // Requires Gitea 1.16.0 with ENABLED_ISSUE_BY_REPOSITORY set to true.
    showIssuesByRepository: true,
--- a/contrib/legal/privacy.html.sample
+++ b/contrib/legal/privacy.html.sample
@@ -37,7 +37,7 @@

   <h3>With your Consent</h3>

-   <p>We share your User Personal Information, if you consent, after letting you know what information will be shared, with whom, and why. For example, if you allow third party applications to access your Account using <a href="https://docs.gitea.io/en-us/oauth2-provider/">OAuth2 providers</a>, we share all information associated with your Account, including private repos and organizations. You may also direct us through your action on Your Gitea Instance to share your User Personal Information, such as when joining an Organization.</p>
+   <p>We share your User Personal Information, if you consent, after letting you know what information will be shared, with whom, and why. For example, if you allow third party applications to access your Account using <a href="https://docs.gitea.com/development/oauth2-provider">OAuth2 providers</a>, we share all information associated with your Account, including private repos and organizations. You may also direct us through your action on Your Gitea Instance to share your User Personal Information, such as when joining an Organization.</p>

   <h3>With Service Providers</h3>

@@ -144,7 +144,7 @@

   <h3>Data Portability</h3>

-   <p>As a Your Gitea Instance User, you can always take your data with you. You can clone your repositories to your computer, or you can <a href="https://docs.gitea.io/en-us/migrations-interfaces/">perform migrations using the provided interfaces</a>, for example.</p>
+   <p>As a Your Gitea Instance User, you can always take your data with you. You can clone your repositories to your computer, or you can <a href="https://docs.gitea.com/development/migrations-interfaces">perform migrations using the provided interfaces</a>, for example.</p>

   <h3>Data Retention and Deletion of Data</h3>

@@ -183,7 +183,7 @@

  <h2>Changes to this Privacy Policy</h2>

-  <p>Although most changes are likely to be minor, Your Gitea Instance may change our Privacy Statement from time to time. We will provide notification to Users of material changes to this Privacy Statement through our Website at least 30 days prior to the change taking effect by posting a notice on our home page or sending email to the primary email address specified in your account.</p> 
+  <p>Although most changes are likely to be minor, Your Gitea Instance may change our Privacy Statement from time to time. We will provide notification to Users of material changes to this Privacy Statement through our Website at least 30 days prior to the change taking effect by posting a notice on our home page or sending email to the primary email address specified in your account.</p>

  <h2>Contact</h2>

--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -4,7 +4,7 @@
 ;; Do not copy the whole file as-is, as it contains some invalid sections for illustrative purposes.
 ;; If you don't know what a setting is you should not set it.
 ;;
-;; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation.
+;; see https://docs.gitea.com/administration/config-cheat-sheet for additional documentation.


 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1804,8 +1804,9 @@ LEVEL = Info
 ;; Currently, only `minio` is supported.
 ;SERVE_DIRECT = false
 ;;
-;; Path for attachments. Defaults to `data/attachments` only available when STORAGE_TYPE is `local`
-;PATH = data/attachments
+;; Path for attachments. Defaults to `attachments`. Only available when STORAGE_TYPE is `local`
+;; Relative paths will be resolved to `${AppDataPath}/${attachment.PATH}`
+;PATH = attachments
 ;;
 ;; Minio endpoint to connect only available when STORAGE_TYPE is `minio`
 ;MINIO_ENDPOINT = localhost:9000
--- a/docker/README.md
+++ b/docker/README.md
@@ -4,4 +4,4 @@ Dockerfile is found in root of repository.

 Docker image can be found on [docker hub](https://hub.docker.com/r/gitea/gitea)

-Documentation on using docker image can be found on [Gitea Docs site](https://docs.gitea.io/en-us/install-with-docker/)
+Documentation on using docker image can be found on [Gitea Docs site](https://docs.gitea.com/installation/install-with-docker-rootless)
--- a/docs/content/administration/config-cheat-sheet.en-us.md
+++ b/docs/content/administration/config-cheat-sheet.en-us.md
@@ -818,7 +818,7 @@ Default templates for project boards:
 - `MAX_FILES`: **5**: Maximum number of attachments that can be uploaded at once.
 - `STORAGE_TYPE`: **local**: Storage type for attachments, `local` for local disk or `minio` for s3 compatible object storage service, default is `local` or other name defined with `[storage.xxx]`
 - `SERVE_DIRECT`: **false**: Allows the storage driver to redirect to authenticated URLs to serve files directly. Currently, only Minio/S3 is supported via signed URLs, local does nothing.
- `PATH`: **data/attachments**: Path to store attachments only available when STORAGE_TYPE is `local`
+- `PATH`: **attachments**: Path to store attachments only available when STORAGE_TYPE is `local`, relative paths will be resolved to `${AppDataPath}/${attachment.PATH}`.
 - `MINIO_ENDPOINT`: **localhost:9000**: Minio endpoint to connect only available when STORAGE_TYPE is `minio`
 - `MINIO_ACCESS_KEY_ID`: Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`
 - `MINIO_SECRET_ACCESS_KEY`: Minio secretAccessKey to connect only available when STORAGE_TYPE is `minio`
--- a/docs/content/administration/config-cheat-sheet.zh-cn.md
+++ b/docs/content/administration/config-cheat-sheet.zh-cn.md
@@ -230,7 +230,7 @@ menu:
 - `MAX_SIZE`: 附件最大限制，单位 MB，比如： `4`。
 - `MAX_FILES`: 一次最多上传的附件数量，比如： `5`。
 - `STORAGE_TYPE`: **local**: 附件存储类型，`local` 将存储到本地文件夹， `minio` 将存储到 s3 兼容的对象存储服务中。
- `PATH`: **data/attachments**: 附件存储路径，仅当 `STORAGE_TYPE` 为 `local` 时有效。
+- `PATH`: **attachments**: 存储附件的路径，仅当 STORAGE_TYPE 为 `local` 时可用。如果是相对路径，将会被解析为 `${AppDataPath}/${attachment.PATH}`.
 - `MINIO_ENDPOINT`: **localhost:9000**: Minio 终端，仅当 `STORAGE_TYPE` 是 `minio` 时有效。
 - `MINIO_ACCESS_KEY_ID`: Minio accessKeyID ，仅当 `STORAGE_TYPE` 是 `minio` 时有效。
 - `MINIO_SECRET_ACCESS_KEY`: Minio secretAccessKey，仅当 `STORAGE_TYPE` 是 `minio` 时有效。
--- a/docs/content/administration/customizing-gitea.en-us.md
+++ b/docs/content/administration/customizing-gitea.en-us.md
@@ -36,7 +36,7 @@ Application settings can be found in file `CustomConf` which is by default,
 Again `gitea help` will allow you review this variable and you can override it using the
 `--config` option on the `gitea` binary.

- [Quick Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/)
+- [Quick Cheat Sheet](administration/config-cheat-sheet.md)
 - [Complete List](https://github.com/go-gitea/gitea/blob/main/custom/conf/app.example.ini)

 If the `CustomPath` folder can't be found despite checking `gitea help`, check the `GITEA_CUSTOM`
@@ -44,7 +44,7 @@ environment variable; this can be used to override the default path to something
 `GITEA_CUSTOM` might, for example, be set by an init script. You can check whether the value
 is set under the "Configuration" tab on the site administration page.

- [List of Environment Variables](https://docs.gitea.io/en-us/environment-variables/)
+- [List of Environment Variables](administration/environment-variables.md)

 **Note:** Gitea must perform a full restart to see configuration changes.

@@ -79,7 +79,7 @@ for C++ repositories, we want to replace `options/gitignore/C++`. To do this, a
 must be placed in `$GITEA_CUSTOM/options/gitignore/C++` (see about the location of the `CustomPath`
 directory at the top of this document).

-Every single page of Gitea can be changed. Dynamic content is generated using [go templates](https://golang.org/pkg/html/template/),
+Every single page of Gitea can be changed. Dynamic content is generated using [go templates](https://pkg.go.dev/html/template),
 which can be modified by placing replacements below the `$GITEA_CUSTOM/templates` directory.

 To obtain any embedded file (including templates), the [`gitea embedded` tool](administration/cmd-embedded.md) can be used. Alternatively, they can be found in the [`templates`](https://github.com/go-gitea/gitea/tree/main/templates) directory of Gitea source (Note: the example link is from the `main` branch. Make sure to use templates compatible with the release you are using).
@@ -103,7 +103,7 @@ just place it under your "$GITEA_CUSTOM/public/" directory (for instance `$GITEA
 To match the current style, the link should have the class name "item", and you can use `{{AppSubUrl}}` to get the base URL:
 `<a class="item" href="{{AppSubUrl}}/assets/impressum.html">Impressum</a>`

-For more information, see [Adding Legal Pages](https://docs.gitea.io/en-us/adding-legal-pages).
+For more information, see [Adding Legal Pages](administration/adding-legal-pages.md).

 You can add new tabs in the same way, putting them in `extra_tabs.tmpl`.
 The exact HTML needed to match the style of other tabs is in the file
@@ -355,10 +355,10 @@ A full list of supported emoji's is at [emoji list](https://gitea.com/gitea/gite
 ## Customizing the look of Gitea

 The default built-in themes are `gitea` (light), `arc-green` (dark), and `auto` (chooses light or dark depending on operating system settings).
-The default theme can be changed via `DEFAULT_THEME` in the [ui](https://docs.gitea.io/en-us/config-cheat-sheet/#ui-ui) section of `app.ini`.
+The default theme can be changed via `DEFAULT_THEME` in the [ui](administration/config-cheat-sheet.md#ui-ui) section of `app.ini`.

 Gitea also has support for user themes, which means every user can select which theme should be used.
-The list of themes a user can choose from can be configured with the `THEMES` value in the [ui](https://docs.gitea.io/en-us/config-cheat-sheet/#ui-ui) section of `app.ini`.
+The list of themes a user can choose from can be configured with the `THEMES` value in the [ui](administration/config-cheat-sheet.md#ui-ui) section of `app.ini`.

 To make a custom theme available to all users:

--- a/docs/content/administration/customizing-gitea.zh-cn.md
+++ b/docs/content/administration/customizing-gitea.zh-cn.md
@@ -23,13 +23,13 @@ Gitea 引用 `custom` 目录中的自定义配置文件来覆盖配置、模板
 将会自动创建包括 `custom/` 在内的必要应用目录，应用本身的配置存放在
 `custom/conf/app.ini` 当中。在发行版中可能会以 `/etc/gitea/` 的形式为 `custom` 设置一个符号链接，查看配置详情请移步：

- [快速备忘单](https://docs.gitea.io/en-us/config-cheat-sheet/)
+- [快速备忘单](administration/config-cheat-sheet.md)
 - [完整配置清单](https://github.com/go-gitea/gitea/blob/main/custom/conf/app.example.ini)

 如果您在 binary 同目录下无法找到 `custom` 文件夹，请检查您的 `GITEA_CUSTOM`
 环境变量配置， 因为它可能被配置到了其他地方（可能被一些启动脚本设置指定了目录）。

- [环境变量清单](https://docs.gitea.io/en-us/specific-variables/)
+- [环境变量清单](administration/environment-variables.md)

 **注：** 必须完全重启 Gitea 以使配置生效。

@@ -87,4 +87,4 @@ Gitea 引用 `custom` 目录中的自定义配置文件来覆盖配置、模板
 ## 更改 Gitea 外观

 Gitea 目前由两种内置主题，分别为默认 `gitea` 主题和深色主题 `arc-green`，您可以通过修改
-`app.ini` [ui](https://docs.gitea.io/en-us/config-cheat-sheet/#ui-ui) 部分的 `DEFAULT_THEME` 的值来变更至一个可用的 Gitea 外观。
+`app.ini` [ui](administration/config-cheat-sheet.md#ui-ui) 部分的 `DEFAULT_THEME` 的值来变更至一个可用的 Gitea 外观。
--- a/docs/content/administration/external-renderers.en-us.md
+++ b/docs/content/administration/external-renderers.en-us.md
@@ -24,7 +24,7 @@ it is just a matter of:
 - add some configuration to your `app.ini` file
 - restart your Gitea instance

-This supports rendering of whole files. If you want to render code blocks in markdown you would need to do something with javascript. See some examples on the [Customizing Gitea](../customizing-gitea) page.
+This supports rendering of whole files. If you want to render code blocks in markdown you would need to do something with javascript. See some examples on the [Customizing Gitea](administration/customizing-gitea.md) page.

