3.1.0

3.1.0 - 2025-02-13

❤️ Thanks to all contributors! ❤️

@Levy-Tal, @anbraten, @cduchenoy, @damuzhi0810, @lafriks, @mzampetakis, @pat-s, @qwerty287, @xoxys

✨ Features

• Add allow list for approvals [#4768]

🐛 Bug Fixes

• Unsanitize user and org names in DB [#4762]
• Store/delete repos after forge communication [#4827]
• Fix k8s secret schema [#4819]
• Move section description to the top [#4773]

📚 Documentation

• Docs: Add Radicle forge addon [#4833]
• fix(deps): update docs npm deps non-major [#4823]
• chore(deps): update dependency isomorphic-dompurify to v2.21.0 [#4805]
• chore(deps): update dependency @types/node to v22.13.0 [#4799]
• Add bluesky post plugin [#4549]
• Various docs improvements [#4772]
• fix(deps): update docs npm deps non-major [#4774]
• Add git basic changelog [#4755]

📈 Enhancement

• Optimize repository list loading to return also latest pipeline info [#4814]
• Add Git Ref To Build Status in BitbucketDatacenter [#4724]

📦️ Dependency

• fix(deps): update golang-packages [#4834]
• fix(deps): update web npm deps non-major [#4831]
• fix(deps): update dependency simple-icons to v14.6.0 [#4830]
• fix(deps): update golang-packages [#4829]
• fix(deps): update web npm deps non-major to v4.0.5 [#4828]
• chore(deps): update docker.io/woodpeckerci/plugin-docker-buildx docker tag to v5.2.1 [#4822]
• fix(deps): update module github.com/google/go-github/v68 to v69 [#4826]
• fix(deps): update web npm deps non-major [#4825]
• fix(deps): update golang-packages [#4812]
• chore(deps): update dependency vitest to v3.0.5 [security] [#4810]
• chore(deps): lock file maintenance [#4808]
• chore(deps): update dependency @antfu/eslint-config to v4.1.1 [#4806]
• fix(deps): update module gitlab.com/gitlab-org/api/client-go to v0.121.0 [#4804]
• fix(deps): update dependency simple-icons to v14.5.0 [#4803]
• fix(deps): update web npm deps non-major to v4.0.3 [#4802]
• fix(deps): update web npm deps non-major [#4798]
• fix(deps): update module github.com/getkin/kin-openapi to v0.129.0 [#4790]
• chore(deps): lock file maintenance [#4783]
• chore(deps): update dependency @antfu/eslint-config to v4.1.0 [#4780]
• fix(deps): update module github.com/bmatcuk/doublestar/v4 to v4.8.1 [#4781]
• chore(deps): update dependency @antfu/eslint-config to v4 [#4779]
• fix(deps): update web npm deps non-major [#4777]
• chore(deps): update pre-commit hook igorshubovych/markdownlint-cli to v0.44.0 [#4776]
• fix(deps): update module google.golang.org/protobuf to v1.36.4 [#4775]
• fix(deps): update module google.golang.org/grpc to v1.70.0 [#4770]
• chore(deps): update docker.io/woodpeckerci/plugin-docker-buildx docker tag to v5.2.0 [#4767]
• chore(deps): update docker.io/mysql docker tag to v9.2.0 [#4766]
• fix(deps): update module github.com/hashicorp/go-plugin to v1.6.3 [#4765]
• chore(deps): update docker.io/woodpeckerci/plugin-ready-release-go docker tag to v3.1.3 [#4764]
• fix(deps): update docker to v27.5.1+incompatible [#4761]
• chore(deps): update dependency vite to v6.0.9 [security] [#4757]

Misc

• chore: fix some function names in comment [#4769]

3.0.1

3.0.1 - 2025-01-20

❤️ Thanks to all contributors! ❤️

@pat-s, @qwerty287, @xoxys

🐛 Bug Fixes

• Only show visited repos and hide at all if less than 4 repos [#4753]
• Fix sql identifier escaping in datastore feed [#4746]
• Fix log folder permissions [#4749]
• Add missing error message for org_access_denied [#4744]
• Fix package configs [#4741]

