Changelog for 1.16.9 (update) (#20341 )

* Changelog for 1.16.9 (update) * update security section
Hide notify mail setting ui if not enabled (#20138 ) (#20337 )
2022-07-12 19:26:27 +01:00 · 2022-07-12 18:13:31 +01:00 · 2022-07-12 14:52:20 +02:00 · 2022-07-11 17:15:43 +08:00 · 2022-07-06 09:47:16 +08:00 · 2022-07-01 17:39:10 +02:00
3630 changed files with 142265 additions and 129358 deletions
--- a/.air.toml
+++ b/.air.toml
@ -7,4 +7,4 @@ bin = "gitea"
 include_ext = ["go", "tmpl"]
 exclude_dir = ["modules/git/tests", "services/gitdiff/testdata", "modules/avatar/testdata"]
 include_dir = ["cmd", "models", "modules", "options", "routers", "services", "templates"]
-exclude_regex = ["_test.go$", "_gen.go$"]
+exclude_regex = ["_test.go$"]
--- a/.drone.yml
+++ b/.drone.yml
@ -19,13 +19,13 @@ volumes:
 steps:
  - name: deps-frontend
-    image: node:18
+    image: node:16
    pull: always
    commands:
      - make deps-frontend
  - name: deps-backend
-    image: golang:1.19
+    image: golang:1.18
    pull: always
    commands:
      - make deps-backend
@ -34,21 +34,11 @@ steps:
        path: /go
  - name: lint-frontend
-    image: node:18
+    image: node:16
    commands:
      - make lint-frontend
    depends_on: [deps-frontend]
  - name: security-check
    image: golang:1.19
    pull: always
    commands:
      - make security-check
    depends_on: [deps-backend]
    volumes:
      - name: deps
        path: /go
  - name: lint-backend
    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    pull: always
@ -92,34 +82,34 @@ steps:
        path: /go
  - name: checks-frontend
-    image: node:18
+    image: node:16
    commands:
      - make checks-frontend
    depends_on: [deps-frontend]
  - name: checks-backend
-    image: golang:1.19
+    image: golang:1.18
    commands:
-      - make --always-make checks-backend # ensure the 'go-licenses' make target runs
+      - make checks-backend
    depends_on: [deps-backend]
    volumes:
      - name: deps
        path: /go
  - name: test-frontend
-    image: node:18
+    image: node:16
    commands:
      - make test-frontend
    depends_on: [lint-frontend]
  - name: build-frontend
-    image: node:18
+    image: node:16
    commands:
      - make frontend
-    depends_on: [deps-frontend]
+    depends_on: [test-frontend]
  - name: build-backend-no-gcc
-    image: golang:1.18 # this step is kept as the lowest version of golang that we support
+    image: golang:1.16 # this step is kept as the lowest version of golang that we support
    pull: always
    environment:
      GO111MODULE: on
@ -132,7 +122,7 @@ steps:
        path: /go
  - name: build-backend-arm64
-    image: golang:1.19
+    image: golang:1.18
    environment:
      GO111MODULE: on
      GOPROXY: https://goproxy.io
@ -148,7 +138,7 @@ steps:
        path: /go
  - name: build-backend-windows
-    image: golang:1.19
+    image: golang:1.18
    environment:
      GO111MODULE: on
      GOPROXY: https://goproxy.io
@ -163,7 +153,7 @@ steps:
        path: /go
  - name: build-backend-386
-    image: golang:1.19
+    image: golang:1.18
    environment:
      GO111MODULE: on
      GOPROXY: https://goproxy.io
@ -253,7 +243,7 @@ steps:
          - pull_request
  - name: deps-backend
-    image: golang:1.19
+    image: golang:1.18
    pull: always
    commands:
      - make deps-backend
@ -341,7 +331,7 @@ steps:
    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
-      - timeout -s ABRT 50m make test-mysql8-migration test-mysql8
+      - timeout -s ABRT 40m make test-mysql8-migration test-mysql8
    environment:
      GOPROXY: https://goproxy.io
      TAGS: bindata
@ -370,7 +360,7 @@ steps:
        path: /go
  - name: generate-coverage
-    image: golang:1.19
+    image: golang:1.18
    commands:
      - make coverage
    environment:
@ -446,7 +436,7 @@ steps:
          - pull_request
  - name: deps-backend
-    image: golang:1.19
+    image: golang:1.18
    pull: always
    commands:
      - make deps-backend
@ -479,7 +469,7 @@ steps:
    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
-      - timeout -s ABRT 50m make test-sqlite-migration test-sqlite
+      - timeout -s ABRT 40m make test-sqlite-migration test-sqlite
    environment:
      GOPROXY: https://goproxy.io
      TAGS: bindata gogit sqlite sqlite_unlock_notify
@ -495,7 +485,7 @@ steps:
    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
-      - timeout -s ABRT 50m make test-pgsql-migration test-pgsql
+      - timeout -s ABRT 40m make test-pgsql-migration test-pgsql
    environment:
      GOPROXY: https://goproxy.io
      TAGS: bindata gogit
@ -508,78 +498,6 @@ steps:
      - name: deps
        path: /go
 ---
 kind: pipeline
 type: docker
 name: testing-e2e
 platform:
  os: linux
  arch: amd64
 depends_on:
  - compliance
 trigger:
  event:
    - pull_request
 volumes:
  - name: deps
    temp: {}
 services:
  - name: pgsql
    pull: default
    image: postgres:10
    environment:
      POSTGRES_DB: testgitea-e2e
      POSTGRES_PASSWORD: postgres
      POSTGRES_INITDB_ARGS: --encoding=UTF8 --lc-collate='en_US.UTF-8' --lc-ctype='en_US.UTF-8'
 steps:
  - name: deps-frontend
    image: node:18
    pull: always
    commands:
      - make deps-frontend
  - name: build-frontend
    image: node:18
    commands:
      - make frontend
    depends_on: [deps-frontend]
  - name: deps-backend
    image: golang:1.18
    pull: always
    commands:
      - make deps-backend
    volumes:
      - name: deps
        path: /go
  # TODO: We should probably build all dependencies into a test image
  - name: test-e2e
    image: mcr.microsoft.com/playwright:v1.27.1-focal
    commands:
      - curl -sLO https://go.dev/dl/go1.19.linux-amd64.tar.gz && tar -C /usr/local -xzf go1.19.linux-amd64.tar.gz
      - groupadd --gid 1001 gitea && useradd -m --gid 1001 --uid 1001 gitea
      - apt-get -qq update && apt-get -qqy install build-essential
      - export TEST_PGSQL_SCHEMA=''
      - ./build/test-env-prepare.sh
      - su gitea bash -c "export PATH=$PATH:/usr/local/go/bin && timeout -s ABRT 40m make test-e2e-pgsql"
    environment:
      GOPROXY: https://goproxy.io
      GOSUMDB: sum.golang.org
      USE_REPO_TEST_DIR: 1
      TEST_PGSQL_DBNAME: 'testgitea-e2e'
      DEBIAN_FRONTEND: noninteractive
    depends_on: [build-frontend, deps-backend]
    volumes:
      - name: deps
        path: /go
 ---
 kind: pipeline
 name: update_translations
@ -626,8 +544,6 @@ steps:
      commit_message: "[skip ci] Updated translations via Crowdin"
      remote: "git@github.com:go-gitea/gitea.git"
    environment:
      DRONE_COMMIT_AUTHOR_EMAIL: "teabot@gitea.io"
      DRONE_COMMIT_AUTHOR: GiteaBot
      GIT_PUSH_SSH_KEY:
        from_secret: git_push_ssh_key
@ -662,7 +578,7 @@ trigger:
 steps:
  - name: download
-    image: golang:1.19
+    image: golang:1.18
    pull: always
    commands:
      - timeout -s ABRT 40m make generate-license generate-gitignore
@ -672,14 +588,12 @@ steps:
    pull: always
    settings:
      author_email: "teabot@gitea.io"
-      author_name: "GiteaBot"
+      author_name: GiteaBot
      branch: main
      commit: true
-      commit_message: "[skip ci] Updated licenses and gitignores"
+      commit_message: "[skip ci] Updated licenses and gitignores "
      remote: "git@github.com:go-gitea/gitea.git"
    environment:
      DRONE_COMMIT_AUTHOR_EMAIL: "teabot@gitea.io"
      DRONE_COMMIT_AUTHOR: "GiteaBot"
      GIT_PUSH_SSH_KEY:
        from_secret: git_push_ssh_key
@ -720,13 +634,13 @@ steps:
      - git fetch --tags --force
  - name: deps-frontend
-    image: node:18
+    image: node:16
    pull: always
    commands:
      - make deps-frontend