 ## Installing external binaries

--- a/docs/content/administration/fail2ban-setup.en-us.md
+++ b/docs/content/administration/fail2ban-setup.en-us.md
@@ -119,7 +119,7 @@ proxy_set_header X-Real-IP $remote_addr;

 The security options in `app.ini` need to be adjusted to allow the interpretation of the headers
 as well as the list of IP addresses and networks that describe trusted proxy servers
-(See the [configuration cheat sheet](https://docs.gitea.io/en-us/config-cheat-sheet/#security-security) for more information).
+(See the [configuration cheat sheet](administration/config-cheat-sheet.md#security-security) for more information).

 ```
 REVERSE_PROXY_LIMIT = 1
--- a/docs/content/administration/fail2ban-setup.zh-cn.md
+++ b/docs/content/administration/fail2ban-setup.zh-cn.md
@@ -91,4 +91,4 @@ REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.0/8,::1/128
 `REVERSE_PROXY_LIMIT` 限制反向代理服务器的层数，设置为 `0` 表示不使用这些标头。
 `REVERSE_PROXY_TRUSTED_PROXIES` 表示受信任的反向代理服务器网络地址，
 经过该网络地址转发来的流量会经过解析 `X-Real-IP` 头部得到真实客户端地址。
-（参考 [configuration cheat sheet](https://docs.gitea.io/en-us/config-cheat-sheet/#security-security)）
+（参考 [configuration cheat sheet](administration/config-cheat-sheet.md#security-security)）
--- a/docs/content/administration/https-support.en-us.md
+++ b/docs/content/administration/https-support.en-us.md
@@ -36,7 +36,7 @@ KEY_FILE  = key.pem
 ```

 Note that if your certificate is signed by a third party certificate authority (i.e. not self-signed), then cert.pem should contain the certificate chain. The server certificate must be the first entry in cert.pem, followed by the intermediaries in order (if any). The root certificate does not have to be included because the connecting client must already have it in order to estalbish the trust relationship.
-To learn more about the config values, please checkout the [Config Cheat Sheet](../config-cheat-sheet#server-server).
+To learn more about the config values, please checkout the [Config Cheat Sheet](administration/config-cheat-sheet.md#server-server).

 For the `CERT_FILE` or `KEY_FILE` field, the file path is relative to the `GITEA_CUSTOM` environment variable when it is a relative path. It can be an absolute path as well.

@@ -85,11 +85,11 @@ ACME_DIRECTORY=https
 ACME_EMAIL=email@example.com
 ```

-To learn more about the config values, please checkout the [Config Cheat Sheet](../config-cheat-sheet#server-server).
+To learn more about the config values, please checkout the [Config Cheat Sheet](administration/config-cheat-sheet.md#server-server).

 ## Using a reverse proxy

-Setup up your reverse proxy as shown in the [reverse proxy guide](../reverse-proxies).
+Setup up your reverse proxy as shown in the [reverse proxy guide](administration/reverse-proxies.md).

 After that, enable HTTPS by following one of these guides:

--- a/docs/content/administration/https-support.zh-cn.md
+++ b/docs/content/administration/https-support.zh-cn.md
@@ -82,11 +82,11 @@ ACME_DIRECTORY=https
 ACME_EMAIL=email@example.com
 ```

-要了解关于配置, 请访问 [配置备忘单](../config-cheat-sheet#server-server)获取更多信息
+要了解关于配置, 请访问 [配置备忘单](administration/config-cheat-sheet.md#server-server)获取更多信息

 ## 使用反向代理服务器

-按照 [reverse proxy guide](../reverse-proxies) 的规则设置你的反向代理服务器
+按照 [reverse proxy guide](administration/reverse-proxies.md) 的规则设置你的反向代理服务器

 然后，按照下面的向导启用 HTTPS：

--- a/docs/content/administration/mail-templates.en-us.md
+++ b/docs/content/administration/mail-templates.en-us.md
@@ -18,7 +18,7 @@ menu:
 # Mail templates

 To craft the e-mail subject and contents for certain operations, Gitea can be customized by using templates. The templates
-for these functions are located under the [`custom` directory](https://docs.gitea.io/en-us/customizing-gitea/).
+for these functions are located under the [`custom` directory](administration/customizing-gitea.md).
 Gitea has an internal template that serves as default in case there's no custom alternative.

 Custom templates are loaded when Gitea starts. Changes made to them are not recognized until Gitea is restarted again.
@@ -165,7 +165,7 @@ If the template fails to render, it will be noticed only at the moment the mail
 A default subject is used if the subject template fails, and whatever was rendered successfully
 from the the _mail body_ is used, disregarding the rest.

-Please check [Gitea's logs](https://docs.gitea.io/en-us/logging-configuration/) for error messages in case of trouble.
+Please check [Gitea's logs](administration/logging-config.md) for error messages in case of trouble.

 ## Example

--- a/docs/content/administration/mail-templates.zh-cn.md
+++ b/docs/content/administration/mail-templates.zh-cn.md
@@ -17,7 +17,7 @@ menu:

 # 邮件模板

-为了定制特定操作的电子邮件主题和内容，可以使用模板来自定义 Gitea。这些功能的模板位于 [`custom` 目录](https://docs.gitea.io/en-us/customizing-gitea/) 下。
+为了定制特定操作的电子邮件主题和内容，可以使用模板来自定义 Gitea。这些功能的模板位于 [`custom` 目录](administration/customizing-gitea.md) 下。
 如果没有自定义的替代方案，Gitea 将使用内部模板作为默认模板。

 自定义模板在 Gitea 启动时加载。对它们的更改在 Gitea 重新启动之前不会被识别。
@@ -148,7 +148,7 @@ _主题_ 和 _邮件正文_ 由 [Golang的模板引擎](https://golang.org/pkg/t
 如果模板无法呈现，则只有在发送邮件时才会注意到。
 如果主题模板失败，将使用默认主题，如果从 _邮件正文_ 中成功呈现了任何内容，则将使用该内容，忽略其他内容。

-如果遇到问题，请检查 [Gitea的日志](https://docs.gitea.io/en-us/logging-configuration/) 以获取错误消息。
+如果遇到问题，请检查 [Gitea的日志](administration/logging-config.md) 以获取错误消息。

 ## 示例

--- a/docs/content/administration/repo-indexer.en-us.md
+++ b/docs/content/administration/repo-indexer.en-us.md
@@ -19,7 +19,7 @@ menu:

 ## Setting up the repository indexer

-Gitea can search through the files of the repositories by enabling this function in your [`app.ini`](https://docs.gitea.io/en-us/config-cheat-sheet/):
+Gitea can search through the files of the repositories by enabling this function in your [`app.ini`](administration/config-cheat-sheet.md):

 ```ini
 [indexer]
--- a/docs/content/administration/repo-indexer.zh-cn.md
+++ b/docs/content/administration/repo-indexer.zh-cn.md
@@ -19,7 +19,7 @@ menu:

 ## 设置仓库索引器

-通过在您的 [`app.ini`](https://docs.gitea.io/en-us/config-cheat-sheet/) 中启用此功能，Gitea 可以通过仓库的文件进行搜索：
+通过在您的 [`app.ini`](administration/config-cheat-sheet.md) 中启用此功能，Gitea 可以通过仓库的文件进行搜索：

 ```ini
 [indexer]
--- a/docs/content/development/api-usage.en-us.md
+++ b/docs/content/development/api-usage.en-us.md
@@ -21,7 +21,7 @@ menu:

 By default, `ENABLE_SWAGGER` is true, and
 `MAX_RESPONSE_ITEMS` is set to 50. See [Config Cheat
-Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/) for more
+Sheet](administration/config-cheat-sheet.md) for more
 information.

 ## Authentication
@@ -76,7 +76,7 @@ interface: `Settings | Applications | Generate New Token`.

 ## OAuth2 Provider

-Access tokens obtained from Gitea's [OAuth2 provider](https://docs.gitea.io/en-us/oauth2-provider) are accepted by these methods:
+Access tokens obtained from Gitea's [OAuth2 provider](development/oauth2-provider.md) are accepted by these methods:

 - `Authorization bearer ...` header in HTTP headers
 - `token=...` parameter in URL query string
--- a/docs/content/development/api-usage.zh-cn.md
+++ b/docs/content/development/api-usage.zh-cn.md
@@ -20,7 +20,7 @@ menu:
 ## 开启/配置 API 访问

 通常情况下， `ENABLE_SWAGGER` 默认开启并且参数 `MAX_RESPONSE_ITEMS` 默认为 50。您可以从 [Config Cheat
-Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/) 中获取更多配置相关信息。
+Sheet](administration/config-cheat-sheet.md) 中获取更多配置相关信息。

 ## 通过 API 认证

--- a/docs/content/development/oauth2-provider.en-us.md
+++ b/docs/content/development/oauth2-provider.en-us.md
@@ -137,7 +137,7 @@ For public clients, a redirect URI of a loopback IP address such as `http://127.

   The `REDIRECT_URI` in the `access_token` request must match the `REDIRECT_URI` in the `authorize` request.

-3. Use the `access_token` to make [API requests](https://docs.gitea.io/en-us/api-usage#oauth2) to access the user's resources.
+3. Use the `access_token` to make [API requests](development/api-usage.md#oauth2-provider) to access the user's resources.

 ### Public client (PKCE)

@@ -199,4 +199,4 @@ After you have generated this values, you can continue with your request.

   The `REDIRECT_URI` in the `access_token` request must match the `REDIRECT_URI` in the `authorize` request.

-3. Use the `access_token` to make [API requests](https://docs.gitea.io/en-us/api-usage#oauth2) to access the user's resources.
+3. Use the `access_token` to make [API requests](development/api-usage.md#oauth2-provider) to access the user's resources.
--- a/docs/content/development/oauth2-provider.zh-cn.md
+++ b/docs/content/development/oauth2-provider.zh-cn.md
@@ -134,4 +134,4 @@ Gitea 支持私密和公共客户端类型，[参见 RFC 6749](https://datatrack

   `access_token` 请求中的 `REDIRECT_URI` 必须与 `authorize` 请求中的 `REDIRECT_URI` 相符。

-3. 使用 `access_token` 来构造 [API 请求](https://docs.gitea.io/en-us/api-usage#oauth2) 以读写用户的资源。
+3. 使用 `access_token` 来构造 [API 请求](development/api-usage.md#oauth2-provider) 以读写用户的资源。
--- a/docs/content/development/oauth2-provider.zh-tw.md
+++ b/docs/content/development/oauth2-provider.zh-tw.md
@@ -93,4 +93,4 @@ Gitea 支援作為 OAuth2 提供者，能讓第三方程式能在使用者同意

   `access_token` 請求中的 `REDIRECT_URI` 必須符合 `authorize` 請求中的 `REDIRECT_URI`。

-1. 發送 [API requests](https://docs.gitea.io/en-us/api-usage#oauth2) 時使用 `access_token` 以存取使用者的資源。
+1. 發送 [API requests](development/api-usage.md#oauth2-provider) 時使用 `access_token` 以存取使用者的資源。
--- a/docs/content/help/support.en-us.md
+++ b/docs/content/help/support.en-us.md
@@ -20,34 +20,59 @@ menu:
 - [Paid Commercial Support](https://about.gitea.com/)
 - [Discord](https://discord.gg/Gitea)
 - [Discourse Forum](https://discourse.gitea.io/)
+- [Matrix](https://matrix.to/#/#gitea-space:matrix.org)
+  - NOTE: Most of the Matrix channels are bridged with their counterpart in Discord and may experience some degree of flakiness with the bridge process.
+- Chinese Support
+  - [Discourse Chinese Category](https://discourse.gitea.io/c/5-category/5)
+  - QQ Group 328432459
+
+# Bug Report
+
+If you found a bug, please [create an issue on GitHub](https://github.com/go-gitea/gitea/issues).

 **NOTE:** When asking for support, it may be a good idea to have the following available so that the person helping has all the info they need:

 1. Your `app.ini` (with any sensitive data scrubbed as necessary).
-2. The Gitea logs, and any other appropriate log files for the situation.
-    - When using systemd, use `journalctl --lines 1000 --unit gitea` to collect logs.
-    - When using docker, use `docker logs --tail 1000 <gitea-container>` to collect logs.
-    - By default, the logs are outputted to console. If you need to collect logs from files,
-      you could copy the following config into your `app.ini` (remove all other `[log]` sections),
-      then you can find the `*.log` files in Gitea's log directory (default: `%(GITEA_WORK_DIR)/log`).
-
-    ```ini
-    ; To show all SQL logs, you can also set LOG_SQL=true in the [database] section
-    [log]
-    LEVEL=debug
-    MODE=console,file
-    ```
-
-3. Any error messages you are seeing.
-4. When possible, try to replicate the issue on [try.gitea.io](https://try.gitea.io) and include steps so that others can reproduce the issue.
-    - This will greatly improve the chance that the root of the issue can be quickly discovered and resolved.
-5. If you encounter slow/hanging/deadlock problems, please report the stack trace when the problem occurs.
+2. Any error messages you are seeing.
+3. The Gitea logs, and all other related logs for the situation.
+   - It's more useful to collect `trace` / `debug` level logs (see the next section).
+   - When using systemd, use `journalctl --lines 1000 --unit gitea` to collect logs.
+   - When using docker, use `docker logs --tail 1000 <gitea-container>` to collect logs.
+4. Reproducible steps so that others could reproduce and understand the problem more quickly and easily.
+   - [try.gitea.io](https://try.gitea.io) could be used to reproduce the problem.
+5. If you encounter slow/hanging/deadlock problems, please report the stacktrace when the problem occurs.
   Go to the "Site Admin" -> "Monitoring" -> "Stacktrace" -> "Download diagnosis report".

