Forgejo monthly report - March 2026

The monthly report is meant to provide a good overview of what has changed in Forgejo in the past month. If you would like to help, please get in touch in the chatroom or participate in the ongoing discussions.

Releases

Forgejo v15.0.0 release candidates

The Forgejo v15.0.0 branch has been cut and the release is scheduled for April 16. code.forgejo.org is running it ahead of time, to discover and fix problems ahead of time. Additionally, a call for help with testing was posted on Mastodon. Preparations for the associated blog post are also undergoing.

You can help us improve it by trying it out and checking that the features you normally use, as well as the new ones, work as expected.

It can be tried on:

Before deployment, please read the release notes, address any breaking changes that could affect your deployment and ensure that everything is backed up.

Pre-release versions are available:

Report any regressions you find in the issue tracker. If the issues you’re facing are related to security, please report them to the security team according to the security policy.

Security releases: Forgejo v11 and v14

Both supported versions of Forgejo received a security releases during March. On March 9 v11.0.11 and v14.0.3 were released. And matching the v14.0.3 release the helm chart received an update to v16.2.1 too. The security team shipped in total seven fixes with this patch release.

Note: An additional security release has already been published on April 10.

As a reminder, Forgejo publishes advance warning of security releases, similar to what is done when a Go release contains a security fix. They do not reveal the details of the vulnerability but will allow admins to plan ahead and better secure their instance. Anyone can watch the dedicated tracker or subscribe to the RSS feed.

Forgejo runner

The Forgejo Runner received two point releases during the month: v12.7.2 and v12.7.3. These releases included bug fixes and dependency updates. In addition, v12.7.3 introduced a new feature: the use of a Forgejo runner specific user agent for connections to the Forgejo instance.

Governance

AI-Agreement

About six months after the initial AI agreement was created, there was a consensus that it needed some changes. There was some confusion among contributors, especially regarding point two of the agreement. This point stated that the AI-generated code must be compatible with the Forgejo license.

Due to past experiences and clear licensing concerns, a decision was made to prohibit AI-generated work entirely.

All contributors are required to comply with this agreement.

Discussions

Caching packages from remote

In February, a discussion was started regarding the caching of remote packages. The specific use case focuses particularly on OCI packages (so packages used by e.g. Docker).

To better understand the use case and its applications, to ensure development efforts are optimally allocated, and to avoid ending up with a feature that doesn’t work correctly for most users, your feedback is appreciated.

So feel free to check out the discussion, and if this functionality is important to you, please take part.

Notable Pull Requests

Repo-specific access tokens

Until now, it has not been possible to create access tokens for specific repositories. Previously, the only way to create an SSH key was using a deploy key, which granted only read access and optional write access.

This month, work was done on expanding the existing access tokens. They have been enhanced to allow an access token to be restricted to specific repositories with defined permissions.

This functionality will be available with Forgejo v15.

Localization

Work on migrating the string from the legacy INI components to the modern, JSON-based components continued. This new translation component provides improved plural support. Progress is slower than previously planned, but the work is progressing nonetheless. Nevertheless, the results are already positive in the form of locale-aware plurals for more UI elements.

Infrastructure

Usage of code.forgejo.org

The DevOps team operates infrastructure intended to support the development of Forgejo. The servers owned by the project have limited capacity. After detecting high disk usage, the creation of repositories on code.forgejo.org was disabled. Additionally, anyone who used the instance to host a project or mirror is asked to remove their repository if it is not related to the development of the Forgejo project. After a grace period, repositories not related to Forgejo development may be removed to reduce the resource usage. Repositories needed for projects that support Forgejo development can be requested in the Hardware Infrastructure Matrix channel.

code.forgejo.org is not intended for free public Git hosting.

Other

Fedora moves to Forgejo

After announcing their intention to move to Forgejo at the end of 2024, Fedora has now finished preparation work. This means they are migrating to their Forgejo instance, which will serve as their new home. There has already been mutual collaboration in the past, and we hope this will continue. We look forward to a long-term partnership.

We Forge

Forgejo is a community of people who contribute in an inclusive environment. We forge on an equal footing, by reporting a bug, voicing an idea in the chatroom or implementing a new feature.

The following list of contributors is intended to reflect this diversity and to acknowledge all the contributions made over the past month. If you are missing, please ask for an update.