Gitea Enterprise 24.7.0 is released

Gitea Team
4 min read

We are excited to announce the release of Gitea Enterprise 24.7.0! This version tightens security throughout the platform, refreshes the administrative experience, and ships several collaboration-focused refinements. We strongly recommend upgrading to benefit from the latest hardening work-especially the fixes called out below.

We've fixed a number of permission and authentication issues to improve security and consistency across the platform:

Permission & Protection Checks

  • Fixed permission validation for deleting releases.
  • Corrected branch protection checks when updating pull requests via rebase.
  • Fixed permission checks for issue dependencies.
  • Fixed validation for deleting comment history entries.

Information Leakage Prevention

  • Unified the error message for "non-existing user" and "invalid password" to avoid revealing account existence.
  • Prevented draft releases from being visible to users without write access.
  • Updated API behavior to return the signature's email address rather than the user profile's email.

Dependency Update

  • Updated golang.org/x/crypto from v0.43.0 -> v0.45.0 to address the critical security issue GO-2025-4134.

Major Breaking changes

No breaking changes are introduced in 24.7.0. All upgrades from 24.6.x and earlier 24.x lines should be seamless, with the usual recommendation to back up critical data before deploying.

Major Highlights

🚀 Precision line selections in pull requests

Reviewers can now select and quote multiple adjacent lines from the pull-request diff view. The richer selection tools make it easier to reference the exact context you're commenting on, reducing back-and-forth during code review.

Multiple selection in the PR files view

🚀 Bulk user management with auto-inactive handling

The administration UI now supports multi-select actions for users, letting operators disable or delete multiple accounts in a single step. Daily inactivity checks also flag dormant accounts (30+ days without activity) so they can be reviewed, while automatically reactivating users as soon as they sign back in.

Bulk management UI

🚀 Site-wide announcements with color controls

Administrators can broadcast important news using a new global announcement bar. Titles can be color-coded, and the announcement body supports Markdown, making it easy to highlight outages, maintenance windows, or policy updates directly inside the UI.

Site announcement banner

🚀 Expanded audit logs with operator filters

Audit logging has been refactored to capture nearly every action that occurs in your instance. Search filters now include the operator's user ID, helping compliance teams trace sensitive changes without pulling raw database logs.

Audit log search refinements

🚀 Unified status check contexts across rule levels

Org-level branch protection rules gained a new option to merge status-check contexts with repository-level requirements. This lets administrators define guardrails centrally while still allowing repos to override behavior where needed.

Branch protection options

🚀 GitHub-style commit messages for squash merges

Squash merges now adopt GitHub-style commit message formatting, producing predictable summaries that include the PR title and individual commits. Teams get consistent history across mirroring workflows and easier automation around release notes.

Squash merge message example

How to install or update

Download our pre-built binaries from the Gitea Enterprise downloads page — make sure to select the version compatible with your platform. For a step-by-step guide on installation or upgrades, check out our installation documentation

Changelog

24.7.0 - 2025-12-01

  • Security
    • Upgrade deps golang.org/x/crypto && Fix security issue on crypto (#332 & #333)
    • Fixing Password Leak in Log Messages (#35584) (#35665)
    • Bump archives & rar dep (#35637)
    • Fix various permission & login related bugs (#36002) (#36004) (#337)
  • Features
    • Add pull request files line selections (#348)
    • Support multi-select users and delete and disable, Support inactive users according to settings automatically (#331)
    • Add site announcement and color picker for title(#338 & #342)
    • Refactor audit logs and add more audit logs (#327)
    • Merge status check contexts of owner-level rule and repo-level rule (#328)
    • Use GitHub-style commit message for squash merge (#35987)
  • BugFixes
    • Invalidate cache and add audit log (#343)
    • Fix user limitation check bug (#341)
    • Fix incorrect pull request counter (#35819) (#35841) (#340)
    • Allow empty commit when merging pull request with squash style (#35989) (#334)
    • Fix send mail bug (#35834)
    • Upgrade go mail (#35752)
    • Refactor legacy code (#35708) (#35713)
    • Correctly override user unitmodes (#35501) (#35666)
    • Fix inputing review comment will remove reviewer (#35591) (#35664)
    • Fix a bug missed return (#35655) (#35671)
    • Fix a compare page 404 bug when the pull request disabled (#35441) (#35453)
    • Fix push commits comments when changing the pull request target branch (#35386) (#35443)
    • Fix bug when issue disabled, pull request number in the commit message cannot be redirected (#35420) (#35442)