-## Bugs
+# Advanced Bug Report Tips

-If you found a bug, please create an [issue on GitHub](https://github.com/go-gitea/gitea/issues).
+## More Config Options for Logs

-## Chinese Support
+By default, the logs are outputted to console with `info` level.
+If you need to set log level and/or collect logs from files,
+you could just copy the following config into your `app.ini` (remove all other `[log]` sections),
+then you will find the `*.log` files in Gitea's log directory (default: `%(GITEA_WORK_DIR)/log`).

-Support for the Chinese language is provided at [Our discourse](https://discourse.gitea.io/c/5-category/5) or QQ Group 328432459.
+```ini
+; To show all SQL logs, you can also set LOG_SQL=true in the [database] section
+[log]
+LEVEL=debug
+MODE=console,file
+```
+
+## Collecting Stacktrace by Command Line
+
+Gitea could use Golang's pprof handler and toolchain to collect stacktrace and other runtime information.
+
+If the web UI stops working, you could try to collect the stacktrace by command line:
+
+1. Set `app.ini`:
+
+    ```
+    [server]
+    ENABLE_PPROF = true
+    ```
+
+2. Restart Gitea
+
+3. Try to trigger the bug, when the requests get stuck for a while,
+   use `curl` or browser to visit: `http://127.0.0.1:6060/debug/pprof/goroutine?debug=1` to get the stacktrace.
--- a/docs/content/help/support.zh-tw.md
+++ b/docs/content/help/support.zh-tw.md
@@ -28,7 +28,7 @@ menu:
 3. 您看到的任何錯誤訊息
 4. 儘可能地在 [try.gitea.io](https://try.gitea.io) 觸發您的問題並記下步驟，以便其他人能重現那個問題。
    - 這將讓我們更有機會快速地找出問題的根源並解決它。
-5. 堆棧跟踪，[請參考英文文檔](https://docs.gitea.io/en-us/seek-help/)
+5. 堆棧跟踪，[請參考英文文檔](https://docs.gitea.com/help/support)

 ## 錯誤回報

--- a/docs/content/installation/from-binary.zh-cn.md
+++ b/docs/content/installation/from-binary.zh-cn.md
@@ -117,7 +117,7 @@ chmod 770 /etc/gitea
 - 使用 `gitea generate secret` 创建 `SECRET_KEY` 和 `INTERNAL_TOKEN`
 - 提供所有必要的密钥

-详情参考 [命令行文档](/zh-cn/command-line/) 中有关 `gitea generate secret` 的内容。
+详情参考 [命令行文档](administration/command-line.md) 中有关 `gitea generate secret` 的内容。

 ### 配置 Gitea 工作路径

--- a/docs/content/installation/from-source.zh-cn.md
+++ b/docs/content/installation/from-source.zh-cn.md
@@ -52,7 +52,7 @@ git checkout v@version@

 - `go` @minGoVersion@ 或以上版本, 详见[这里](https://golang.google.cn/doc/install)
 - `node` @minNodeVersion@ 或以上版本，并且安装 `npm`, 详见[这里](https://nodejs.org/zh-cn/download/)
- `make`, 详见[这里](/zh-cn/hacking-on-gitea/)
+- `make`, 详见[这里](development/hacking-on-gitea.md)

 各种可用的 [make 任务](https://github.com/go-gitea/gitea/blob/main/Makefile)
 可以用来使编译过程更方便。
--- a/docs/content/installation/with-docker-rootless.en-us.md
+++ b/docs/content/installation/with-docker-rootless.en-us.md
@@ -254,7 +254,7 @@ documented above, please note that `db` must be used as the database hostname.

 # Customization

-Customization files described [here](https://docs.gitea.io/en-us/customizing-gitea/) should
+Customization files described [here](administration/customizing-gitea.md) should
 be placed in `/var/lib/gitea/custom` directory. If using host volumes, it's quite easy to access these
 files; for named volumes, this is done through another container or by direct access at
 `/var/lib/docker/volumes/gitea_gitea/_/var_lib_gitea`. The configuration file will be saved at
@@ -313,7 +313,7 @@ services:
      - GITEA__mailer__PASSWD="""${GITEA__mailer__PASSWD:?GITEA__mailer__PASSWD not set}"""
 ```

-To set required TOKEN and SECRET values, consider using Gitea's built-in [generate utility functions](https://docs.gitea.io/en-us/command-line/#generate).
+To set required TOKEN and SECRET values, consider using Gitea's built-in [generate utility functions](administration/command-line.md#generate).

 # SSH Container Passthrough

@@ -342,7 +342,7 @@ Once the wrapper is in place, you can make it the shell for the `git` user:
 sudo usermod -s /usr/local/bin/gitea-shell git
 ```

-Now that all the SSH commands are forwarded to the container, you need to set up the SSH authentication on the host. This is done by leveraging the [SSH AuthorizedKeysCommand](https://docs.gitea.io/en-us/command-line/#keys) to match the keys against those accepted by Gitea. Add the following block to `/etc/ssh/sshd_config`, on the host:
+Now that all the SSH commands are forwarded to the container, you need to set up the SSH authentication on the host. This is done by leveraging the [SSH AuthorizedKeysCommand](administration/command-line.md#keys) to match the keys against those accepted by Gitea. Add the following block to `/etc/ssh/sshd_config`, on the host:

 ```bash
 Match User git
--- a/docs/content/installation/with-docker-rootless.zh-cn.md
+++ b/docs/content/installation/with-docker-rootless.zh-cn.md
@@ -281,7 +281,7 @@ services:
      - GITEA__mailer__PASSWD="""${GITEA__mailer__PASSWD:?GITEA__mailer__PASSWD not set}"""
 ```

-要设置所需的 TOKEN 和 SECRET 值，可以使用 Gitea 的内置[生成使用函数](https://docs.gitea.io/en-us/command-line/#generate).
+要设置所需的 TOKEN 和 SECRET 值，可以使用 Gitea 的内置[生成使用函数](administration/command-line.md#generate).

 # SSH 容器透传

@@ -310,7 +310,7 @@ sudo chmod +x /usr/local/bin/gitea-shell
 sudo usermod -s /usr/local/bin/gitea-shell git
 ```

-现在，所有的 SSH 命令都会被转发到容器，您需要在主机上设置 SSH 认证。这可以通过利用 [SSH AuthorizedKeysCommand](https://docs.gitea.io/en-us/command-line/#keys) 来匹配 Gitea 接受的密钥。在主机的 `/etc/ssh/sshd_config` 文件中添加以下代码块：
+现在，所有的 SSH 命令都会被转发到容器，您需要在主机上设置 SSH 认证。这可以通过利用 [SSH AuthorizedKeysCommand](administration/command-line.md#keys) 来匹配 Gitea 接受的密钥。在主机的 `/etc/ssh/sshd_config` 文件中添加以下代码块：

 ```bash
 Match User git
--- a/docs/content/installation/with-docker.en-us.md
+++ b/docs/content/installation/with-docker.en-us.md
@@ -261,7 +261,7 @@ documented above, please note that `db` must be used as the database hostname.

 ## Customization

-Customization files described [here](https://docs.gitea.io/en-us/customizing-gitea/) should
+Customization files described [here](administration/customizing-gitea.md) should
 be placed in `/data/gitea` directory. If using host volumes, it's quite easy to access these
 files; for named volumes, this is done through another container or by direct access at
 `/var/lib/docker/volumes/gitea_gitea/_data`. The configuration file will be saved at
@@ -309,7 +309,7 @@ services:
      - GITEA__mailer__PASSWD="""${GITEA__mailer__PASSWD:?GITEA__mailer__PASSWD not set}"""
 ```

-Gitea will generate new secrets/tokens for every new installation automatically and write them into the app.ini. If you want to set the secrets/tokens manually, you can use the following docker commands to use of Gitea's built-in [generate utility functions](https://docs.gitea.io/en-us/command-line/#generate). Do not lose/change your SECRET_KEY after the installation, otherwise the encrypted data can not be decrypted anymore.
+Gitea will generate new secrets/tokens for every new installation automatically and write them into the app.ini. If you want to set the secrets/tokens manually, you can use the following docker commands to use of Gitea's built-in [generate utility functions](administration/command-line.md#generate). Do not lose/change your SECRET_KEY after the installation, otherwise the encrypted data can not be decrypted anymore.

 The following commands will output a new `SECRET_KEY` and `INTERNAL_TOKEN` to `stdout`, which you can then place in your environment variables.

@@ -553,7 +553,7 @@ In this option, the idea is that the host SSH uses an `AuthorizedKeysCommand` in

 Now all attempts to login as the `git` user on the host will be forwarded to the docker - including the `SSH_ORIGINAL_COMMAND`. We now need to set-up SSH authentication on the host.

-We will do this by leveraging the [SSH AuthorizedKeysCommand](https://docs.gitea.io/en-us/command-line/#keys) to match the keys against those accepted by Gitea.
+We will do this by leveraging the [SSH AuthorizedKeysCommand](administration/command-line.md#keys) to match the keys against those accepted by Gitea.

 Add the following block to `/etc/ssh/sshd_config`, on the host:

--- a/docs/content/installation/with-docker.fr-fr.md
+++ b/docs/content/installation/with-docker.fr-fr.md
@@ -103,7 +103,7 @@ Vous devriez maintenant avoir deux conteneurs Docker pour Gitea et PostgreSQL pl

 # Personnalisation

-Les fichier personnalisés ([voir les instructions](https://docs.gitea.io/en-us/customizing-gitea/)) peuvent être placés dans le répertoire `/data/gitea`.
+Les fichier personnalisés ([voir les instructions](administration/customizing-gitea.md)) peuvent être placés dans le répertoire `/data/gitea`.

 Le fichier de configuration sera sauvegardé à l'emplacement suivant : `/data/gitea/conf/app.ini`

--- a/docs/content/installation/with-docker.zh-cn.md
+++ b/docs/content/installation/with-docker.zh-cn.md
@@ -260,7 +260,7 @@ MySQL 或 PostgreSQL 容器将需要分别创建。

 ## 自定义

-[此处](https://docs.gitea.io/zh-cn/customizing-gitea/)描述的定制文件应放在 `/data/gitea` 目录中。如果使用主机卷，则访问这些文件非常容易；对于命名卷，可以通过另一个容器或通过直接访问 `/var/lib/docker/volumes/gitea_gitea/_data` 来完成。安装后，配置文件将保存在 `/data/gitea/conf/app.ini` 中。
+[此处](administration/customizing-gitea.md)描述的定制文件应放在 `/data/gitea` 目录中。如果使用主机卷，则访问这些文件非常容易；对于命名卷，可以通过另一个容器或通过直接访问 `/var/lib/docker/volumes/gitea_gitea/_data` 来完成。安装后，配置文件将保存在 `/data/gitea/conf/app.ini` 中。

 ## 升级

@@ -293,7 +293,7 @@ services:
      - GITEA__mailer__PASSWD="""${GITEA__mailer__PASSWD:?GITEA__mailer__PASSWD not set}"""
 ```

-Gitea 将为每次新安装自动生成新的 `SECRET_KEY` 并将它们写入 `app.ini`。 如果您想手动设置 `SECRET_KEY`，您可以使用以下 docker 命令来使用 Gitea 内置的[方法](https://docs.gitea.io/en-us/command-line/#generate)生成 `SECRET_KEY`。 安装后请妥善保管您的 `SECRET_KEY`，如若丢失则无法解密已加密的数据。
+Gitea 将为每次新安装自动生成新的 `SECRET_KEY` 并将它们写入 `app.ini`。 如果您想手动设置 `SECRET_KEY`，您可以使用以下 docker 命令来使用 Gitea 内置的[方法](administration/command-line.md#generate)生成 `SECRET_KEY`。 安装后请妥善保管您的 `SECRET_KEY`，如若丢失则无法解密已加密的数据。