  - name: deps-backend
-    image: golang:1.19
+    image: golang:1.18
    pull: always
    commands:
      - make deps-backend
@ -735,17 +649,15 @@ steps:
        path: /go
  - name: static
-    image: techknowlogick/xgo:go-1.19.x
+    image: techknowlogick/xgo:go-1.18.x
    pull: always
    commands:
-      # Upgrade to node 18 once https://github.com/techknowlogick/xgo/issues/163 is resolved
+      - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get install -y nodejs
      - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get -qqy install nodejs
      - export PATH=$PATH:$GOPATH/bin
      - make release
    environment:
      GOPROXY: https://goproxy.io # proxy.golang.org is blocked in China, this proxy is not
      TAGS: bindata sqlite sqlite_unlock_notify
      DEBIAN_FRONTEND: noninteractive
    volumes:
      - name: deps
        path: /go
@ -841,13 +753,13 @@ steps:
      - git fetch --tags --force
  - name: deps-frontend
-    image: node:18
+    image: node:16
    pull: always
    commands:
      - make deps-frontend
  - name: deps-backend
-    image: golang:1.19
+    image: golang:1.18
    pull: always
    commands:
      - make deps-backend
@ -856,17 +768,15 @@ steps:
        path: /go
  - name: static
-    image: techknowlogick/xgo:go-1.19.x
+    image: techknowlogick/xgo:go-1.18.x
    pull: always
    commands:
-      # Upgrade to node 18 once https://github.com/techknowlogick/xgo/issues/163 is resolved
+      - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get install -y nodejs
      - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get -qqy install nodejs
      - export PATH=$PATH:$GOPATH/bin
      - make release
    environment:
      GOPROXY: https://goproxy.io # proxy.golang.org is blocked in China, this proxy is not
      TAGS: bindata sqlite sqlite_unlock_notify
      DEBIAN_FRONTEND: noninteractive
    depends_on: [fetch-tags]
    volumes:
      - name: deps
@ -992,8 +902,11 @@ steps:
    image: techknowlogick/drone-docker:latest
    pull: always
    settings:
-      auto_tag: true
+      auto_tag: false
      auto_tag_suffix: linux-amd64
      tags:
        - ${DRONE_TAG##v}-linux-amd64
        - ${DRONE_TAG:1:4}-linux-amd64
      repo: gitea/gitea
      build_args:
        - GOPROXY=https://goproxy.io
@ -1010,8 +923,11 @@ steps:
    image: techknowlogick/drone-docker:latest
    settings:
      dockerfile: Dockerfile.rootless
-      auto_tag: true
+      auto_tag: false
      auto_tag_suffix: linux-amd64-rootless
      tags:
        - ${DRONE_TAG##v}-linux-amd64-rootless
        - ${DRONE_TAG:1:4}-linux-amd64-rootless
      repo: gitea/gitea
      build_args:
        - GOPROXY=https://goproxy.io
@ -1216,8 +1132,11 @@ steps:
    image: techknowlogick/drone-docker:latest
    pull: always
    settings:
-      auto_tag: true
+      auto_tag: false
      auto_tag_suffix: linux-arm64
      tags:
        - ${DRONE_TAG##v}-linux-arm64
        - ${DRONE_TAG:1:4}-linux-arm64
      repo: gitea/gitea
      build_args:
        - GOPROXY=https://goproxy.io
@ -1234,8 +1153,11 @@ steps:
    image: techknowlogick/drone-docker:latest
    settings:
      dockerfile: Dockerfile.rootless
-      auto_tag: true
+      auto_tag: false
      auto_tag_suffix: linux-arm64-rootless
      tags:
        - ${DRONE_TAG##v}-linux-arm64-rootless
        - ${DRONE_TAG:1:4}-linux-arm64-rootless
      repo: gitea/gitea
      build_args:
        - GOPROXY=https://goproxy.io
@ -1389,7 +1311,7 @@ steps:
    image: plugins/manifest
    pull: always
    settings:
-      auto_tag: true
+      auto_tag: false
      ignore_missing: true
      spec: docker/manifest.rootless.tmpl
      password:
@ -1400,7 +1322,7 @@ steps:
  - name: manifest
    image: plugins/manifest
    settings:
-      auto_tag: true
+      auto_tag: false
      ignore_missing: true
      spec: docker/manifest.tmpl
      password:
--- a/.editorconfig
+++ b/.editorconfig
@ -26,3 +26,6 @@ indent_style = tab
 [*.svg]
 insert_final_newline = false
 [*.md]
 trim_trailing_whitespace = false
--- a/.eslintrc.yaml
+++ b/.eslintrc.yaml
@ -11,30 +11,47 @@ parserOptions:
 plugins:
  - eslint-plugin-unicorn
  - eslint-plugin-import
-  - eslint-plugin-jquery
+  - eslint-plugin-vue
-  - eslint-plugin-sonarjs
+  - eslint-plugin-html
 extends:
  - plugin:vue/recommended
 env:
-  es2022: true
+  es2021: true
  node: true
 globals:
  __webpack_public_path__: true
  CodeMirror: false
  Dropzone: false
  SimpleMDE: false
 settings:
  html/html-extensions: [".tmpl"]
 overrides:
-  - files: ["web_src/**/*.js", "docs/**/*.js"]
+  - files: ["web_src/**/*.js", "web_src/**/*.vue", "templates/**/*.tmpl"]
    env:
      browser: true
      jquery: true
      node: false
  - files: ["templates/**/*.tmpl"]
    rules:
      no-tabs: [0]
      indent: [2, tab, {SwitchCase: 1}]
  - files: ["web_src/**/*worker.js"]
    env:
      worker: true
    rules:
-      no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, status, statusbar, stop, toolbar, top]
+      no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, location, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, status, statusbar, stop, toolbar, top]
  - files: ["build/generate-images.js"]
    rules:
      import/no-unresolved: [0]
      import/no-extraneous-dependencies: [0]
  - files: ["*.test.js"]
    env:
      jest: true
  - files: ["*.config.js"]
    rules:
      import/no-unused-modules: [0]
@ -43,7 +60,7 @@ rules:
  accessor-pairs: [2]
  array-bracket-newline: [0]
  array-bracket-spacing: [2, never]
-  array-callback-return: [2, {checkForEach: true}]
+  array-callback-return: [0]
  array-element-newline: [0]
  arrow-body-style: [0]
  arrow-parens: [2, always]
@ -106,7 +123,7 @@ rules:
  import/no-extraneous-dependencies: [2]
  import/no-import-module-exports: [0]
  import/no-internal-modules: [0]
-  import/no-mutable-exports: [0]
+  import/no-mutable-exports: [2]
  import/no-named-as-default-member: [0]
  import/no-named-as-default: [2]
  import/no-named-default: [0]
@ -118,7 +135,7 @@ rules:
  import/no-restricted-paths: [0]
  import/no-self-import: [2]
  import/no-unassigned-import: [0]
-  import/no-unresolved: [2, {commonjs: true, ignore: ["\\?.+$"]}]
+  import/no-unresolved: [2, {commonjs: true}]
  import/no-unused-modules: [2, {unusedExports: true}]
  import/no-useless-path-segments: [2, {commonjs: true}]
  import/no-webpack-loader-syntax: [2]
@ -127,62 +144,12 @@ rules:
  import/unambiguous: [0]
  indent: [2, 2, {SwitchCase: 1}]
  init-declarations: [0]
  jquery/no-ajax-events: [2]
  jquery/no-ajax: [0]
  jquery/no-animate: [2]
  jquery/no-attr: [0]
  jquery/no-bind: [2]
  jquery/no-class: [0]
  jquery/no-clone: [2]
  jquery/no-closest: [0]
  jquery/no-css: [0]
  jquery/no-data: [0]
  jquery/no-deferred: [2]
  jquery/no-delegate: [2]
  jquery/no-each: [0]
  jquery/no-extend: [2]
  jquery/no-fade: [0]
  jquery/no-filter: [0]
  jquery/no-find: [0]
  jquery/no-global-eval: [2]
  jquery/no-grep: [2]
  jquery/no-has: [2]
  jquery/no-hide: [0]
  jquery/no-html: [0]
  jquery/no-in-array: [2]
  jquery/no-is-array: [2]
  jquery/no-is-function: [2]
  jquery/no-is: [0]
  jquery/no-load: [2]
  jquery/no-map: [0]
  jquery/no-merge: [2]
  jquery/no-param: [2]
  jquery/no-parent: [0]
  jquery/no-parents: [0]
  jquery/no-parse-html: [2]
  jquery/no-prop: [0]
  jquery/no-proxy: [2]
  jquery/no-ready: [0]
  jquery/no-serialize: [2]
  jquery/no-show: [0]
  jquery/no-size: [2]
  jquery/no-sizzle: [0]
  jquery/no-slide: [0]
  jquery/no-submit: [0]
  jquery/no-text: [0]
  jquery/no-toggle: [0]
  jquery/no-trigger: [0]
  jquery/no-trim: [2]
  jquery/no-val: [0]
  jquery/no-when: [2]
  jquery/no-wrap: [2]
  key-spacing: [2]