📚 Documentation

• chore(deps): lock file maintenance [#4751]

📦️ Dependency

• fix(deps): update golang-packages [#4750]
• fix(deps): update dependency simple-icons to v14.3.0 [#4739]
• chore(deps): update dependency vitest to v3 [#4736]

Misc

• fix minor tag creation for server scratch image [#4748]
• use v3 woodpecker libs [#4742]

3.0.0

3.0.0 - 2025-01-18

❤️ Thanks to all contributors! ❤️

@6543, @Fishbowler, @Levy-Tal, @M0Rf30, @anbraten, @cduchenoy, @cevatkerim, @fernandrone, @gedankenstuecke, @gnowland, @greenaar, @hg, @j04n-f, @jenrik, @johanneskastl, @jolheiser, @lafriks, @lukashass, @meln5674, @not-my-profile, @pat-s, @plafue, @qwerty287, @smainz, @stevapple, @tori-27, @tsufeki, @xoxys, @xtexChooser, @zc-devs

💥 Breaking changes

• Add rootless (alpine) images [#4617]
• Unify CLI bin name [#4673]
• Support Git as only VCS [#4346]
• Add rolling semver tags, remove latest tag [#4600]
• Drop native Let's Encrypt support [#4541]
• Require approval for prs from public repos by default [#4456]
• Do not set empty environment variables [#4193]
• Unify cli commands and flags [#4481]
• Move pipeline logs command [#4480]
• Fix woodpecker-go repo model to match server [#4479]
• Restructure cli commands [#4467]
• Add pagination options to all supported endpoints in sdk [#4463]
• Allow to set custom trusted clone plugins [#4352]
• Add PipelineListsOptions to woodpecker-go [#3652]
• Remove secrets in favor of from_secret [#4363]
• Kubernetes | Docker: Add support for rootless images [#4151]
• Split repo trusted setting [#4025]
• Move docker resource limit settings from server to agent [#3174]
• Set /woodpecker as default workdir for the woodpecker-cli container [#4130]
• Require upgrade from 2.x [#4112]
• Don't expose task data via api [#4108]
• Remove some ci environment variables [#3846]
• Remove all default privileged plugins [#4053]
• Add option to filter secrets by plugins with specific tags [#4069]
• Remove old pipeline options [#4016]
• Remove various deprecations [#4017]
• Drop repo name fallback for hooks [#4013]
• Improve local backend detection [#4006]
• Refactor JSON and SDK fields [#3968]
• Migrate to maintained cron lib and remove seconds [#3785]
• Switch to profile-based AppArmor configuration [#4008]
• Remove Kubernetes default image pull secret name regcred [#4005]
• Drop "WOODPECKER_WEBHOOK_HOST" env var and adjust docs [#3969]
• Drop version in schema [#3970]
• Update docker to v27 [#3972]
• Require gitlab 12.4 [#3966]
• Migrate to maintained httpsign library [#3839]
• Remove WOODPECKER_DEV_OAUTH_HOST and WOODPECKER_DEV_GITEA_OAUTH_URL [#3961]
• Remove deprecated pipeline keywords: pipeline:, platform:, branches: [#3916]
• server: remove old unused routes [#3845]
• CLI: remove step-id and add step-number as option to logs [#3927]

🔒 Security

• Don't log DB passwords [#4583]
• Do not log forge tokens [#4551]
• Add server config to disable user registered agents [#4206]
• chore: fix http-proxy-middleware CVE [#4257]
• Allow altering trusted clone plugins and filter them via tag [#4074]
• Update gitea sdk [#4012]
• Update Forgejo SDK [#3948]

✨ Features

• Add user as docker backend_option [#4526]
• Add dns config option to official feature set [#4418]
• Implement org/user agents [#3539]
• Replay pipeline using cli exec by downloading metadata [#4103]
• Update clone plugin to support sha256 [#4136]