 以下命令将向 `stdout` 输出一个新的 `SECRET_KEY` 和 `INTERNAL_TOKEN`，然后您可以将其放入环境变量中。

--- a/docs/content/usage/actions/act-runner.en-us.md
+++ b/docs/content/usage/actions/act-runner.en-us.md
@@ -81,7 +81,7 @@ docker run --entrypoint="" --rm -it gitea/act_runner:latest act_runner generate-
 When you are using the docker image, you can specify the configuration file by using the `CONFIG_FILE` environment variable. Make sure that the file is mounted into the container as a volume:

 ```bash
-docker run -v $(pwd)/config.yaml:/config.yaml -e CONFIG_FILE=/config.yaml ...
+docker run -v $PWD/config.yaml:/config.yaml -e CONFIG_FILE=/config.yaml ...
 ```

 You may notice the commands above are both incomplete, because it is not the time to run the act runner yet.
@@ -157,8 +157,8 @@ If you are using the docker image, behaviour will be slightly different. Registr

 ```bash
 docker run \
-    -v $(pwd)/config.yaml:/config.yaml \
-    -v $(pwd)/data:/data \
+    -v $PWD/config.yaml:/config.yaml \
+    -v $PWD/data:/data \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -e CONFIG_FILE=/config.yaml \
    -e GITEA_INSTANCE_URL=<instance_url> \
--- a/docs/content/usage/actions/design.en-us.md
+++ b/docs/content/usage/actions/design.en-us.md
@@ -112,7 +112,7 @@ You can configure your Gitea instance to fetch actions or images from your intra

 In fact, your Gitea instance can serve as both the actions marketplace and the image registry.
 You can mirror actions repositories from GitHub to your Gitea instance, and use them as normal.
-And [Gitea Container Registry](https://docs.gitea.io/en-us/usage/packages/container/) can be used as a Docker image registry.
+And [Gitea Container Registry](usage/packages/container.md) can be used as a Docker image registry.

 ### Connection 4, job containers to internet

--- a/docs/content/usage/actions/design.zh-cn.md
+++ b/docs/content/usage/actions/design.zh-cn.md
@@ -113,7 +113,7 @@ act runner 必须能够连接到Gitea以接收任务并发送执行结果回来

 实际上，您的Gitea实例可以同时充当 Actions 市场和镜像注册表。
 您可以将GitHub上的Actions仓库镜像到您的Gitea实例，并将其用作普通Actions。
-而 [Gitea 容器注册表](https://docs.gitea.io/en-us/usage/packages/container/) 可用作Docker镜像注册表。
+而 [Gitea 容器注册表](usage/packages/container.md) 可用作Docker镜像注册表。

 ### 连接 4，Job容器到互联网

--- a/docs/content/usage/actions/faq.en-us.md
+++ b/docs/content/usage/actions/faq.en-us.md
@@ -61,7 +61,7 @@ For example:
 Be careful, the `https://` or `http://` prefix is necessary!

 Alternatively, if you want your runners to download actions from GitHub or your own Gitea instance by default, you can configure it by setting `[actions].DEFAULT_ACTIONS_URL`.
-See [Configuration Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/#actions-actions).
+See [Configuration Cheat Sheet](administration/config-cheat-sheet.md#actions-actions).

 This is one of the differences from GitHub Actions, but it should allow users much more flexibility in how they run Actions.

@@ -69,7 +69,7 @@ This is one of the differences from GitHub Actions, but it should allow users mu

 Runners have no more permissions than simply connecting to your Gitea instance.
 When any runner receives a job to run, it will temporarily gain limited permission to the repository associated with the job.
-If you want to give more permissions to the runner, allowing it to access more private repositories or external systems, you can pass [secrets](https://docs.gitea.io/en-us/usage/secrets/) to it.
+If you want to give more permissions to the runner, allowing it to access more private repositories or external systems, you can pass [secrets](usage/secrets.md) to it.

 Refined permission control to Actions is a complicated job.
 In the future, we will add more options to Gitea to make it more configurable, such as allowing more write access to repositories or read access to all repositories in the same organization.
--- a/docs/content/usage/actions/faq.zh-cn.md
+++ b/docs/content/usage/actions/faq.zh-cn.md
@@ -61,7 +61,7 @@ DEFAULT_REPO_UNITS = ...,repo.actions
 注意，`https://`或`http://`前缀是必需的！

 另外，如果您希望您的Runner默认从GitHub或您自己的Gitea实例下载Actions，可以通过设置 `[actions].DEFAULT_ACTIONS_URL`进行配置。
-参见[配置速查表](https://docs.gitea.io/en-us/config-cheat-sheet/#actions-actions)。
+参见[配置速查表](administration/config-cheat-sheet.md#actions-actions)。

 这是与GitHub Actions的一个区别，但它应该允许用户以更灵活的方式运行Actions。

@@ -69,7 +69,7 @@ DEFAULT_REPO_UNITS = ...,repo.actions

 Runner仅具有连接到您的Gitea实例的权限。
 当任何Runner接收到要运行的Job时，它将临时获得与Job关联的仓库的有限权限。
-如果您想为Runner提供更多权限，允许它访问更多私有仓库或外部系统，您可以向其传递[密钥](https://docs.gitea.io/en-us/usage/secrets/)。
+如果您想为Runner提供更多权限，允许它访问更多私有仓库或外部系统，您可以向其传递[密钥](usage/secrets.md)。

 对于 Actions 的细粒度权限控制是一项复杂的工作。
 在未来，我们将添加更多选项以使Gitea更可配置，例如允许对仓库进行更多写访问或对同一组织中的所有仓库进行读访问。
--- a/docs/content/usage/authentication.en-us.md
+++ b/docs/content/usage/authentication.en-us.md
@@ -157,12 +157,13 @@ Uses the following fields:

 - User Attribute in Group (optional)

-  - Which user LDAP attribute is listed in the group.
-  - Example: `uid`
+  - The user attribute that is used to reference a user in the group object.
+  - Example: `uid` if the group objects contains a `member: bender` and the user object contains a `uid: bender`.
+  - Example: `dn` if the group object contains a `member: uid=bender,ou=users,dc=planetexpress,dc=com`.

 - Group Attribute for User (optional)
-  - Which group LDAP attribute contains an array above user attribute names.
-  - Example: `memberUid`
+  - The attribute of the group object that lists/contains the group members.
+  - Example: `memberUid` or `member`

 ## PAM (Pluggable Authentication Module)

@@ -197,7 +198,7 @@ administrative user.
    field is set to `mail.com`, then Gitea will expect the `user email` field
    for an authenticated GIT instance to be `gituser@mail.com`.[^2]

-**Note**: PAM support is added via [build-time flags](https://docs.gitea.io/en-us/install-from-source/#build),
+**Note**: PAM support is added via [build-time flags](installation/install-from-source.md#build),
 and the official binaries provided do not have this enabled.  PAM requires that
 the necessary libpam dynamic library be available and the necessary PAM
 development headers be accessible to the compiler.
--- a/docs/content/usage/labels.zh-cn.md
+++ b/docs/content/usage/labels.zh-cn.md
@@ -27,7 +27,7 @@ menu:

 标签具有必填的名称和颜色，可选的描述，以及必须是独占的或非独占的（见下面的“作用域标签”）。

-当您创建一个仓库时，可以通过使用 `工单标签（Issue Labels）` 选项来选择标签集。该选项列出了一些在您的实例上 [全局配置的可用标签集](../administration/customizing-gitea/#labels)。在创建仓库时，这些标签也将被创建。
+当您创建一个仓库时，可以通过使用 `工单标签（Issue Labels）` 选项来选择标签集。该选项列出了一些在您的实例上 [全局配置的可用标签集](administration/customizing-gitea.md#labels)。在创建仓库时，这些标签也将被创建。

 ## 作用域标签

--- a/docs/content/usage/linked-references.en-us.md
+++ b/docs/content/usage/linked-references.en-us.md
@@ -94,7 +94,7 @@ Sometimes a commit or pull request may fix or bring back a problem documented
 in a particular issue. Gitea supports closing and reopening the referenced
 issues by preceding the reference with a particular _keyword_. Common keywords
 include "closes", "fixes", "reopens", etc. This list can be
-[customized]({{< ref "doc/administration/config-cheat-sheet.en-us.md" >}}) by the
+[customized](administration/config-cheat-sheet.md) by the
 site administrator.

 Example:
--- a/docs/content/usage/linked-references.zh-cn.md
+++ b/docs/content/usage/linked-references.zh-cn.md
@@ -66,7 +66,7 @@ menu:

 ## 可操作的引用在合并请求和提交消息中

-有时，一个提交或合并请求可能会修复或重新出现在某个特定工单中。Gitea 支持在引用之前加上特定的“关键字”来关闭和重新打开被引用的工单。常见的关键字包括“closes”、“fixes”、“reopens”等。这个列表可以由站点管理员进行 [自定义]({{< ref "doc/administration/config-cheat-sheet.zh-cn.md" >}})。
+有时，一个提交或合并请求可能会修复或重新出现在某个特定工单中。Gitea 支持在引用之前加上特定的“关键字”来关闭和重新打开被引用的工单。常见的关键字包括“closes”、“fixes”、“reopens”等。这个列表可以由站点管理员进行 [自定义](administration/config-cheat-sheet.md)。

 示例：

--- a/docs/content/usage/multi-factor-authentication.en-us.md
+++ b/docs/content/usage/multi-factor-authentication.en-us.md
@@ -0,0 +1,35 @@
+---
+date: "2023-08-22T14:21:00+08:00"
+title: "Multi-factor Authentication (MFA)"
+slug: "multi-factor-authentication"
+weight: 15
+toc: false
+draft: false
+menu:
+  sidebar:
+    parent: "usage"
+    name: "Multi-factor Authentication (MFA)"
+    weight: 15
+    identifier: "multi-factor-authentication"
+---
+
+# Multi-factor Authentication (MFA)
+
+Multi-factor Authentication (also referred to as MFA or 2FA) enhances security by requiring a time-sensitive set of credentials in addition to a password.
+If a password were later to be compromised, logging into Gitea will not be possible without the additional credentials and the account would remain secure.
+Gitea supports both TOTP (Time-based One-Time Password) tokens and FIDO-based hardware keys using the Webauthn API.
+
+MFA can be configured within the "Security" tab of the user settings page.
+
+## MFA Considerations
+
+Enabling MFA on a user does affect how the Git HTTP protocol can be used with the Git CLI.
+This interface does not support MFA, and trying to use a password normally will no longer be possible whilst MFA is enabled.
+If SSH is not an option for Git operations, an access token can be generated within the "Applications" tab of the user settings page.
+This access token can be used as if it were a password in order to allow the Git CLI to function over HTTP.
+
+> **Warning** - By its very nature, an access token sidesteps the security benefits of MFA.
+> It must be kept secure and should only be used as a last resort.
+
+The Gitea API supports providing the relevant TOTP password in the `X-Gitea-OTP` header, as described in [API Usage](development/api-usage.md).
+This should be used instead of an access token where possible.
--- a/docs/content/usage/pull-request.en-us.md
+++ b/docs/content/usage/pull-request.en-us.md
@@ -66,4 +66,4 @@ The first value of the list will be used in helpers.

 ## Pull Request Templates

-You can find more information about pull request templates at the page [Issue and Pull Request templates](issue-pull-request-templates).
+You can find more information about pull request templates at the page [Issue and Pull Request templates](usage/issue-pull-request-templates.md).
--- a/docs/content/usage/pull-request.zh-cn.md
+++ b/docs/content/usage/pull-request.zh-cn.md
@@ -30,4 +30,4 @@ WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]

 ## 合并请求模板

-有关合并请求模板的更多信息请您移步 : [工单与合并请求模板](issue-pull-request-templates)
+有关合并请求模板的更多信息请您移步 : [工单与合并请求模板](usage/issue-pull-request-templates.md)
--- a/docs/content/usage/pull-request.zh-tw.md
+++ b/docs/content/usage/pull-request.zh-tw.md
@@ -31,4 +31,4 @@ WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]

 ## 合併請求範本

-您可以在[問題與合併請求範本](issue-pull-request-templates)找到更多關於合併請求範本的資訊。
+您可以在[問題與合併請求範本](usage/issue-pull-request-templates.md)找到更多關於合併請求範本的資訊。
--- a/main.go
+++ b/main.go
@@ -150,6 +150,8 @@ func main() {