  keyword-spacing: [2]
  line-comment-position: [0]
  linebreak-style: [2, unix]
  lines-around-comment: [0]
  lines-between-class-members: [0]
  logical-assignment-operators: [0]
  max-classes-per-file: [0]
  max-depth: [0]
  max-len: [0]
@ -209,9 +176,8 @@ rules:
  no-compare-neg-zero: [2]
  no-cond-assign: [2, except-parens]
  no-confusing-arrow: [0]
-  no-console: [1, {allow: [debug, info, warn, error]}]
+  no-console: [1, {allow: [info, warn, error]}]
  no-const-assign: [2]
  no-constant-binary-expression: [2]
  no-constant-condition: [0]
  no-constructor-return: [2]
  no-continue: [0]
@ -243,7 +209,7 @@ rules:
  no-floating-decimal: [0]
  no-func-assign: [2]
  no-global-assign: [2]
-  no-implicit-coercion: [2]
+  no-implicit-coercion: [0]
  no-implicit-globals: [0]
  no-implied-eval: [2]
  no-import-assign: [2]
@ -254,7 +220,7 @@ rules:
  no-irregular-whitespace: [2]
  no-iterator: [2]
  no-label-var: [2]
-  no-labels: [0]
+  no-labels: [2]
  no-lone-blocks: [2]
  no-lonely-if: [0]
  no-loop-func: [0]
@ -285,7 +251,7 @@ rules:
  no-redeclare: [2]
  no-regex-spaces: [2]
  no-restricted-exports: [0]
-  no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, location, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, self, status, statusbar, stop, toolbar, top, __dirname, __filename]
+  no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, location, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, self, status, statusbar, stop, toolbar, top]
  no-restricted-imports: [0]
  no-restricted-syntax: [2, WithStatement, ForInStatement, LabeledStatement]
  no-return-assign: [0]
@ -318,9 +284,9 @@ rules:
  no-unused-expressions: [2]
  no-unused-labels: [2]
  no-unused-private-class-members: [2]
-  no-unused-vars: [2, {args: all, argsIgnorePattern: ^_, varsIgnorePattern: ^_, caughtErrorsIgnorePattern: ^_, destructuredArrayIgnorePattern: ^_, ignoreRestSiblings: false}]
+  no-unused-vars: [2, {args: all, argsIgnorePattern: ^_, varsIgnorePattern: ^_, caughtErrorsIgnorePattern: ^_, ignoreRestSiblings: false}]
-  no-use-before-define: [2, {functions: false, classes: true, variables: true, allowNamedExports: true}]
+  no-use-before-define: [2, nofunc]
-  no-useless-backreference: [2]
+  no-useless-backreference: [0]
  no-useless-call: [2]
  no-useless-catch: [2]
  no-useless-computed-key: [2]
@ -333,7 +299,7 @@ rules:
  no-void: [2]
  no-warning-comments: [0]
  no-whitespace-before-property: [2]
-  no-with: [0]
+  no-with: [2]
  nonblock-statement-body-position: [2]
  object-curly-newline: [0]
  object-curly-spacing: [2, never]
@ -345,13 +311,13 @@ rules:
  padded-blocks: [2, never]
  padding-line-between-statements: [0]
  prefer-arrow-callback: [2, {allowNamedFunctions: true, allowUnboundThis: true}]
-  prefer-const: [2, {destructuring: all, ignoreReadBeforeAssign: true}]
+  prefer-const: [2, {destructuring: all}]
  prefer-destructuring: [0]
  prefer-exponentiation-operator: [2]
  prefer-named-capture-group: [0]
  prefer-numeric-literals: [2]
  prefer-object-has-own: [0]
-  prefer-object-spread: [2]
+  prefer-object-spread: [0]
  prefer-promise-reject-errors: [2, {allowEmptyReject: false}]
  prefer-regex-literals: [2]
  prefer-rest-params: [2]
@ -368,38 +334,6 @@ rules:
  semi-spacing: [2, {before: false, after: true}]
  semi-style: [2, last]
  semi: [2, always, {omitLastInOneLineBlock: true}]
  sonarjs/cognitive-complexity: [0]
  sonarjs/elseif-without-else: [0]
  sonarjs/max-switch-cases: [0]
  sonarjs/no-all-duplicated-branches: [2]
  sonarjs/no-collapsible-if: [0]
  sonarjs/no-collection-size-mischeck: [2]
  sonarjs/no-duplicate-string: [0]
  sonarjs/no-duplicated-branches: [0]
  sonarjs/no-element-overwrite: [2]
  sonarjs/no-empty-collection: [2]
  sonarjs/no-extra-arguments: [2]
  sonarjs/no-gratuitous-expressions: [2]
  sonarjs/no-identical-conditions: [2]
  sonarjs/no-identical-expressions: [2]
  sonarjs/no-identical-functions: [2, 5]
  sonarjs/no-ignored-return: [2]
  sonarjs/no-inverted-boolean-check: [2]
  sonarjs/no-nested-switch: [0]
  sonarjs/no-nested-template-literals: [0]
  sonarjs/no-one-iteration-loop: [2]
  sonarjs/no-redundant-boolean: [2]
  sonarjs/no-redundant-jump: [0]
  sonarjs/no-same-line-conditional: [2]
  sonarjs/no-small-switch: [0]
  sonarjs/no-unused-collection: [2]
  sonarjs/no-use-of-empty-return-value: [2]
  sonarjs/no-useless-catch: [2]
  sonarjs/non-existent-operator: [2]
  sonarjs/prefer-immediate-return: [0]
  sonarjs/prefer-object-literal: [0]
  sonarjs/prefer-single-boolean-return: [0]
  sonarjs/prefer-while: [2]
  sort-imports: [0]
  sort-keys: [0]
  sort-vars: [0]
@ -447,22 +381,19 @@ rules:
  unicorn/no-new-array: [0]
  unicorn/no-new-buffer: [0]
  unicorn/no-null: [0]
-  unicorn/no-object-as-default-parameter: [0]
+  unicorn/no-object-as-default-parameter: [2]
  unicorn/no-process-exit: [0]
  unicorn/no-reduce: [2]
  unicorn/no-static-only-class: [2]
  unicorn/no-thenable: [2]
  unicorn/no-this-assignment: [2]
  unicorn/no-unnecessary-await: [2]
  unicorn/no-unreadable-array-destructuring: [0]
  unicorn/no-unreadable-iife: [2]
  unicorn/no-unsafe-regex: [0]
  unicorn/no-unused-properties: [2]
  unicorn/no-useless-fallback-in-spread: [2]
  unicorn/no-useless-length-check: [2]
  unicorn/no-useless-promise-resolve-reject: [2]
  unicorn/no-useless-spread: [2]
  unicorn/no-useless-switch-case: [2]
  unicorn/no-useless-undefined: [0]
  unicorn/no-zero-fractions: [2]
  unicorn/number-literal-case: [0]
@ -474,21 +405,17 @@ rules:
  unicorn/prefer-array-index-of: [2]
  unicorn/prefer-array-some: [2]
  unicorn/prefer-at: [0]
-  unicorn/prefer-code-point: [0]
+  unicorn/prefer-code-point: [2]
  unicorn/prefer-dataset: [2]
  unicorn/prefer-date-now: [2]
  unicorn/prefer-default-parameters: [0]
  unicorn/prefer-event-key: [2]
  unicorn/prefer-event-target: [2]
  unicorn/prefer-export-from: [2]
  unicorn/prefer-includes: [2]
  unicorn/prefer-json-parse-buffer: [0]
  unicorn/prefer-logical-operator-over-ternary: [2]
  unicorn/prefer-math-trunc: [2]
  unicorn/prefer-modern-dom-apis: [0]
  unicorn/prefer-modern-math-apis: [2]
  unicorn/prefer-module: [2]
  unicorn/prefer-native-coercion-functions: [2]
  unicorn/prefer-negative-index: [2]
  unicorn/prefer-node-append: [0]
  unicorn/prefer-node-protocol: [0]
@ -518,13 +445,16 @@ rules:
  unicorn/require-number-to-fixed-digits-argument: [2]
  unicorn/require-post-message-target-origin: [0]
  unicorn/string-content: [0]
  unicorn/switch-case-braces: [0]
  unicorn/template-indent: [2]
  unicorn/text-encoding-identifier-case: [0]
  unicorn/throw-new-error: [2]
  use-isnan: [2]
  valid-typeof: [2, {requireStringLiterals: true}]
  vars-on-top: [0]
  vue/attributes-order: [0]
  vue/component-definition-name-casing: [0]
  vue/html-closing-bracket-spacing: [0]
  vue/max-attributes-per-line: [0]
  vue/one-component-per-file: [0]
  wrap-iife: [2, inside]
  wrap-regex: [0]
  yield-star-spacing: [2, after]
--- a/.gitattributes
+++ b/.gitattributes
@ -1,8 +1,8 @@
 * text=auto eol=lf
 *.tmpl linguist-language=Handlebars
 /assets/*.json linguist-generated
 /public/vendor/** -text -eol linguist-vendored
 /vendor/** -text -eol linguist-vendored
 /public/vendor/** -text -eol linguist-vendored
 /templates/**/*.tmpl linguist-language=Handlebars
 /.eslintrc linguist-language=YAML
 /.stylelintrc linguist-language=YAML
 /web_src/fomantic/build/** linguist-generated
 /web_src/js/vendor/** -text -eol linguist-vendored
 Dockerfile.* linguist-language=Dockerfile
--- a/.github/ISSUE_TEMPLATE/bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/bug-report.yaml
@ -1,6 +1,5 @@
 name: Bug Report
 description: Found something you weren't expecting? Report it here!