📚 Documentation

• Improve 3.0.0 migration notes [#4737]
• Add docs for 3.0 [#4705]
• fix(deps): update docs npm deps non-major [#4733]
• chore(deps): update dependency @types/react to v19.0.5 [#4714]
• fix(deps): update docs npm deps non-major [#4702]
• fix(deps): update react monorepo to v19 (major) [#4529]
• Refactor secrets page in docs [#4644]
• fix(deps): update docs npm deps non-major [#4661]
• chore(deps): lock file maintenance [#4647]
• chore(deps): update dependency concurrently to v9.1.1 [#4631]
• Add docker in docker example to advanced usage in docs [#4620]
• fixed a typo [#4621]
• Fix misleading example in Workflow syntax/Privileged mode [#4613]
• Update docs section about "Custom clone plugins" [#4618]
• Search in plugin tags [#4604]
• chore(deps): update dependency @types/react to v18.3.18 [#4599]
• Update About [#4555]
• chore(deps): update dependency marked to v15.0.4 [#4570]
• Expand docs around the deprecation of former secret syntax [#4561]
• fix(deps): update docs npm deps non-major [#4568]
• Show client flags [#4542]
• chore(deps): update react monorepo to v19 (major) [#4523]
• chore(deps): update docs npm deps non-major [#4519]
• chore(deps): update dependency isomorphic-dompurify to v2.18.0 [#4493]
• fix(deps): update docs npm deps non-major [#4484]
• Add migration notes for restructured cli commands [#4476]
• Various fixes for awesome.md [#4448]
• chore(deps): update dependency isomorphic-dompurify to v2.17.0 [#4449]
• fix(deps): update docs npm deps non-major [#4441]
• chore(deps): update dependency @docusaurus/tsconfig to v3.6.2 [#4433]
• Bump minimum nodejs to v20 [#4417]
• Add microsoft teams plugin [#4400]
• fix(deps): update docs npm deps non-major [#4394]
• chore(deps): update dependency @types/node to v22 [#4395]
• chore(deps): update dependency marked to v15 [[#4396](https://github.com//pull/439...

2.8.3

2.8.3 - 2025-01-12

❤️ Thanks to all contributors! ❤️

@pat-s, @qwerty287

🐛 Bug Fixes

• Fix avatar column type (#4340) [#4602]

Misc

• Update web/ for 2.8 [#4706]
• [release/v2.8] Don't fail user creation if org exists (#4687) [#4692]
• [release/v2.8] Improve error on config loading (#4024) [#4698]
• [release/v2.8] Fix addon nil values (#4666) [#4693]

2.8.2

2.8.2 - 2024-12-19

❤️ Thanks to all contributors! ❤️

@xoxys

🔒 Security

• Backport gitea and forgejo sdk updates [#4592]
• Do not log forge tokens (#4551) [#4590]
• Don't log DB passwords (#4583) [#4589]
• Backport golang security updates [#4587]

v3.0.0-rc.1

A curated changelog is currently being prepared. Please check the Migration notes PR for required changes when upgrading from 2.x to 3.x.

We welcome feedback for the new version to ship a robust final 3.0.

3.0.0-rc1 - 2024-12-14

❤️ Thanks to all contributors! ❤️

@6543, @Fishbowler, @M0Rf30, @anbraten, @cduchenoy, @fernandrone, @gnowland, @greenaar, @hg, @j04n-f, @jenrik, @johanneskastl, @jolheiser, @lafriks, @lukashass, @meln5674, @not-my-profile, @pat-s, @qwerty287, @smainz, @tori-27, @tsufeki, @xoxys, @xtexChooser, @zc-devs