 		log.GetManager().Close()
 		os.Exit(code)
 	}
+	app.ErrWriter = os.Stderr
+
 	_ = cmd.RunMainApp(app, os.Args...) // all errors should have been handled by the RunMainApp
 	log.GetManager().Close()
 }
--- a/models/auth/oauth2.go
+++ b/models/auth/oauth2.go
@@ -53,6 +53,15 @@ func (app *OAuth2Application) TableName() string {

 // ContainsRedirectURI checks if redirectURI is allowed for app
 func (app *OAuth2Application) ContainsRedirectURI(redirectURI string) bool {
+	contains := func(s string) bool {
+		s = strings.TrimSuffix(strings.ToLower(s), "/")
+		for _, u := range app.RedirectURIs {
+			if strings.TrimSuffix(strings.ToLower(u), "/") == s {
+				return true
+			}
+		}
+		return false
+	}
 	if !app.ConfidentialClient {
 		uri, err := url.Parse(redirectURI)
 		// ignore port for http loopback uris following https://datatracker.ietf.org/doc/html/rfc8252#section-7.3
@@ -61,13 +70,13 @@ func (app *OAuth2Application) ContainsRedirectURI(redirectURI string) bool {
 			if ip != nil && ip.IsLoopback() {
 				// strip port
 				uri.Host = uri.Hostname()
-				if util.SliceContainsString(app.RedirectURIs, uri.String(), true) {
+				if contains(uri.String()) {
 					return true
 				}
 			}
 		}
 	}
-	return util.SliceContainsString(app.RedirectURIs, redirectURI, true)
+	return contains(redirectURI)
 }

 // Base32 characters, but lowercased.
--- a/models/auth/oauth2_test.go
+++ b/models/auth/oauth2_test.go
@@ -63,6 +63,18 @@ func TestOAuth2Application_ContainsRedirectURI_WithPort(t *testing.T) {
 	assert.False(t, app.ContainsRedirectURI(":"))
 }

+func TestOAuth2Application_ContainsRedirect_Slash(t *testing.T) {
+	app := &auth_model.OAuth2Application{RedirectURIs: []string{"http://127.0.0.1"}}
+	assert.True(t, app.ContainsRedirectURI("http://127.0.0.1"))
+	assert.True(t, app.ContainsRedirectURI("http://127.0.0.1/"))
+	assert.False(t, app.ContainsRedirectURI("http://127.0.0.1/other"))
+
+	app = &auth_model.OAuth2Application{RedirectURIs: []string{"http://127.0.0.1/"}}
+	assert.True(t, app.ContainsRedirectURI("http://127.0.0.1"))
+	assert.True(t, app.ContainsRedirectURI("http://127.0.0.1/"))
+	assert.False(t, app.ContainsRedirectURI("http://127.0.0.1/other"))
+}
+
 func TestOAuth2Application_ValidateClientSecret(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	app := unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{ID: 1})
--- a/models/fixtures/email_address.yml
+++ b/models/fixtures/email_address.yml
@@ -276,4 +276,12 @@
  email: user2-2@example.com
  lower_email: user2-2@example.com
  is_activated: false
-  is_primary: false
+  is_primary: false
+
+-
+  id: 36
+  uid: 36
+  email: abcde@gitea.com
+  lower_email: abcde@gitea.com
+  is_activated: true
+  is_primary: false
--- a/models/fixtures/gpg_key.yml
+++ b/models/fixtures/gpg_key.yml
@@ -1 +1,23 @@
-[] # empty
+-
+  id: 5
+  owner_id: 36
+  key_id: B15431642629B826
+  primary_key_id:
+  content: xsDNBGTrY3UBDAC2HLBqmMplAV15qSnC7g1c4dV406f5EHNhFr95Nup2My6b2eafTlvedv77s8PT/I7F3fy4apOZs5A7w2SsPlLMcQ3ev4uGOsxRtkq5RLy1Yb6SNueX0Da2UVKR5KTC5Q6BWaqxwS0IjKOLZ/xz0Pbe/ClV3bZSKBEY2omkVo3Z0HZ771vB2clPRvGJ/IdeKOsZ3ZytSFXfyiJBdARmeSPmydXLil8+Ibq5iLAeow5PK8hK1TCOnKHzLWNqcNq70tyjoHvcGi70iGjoVEEUgPCLLuU8WmzTJwlvA3BuDzjtaO7TLo/jdE6iqkHtMSS8x+43sAH6hcFRCWAVh/0Uq7n36uGDfNxGnX3YrmX3LR9x5IsBES1rGGWbpxio4o5GIf/Xd+JgDd9rzJCqRuZ3/sW/TxK38htWaVNZV0kMkHUCTc1ctzWpCm635hbFCHBhPYIp+/z206khkAKDbz/CNuU91Wazsh7KO07wrwDtxfDDbInJ8TfHE2TGjzjQzgChfmcAEQEAAQ==
+  verified: true
+  can_sign: true
+  can_encrypt_comms: true
+  can_encrypt_storage: true
+  can_certify: true
+
+-
+  id: 6
+  owner_id: 36
+  key_id: EE3AF48454AFD619
+  primary_key_id: B15431642629B826
+  content: zsDNBGTrY3UBDADsHrzuOicQaPdUQm0+0UNrs92cESm/j/4yBBUk+sfLZAo6J99c4eh4nAQzzZ7al080rYKB0G+7xoRz1eHcQH6zrVcqB8KYtf/sdY47WaMiMyxM+kTSvzp7tsv7QuSQZ0neUEXRyYMz5ttBfIjWUd+3NDItuHyB+MtNWlS3zXgaUbe5VifqKaNmzN0Ye4yXTKcpypE3AOqPVz+iIFv3c6TmsqLHJaR4VoicCleAqLyF/28WsJO7M9dDW+EM3MZVnsVpycTURyHAJGfSk10waQZAaRwmarCN/q0KEJ+aEAK/SRliUneBZoMO5hY5iBeG432tofwaQqAahPv9uXIb1n2JEMKwnMlMA9UGD1AcDbywfj1m/ZGBBw95i4Ekkfn43RvV3THr7uJU/dRqqP+iic4MwpUrOxqELW/kmeHXlBcNbZZhEEvwRoW7U2/9eeuog4nRleRJ0pi/xOP9wmxkKjaIPIK3phdBtEpVk4w/UTAWNdyIIrFggukeAnZFyGJwlm8AEQEAAQ==
+  verified: true
+  can_sign: true
+  can_encrypt_comms: true
+  can_encrypt_storage: true
+  can_certify: true
--- a/models/fixtures/user.yml
+++ b/models/fixtures/user.yml
@@ -1301,7 +1301,7 @@
  lower_name: limited_org36
  name: limited_org36
  full_name: Limited Org 36
-  email: limited_org36@example.com
+  email: abcde@gitea.com
  keep_email_private: false
  email_notifications_preference: enabled
  passwd: ZogKvWdyEx:password
@@ -1320,7 +1320,7 @@
  allow_create_organization: true
  prohibit_login: false
  avatar: avatar22
-  avatar_email: limited_org36@example.com
+  avatar_email: abcde@gitea.com
  use_custom_avatar: false
  num_followers: 0
  num_following: 0
--- a/models/issues/issue_search.go
+++ b/models/issues/issue_search.go
@@ -345,12 +345,21 @@ func applyMentionedCondition(sess *xorm.Session, mentionedID int64) *xorm.Sessio
 }

 func applyReviewRequestedCondition(sess *xorm.Session, reviewRequestedID int64) *xorm.Session {
-	return sess.Join("INNER", []string{"review", "r"}, "issue.id = r.issue_id").
-		And("issue.poster_id <> ?", reviewRequestedID).
-		And("r.type = ?", ReviewTypeRequest).
-		And("r.reviewer_id = ? and r.id in (select max(id) from review where issue_id = r.issue_id and reviewer_id = r.reviewer_id and type in (?, ?, ?))"+
-			" or r.reviewer_team_id in (select team_id from team_user where uid = ?)",
-			reviewRequestedID, ReviewTypeApprove, ReviewTypeReject, ReviewTypeRequest, reviewRequestedID)
+	existInTeamQuery := builder.Select("team_user.team_id").
+		From("team_user").
+		Where(builder.Eq{"team_user.uid": reviewRequestedID})
+
+	subQuery := builder.Select("review.issue_id").
+		From("review").
+		Where(builder.And(
+			builder.In("review.type", []ReviewType{ReviewTypeRequest, ReviewTypeReject, ReviewTypeApprove}),
+			builder.Or(
+				builder.Eq{"review.reviewer_id": reviewRequestedID},
+				builder.In("review.reviewer_team_id", existInTeamQuery),
+			),
+		))
+	return sess.Where("issue.poster_id <> ?", reviewRequestedID).
+		And(builder.In("issue.id", subQuery))
 }

 func applyReviewedCondition(sess *xorm.Session, reviewedID int64) *xorm.Session {
--- a/models/user/email_address.go
+++ b/models/user/email_address.go
@@ -16,6 +16,7 @@ import (
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/modules/validation"

 	"xorm.io/builder"
 )
@@ -161,7 +162,17 @@ func ValidateEmail(email string) error {
 		return ErrEmailInvalid{email}
 	}

-	// TODO: add an email allow/block list
+	// if there is no allow list, then check email against block list
+	if len(setting.Service.EmailDomainAllowList) == 0 &&
+		validation.IsEmailDomainListed(setting.Service.EmailDomainBlockList, email) {
+		return ErrEmailInvalid{email}
+	}
+
+	// if there is an allow list, then check email against allow list
+	if len(setting.Service.EmailDomainAllowList) > 0 &&
+		!validation.IsEmailDomainListed(setting.Service.EmailDomainAllowList, email) {
+		return ErrEmailInvalid{email}
+	}

 	return nil
 }
--- a/modules/context/utils.go
+++ b/modules/context/utils.go
@@ -4,29 +4,18 @@
 package context

 import (
-	"net/url"
 	"strings"
 	"time"
 )

 // GetQueryBeforeSince return parsed time (unix format) from URL query's before and since
 func GetQueryBeforeSince(ctx *Base) (before, since int64, err error) {
-	qCreatedBefore, err := prepareQueryArg(ctx, "before")
+	before, err = parseFormTime(ctx, "before")
 	if err != nil {
 		return 0, 0, err
 	}

-	qCreatedSince, err := prepareQueryArg(ctx, "since")
-	if err != nil {
-		return 0, 0, err
-	}
-
-	before, err = parseTime(qCreatedBefore)
-	if err != nil {
-		return 0, 0, err
-	}
-
-	since, err = parseTime(qCreatedSince)
+	since, err = parseFormTime(ctx, "since")
 	if err != nil {
 		return 0, 0, err
 	}
@@ -34,7 +23,8 @@ func GetQueryBeforeSince(ctx *Base) (before, since int64, err error) {
 }

 // parseTime parse time and return unix timestamp
-func parseTime(value string) (int64, error) {
+func parseFormTime(ctx *Base, name string) (int64, error) {
+	value := strings.TrimSpace(ctx.FormString(name))
 	if len(value) != 0 {
 		t, err := time.Parse(time.RFC3339, value)
 		if err != nil {
@@ -46,10 +36,3 @@ func parseTime(value string) (int64, error) {
 	}
 	return 0, nil
 }
-
-// prepareQueryArg unescape and trim a query arg
-func prepareQueryArg(ctx *Base, name string) (value string, err error) {
-	value, err = url.PathUnescape(ctx.FormString(name))
-	value = strings.TrimSpace(value)
-	return value, err
-}
--- a/modules/doctor/fix8312.go
+++ b/modules/doctor/fix8312.go
@@ -0,0 +1,61 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package doctor
+
+import (
+	"context"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/models/db"
+	org_model "code.gitea.io/gitea/models/organization"
+	"code.gitea.io/gitea/models/perm"
+	"code.gitea.io/gitea/modules/log"
+
+	"xorm.io/builder"
+)
+
+func fixOwnerTeamCreateOrgRepo(ctx context.Context, logger log.Logger, autofix bool) error {
+	count := 0
+
+	err := db.Iterate(
+		ctx,
+		builder.Eq{"authorize": perm.AccessModeOwner, "can_create_org_repo": false},
+		func(ctx context.Context, team *org_model.Team) error {
+			team.CanCreateOrgRepo = true
+			count++
+
+			if !autofix {
+				return nil
+			}
+
+			return models.UpdateTeam(team, false, false)
+		},
+	)
+	if err != nil {
+		logger.Critical("Unable to iterate across repounits to fix incorrect can_create_org_repo: Error %v", err)
+		return err
+	}
+
+	if !autofix {
+		if count == 0 {
+			logger.Info("Found no team with incorrect can_create_org_repo")
+		} else {
+			logger.Warn("Found %d teams with incorrect can_create_org_repo", count)
+		}
+		return nil
+	}
+	logger.Info("Fixed %d teams with incorrect can_create_org_repo", count)
+
+	return nil
+}
+
+func init() {
+	Register(&Check{
+		Title:     "Check for incorrect can_create_org_repo for org owner teams",
+		Name:      "fix-owner-team-create-org-repo",
+		IsDefault: false,
+		Run:       fixOwnerTeamCreateOrgRepo,
+		Priority:  7,
+	})
+}
--- a/modules/packages/conda/metadata_test.go
+++ b/modules/packages/conda/metadata_test.go
@@ -19,9 +19,9 @@ const (
 	packageName      = "gitea"
 	packageVersion   = "1.0.1"
 	description      = "Package Description"
-	projectURL       = "https://gitea.io"
-	repositoryURL    = "https://gitea.io/gitea/gitea"
-	documentationURL = "https://docs.gitea.io"
+	projectURL       = "https://gitea.com"
+	repositoryURL    = "https://gitea.com/gitea/gitea"
+	documentationURL = "https://docs.gitea.com"
 )

 func TestParsePackage(t *testing.T) {
--- a/modules/packages/container/metadata_test.go