 labels: kind/bug
 body:
 - type: markdown
  attributes:
@ -17,16 +16,6 @@ body:
      4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
      5. Please give all relevant information below for bug reports, because
         incomplete details will be handled as an invalid report.
      6. In particular it's really important to provide pertinent logs. You must give us DEBUG level logs.
         Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
         In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
 - type: textarea
  id: description
  attributes:
    label: Description
    description: |
      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below)
      If you are using a proxy or a CDN (e.g. Cloudflare) in front of Gitea, please disable the proxy/CDN fully and access Gitea directly to confirm the issue still persists without those services.
 - type: input
  id: gitea-ver
  attributes:
@ -34,34 +23,6 @@ body:
    description: Gitea version (or commit reference) of your instance
  validations:
    required: true
 - type: dropdown
  id: can-reproduce
  attributes:
    label: Can you reproduce the bug on the Gitea demo site?
    description: |
      If so, please provide a URL in the Description field
      URL of Gitea demo: https://try.gitea.io
    options:
    - "Yes"
    - "No"
  validations:
    required: true
 - type: markdown
  attributes:
    value: |
      It's really important to provide pertinent logs
      Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
      In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
 - type: input
  id: logs
  attributes:
    label: Log Gist
    description: Please provide a gist URL of your logs, with any sensitive information (e.g. API keys) removed/hidden
 - type: textarea
  id: screenshots
  attributes:
    label: Screenshots
    description: If this issue involves the Web Interface, please provide one or more screenshots
 - type: input
  id: git-ver
  attributes:
@ -92,3 +53,38 @@ body:
    - MySQL
    - MSSQL
    - SQLite
 - type: dropdown
  id: can-reproduce
  attributes:
    label: Can you reproduce the bug on the Gitea demo site?
    description: |
      If so, please provide a URL in the Description field
      URL of Gitea demo: https://try.gitea.io
    options:
    - "Yes"
    - "No"
  validations:
    required: true
 - type: markdown
  attributes:
    value: |
      It's really important to provide pertinent logs
      Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
      In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
 - type: input
  id: logs
  attributes:
    label: Log Gist
    description: Please provide a gist URL of your logs, with any sensitive information (e.g. API keys) removed/hidden
 - type: textarea
  id: description
  attributes:
    label: Description
    description: |
      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see above)
      If you are using a proxy or a CDN (e.g. Cloudflare) in front of Gitea, please disable the proxy/CDN fully and access Gitea directly to confirm the issue still persists without those services.
 - type: textarea
  id: screenshots
  attributes:
    label: Screenshots
    description: If this issue involves the Web Interface, please provide one or more screenshots
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -1,10 +1,10 @@
-blank_issues_enabled: false
+blank_issues_enabled: true
 contact_links:
  - name: Security Concern
    url: https://tinyurl.com/security-gitea
    about: For security concerns, please send a mail to security@gitea.io instead of opening a public issue.
  - name: Discord Server
-    url: https://discord.gg/Gitea
+    url: https://discord.gg/gitea
    about: Please ask questions and discuss configuration or deployment problems here.
  - name: Discourse Forum
    url: https://discourse.gitea.io
--- a/.github/ISSUE_TEMPLATE/feature-request.yaml
+++ b/.github/ISSUE_TEMPLATE/feature-request.yaml
@ -1,6 +1,5 @@
 name: Feature Request
 description: Got an idea for a feature that Gitea doesn't have currently?  Submit your idea here!
 labels: ["kind/feature", "kind/proposal"]
 body:
 - type: markdown
  attributes:
--- a/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
@ -1,6 +1,5 @@
 name: Web Interface Bug Report
 description: Something doesn't look quite as it should?  Report it here!
 labels: ["kind/bug", "kind/ui"]
 body:
 - type: markdown
  attributes:
@ -16,23 +15,6 @@ body:
      4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
      5. Please give all relevant information below for bug reports, because
         incomplete details will be handled as an invalid report.
      6. In particular it's really important to provide pertinent logs. If you are certain that this is a javascript
         error, show us the javascript console. If the error appears to relate to Gitea the server you must also give us
         DEBUG level logs. (See https://docs.gitea.io/en-us/logging-configuration/#debugging-problems)
 - type: textarea
  id: description
  attributes:
    label: Description
    description: |
      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below)
      If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please disable the proxy/CDN fully and connect to gitea directly to confirm the issue still persists without those services.
 - type: textarea
  id: screenshots
  attributes:
    label: Screenshots
    description: Please provide at least 1 screenshot showing the issue.
  validations:
    required: true
 - type: input
  id: gitea-ver
  attributes:
@ -40,18 +22,6 @@ body:
    description: Gitea version (or commit reference) your instance is running
  validations:
    required: true
 - type: dropdown
  id: can-reproduce
  attributes:
    label: Can you reproduce the bug on the Gitea demo site?
    description: |
      If so, please provide a URL in the Description field
      URL of Gitea demo: https://try.gitea.io
    options:
    - "Yes"
    - "No"
  validations:
    required: true
 - type: input
  id: os-ver
  attributes:
@ -64,3 +34,29 @@ body:
    description: The browser and version that you are using to access Gitea
  validations:
    required: true
 - type: dropdown
  id: can-reproduce
  attributes:
    label: Can you reproduce the bug on the Gitea demo site?
    description: |
      If so, please provide a URL in the Description field
      URL of Gitea demo: https://try.gitea.io
    options:
    - "Yes"
    - "No"
  validations:
    required: true
 - type: textarea
  id: description
  attributes:
    label: Description
    description: |
      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see above)
      If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please disable the proxy/CDN fully and connect to gitea directly to confirm the issue still persists without those services.
 - type: textarea
  id: screenshots
  attributes:
    label: Screenshots
    description: Please provide at least 1 screenshot showing the issue.
