[security] Gitea < 1.17.2 bypassing URL restrictions during migration explained
Prior to Gitea 1.17.2 a malicious Gitea server could be used to request local files using the migration web interface or the REST API.
[security] Gitea < 1.17.3 git option injection explained
Prior to Gitea 1.17.3 the web interface that displays the commit graph could be used to inject git options used by the Gitea server.
[solved] Gitea 1.15 and up: path not found or permission denied
After migrating from 1.15 or earlier to gitea 1.16 paths are no longer found and files cannot be created because of permission problems because the default example.ini file changed.
[solved] Gitea 1.16. error: fatal: unsafe repository is owned by someone else
If Gitea runs as user git, calls a patched Git version and a parent directory of the git repositories is owned by a user other than git, it will fail.
[solved] blank or error 500 page after login
After going to production, some Gitea users saw a blank page after login and had to manually type the URL of the project they wanted to see in the browser.