+++ b/modules/packages/container/metadata_test.go
@@ -17,9 +17,9 @@ func TestParseImageConfig(t *testing.T) {
 	description := "Image Description"
 	author := "Gitea"
 	license := "MIT"
-	projectURL := "https://gitea.io"
+	projectURL := "https://gitea.com"
 	repositoryURL := "https://gitea.com/gitea"
-	documentationURL := "https://docs.gitea.io"
+	documentationURL := "https://docs.gitea.com"

 	configOCI := `{"config": {"labels": {"` + labelAuthors + `": "` + author + `", "` + labelLicenses + `": "` + license + `", "` + labelURL + `": "` + projectURL + `", "` + labelSource + `": "` + repositoryURL + `", "` + labelDocumentation + `": "` + documentationURL + `", "` + labelDescription + `": "` + description + `"}}, "history": [{"created_by": "do it 1"}, {"created_by": "dummy #(nop) do it 2"}]}`

--- a/modules/packages/pub/metadata_test.go
+++ b/modules/packages/pub/metadata_test.go
@@ -18,9 +18,9 @@ const (
 	packageName      = "gitea"
 	packageVersion   = "1.0.1"
 	description      = "Package Description"
-	projectURL       = "https://gitea.io"
-	repositoryURL    = "https://gitea.io/gitea/gitea"
-	documentationURL = "https://docs.gitea.io"
+	projectURL       = "https://gitea.com"
+	repositoryURL    = "https://gitea.com/gitea/gitea"
+	documentationURL = "https://docs.gitea.com"
 )

 const pubspecContent = `name: ` + packageName + `
--- a/modules/setting/service.go
+++ b/modules/setting/service.go
@@ -221,7 +221,7 @@ func loadServiceFrom(rootCfg ConfigProvider) {
 	Service.UserDeleteWithCommentsMaxTime = sec.Key("USER_DELETE_WITH_COMMENTS_MAX_TIME").MustDuration(0)
 	sec.Key("VALID_SITE_URL_SCHEMES").MustString("http,https")
 	Service.ValidSiteURLSchemes = sec.Key("VALID_SITE_URL_SCHEMES").Strings(",")
-	schemes := make([]string, len(Service.ValidSiteURLSchemes))
+	schemes := make([]string, 0, len(Service.ValidSiteURLSchemes))
 	for _, scheme := range Service.ValidSiteURLSchemes {
 		scheme = strings.ToLower(strings.TrimSpace(scheme))
 		if scheme != "" {
--- a/modules/storage/minio.go
+++ b/modules/storage/minio.go
@@ -91,8 +91,8 @@ func NewMinioStorage(ctx context.Context, cfg *setting.Storage) (ObjectStorage,
 	}

 	// Check to see if we already own this bucket
-	exists, errBucketExists := minioClient.BucketExists(ctx, config.Bucket)
-	if errBucketExists != nil {
+	exists, err := minioClient.BucketExists(ctx, config.Bucket)
+	if err != nil {
 		return nil, convertMinioErr(err)
 	}

--- a/modules/structs/hook.go
+++ b/modules/structs/hook.go
@@ -19,6 +19,7 @@ var ErrInvalidReceiveHook = errors.New("Invalid JSON payload received over webho
 type Hook struct {
 	ID                  int64             `json:"id"`
 	Type                string            `json:"type"`
+	BranchFilter        string            `json:"branch_filter"`
 	URL                 string            `json:"-"`
 	Config              map[string]string `json:"config"`
 	Events              []string          `json:"events"`
--- a/modules/validation/helpers.go
+++ b/modules/validation/helpers.go
@@ -10,6 +10,8 @@ import (
 	"strings"

 	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/gobwas/glob"
 )

 var externalTrackerRegex = regexp.MustCompile(`({?)(?:user|repo|index)+?(}?)`)
@@ -48,6 +50,29 @@ func IsValidSiteURL(uri string) bool {
 	return false
 }

+// IsEmailDomainListed checks whether the domain of an email address
+// matches a list of domains
+func IsEmailDomainListed(globs []glob.Glob, email string) bool {
+	if len(globs) == 0 {
+		return false
+	}
+
+	n := strings.LastIndex(email, "@")
+	if n <= 0 {
+		return false
+	}
+
+	domain := strings.ToLower(email[n+1:])
+
+	for _, g := range globs {
+		if g.Match(domain) {
+			return true
+		}
+	}
+
+	return false
+}
+
 // IsAPIURL checks if URL is current Gitea instance API URL
 func IsAPIURL(uri string) bool {
 	return strings.HasPrefix(strings.ToLower(uri), strings.ToLower(setting.AppURL+"api"))
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -173,7 +173,7 @@ network_error = Network error
 [startpage]
 app_desc = A painless, self-hosted Git service
 install = Easy to install
-install_desc = Simply <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.io/en-us/install-from-binary/">run the binary</a> for your platform, ship it with <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/tree/master/docker">Docker</a>, or get it <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.io/en-us/install-from-package/">packaged</a>.
+install_desc = Simply <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-binary">run the binary</a> for your platform, ship it with <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/tree/master/docker">Docker</a>, or get it <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-package">packaged</a>.
 platform = Cross-platform
 platform_desc = Gitea runs anywhere <a target="_blank" rel="noopener noreferrer" href="http://golang.org/">Go</a> can compile for: Windows, macOS, Linux, ARM, etc. Choose the one you love!
 lightweight = Lightweight
@@ -2281,7 +2281,7 @@ settings.tags.protection.allowed.teams = Allowed teams
 settings.tags.protection.allowed.noone = No One
 settings.tags.protection.create = Protect Tag
 settings.tags.protection.none = There are no protected tags.
-settings.tags.protection.pattern.description = You can use a single name or a glob pattern or regular expression to match multiple tags. Read more in the <a target="_blank" rel="noopener" href="https://docs.gitea.io/en-us/protected-tags/">protected tags guide</a>.
+settings.tags.protection.pattern.description = You can use a single name or a glob pattern or regular expression to match multiple tags. Read more in the <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/protected-tags">protected tags guide</a>.
 settings.bot_token = Bot Token
 settings.chat_id = Chat ID
 settings.thread_id = Thread ID
@@ -2811,12 +2811,12 @@ packages.size = Size
 packages.published = Published

 defaulthooks = Default Webhooks
-defaulthooks.desc = Webhooks automatically make HTTP POST requests to a server when certain Gitea events trigger. Webhooks defined here are defaults and will be copied into all new repositories. Read more in the <a target="_blank" rel="noopener" href="https://docs.gitea.io/en-us/webhooks/">webhooks guide</a>.
+defaulthooks.desc = Webhooks automatically make HTTP POST requests to a server when certain Gitea events trigger. Webhooks defined here are defaults and will be copied into all new repositories. Read more in the <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/webhooks">webhooks guide</a>.
 defaulthooks.add_webhook = Add Default Webhook
 defaulthooks.update_webhook = Update Default Webhook

 systemhooks = System Webhooks
-systemhooks.desc = Webhooks automatically make HTTP POST requests to a server when certain Gitea events trigger. Webhooks defined here will act on all repositories on the system, so please consider any performance implications this may have. Read more in the <a target="_blank" rel="noopener" href="https://docs.gitea.io/en-us/webhooks/">webhooks guide</a>.
+systemhooks.desc = Webhooks automatically make HTTP POST requests to a server when certain Gitea events trigger. Webhooks defined here will act on all repositories on the system, so please consider any performance implications this may have. Read more in the <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/webhooks">webhooks guide</a>.
 systemhooks.add_webhook = Add System Webhook
 systemhooks.update_webhook = Update System Webhook

@@ -2921,7 +2921,7 @@ auths.tip.google_plus = Obtain OAuth2 client credentials from the Google API con
 auths.tip.openid_connect = Use the OpenID Connect Discovery URL (<server>/.well-known/openid-configuration) to specify the endpoints
 auths.tip.twitter = Go to https://dev.twitter.com/apps, create an application and ensure that the “Allow this application to be used to Sign in with Twitter” option is enabled
 auths.tip.discord = Register a new application on https://discordapp.com/developers/applications/me
-auths.tip.gitea = Register a new OAuth2 application. Guide can be found at https://docs.gitea.io/en-us/oauth2-provider/
+auths.tip.gitea = Register a new OAuth2 application. Guide can be found at https://docs.gitea.com/development/oauth2-provider
 auths.tip.yandex = Create a new application at https://oauth.yandex.com/client/new. Select following permissions from the "Yandex.Passport API" section: "Access to email address", "Access to user avatar" and "Access to username, first name and surname, gender"
 auths.tip.mastodon = Input a custom instance URL for the mastodon instance you want to authenticate with (or use the default one)
 auths.edit = Edit Authentication Source
--- a/routers/api/actions/runner/utils.go
+++ b/routers/api/actions/runner/utils.go
@@ -53,8 +53,12 @@ func pickTask(ctx context.Context, runner *actions_model.ActionRunner) (*runnerv

 func getSecretsOfTask(ctx context.Context, task *actions_model.ActionTask) map[string]string {
 	secrets := map[string]string{}
+
+	secrets["GITHUB_TOKEN"] = task.Token
+	secrets["GITEA_TOKEN"] = task.Token
+
 	if task.Job.Run.IsForkPullRequest {
-		// ignore secrets for fork pull request
+		// ignore secrets for fork pull request, except GITHUB_TOKEN and GITEA_TOKEN which are automatically generated.
 		return secrets
 	}

@@ -78,13 +82,6 @@ func getSecretsOfTask(ctx context.Context, task *actions_model.ActionTask) map[s
 		}
 	}

-	if _, ok := secrets["GITHUB_TOKEN"]; !ok {
-		secrets["GITHUB_TOKEN"] = task.Token
-	}
-	if _, ok := secrets["GITEA_TOKEN"]; !ok {
-		secrets["GITEA_TOKEN"] = task.Token
-	}
-
 	return secrets
 }

--- a/routers/api/v1/repo/pull.go
+++ b/routers/api/v1/repo/pull.go
@@ -326,11 +326,9 @@ func CreatePullRequest(ctx *context.APIContext) {
 			return
 		}

-		labelIDs = make([]int64, len(form.Labels))
-		orgLabelIDs := make([]int64, len(form.Labels))
-
-		for i := range labels {
-			labelIDs[i] = labels[i].ID
+		labelIDs = make([]int64, 0, len(labels))
+		for _, label := range labels {
+			labelIDs = append(labelIDs, label.ID)
 		}

 		if ctx.Repo.Owner.IsOrganization() {
@@ -340,12 +338,12 @@ func CreatePullRequest(ctx *context.APIContext) {
 				return
 			}

-			for i := range orgLabels {
-				orgLabelIDs[i] = orgLabels[i].ID
+			orgLabelIDs := make([]int64, 0, len(orgLabels))
+			for _, orgLabel := range orgLabels {
+				orgLabelIDs = append(orgLabelIDs, orgLabel.ID)
 			}
+			labelIDs = append(labelIDs, orgLabelIDs...)
 		}
-
-		labelIDs = append(labelIDs, orgLabelIDs...)
 	}

 	if form.Milestone > 0 {
--- a/routers/install/install.go
+++ b/routers/install/install.go
@@ -185,7 +185,7 @@ func checkDatabase(ctx *context.Context, form *forms.InstallForm) bool {
 	if err = db.InitEngine(ctx); err != nil {