  validations:
    required: true
--- a/.gitignore
+++ b/.gitignore
@ -63,14 +63,21 @@ cpu.out
 /indexers
 /log
 /public/img/avatar
-/tests/integration/gitea-integration-*
+/integrations/gitea-integration-mysql
-/tests/integration/indexers-*
+/integrations/gitea-integration-mysql8
-/tests/e2e/gitea-e2e-*
+/integrations/gitea-integration-pgsql
-/tests/e2e/indexers-*
+/integrations/gitea-integration-sqlite
-/tests/e2e/reports
+/integrations/gitea-integration-mssql
-/tests/e2e/test-artifacts
+/integrations/indexers-mysql
-/tests/e2e/test-snapshots
+/integrations/indexers-mysql8
-/tests/*.ini
+/integrations/indexers-pgsql
 /integrations/indexers-sqlite
 /integrations/indexers-mssql
 /integrations/sqlite.ini
 /integrations/mysql.ini
 /integrations/mysql8.ini
 /integrations/pgsql.ini
 /integrations/mssql.ini
 /node_modules
 /yarn.lock
 /yarn-error.log
@ -95,7 +102,6 @@ cpu.out
 !/web_src/fomantic/build/themes/default/assets/fonts/outline-icons.woff2
 /VERSION
 /.air
 /.go-licenses
 # Snapcraft
 snap/.snapcraft/
--- a/.gitpod.yml
+++ b/.gitpod.yml
@ -1,42 +0,0 @@
 tasks:
  - name: Setup
    init: |
      cp -r contrib/ide/vscode .vscode
      make deps
      make build
    command: |
      gp sync-done setup
      exit 0
  - name: Run frontend
    command: |
      gp sync-await setup
      make watch-frontend
  - name: Run backend
    command: |
      gp sync-await setup
      mkdir -p custom/conf/
      echo -e "[server]\nROOT_URL=$(gp url 3000)/" > custom/conf/app.ini
      echo -e "\n[database]\nDB_TYPE = sqlite3\nPATH = $GITPOD_REPO_ROOT/data/gitea.db" >> custom/conf/app.ini
      export TAGS="sqlite sqlite_unlock_notify"
      make watch-backend
  - name: Run docs
    before: sudo bash -c "$(grep 'https://github.com/gohugoio/hugo/releases/download' Makefile | tr -d '\')" # install hugo
    command: cd docs && make clean update && hugo server -D -F --baseUrl $(gp url 1313) --liveReloadPort=443 --appendPort=false --bind=0.0.0.0
 vscode:
  extensions:
    - editorconfig.editorconfig
    - dbaeumer.vscode-eslint
    - golang.go
    - stylelint.vscode-stylelint
    - DavidAnson.vscode-markdownlint
    - johnsoncodehk.volar
    - ms-azuretools.vscode-docker
    - zixuanchen.vitest-explorer
    - alexcvzz.vscode-sqlite
 ports:
  - name: Gitea
    port: 3000
  - name: Docs
    port: 1313
--- a/.golangci.yml
+++ b/.golangci.yml
@ -12,23 +12,16 @@ linters:
    - dupl
    #- gocyclo # The cyclomatic complexety of a lot of functions is too high, we should refactor those another time.
    - gofmt
-    - gocritic
+    - misspell
    #- gocritic # TODO: disabled until fixed with go 1.18
    - bidichk
    - ineffassign
    - revive
    - gofumpt
    - depguard
    - nakedret
    - unconvert
    - wastedassign
    - nolintlint
    - stylecheck
  enable-all: false
  disable-all: true
  fast: false
 run:
  go: 1.19
  timeout: 10m
  skip-dirs:
    - node_modules
@ -36,10 +29,6 @@ run:
    - web_src
 linters-settings:
  stylecheck:
    checks: ["all", "-ST1005", "-ST1003"]
  nakedret:
    max-func-lines: 0
  gocritic:
    disabled-checks:
      - ifElseChain
@ -74,19 +63,9 @@ linters-settings:
      - name: modifies-value-receiver
  gofumpt:
    extra-rules: true
-    lang-version: "1.19"
+    lang-version: 1.18
  depguard:
    # TODO: use depguard to replace import checks in gitea-vet
    list-type: denylist
    # Check the list against standard lib.
    include-go-root: true
    packages-with-error-message:
      - encoding/json: "use gitea's modules/json instead of encoding/json"
      - github.com/unknwon/com: "use gitea's util and replacements"
 issues:
  max-issues-per-linter: 0
  max-same-issues: 0
  exclude-rules:
    # Exclude some linters from running on tests files.
    - path: _test\.go
@ -147,6 +126,9 @@ issues:
    - path: models/issue_comment_list.go
      linters:
        - dupl
    - linters:
        - misspell
      text: '`Unknwon` is a misspelling of `Unknown`'
    - path: models/update.go
      linters:
        - unused
@ -169,7 +151,11 @@ issues:
    - path: models/user/openid.go
      linters:
        - golint
-    - path: models/user/badge.go
+    - linters: staticcheck
-      linters:
+      text: "strings.Title is deprecated: The rule Title uses for word boundaries does not handle Unicode punctuation properly. Use golang.org/x/text/cases instead."
-        - revive
+    - linters: staticcheck
-      text: "exported: type name will be used as user.UserBadge by other packages, and that stutters; consider calling this Badge"
+      text: "util.FindClosure is deprecated: This function can not handle newlines. Many elements can be existed over multiple lines(e.g. link labels). Use text.Reader.FindClosure."
    - linters: staticcheck
      text: "gossh.SigAlgoRSASHA2256 is deprecated: use KeyAlgoRSASHA256."
    - linters: staticcheck
      text: "gossh.SigAlgoRSASHA2512 is deprecated: use KeyAlgoRSASHA512."
--- a/.markdownlint.yaml
+++ b/.markdownlint.yaml
@ -1,18 +0,0 @@
 commands-show-output: false
 fenced-code-language: false
 first-line-h1: false
 header-increment: false
 line-length: {code_blocks: false, tables: false, stern: true, line_length: -1}
 no-alt-text: false
 no-bare-urls: false
 no-blanks-blockquote: false
 no-duplicate-header: {allow_different_nesting: true}
 no-emphasis-as-header: false
 no-empty-links: false
 no-hard-tabs: {code_blocks: false}
 no-inline-html: false
 no-space-in-code: false
 no-space-in-emphasis: false
 no-trailing-punctuation: false
 no-trailing-spaces: {br_spaces: 0}
 single-h1: false
--- a/.spectral.yaml
+++ b/.spectral.yaml
@ -1,12 +0,0 @@
 extends: [[spectral:oas, all]]
 rules:
  info-contact: off
  oas2-api-host: off
  oas2-parameter-description: off
  oas2-schema: off
  oas2-valid-schema-example: off
  openapi-tags: off
  operation-description: off
  operation-singular-tag: off
  operation-tag-defined: off
--- a/.stylelintrc.yaml
+++ b/.stylelintrc.yaml
@ -14,9 +14,7 @@ rules:
  declaration-block-no-redundant-longhand-properties: null
  declaration-block-single-line-max-declarations: null
  declaration-empty-line-before: null
  function-no-unknown: null
  hue-degree-notation: null
  import-notation: string
  indentation: 2
  max-line-length: null
  no-descending-specificity: null
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -4,433 +4,6 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).