💥 Breaking changes

• Drop native Let's Encrypt support [#4541]
• Set new default approval mode based on repo visibility [#4456]
• Do not set empty environment variables [#4193]
• Unify cli commands and flags [#4481]
• Move pipeline logs command [#4480]
• Fix woodpecker-go repo model to match server [#4479]
• Restructure cli commands [#4467]
• Add pagination options to all supported endpoints in sdk [#4463]
• Allow to set custom trusted clone plugins [#4352]
• Add PipelineListsOptions to woodpecker-go [#3652]
• Remove secrets in favor of from_secret [#4363]
• Kubernetes | Docker: Add support for rootless images [#4151]
• Split repo trusted setting [#4025]
• Move docker resource limit settings from server to agent [#3174]
• Set /woodpecker as default workdir for the woodpecker-cli container [#4130]
• Require upgrade from 2.x [#4112]
• Don't expose task data via api [#4108]
• Remove some ci environment variables [#3846]
• Remove all default privileged plugins [#4053]
• Add option to filter secrets by plugins with specific tags [#4069]
• Remove old pipeline options [#4016]
• Remove various deprecations [#4017]
• Drop repo name fallback for hooks [#4013]
• Improve local backend detection [#4006]
• Refactor JSON and SDK fields [#3968]
• Migrate to maintained cron lib and remove seconds [#3785]
• Switch to profile-based AppArmor configuration [#4008]
• Remove Kubernetes default image pull secret name regcred [#4005]
• Drop "WOODPECKER_WEBHOOK_HOST" env var and adjust docs [#3969]
• Drop version in schema [#3970]
• Update docker to v27 [#3972]
• Require gitlab 12.4 [#3966]
• Migrate to maintained httpsign library [#3839]
• Remove WOODPECKER_DEV_OAUTH_HOST and WOODPECKER_DEV_GITEA_OAUTH_URL [#3961]
• Remove deprecated pipeline keywords: pipeline:, platform:, branches: [#3916]
• server: remove old unused routes [#3845]
• CLI: remove step-id and add step-number as option to logs [#3927]

🔒 Security

• Add server config to disable user registered agents [#4206]
• chore: fix http-proxy-middleware CVE [#4257]
• Allow altering trusted clone plugins and filter them via tag [#4074]
• Update gitea sdk [#4012]
• Update Forgejo SDK [#3948]

✨ Features

• Add user as docker backend_option [#4526]
• Implement org/user agents [#3539]
• Replay pipeline using cli exec by downloading metadata [#4103]
• Update clone plugin to support sha256 [#4136]

🐛 Bug Fixes

• Fix BB ambiguous commit status key [#4544]
• fix: addon JSON pointers [#4508]
• Fix apparmorProfile being ignored when it's the only field [#4507]
• Sanitize strings in table output [#4466]
• Cleanup openapi generation [#4331]
• Support github refresh tokens [#3811]
• Fix not working overflow on repo list message [#4420]
• Fix avatar column type [#4340]
• fix error="io: read/write on closed pipe" on k8s backend [#4281]
• Move update notifier dot into settings button [#4334]
• gitea: add check if pull_request webhook is missing pull info [#4305]
• Refresh token before loading branches [#4284]
• Delete GitLab webhooks with partial URL match [#4259]
• Increase WOODPECKER_FORGE_TIMEOUT to fix config fetching for GitLab [#4262]
• Ensure cli exec has by default not the same prefix [#4132]
• Fix repo add loading spinner [#4135]
• Fix migration registries table [#4111]
• Wait for tracer to be done before finishing workflow [#4068]
• Fix schema with detached steps [#4066]
• Fix schema with commands and entrypoint [#4065]
• Read long log lines from file storage correctly [#4048]
• Set refspec for gitlab MR [#4021]
• Set CI_PREV_COMMIT_{SOURCE,TARGET}_BRANCH as mentioned in the documentation [#4001]
• [Bitbucket Datacenter] Return empty list instead of null [#4010]
• Fix BB PR pipeline ref [#3985]
• Change Bitbucket PR hook to point the source branch, commit & ref [#3965]
• Add updated, merged and declined events to bb webhook activation [#3963]
• Fix login via navbar [#3962]
• Truncate creation in list [#3952]
• Fix panic if forge is unreachable [#3944]

📚 Documentation

• Show client flags [#4542]
• chore(deps): update react monorepo to v19 (major) [#4523]
• chore(deps): update docs npm deps non-major [#4519]
• chore(deps): lock file maintenance [#4502]
• chore(deps): lock file maintenance [#4501]
• chore(deps): update dependency isomorphic-dompurify to v2.18.0 [#4493]
• fix(deps): update docs npm deps non-major [#4484]
• Add migration notes for restructured cli commands [[#4476](https://github.com/woodpecker-ci/woo...