 		if strings.Contains(err.Error(), `Unknown database type: sqlite3`) {
 			ctx.Data["Err_DbType"] = true
-			ctx.RenderWithErr(ctx.Tr("install.sqlite3_not_available", "https://docs.gitea.io/en-us/install-from-binary/"), tplInstall, form)
+			ctx.RenderWithErr(ctx.Tr("install.sqlite3_not_available", "https://docs.gitea.com/installation/install-from-binary"), tplInstall, form)
 		} else {
 			ctx.Data["Err_DbSetting"] = true
 			ctx.RenderWithErr(ctx.Tr("install.invalid_db_setting", err), tplInstall, form)
--- a/routers/private/hook_verification.go
+++ b/routers/private/hook_verification.go
@@ -28,23 +28,31 @@ func verifyCommits(oldCommitID, newCommitID string, repo *git.Repository, env []
 		_ = stdoutWriter.Close()
 	}()

+	var command *git.Command
+	if oldCommitID == git.EmptySHA {
+		// When creating a new branch, the oldCommitID is empty, by using "newCommitID --not --all":
+		// List commits that are reachable by following the newCommitID, exclude "all" existing heads/tags commits
+		// So, it only lists the new commits received, doesn't list the commits already present in the receiving repository
+		command = git.NewCommand(repo.Ctx, "rev-list").AddDynamicArguments(newCommitID).AddArguments("--not", "--all")
+	} else {
+		command = git.NewCommand(repo.Ctx, "rev-list").AddDynamicArguments(oldCommitID + "..." + newCommitID)
+	}
 	// This is safe as force pushes are already forbidden
-	err = git.NewCommand(repo.Ctx, "rev-list").AddDynamicArguments(oldCommitID + "..." + newCommitID).
-		Run(&git.RunOpts{
-			Env:    env,
-			Dir:    repo.Path,
-			Stdout: stdoutWriter,
-			PipelineFunc: func(ctx context.Context, cancel context.CancelFunc) error {
-				_ = stdoutWriter.Close()
-				err := readAndVerifyCommitsFromShaReader(stdoutReader, repo, env)
-				if err != nil {
-					log.Error("%v", err)
-					cancel()
-				}
-				_ = stdoutReader.Close()
-				return err
-			},
-		})
+	err = command.Run(&git.RunOpts{
+		Env:    env,
+		Dir:    repo.Path,
+		Stdout: stdoutWriter,
+		PipelineFunc: func(ctx context.Context, cancel context.CancelFunc) error {
+			_ = stdoutWriter.Close()
+			err := readAndVerifyCommitsFromShaReader(stdoutReader, repo, env)
+			if err != nil {
+				log.Error("%v", err)
+				cancel()
+			}
+			_ = stdoutReader.Close()
+			return err
+		},
+	})
 	if err != nil && !isErrUnverifiedCommit(err) {
 		log.Error("Unable to check commits from %s to %s in %s: %v", oldCommitID, newCommitID, repo.Path, err)
 	}
--- a/routers/private/hook_verification_test.go
+++ b/routers/private/hook_verification_test.go
@@ -0,0 +1,43 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package private
+
+import (
+	"context"
+	"testing"
+
+	"code.gitea.io/gitea/models/unittest"
+	"code.gitea.io/gitea/modules/git"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var testReposDir = "tests/repos/"
+
+func TestVerifyCommits(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+
+	gitRepo, err := git.OpenRepository(context.Background(), testReposDir+"repo1_hook_verification")
+	defer gitRepo.Close()
+	assert.NoError(t, err)
+
+	testCases := []struct {
+		base, head string
+		verified   bool
+	}{
+		{"72920278f2f999e3005801e5d5b8ab8139d3641c", "d766f2917716d45be24bfa968b8409544941be32", true},
+		{git.EmptySHA, "93eac826f6188f34646cea81bf426aa5ba7d3bfe", true}, // New branch with verified commit
+		{"9779d17a04f1e2640583d35703c62460b2d86e0a", "72920278f2f999e3005801e5d5b8ab8139d3641c", false},
+		{git.EmptySHA, "9ce3f779ae33f31fce17fac3c512047b75d7498b", false}, // New branch with unverified commit
+	}
+
+	for _, tc := range testCases {
+		err = verifyCommits(tc.base, tc.head, gitRepo, nil)
+		if tc.verified {
+			assert.NoError(t, err)
+		} else {
+			assert.Error(t, err)
+		}
+	}
+}
--- a/routers/private/main_test.go
+++ b/routers/private/main_test.go
@@ -0,0 +1,17 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package private
+
+import (
+	"path/filepath"
+	"testing"
+
+	"code.gitea.io/gitea/models/unittest"
+)
+
+func TestMain(m *testing.M) {
+	unittest.MainTest(m, &unittest.TestOptions{
+		GiteaRootPath: filepath.Join("..", ".."),
+	})
+}
--- a/routers/private/tests/repos/repo1_hook_verification/HEAD
+++ b/routers/private/tests/repos/repo1_hook_verification/HEAD
@@ -0,0 +1 @@
+ref: refs/heads/main
--- a/routers/private/tests/repos/repo1_hook_verification/config
+++ b/routers/private/tests/repos/repo1_hook_verification/config
@@ -0,0 +1,6 @@
+[core]
+	repositoryformatversion = 0
+	filemode = false
+	bare = true
+	symlinks = false
+	ignorecase = true
--- a/routers/private/tests/repos/repo1_hook_verification/info/refs
+++ b/routers/private/tests/repos/repo1_hook_verification/info/refs
@@ -0,0 +1 @@
+d766f2917716d45be24bfa968b8409544941be32	refs/heads/main
--- a/routers/private/tests/repos/repo1_hook_verification/logs/HEAD
+++ b/routers/private/tests/repos/repo1_hook_verification/logs/HEAD
@@ -0,0 +1 @@
+0000000000000000000000000000000000000000 d766f2917716d45be24bfa968b8409544941be32 Gitea <gitea@fake.local> 1693148474 +0800	push
--- a/routers/private/tests/repos/repo1_hook_verification/logs/refs/heads/main
+++ b/routers/private/tests/repos/repo1_hook_verification/logs/refs/heads/main
@@ -0,0 +1 @@
+0000000000000000000000000000000000000000 d766f2917716d45be24bfa968b8409544941be32 Gitea <gitea@fake.local> 1693148474 +0800	push
--- a/routers/private/tests/repos/repo1_hook_verification/objects/08/cbc8f0e903b0916025ae7577564b7ed39ecb2c
+++ b/routers/private/tests/repos/repo1_hook_verification/objects/08/cbc8f0e903b0916025ae7577564b7ed39ecb2c
--- a/routers/private/tests/repos/repo1_hook_verification/objects/0b/5987362fe3fabdd4406babdc819642ee2f5a2a
+++ b/routers/private/tests/repos/repo1_hook_verification/objects/0b/5987362fe3fabdd4406babdc819642ee2f5a2a
--- a/routers/private/tests/repos/repo1_hook_verification/objects/13/b0f23f673b161f4b5cb66f051cb93c99729e1e
+++ b/routers/private/tests/repos/repo1_hook_verification/objects/13/b0f23f673b161f4b5cb66f051cb93c99729e1e
--- a/routers/private/tests/repos/repo1_hook_verification/objects/23/33a51fdb238b7023a62ae3dcc58994061a7c86
+++ b/routers/private/tests/repos/repo1_hook_verification/objects/23/33a51fdb238b7023a62ae3dcc58994061a7c86
--- a/routers/private/tests/repos/repo1_hook_verification/objects/2b/df04adb23d2b40b6085efb230856e5e2a775b7
+++ b/routers/private/tests/repos/repo1_hook_verification/objects/2b/df04adb23d2b40b6085efb230856e5e2a775b7
--- a/routers/private/tests/repos/repo1_hook_verification/objects/65/a457425a679cbe9adf0d2741785d3ceabb44a7
+++ b/routers/private/tests/repos/repo1_hook_verification/objects/65/a457425a679cbe9adf0d2741785d3ceabb44a7
--- a/routers/private/tests/repos/repo1_hook_verification/objects/72/920278f2f999e3005801e5d5b8ab8139d3641c
+++ b/routers/private/tests/repos/repo1_hook_verification/objects/72/920278f2f999e3005801e5d5b8ab8139d3641c
@@ -0,0 +1,2 @@
+x•ŽK
+1]çÙÒéüAÄS¸ï$Í"32ooð®ŠWð òÞ{›!žæ`–˜JC%¡.˜$Ár]sÑ±e$ïmòâMƒ·)£÷±(O`ªbtlÐE[:;4–àHÐ1_û<5F>”rayýáþl“é’÷~“ÊEL@cå€Xv…Mþã":µMÛƒG«_}À?Ý
--- a/routers/private/tests/repos/repo1_hook_verification/objects/8b/903ede7c494725624bf842ec890f6342dababd
+++ b/routers/private/tests/repos/repo1_hook_verification/objects/8b/903ede7c494725624bf842ec890f6342dababd
--- a/routers/private/tests/repos/repo1_hook_verification/objects/93/eac826f6188f34646cea81bf426aa5ba7d3bfe
+++ b/routers/private/tests/repos/repo1_hook_verification/objects/93/eac826f6188f34646cea81bf426aa5ba7d3bfe
--- a/routers/private/tests/repos/repo1_hook_verification/objects/97/79d17a04f1e2640583d35703c62460b2d86e0a
+++ b/routers/private/tests/repos/repo1_hook_verification/objects/97/79d17a04f1e2640583d35703c62460b2d86e0a
@@ -0,0 +1,2 @@
+x•<>1
+!ES{ŠéAwGGa	9EúQgW·Èí#¹AªÞû©ÕZ§/£‹€³Œ–p±ì(¤(<28>ó®óBhÈÛ¼&á™ŸãÝ:pLY`ûÍãU†ð-µzŸÁ°ô†\µ×ZM:<3A>†ü¡¨Êå€óxJ/ûG}:µ3
--- a/routers/private/tests/repos/repo1_hook_verification/objects/9c/e3f779ae33f31fce17fac3c512047b75d7498b
+++ b/routers/private/tests/repos/repo1_hook_verification/objects/9c/e3f779ae33f31fce17fac3c512047b75d7498b
--- a/routers/private/tests/repos/repo1_hook_verification/objects/a9/f76e70a663e40091749a97eeac5f57a6fec141
+++ b/routers/private/tests/repos/repo1_hook_verification/objects/a9/f76e70a663e40091749a97eeac5f57a6fec141
--- a/routers/private/tests/repos/repo1_hook_verification/objects/ba/0caedd359ebe310ef431335576e20f2b84e9b9
+++ b/routers/private/tests/repos/repo1_hook_verification/objects/ba/0caedd359ebe310ef431335576e20f2b84e9b9
--- a/routers/private/tests/repos/repo1_hook_verification/objects/bb/87653e0819460e79b5f075f2563f583cbbf18c
+++ b/routers/private/tests/repos/repo1_hook_verification/objects/bb/87653e0819460e79b5f075f2563f583cbbf18c
--- a/routers/private/tests/repos/repo1_hook_verification/objects/cb/a4c30c196a0e03e7bdf6eeb8393d14b9d073aa
+++ b/routers/private/tests/repos/repo1_hook_verification/objects/cb/a4c30c196a0e03e7bdf6eeb8393d14b9d073aa
@@ -0,0 +1,3 @@
+x•ŽA
+Â0E]ç³$™L“ˆx•L2µ]´•<C2B4>
+ÞÞê
--- a/routers/private/tests/repos/repo1_hook_verification/objects/d7/66f2917716d45be24bfa968b8409544941be32
+++ b/routers/private/tests/repos/repo1_hook_verification/objects/d7/66f2917716d45be24bfa968b8409544941be32
@@ -0,0 +1,3 @@
+x•’Ë®«FE3æ+zn%44æ!%Qxƒ<78>Û€s˜AÓ`8Øæëã{£Ì2IM¶j•ª´¥Údèûf²Ìý2<C3BD>”‚"‡$§e‰¶
+-(â Ä!´ÝJ"åaÅ²@•BaîùHo3 ŸVØòå<$<24>/)å$JøJD’B¡•H¤§˜ü{¾#ÈRRðûOù«nfšÿF†þOÀ‰
+âq[°<>2„Ì‡~ŒÍô¬Ô÷zjjðë<C3B0>ÒLÛÅÀ·}prm¬Fqhþä`@Ø«¦ªš®ª¥Õ˜fî?3Ç[7Š³…ê¨Ð)	^™þuÿÖ¿,µ<>Æl7©zÝÿr|&«Ou4<75>Ø9Ó:µÎQjôû·êÕ1x±õå6ÍQ‡÷ƒÀ%Áåtû‰sò¸íV‰|( V¿<56>,aL,ù«G~²Ç<16>¹‹<C2B9>‹r¥ùûî@·`·Àþ$[!	XËŠep©Œæ[8	oýä(›« k£Z´Î³yóeÐ¹ÙÆÄ«Y²¿kÖd€¯6•3¾;3ÜÔ	RÔiÞ‹dYÓDk91V]/Cê#º¾&ÿêpo´Fáb¯‹¶}§¹ô¦òuW&]+m xaqdÜIõX¯þ3
--- a/routers/private/tests/repos/repo1_hook_verification/objects/e3/7e5d19823e42fad252f6341b1f77a7bc6ee451
+++ b/routers/private/tests/repos/repo1_hook_verification/objects/e3/7e5d19823e42fad252f6341b1f77a7bc6ee451
--- a/routers/private/tests/repos/repo1_hook_verification/objects/e6/9de29bb2d1d6434b8b29ae775ad8c2e48c5391
+++ b/routers/private/tests/repos/repo1_hook_verification/objects/e6/9de29bb2d1d6434b8b29ae775ad8c2e48c5391
--- a/routers/private/tests/repos/repo1_hook_verification/objects/e8/4e452c3a20c02dee17ec2f63c0cb9ef6c759eb
+++ b/routers/private/tests/repos/repo1_hook_verification/objects/e8/4e452c3a20c02dee17ec2f63c0cb9ef6c759eb
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Lunny Xiao	e502be46f3	Fix changelog typo (#26973 )	2023-09-08 16:35:37 +08:00
techknowlogick	4a886de71e	1.20.4 changelog (#26966 )	2023-09-08 12:17:00 +08:00
techknowlogick	b6fd1e48c0	Improve LDAP group config documentation (#21227 ) (#26921 ) backport #21227 author @svenseeberg Co-authored-by: Sven Seeberg <mail@sven-seeberg.de> Co-authored-by: Giteabot <teabot@gitea.io>	2023-09-05 22:41:10 -04:00
techknowlogick	69c4e2954c	update footer link to new landing page (#26916 ) (#26919 ) Backport #26916	2023-09-05 19:06:35 +00:00