 ## [1.17.3](https://github.com/go-gitea/gitea/releases/tag/v1.17.3) - 2022-10-15
 * SECURITY
  * Sanitize and Escape refs in git backend (#21464) (#21463)
  * Bump `golang.org/x/text` (#21412) (#21413)
  * Update bluemonday (#21281) (#21287)
 * ENHANCEMENTS
  * Fix empty container layer history and UI (#21251) (#21278)
  * Use en-US as fallback when using other default language (#21200) (#21256)
  * Make the vscode clone link respect transport protocol (#20557) (#21128)
 * BUGFIXES
  * Do DB update after merge in hammer context (#21401) (#21416)
  * Add Num{Issues,Pulls} stats checks (#21404) (#21414)
  * Stop logging CheckPath returns error: context canceled (#21064) (#21405)
  * Parse OAuth Authorization header when request omits client secret (#21351) (#21374)
  * Ignore port for loopback redirect URIs (#21293) (#21373)
  * Set SemverCompatible to false for Conan packages (#21275) (#21366)
  * Tag list should include draft releases with existing tags (#21263) (#21365)
  * Fix linked account translation (#21331) (#21334)
  * Make NuGet service index publicly accessible (#21242) (#21277)
  * Foreign ID conflicts if ID is 0 for each item (#21271) (#21272)
  * Use absolute links in feeds (#21229) (#21265)
  * Prevent invalid behavior for file reviewing when loading more files (#21230) (#21234)
  * Respect `REQUIRE_SIGNIN_VIEW` for packages (#20873) (#21232)
  * Treat git object mode 40755 as directory (#21195) (#21218)
  * Allow uppercase ASCII alphabet in PyPI package names (#21095) (#21217)
  * Fix limited user cannot view himself's profile (#21212)
  * Fix template bug of admin monitor (#21209)
  * Fix reaction of issues (#21185) (#21196)
  * Fix CSV diff for added/deleted files (#21189) (#21193)
  * Fix pagination limit parameter problem (#21111)
 * TESTING
  * Fix missing m.Run() in TestMain (#21341)
 * BUILD
  * Use Go 1.19 fmt for Gitea 1.17, sync emoji data (#21239)
 ## [1.17.2](https://github.com/go-gitea/gitea/releases/tag/v1.17.2) - 2022-09-06
 * SECURITY
  * Double check CloneURL is acceptable (#20869) (#20892)
  * Add more checks in migration code (#21011) (#21050)
 * ENHANCEMENTS
  * Fix hard-coded timeout and error panic in API archive download endpoint (#20925) (#21051)
  * Improve arc-green code theme (#21039) (#21042)
  * Enable contenthash in filename for dynamic assets (#20813) (#20932)
  * Don't open new page for ext wiki on same repository (#20725) (#20910)
  * Disable doctor logging on panic (#20847) (#20898)
  * Remove calls to load Mirrors in user.Dashboard (#20855) (#20897)
  * Update codemirror to 5.65.8 (#20875)
  * Rework repo buttons (#20602, #20718) (#20719)
 * BUGFIXES
  * Ensure delete user deletes all comments (#21067) (#21068)
  * Delete unreferenced packages when deleting a package version (#20977) (#21060)
  * Redirect if user does not exist on admin pages (#20981) (#21059)
  * Set uploadpack.allowFilter etc on gitea serv to enable partial clones with ssh (#20902) (#21058)
  * Fix 500 on time in timeline API (#21052) (#21057)
  * Fill the specified ref in webhook test payload (#20961) (#21055)
  * Add another index for Action table on postgres (#21033) (#21054)
  * Fix broken insecureskipverify handling in redis connection uris (#20967) (#21053)
  * Add Dev, Peer and Optional dependencies to npm PackageMetadataVersion (#21017) (#21044)
  * Do not add links to Posters or Assignees with ID < 0 (#20577) (#21037)
  * Fix modified due date message (#20388) (#21032)
  * Fix missed sort bug (#21006)
  * Fix input.value attr for RequiredClaimName/Value (#20946) (#21001)
  * Change review buttons to icons to make space for text (#20934) (#20978)
  * Fix download archiver of a commit (#20962) (#20971)
  * Return 404 NotFound if requested attachment does not exist (#20886) (#20941)
  * Set no-tags in git fetch on compare (#20893) (#20936)
  * Allow multiple metadata files for Maven packages (#20674) (#20916)
  * Increase Content field size of gpg_key and public_key to MEDIUMTEXT (#20896) (#20911)
  * Fix mirror address setting not working (#20850) (#20904)
  * Fix push mirror address backend get error Address cause setting page display error (#20593) (#20901)
  * Fix panic when an invalid oauth2 name is passed (#20820) (#20900)
  * In PushMirrorsIterate and MirrorsIterate if limit is negative do not set it (#20837) (#20899)
  * Ensure that graceful start-up is informed of unused SSH listener (#20877) (#20888)
  * Pad GPG Key ID with preceding zeroes (#20878) (#20885)
  * Fix SQL Query for `SearchTeam` (#20844) (#20872)
  * Fix the mode of custom dir to 0700 in docker-rootless (#20861) (#20867)
  * Fix UI mis-align for PR commit history (#20845) (#20859)
 ## [1.17.1](https://github.com/go-gitea/gitea/releases/tag/1.17.1) - 2022-08-17
 * SECURITY
  * Correctly escape within tribute.js (#20831) (#20832)
 * ENHANCEMENTS
  * Add support for NuGet API keys (#20721) (#20734)
  * Display project in issue list (#20583)
  * Add disable download source configuration (#20548) (#20579)
  * Add username check to doctor (#20140) (#20671)
  * Enable Wire 2 for Internal SSH Server (#20616) (#20617)
 * BUGFIXES
  * Use the total issue count for UI (#20785) (#20827)
  * Add proxy host into allow list (#20798) (#20819)
  * Add missing translation for queue flush workers (#20791) (#20792)
  * Improve comment header for mobile (#20781) (#20789)
  * Fix git.Init for doctor sub-command (#20782) (#20783)
  * Check webhooks slice length before calling xorm (#20642) (#20768)
  * Remove manual rollback for failed generated repositories (#20639) (#20762)
  * Use correct field name in npm template (#20675) (#20760)
  * Keep download count on Container tag overwrite (#20728) (#20735)
  * Fix v220 migration to be compatible for MSSQL 2008 r2 (#20702) (#20707)
  * Use request timeout for git service rpc (#20689) (#20693)
  * Send correct NuGet status codes (#20647) (#20677)
  * Use correct context to get package content (#20673) (#20676)
  * Fix the JS error "EventSource is not defined" caused by some non-standard browsers (#20584) (#20663)
  * Add default commit messages to PR for squash merge (#20618) (#20645)
  * Fix package upload for files >32mb (#20622) (#20635)
  * Fix the new-line copy-paste for rendered code (#20612)
  * Clean up and fix clone button script (#20415 & #20600) (#20599)
  * Fix default merge style (#20564) (#20565)
  * Add repository condition for issue count (#20454) (#20496)
  * Make branch icon stand out more (#20726) (#20774)
  * Fix loading button with invalid form (#20754) (#20759)
  * Fix SecToTime edge-cases (#20610) (#20611)
  * Executable check always returns true for windows (#20637) (#20835)
  * Check issue labels slice length before calling xorm Insert (#20655) (#20836)
  * Fix owners cannot create organization repos bug (#20841) (#20854)
  * Prevent 500 is head repo does not have PullRequest unit in IsUserAllowedToUpdate (#20839) (#20848)
 ## [1.17.0](https://github.com/go-gitea/gitea/releases/tag/v1.17.0) - 2022-07-30
 * BREAKING
  * Require go1.18 for Gitea 1.17 (#19918)
  * Make AppDataPath absolute against the AppWorkPath if it is not (#19815)
  * Nuke the incorrect permission report on /api/v1/notifications (#19761)
  * Refactor git module, make Gitea use internal git config (#19732)
  * Remove `RequireHighlightJS` field, update plantuml example. (#19615)
  * Increase minimal required git version to 2.0 (#19577)
  * Add a directory prefix `gitea-src-VERSION` to release-tar-file (#19396)
  * Use "main" as default branch name (#19354)
  * Make cron task no notice on success (#19221)
  * Add pam account authorization check (#19040)
  * Show messages for users if the ROOT_URL is wrong, show JavaScript errors (#18971)
  * Refactor mirror code & fix StartToMirror (#18904)
  * Remove deprecated SSH ciphers from default (#18697)
  * Add the possibility to allow the user to have a favicon which differs from the main logo (#18542)
  * Update reserved usernames list (#18438)
  * Support custom ACME provider (#18340)
  * Change initial TrustModel to committer (#18335)
  * Update HTTP status codes (#18063)
  * Upgrade Alpine from 3.13 to 3.15 (#18050)
  * Restrict email address validation (#17688)
  * Refactor Router Logger (#17308)
 * SECURITY
  * Use git.HOME_PATH for Git HOME directory (#20114) (#20293)
  * Add write check for creating Commit Statuses (#20332) (#20333)
  * Remove deprecated SSH ciphers from default (#18697)
 * FEDERATION
  * Return statistic information for nodeinfo (#19561)
  * Add Webfinger endpoint (#19462)
  * Store the foreign ID of issues during migration (#18446)
 * FEATURES
  * Automatically render wiki TOC (#19873)
  * Adding button to link accounts from user settings (#19792)
  * Allow set default merge style while creating repo (#19751)
  * Auto merge pull requests when all checks succeeded (#9307 & #19648)
  * Improve reviewing PR UX (#19612)
  * Add support for rendering console output with colors (#19497)
  * Add Helm Chart registry (#19406)
  * Add Goroutine stack inspector to admin/monitor (#19207)
  * RSS/Atom support for Orgs & Repos (#17714 & #19055)
