Please check whether you changed the security key in the app.ini.

I checked the app.ini file, and the last change was on July 28, 2024.

But I noticed that the value of security.SECRET_KEY seems to be empty. How should I fix this? There are hundreds of repositories! 😂

[security]
INSTALL_LOCK = true
SECRET_KEY =
REVERSE_PROXY_LIMIT = 1
REVERSE_PROXY_TRUSTED_PROXIES = *

If it's empty, a default value will be given and the code hasn't been changed in two years.

Which version did you upgrade from?

There was no problem in version 1.22. This issue did not exist before the upgrade, and this Gitea service has been running for quite a while. The recent upgrade path is as follows:

You look at the database records. The owner of version 1.22 is 11, which is the organization ID. After upgrading to version 1.23, the value here is changed to 0.

There was no problem in version 1.22. This issue did not exist before the upgrade, and this Gitea service has been running for quite a while. The recent upgrade path is as follows:

You look at the database records. The owner of version 1.22 is 11, which is the organization ID. After upgrading to version 1.23, the value here is changed to 0.

OK. Maybe that's the bug? maybe caused by #31724 @wolfogre

As a workaround, maybe update all owner_id = 0 if repo_id > 0 manually. Please backup this table before you do any operations.

@wolfogre Is there any time you can take a look at this issue?

Yes, it is caused by #31724, but it's not a bug; it's by design.

Due to the special nature of secrets, I would rather choose to let Gitea forget some secrets as dirty data (which may bring some inconsistencies, sorry about that) than to let the secrets leak.

@ysicing So please update the database table manually, or recreate those secrets.

@lunny Maybe we can have a doctor tool to fix those dirty data, {OwnerID: x, RepoID: y} -> {OwnerID: 0, RepoID: y}