Giteabot	9f14b2173a	Update documents to fix some links (#26885 ) (#26888 ) Backport #26885 by @lunny Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2023-09-03 19:37:42 +00:00
CaiCandong	e15794f62f	Update docs about attachment path (#26883 ) (#26884 ) Backport #26883 This change was caused by #26271, for configuration as below: ``` [attachment] ENABLE = true PATH = data/attachments MAX_SIZE = 100 MAX_FILES = 5 ``` Before #26271, the resolved path is ${AppWorkPath}/${attachments.PATH} (such as `/var/lib/gitea/data/attachments`) After #26271, the resolved path is ${AppDataPath}/${attachments.PATH} (such as `/var/lib/gitea/data/data/attachments`) Fix https://github.com/go-gitea/gitea/issues/26864 Follow https://github.com/go-gitea/gitea/pull/26271	2023-09-03 18:45:37 +00:00
Giteabot	2a184796b5	Fix wrong review requested number (#26784 ) (#26880 ) Backport #26784 by @lng2020 Fix the wrong review requested number mentioned by #18808 . Fix #18808 Before: ![ksnip_20230829-140750](https://github.com/go-gitea/gitea/assets/70063547/0af2055b-6f16-4699-a944-c7186831d7f9) After: ![ksnip_20230829-141817](https://github.com/go-gitea/gitea/assets/70063547/16633264-20ba-45e3-bfbb-a495ed76a45b) Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>	2023-09-03 12:37:07 +02:00
Giteabot	2cfabb68ff	Redirect from `{repo}/issues/new` to `{repo}/issues/new/choose` when blank issues are disabled (#26813 ) (#26847 ) Backport #26813 by @JakobDev You can currently visit `{repo}/issues/new` and create a blank issue, even if it's disabled. This PR fixes this, Fixes https://codeberg.org/forgejo/forgejo/issues/1356 Co-authored-by: JakobDev <jakobdev@gmx.de>	2023-09-01 15:14:54 +00:00
wxiaoguang	e8da63c24e	Avoid double-unescaping of form value (#26853 ) (#26863 ) Backport #26853 The old `prepareQueryArg` did double-unescaping of form value.	2023-09-01 21:15:00 +08:00
Giteabot	93c36f395c	Fix verifyCommits error when push a new branch (#26664 ) (#26810 ) Backport #26664 by @CaiCandong > ### Description > If a new branch is pushed, and the repository has a rule that would require signed commits for the new branch, the commit is rejected with a 500 error regardless of whether it's signed. > > When pushing a new branch, the "old" commit is the empty ID (0000000000000000000000000000000000000000). verifyCommits has no provision for this and passes an invalid commit range to git rev-list. Prior to 1.19 this wasn't an issue because only pre-existing individual branches could be protected. > > I was able to reproduce with [try.gitea.io/CraigTest/test](https://try.gitea.io/CraigTest/test), which is set up with a blanket rule to require commits on all branches. Fix #25565 Very thanks to @Craig-Holmquist-NTI for reporting the bug and suggesting an valid solution! Co-authored-by: CaiCandong <50507092+CaiCandong@users.noreply.github.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2023-08-31 15:29:55 +00:00
Giteabot	302c03c4a9	Sync tags when adopting repos (#26816 ) (#26834 ) Backport #26816 by @Zettat123 Fixes #26138 Sync the tags into database when adopting repos Co-authored-by: Zettat123 <zettat123@gmail.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: KN4CK3R <admin@oldschoolhack.me>	2023-08-31 02:15:28 +00:00
Giteabot	41bae29f84	check blocklist for emails when adding them to account (#26812 ) (#26831 ) Backport #26812 by @techknowlogick Co-authored-by: techknowlogick <techknowlogick@gitea.io>	2023-08-31 00:52:19 +00:00
yp05327	c72f6067b3	Fix context filter has no effect in dashboard (#26695 ) (#26811 ) Backport #26695	2023-08-30 11:14:54 +00:00
js6pak	54cc459ea8	Include the GITHUB_TOKEN/GITEA_TOKEN secret for fork pull requests (#26759 ) (#26806 ) Backport #26759 Co-authored-by: Jason Song <i@wolfogre.com>	2023-08-30 02:25:34 -04:00
Giteabot	c3d323fd85	Add fix incorrect can_create_org_repo for org owner team (#26683 ) (#26791 ) Backport #26683 by @yp05327 Related to: #8312 #26491 In migration v109, we only added a new column `CanCreateOrgRepo` in Team table, but not initial the value of it. This may cause bug like #26491. Co-authored-by: yp05327 <576951401@qq.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2023-08-29 21:26:40 +00:00
Giteabot	4013f3f600	Fix some slice append usages (#26778 ) (#26798 ) Backport #26778 by @harryzcy Co-authored-by: Chongyi Zheng <git@zcy.dev> Co-authored-by: delvh <dev.lh@web.de>	2023-08-29 16:13:24 +00:00
Giteabot	3bab20491e	Fix being unable to use a repo that prohibits accepting PRs as a PR source. (#26785 ) (#26790 ) Backport #26785 by @CaiCandong ## Description Sometimes, we need to use an upstream mirror repository to update the current development repository, but mirror repositories are prohibited from PR. It should not appear in `merge to,` but it can appear in `pull from.` Fix #24585 #26193 #26781 Related #24183 Many thanks to @apnote for assisting me in reproducing this bug! ## ScreenShot --- ### Before <img src="https://github.com/go-gitea/gitea/assets/50507092/3d76c376-1f54-45b9-80c9-6ba8319d6a9a" width="400px"> <img src="https://github.com/go-gitea/gitea/assets/50507092/fbfd9f7f-421f-4a2e-9a3e-f2958bbf3312" width="400px"> ### After <img src="https://github.com/go-gitea/gitea/assets/50507092/e6984524-4f61-4310-b795-4d8598bd8963" width="400px"> <img src="https://github.com/go-gitea/gitea/assets/50507092/04065b44-78d7-4721-bf31-0f1674150727" width="400px"> Co-authored-by: CaiCandong <50507092+CaiCandong@users.noreply.github.com>	2023-08-29 18:06:05 +08:00
Giteabot	087df926cc	Improve the "bug report" template and "support options" document (#26753 ) (#26780 ) Backport #26753 by @wxiaoguang * `/help/support` is a better document than `/administration/logging-config` for bug reporting * Improve `support.en-us.md` * Move/add detailed contents into `Advanced Bug Report Tips` section * Merge `Chinese Support` section into `Support Options` Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2023-08-29 07:57:21 +08:00
Lunny Xiao	b159ebbab7	Use docs.gitea.com instead of docs.gitea.io (#26769 ) backport #26739	2023-08-28 19:58:16 +08:00
xpume	c8b189eb01	Fix Page Not Found error (#26768 ) Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2023-08-28 18:07:38 +08:00
Lunny Xiao	a1cec4141e	Fix bug for ctx usage (#26763 ) Fix #26684 Backport #26762	2023-08-28 12:20:31 +08:00
wxiaoguang	307ee2c044	Fix incorrect "tabindex" attributes (#26733 ) (#26734 ) Backport #26733 manually Co-authored-by: Giteabot <teabot@gitea.io>	2023-08-26 10:44:17 +08:00
Giteabot	2f6c0e6596	Fix link in mirror docs (#26719 ) (#26732 ) Backport #26719 by @silverwind Fix hash fragment in this link Co-authored-by: silverwind <me@silverwind.io>	2023-08-25 19:14:43 +02:00
Giteabot	e6173acac9	Add matrix to support (#26382 ) (#26722 ) Backport #26382 by @jolheiser This PR adds our matrix space to the support options and alphabetizes the list. I also considered adding our Mastodon, however that isn't as suitable as the other options because it's just whoever has access to the account vs a community chat/forum. Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: John Olheiser <john.olheiser@gmail.com>	2023-08-25 01:55:53 -04:00
Giteabot	4af872178e	Make issue template field template access correct template data (#26698 ) (#26709 ) Backport #26698 by @wxiaoguang Regression of #23092, the `{{$field := .}}` was missing during that refactoring. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2023-08-24 11:40:55 +00:00
wxiaoguang	508c624e99	Backport line height fix (#26708 ) Backport the `line-height: normal`, because #26520 was backported	2023-08-24 10:39:09 +00:00
Giteabot	ecfed9e298	Prefer variables over subprocesses (#26690 ) (#26693 ) Backport #26690 by @thomas-mc-work … because it doesn't require a separate shell, spawning a process which cost unnecessary resources and takes time. Co-authored-by: Thomas McWork <thomas.mc.work@posteo.de>	2023-08-23 14:53:44 +02:00
Giteabot	2f4de240c1	add mfa doc (#26654 ) (#26674 ) Backport #26654 by @lunny copy and modified from #14572 > Whilst debating enforcing MFA within our team, I realised there isn't a lot of context to the side effects of enabling it. Most of us use Git over HTTP and would need to add a token. I plan to add another PR that adds a sentence to the UI about needing to generate a token when enabling MFA if HTTP is to be used. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: silverwind <me@silverwind.io>	2023-08-23 01:57:01 +00:00
Giteabot	e1fa3d1d69	update config docs url (#26640 ) (#26642 ) Backport #26640 by @techknowlogick Co-authored-by: techknowlogick <techknowlogick@gitea.io>	2023-08-21 18:15:14 +00:00
Giteabot	352a495c02	Fix unable to display individual-level project (#26198 ) (#26636 ) Backport #26198 by @CaiCandong As title Before: ![image](https://github.com/go-gitea/gitea/assets/50507092/94afc3bf-5597-4151-a59b-5632840ffa21) After: ![image](https://github.com/go-gitea/gitea/assets/50507092/df81aa0b-98a6-477d-a270-2e45b3dca0fc) fix #26189 Co-authored-by: caicandong <50507092+CaiCandong@users.noreply.github.com>	2023-08-21 17:38:06 +00:00
Giteabot	a4b14638b5	Use correct minio error (#26634 ) (#26639 ) Backport #26634 by @delvh Previously, `err` was defined above, checked for `err == nil` and used nowhere else. Hence, the result of `convertMinioErr` would always be `nil`. This leads to a NPE further down the line. That is not intentional, it should convert the error of the most recent operation, not one of its predecessors. Found through https://discord.com/channels/322538954119184384/322538954119184384/1143185780206993550. Co-authored-by: delvh <dev.lh@web.de>	2023-08-21 16:51:30 +00:00
a1012112796	f43df2f820	fix reopen logic for agit flow pull request (#26399 ) (#26613 ) Backport #26399 Signed-off-by: a1012112796 <1012112796@qq.com> Co-authored-by: Giteabot <teabot@gitea.io>	2023-08-21 13:13:34 +00:00
Giteabot	fe78aabc67	Add `branch_filter` to hooks API endpoints (#26599 ) (#26632 ) Backport #26599 by @yardenshoham We now include the branch filler in the response. - Closes #26591 Signed-off-by: Yarden Shoham <git@yardenshoham.com> Co-authored-by: Yarden Shoham <git@yardenshoham.com>	2023-08-21 12:17:19 +00:00
Giteabot	4aed0e6b07	Ignore the trailing slashes when comparing oauth2 redirect_uri (#26597 ) (#26618 ) Backport #26597 by @wxiaoguang Fix #26526 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2023-08-21 14:19:43 +08:00
John Olheiser	11711c51cb	Set errwriter for urfave/cli v1 (#26616 ) Resolves #26615	2023-08-21 04:02:40 +00:00
				`@@ -0,0 +1 @@`
				`d766f2917716d45be24bfa968b8409544941be32 refs/heads/main`
				`@@ -0,0 +1 @@`
				`0000000000000000000000000000000000000000 d766f2917716d45be24bfa968b8409544941be32 Gitea <gitea@fake.local> 1693148474 +0800 push`