2.8.1

2.8.1 - 2024-12-13

❤️ Thanks to all contributors! ❤️

@j04n-f, @jolheiser

🐛 Bug Fixes

• Add Bitbucket fixes to Release/2.8 [#4547]
• fix: addon JSON pointers (#4508) [#4512]

2.8.0

2.8.0 - 2024-11-28

❤️ Thanks to all contributors! ❤️

@6543, @anbraten, @pat-s, @hg

🔒 Security

• Extend approval options (#3348) [#4429]

✨ Features

• Docker Backend: fully support windows container (#4381) [#4464]

🐛 Bug Fixes

• Enforce exact matching for GitLab groups (#4473) [#4474]
• Normalize aarch64 -> arm64 for docker backend (#4451) [#4457]
• Add migration to autofix corrupted users.org_id entrys in db (#4307) [#4327]

📈 Enhancement

• Deprecate secrets in favor of from_secret [#4360]
• Deprecate and warn of list syntax of environment [#4358]
• Process workflow logs in batches (#4045) [#4356]

Misc

• Use release-helper for release/* branches [#4302]

2.7.3

Changelog

2.7.3 - 2024-11-05

Important

To secure your instance, set WOODPECKER_PLUGINS_PRIVILEGED to only allow specific versions of the woodpeckerci/plugin-docker-buildx plugin, use version 5.0.0 or above. This prevents older, potentially unstable versions from being privileged.

For example, to allow only version 5.0.0, use:

WOODPECKER_PLUGINS_PRIVILEGED=woodpeckerci/plugin-docker-buildx:5.0.0

To allow multiple versions, you can separate them with commas:

WOODPECKER_PLUGINS_PRIVILEGED=woodpeckerci/plugin-docker-buildx:5.0.0,woodpeckerci/plugin-docker-buildx:5.1.0

This setup ensures only specified, stable plugin versions are given privileged access.

Read more about it in #4213

❤️ Thanks to all contributors! ❤️

@anbraten

🐛 Bug Fixes

• Upgrade vue-i18n [#4298]

Misc

• Bump release plugin [#4311]
• Use release-helper for release/* branches [#4300]

2.7.2

Changelog

2.7.2 - 2024-11-03

Important

To secure your instance, set WOODPECKER_PLUGINS_PRIVILEGED to only allow specific versions of the woodpeckerci/plugin-docker-buildx plugin, use version 5.0.0 or above. This prevents older, potentially unstable versions from being privileged.

For example, to allow only version 5.0.0, use:

WOODPECKER_PLUGINS_PRIVILEGED=woodpeckerci/plugin-docker-buildx:5.0.0

To allow multiple versions, you can separate them with commas:

WOODPECKER_PLUGINS_PRIVILEGED=woodpeckerci/plugin-docker-buildx:5.0.0,woodpeckerci/plugin-docker-buildx:5.1.0

This setup ensures only specified, stable plugin versions are given privileged access.

Read more about it in #4213

❤️ Thanks to all contributors! ❤️

@6543, @anbraten, @j04n-f, @pat-s, @qwerty287

🔒 Security

• Chore(deps): update dependency vite to v5.4.6 [security] (#4163) [#4187]

🐛 Bug Fixes

• Don't parse forge config files multiple times if no error occured (#4272) [#4273]
• Fix repo/owner parsing for gitlab (#4255) [#4261]
• Run queue.process() in background [#4115]
• Only update agent.LastWork if not done recently (#4031) [#4100]

Misc

• Backport JS dependency updates [#4189]