  * Add button for issue deletion (#19032)
  * Allow to mark files in a PR as viewed (#19007)
  * Add Index to comment for migrations and mirroring (#18806)
  * Add health check endpoint (#18465)
  * Add packagist webhook (#18224)
  * Add "Allow edits from maintainer" feature (#18002)
  * Add apply-patch, basic revert and cherry-pick functionality (#17902)
  * Add Package Registry (#16510)
  * Add LDAP group sync to Teams (#16299)
  * Pause queues (#15928)
  * Added auto-save whitespace behavior if it changed manually (#15566)
  * Find files in repo (#15028)
  * Provide configuration to allow camo-media proxying (#12802)
 * API
  * Add endpoint to serve blob or LFS file content (#19689)
  * Add endpoint to check if team has repo access (#19540)
  * More commit info (#19252)
  * Allow to create file on empty repo (#19224)
  * Allow removing issues (#18879)
  * Add endpoint to query collaborators permission for a repository (#18761)
  * Return primary language and repository language stats API URL (#18396)
  * Implement http signatures support for the API (#17565)
 * ENHANCEMENTS
  * Make notification bell more prominent on mobile (#20108, #20236, #20251) (#20269)
  * Adjust max-widths for the repository file table (#20243) (#20247)
  * Display full name (#20171) (#20246)
  * Add dbconsistency checks for Stopwatches (#20010)
  * Add fetch.writeCommitGraph to gitconfig (#20006)
  * Add fgprof pprof profiler (#20005)
  * Move agit dependency (#19998)
  * Empty log queue on flush and close (#19994)
  * Remove tab/TabName usage where it's not needed (#19973)
  * Improve file header on mobile (#19945)
  * Move issues related files into models/issues (#19931)
  * Add breaking email restrictions checker in doctor (#19903)
  * Improve UX on modal for deleting an access token (#19894)
  * Add alt text to logo (#19892)
  * Move some code into models/git (#19879)
  * Remove customized (unmaintained) dropdown, improve aria a11y for dropdown (#19861)
  * Make user profile image show full image on mobile (#19840)
  * Replace blue button and label classes with primary (#19763)
  * Remove fomantic progress module (#19760)
  * Allows repo search to match against "owner/repo" pattern strings (#19754)
  * Move org functions (#19753)
  * Move almost all functions' parameter db.Engine to context.Context (#19748)
  * Show source/target branches on PR's list (#19747)
  * Use http.StatusTemporaryRedirect(307) when serve avatar directly (#19739)
  * Add doctor orphan check for orphaned pull requests without an existing base repo  (#19731)
  * Make Ctrl+Enter (quick submit) work for issue comment and wiki editor (#19729)
  * Update go-chi/cache to utilize Ping() (#19719)
  * Improve commit list/view on mobile (#19712)
  * Move some repository related code into sub package (#19711)
  * Use a better OlderThan for DeleteInactiveUsers (#19693)
  * Introduce eslint-plugin-jquery (#19690)
  * Tidy up `<head>` template (#19678)
  * Calculate filename hash only once (#19654)
  * Simplify `IsVendor` (#19626)
  * Add "Reference" section to Issue view sidebar (#19609)
  * Only set CanColorStdout / CanColorStderr to true if the stdout/stderr is a terminal (#19581)
  * Use for a repo action one database transaction (#19576)
  * Simplify loops to copy (#19569)
  * Added X-Mailer header to outgoing emails (#19562)
  * use middleware to open gitRepo (#19559)
  * Mute link in diff header (#19556)
  * Improve UI on mobile (#19546)
  * Fix Pull Request comment filename word breaks (#19535)
  * Permalink files In PR diff (#19534)
  * PullService lock via pullID (#19520)
  * Make repository file list useable on mobile (#19515)
  * more context for models  (#19511)
  * Refactor readme file renderer (#19502)
  * By default force vertical tabs on mobile (#19486)
  * Github style following followers (#19482)
  * Improve action table indices (#19472)
  * Use horizontal tabs for repo header on mobile (#19468)
  * pass gitRepo down since its used for main repo and wiki (#19461)
  * Admin should not delete himself (#19423)
  * Use queue instead of memory queue in webhook send service (#19390)
  * Simplify the code to get issue count (#19380)
  * Add commit status popup to issuelist (#19375)
  * Add RSS Feed buttons to Repo, User and Org pages (#19370)
  * Add logic to switch between source/rendered on Markdown (#19356)
  * Move some helper files out of models (#19355)
  * Move access and repo permission to models/perm/access (#19350)
  * Disallow selecting the text of buttons (#19330)
  * Allow custom redirect for landing page (#19324)
  * Remove dependent on session auth for api/v1 routers (#19321)
  * Never use /api/v1 from Gitea UI Pages (#19318)
  * Remove legacy unmaintained packages, refactor to support change default locale (#19308)
  * Move milestone to models/issues/ (#19278)
  * Configure OpenSSH log level via Environment in Docker (#19274)
  * Move reaction to models/issues/ (#19264)
  * Make git.OpenRepository accept Context (#19260)
  * Move some issue methods as functions (#19255)
  * Show last cron messages on monitor page (#19223)
  * New cron task: delete old system notices (#19219)
  * Add Redis Sentinel Authentication Support (#19213)
  * Add auto logging of goroutine pid label (#19212)
  * Set OpenGraph title to DisplayName in profile pages  (#19206)
  * Add pprof labels in processes and for lifecycles (#19202)
  * Let web and API routes have different auth methods group (#19168)
  * Move init repository related functions to modules (#19159)
  * Feeds: render markdown to html (#19058)
  * Allow users to self-request a PR review (#19030)
  * Allow render HTML with css/js external links (#19017)
  * Fix script compatiable with OpenWrt (#19000)
  * Support ignore all santize for external renderer (#18984)
  * Add note to GPG key response if user has no keys (#18961)
  * Improve Stopwatch behavior (#18930)
  * Improve mirror iterator (#18928)
  * Uncapitalize errors (#18915)
  * Prevent Stats Indexer reporting error if repo dir missing (#18870)
  * Refactor SecToTime() function (#18863)
  * Replace deprecated String.prototype.substr() with String.prototype.slice() (#18796)
  * Move deletebeans into models/db (#18781)
  * Fix display time of milestones (#18753)
  * Add config option to disable "Update branch by rebase" (#18745)
  * Display template path of current page in dev mode (#18717)
  * Add number in queue status to monitor page (#18712)
  * Change git.cmd to RunWithContext (#18693)
  * Refactor i18n, use Locale to provide i18n/translation related functions (#18648)
  * Delete old git.NewCommand() and use it as git.NewCommandContext() (#18552)
  * Move organization related structs into sub package (#18518)
  * Warn at startup if the provided `SCRIPT_TYPE` is not on the PATH (#18467)
  * Use `CryptoRandomBytes` instead of `CryptoRandomString` (#18439)
  * Use explicit jQuery import, remove unused eslint globals (#18435)
  * Allow to filter repositories by language in explore, user and organization repositories lists (#18430)
  * Use base32 for 2FA scratch token (#18384)
  * Unexport var git.GlobalCommandArgs (#18376)
  * Don't underline commit status icon on hover (#18372)
  * Always use git command but not os.Command (#18363)
  * Switch to non-deprecation setting (#18358)
  * Set the LastModified header for raw files (#18356)
  * Refactor jwt.StandardClaims to RegisteredClaims (#18344)
  * Enable deprecation error for v1.17.0 (#18341)
  * Refactor httplib (#18338)
  * Limit max-height of CodeMirror editors for issue comment and wiki (#18271)
  * Validate migration files (#18203)
  * Format with gofumpt (#18184)
  * Allow custom default merge message with .gitea/default_merge_message/<merge_style>_TEMPLATE.md (#18177)
  * Prettify number of issues (#17760)
  * Add a "admin user generate-access-token" subcommand (#17722)
  * Custom regexp external issues (#17624)
  * Add smtp password to install page (#17564)
  * Add config options to hide issue events (#17414)
  * Prevent double click new issue/pull/comment button (#16157)
  * Show issue assignee on project board (#15232)
 * BUGFIXES
  * WebAuthn CredentialID field needs to be increased in size (#20530) (#20555)
  * Ensure that all unmerged files are merged when conflict checking (#20528) (#20536)
  * Stop logging EOFs and exit(1)s in ssh handler (#20476) (#20529)
  * Add labels to two buttons that were missing them (#20419) (#20524)
  * Fix ROOT_URL detection for URLs without trailing slash (#20502) (#20503)
  * Dismiss prior pull reviews if done via web in review dismiss (#20197) (#20407)
  * Allow RSA 2047 bit keys (#20272) (#20396)
  * Add missing return for when topic isn't found (#20351) (#20395)
  * Fix commit status icon when in subdirectory (#20285) (#20385)
  * Initialize cron last (#20373) (#20384)
  * Set target on create release with existing tag (#20381) (#20382)
  * Update xorm.io/xorm to fix a interpreting db column sizes issue on 32bit systems (#20371) (#20372)
  * Make sure `repo_dir` is an empty directory or doesn't exist before 'dump-repo' (#20205) (#20370)
