Skip to content

Gitea Enterprise 24.8.0 is released

Gitea Enterprise 24.8.0 is released
Gitea Team
2 min read

We are excited to announce the release of Gitea Enterprise 24.8.0! This version tightens security throughout the platform, refreshes the administrative experience, and ships several collaboration-focused refinements. We strongly recommend upgrading to benefit from the latest hardening work-especially the fixes called out below.

We've fixed a number of important securities and consistency across the platform:

Permission & Protection Checks

  • CVE-2026-20736: Release attachments must belong to the intended repo (#36347) (#36375)
  • CVE-2026-20750: Fix permission check on org project operations (#36318) (#36373)
  • CVE-2026-20883: Add more check for stopwatch read or list (#36340) (#36368)
  • CVE-2026-20904: Fix openid setting check (#36346) (#36361)
  • CVE-2026-20888: Fix cancel auto merge bug (#36341) (#36356)
  • CVE-2026-20912: Fix delete attachment check (#36320) (#36355)
  • CVE-2026-20897: LFS locks must belong to the intended repo (#36344) (#36349)

Information Leakage Prevention

  • CVE-2026-0798: Clean watches when make a repository private and check permission when send release emails (#36319) (#36370)
  • CVE-2026-20800: Fix bug on notification read (#36339) (#36387)

Dependency Update

Go upgrades to 1.25.6 which includes security fixes to the go command, and the archive/zip, crypto/tls, and net/url packages, as well as bug fixes.

How to install or update

Download our pre-built binaries from the Gitea Enterprise downloads page — make sure to select the version compatible with your platform. For a step-by-step guide on installation or upgrades, check out our installation documentation

Changelog

24.8.0 - 2026-01-26