  * Prevent context deadline error propagation in GetCommitsInfo (#20346) (#20361)
  * Correctly handle draft releases without a tag (#20314) (#20335)
  * Prevent "empty" scrollbars on Firefox (#20294) (#20308)
  * Refactor SSH init code, fix directory creation for TrustedUserCAKeys file (#20299) (#20306)
  * Bump goldmark to v1.4.13 (#20300) (#20301)
  * Do not create empty ".ssh" directory when loading config (#20289) (#20298)
  * Fix NPE when using non-numeric (#20277) (#20278)
  * Store read access in access for team repositories (#20275) (#20276)
  * EscapeFilter the group dn membership (#20200) (#20254)
  * Only show Followers that current user can access (#20220) (#20252)
  * Update Bluemonday to v1.0.19 (#20199) (#20209)
  * Refix indices on actions table (#20158) (#20198)
  * Check if project has the same repository id with issue when assign project to issue (#20133) (#20188)
  * Fix remove file on initial comment (#20127) (#20128)
  * Catch the error before the response is processed by goth (#20000) (#20102)
  * Dashboard feed respect setting.UI.FeedPagingNum again (#20094) (#20099)
  * Alter hook_task TEXT fields to LONGTEXT (#20038) (#20041)
  * Respond with a 401 on git push when password isn't changed yet (#20026) (#20027)
  * Return 404 when tag is broken (#20017) (#20024)
  * Alter hook_task TEXT fields to LONGTEXT (#20038) (#20041)
  * Respond with a 401 on git push when password isn't changed yet (#20026) (#20027)
  * Return 404 when tag is broken (#20017) (#20024)
  * Write Commit-Graphs in RepositoryDumper (#20004)
  * Use DisplayName() instead of FullName in Oauth Provider (#19991)
  * Don't buffer doctor logger (#19982)
  * Always try to fetch repo for mirrors (#19975)
  * Uppercase first languages letters (#19965)
  * Fix cli command restore-repo: "units" should be parsed as StringSlice (#19953)
  * Ensure minimum mirror interval is reported on settings page (#19895)
  * Exclude Archived repos from Dashboard Milestones (#19882)
  * gitconfig: set safe.directory = * (#19870)
  * Prevent NPE on update mirror settings (#19864)
  * Only return valid stopwatches to the EventSource (#19863)
  * Prevent NPE whilst migrating if there is a team request review (#19855)
  * Fix inconsistency in doctor output (#19836)
  * Fix release tag for webhook (#19830)
  * Add title attribute to dependencies in sidebar (#19807)
  * Estimate Action Count in Statistics (#19775)
  * Do not update user stars numbers unless fix is specified (#19750)
  * Improved ref comment link when origin is body/title (#19741)
  * Fix nodeinfo caching and prevent NPE if cache non-existent (#19721)
  * Fix duplicate entry error when add team member (#19702)
  * Fix sending empty notifications (#19589)
  * Update image URL for Discord webhook (#19536)
  * Don't let repo clone URL overflow (#19517)
  * Allow commit status popup on /pulls page (#19507)
  * Fix two UI bugs: JS error in imagediff.js, 500 error in diff/compare.tmpl (#19494)
  * Fix logging of Transfer API (#19456)
  * Fix panic in teams API when requesting members (#19360)
  * Refactor CSRF protection modules, make sure CSRF tokens can be up-to-date. (#19337)
  * An attempt to sync a non-mirror repo must give 400 (Bad Request) (#19300)
  * Move checks for pulls before merge into own function (#19271)
  * Fix `contrib/upgrade.sh` (#19222)
  * Set the default branch for repositories generated from templates (#19136)
  * Fix EasyMDE error when input Enter (#19004)
  * Don't clean up hardcoded `tmp` (#18983)
  * Delete related notifications on issue deletion too (#18953)
  * Fix trace log to show value instead of pointers (#18926)
  * Fix behavior or checkbox submission. (#18851)
  * Add `ContextUser` (#18798)
  * Fix some mirror bugs (#18649)
  * Quote MAKE to prevent path expansion with space error (#18622)
  * Preserve users if restoring a repository on the same Gitea instance (#18604)
  * Fix non-ASCII search on database  (#18437)
  * Automatically pause queue if index service is unavailable (#15066)
 * TESTING
  * Allow postgres integration tests to run over unix pipe (#19875)
  * Prevent intermittent NPE in queue tests (#19301)
  * Add test for importing pull requests in gitea uploader for migrations (#18752)
  * Remove redundant comparison in repo dump/restore (#18660)
  * More repo dump/restore tests, including pull requests  (#18621)
  * Add test coverage for original author conversion during migrations (#18506)
 * TRANSLATION
  * Update issue_no_dependencies description (#19112)
  * Refactor webhooks i18n (#18380)
 * BUILD
  * Use alpine 3.16 (#19797)
  * Require node 14.0 (#19451)
 * DOCS
  * Update documents (git/fomantic/db, etc) (#19868)
  * Update the ROOT documentation and error messages (#19832)
  * Update document to use FHS `/usr/local/bin/gitea` instead of `/app/...` for Docker (#19794)
  * Update documentation to disable duration settings with -1 instead of 0 (#19647)
  * Add warning to set SENDMAIL_ARGS to --  (#19102)
  * Update nginx reverse proxy docs (#18922)
  * Add example to render html files (#18736)
  * Make SSH passtrough documentation better (#18687)
  * Changelog 1.16.0 & 1.15.11 (#18468 & #18455)  (#18470)
  * Update the SSH passthrough documentation (#18366)
  * Add `contrib/upgrade.sh` (#18286)
 * MISC
  * Fix aria for logo (#19955)
  * In code search, get code unit accessible repos in one (main) query (#19764)
  * Add tooltip to pending PR comments (#19662)
  * Improve sync performance for pull-mirrors (#19125)
  * Improve dashboard's repo list performance (#18963)
  * Avoid database lookups for `DescriptionHTML` (#18924)
  * Remove CodeMirror dependencies (#18911)
  * Disable unnecessary mirroring elements (#18527)
  * Disable unnecessary OpenID/OAuth2 elements (#18491)
  * Disable unnecessary GitHooks elements (#18485)
  * Change some logging levels (#18421)
  * Prevent showing webauthn error for every time visiting `/user/settings/security` (#18385)
  * Use correct translation key for errors (#18342)
 ## [1.16.9](https://github.com/go-gitea/gitea/releases/tag/v1.16.9) - 2022-07-12
 * SECURITY
@ -499,8 +72,8 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
 ## [1.16.6](https://github.com/go-gitea/gitea/releases/tag/v1.16.6) - 2022-04-20
 * ENHANCEMENTS
-  * Only request write when necessary (#18657) (#19422)
+ * Only request write when necessary (#18657) (#19422)
-  * Disable service worker by default (#18914) (#19342)
+ * Disable service worker by default (#18914) (#19342)
 * BUGFIXES
  * When dumping trim the standard suffices instead of a random suffix (#19440) (#19447)
  * Fix DELETE request for non-existent public key (#19443) (#19444)
@ -582,12 +155,12 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Don't show context cancelled errors in attribute reader (#19006) (#19027)
  * Fix update hint bug (#18996) (#19002)
 * MISC
-  * Fix potential assignee query for repo (#18994) (#18999)
+  *  Fix potential assignee query for repo (#18994) (#18999)
 ## [1.16.3](https://github.com/go-gitea/gitea/releases/tag/v1.16.3) - 2022-03-02
 * SECURITY
-  * Git backend ignore replace objects (#18979) (#18980)
+ * Git backend ignore replace objects (#18979) (#18980) 
 * ENHANCEMENTS
  * Adjust error for already locked db and prevent level db lock on malformed connstr (#18923) (#18938)
 * BUGFIXES
@ -620,7 +193,7 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Immediately Hammer if second kill is sent (#18823) (#18826)
  * Allow mermaid render error to wrap (#18791)
 * BUGFIXES
-  * Fix ldap user sync missed email in email_address table (#18786) (#18876)
+  * Fix ldap user sync missed email in email_address table (#18786) (#18876) 
  * Update assignees check to include any writing team and change org sidebar (#18680) (#18873)
  * Don't report signal: killed errors in serviceRPC (#18850) (#18865)
  * Fix bug where certain LDAP settings were reverted (#18859)
@ -668,7 +241,7 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
 * ENHANCEMENTS
  * Add dropdown icon to label set template dropdown (#18564) (#18571)
 * BUGFIXES
-  * comments on migrated issues/prs must link to the comment ID (#18630) (#18637)
+  * Comments on migrated issues/prs must link to the comment ID (#18630) (#18637)
  * Stop logging an error when notes are not found (#18626) (#18635)
  * Ensure that blob-excerpt links work for wiki (#18587) (#18624)
  * Only attempt to flush queue if the underlying worker pool is not finished (#18593) (#18620)
@ -1119,7 +692,6 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Fix SVG side by side comparison link (#17375) (#17391)
 ## [1.15.4](https://github.com/go-gitea/gitea/releases/tag/v1.15.4) - 2021-10-08
 * BUGFIXES
  * Raw file API: don't try to interpret 40char filenames as commit SHA (#17185) (#17272)
  * Don't allow merged PRs to be reopened (#17192) (#17271)
@ -1766,7 +1338,7 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Add size to Save function (#15264) (#15270)
  * Monaco improvements (#15333) (#15345)
  * Support .mailmap in code activity stats (#15009)
-  * Sort release attachments by name (#15008)
+  * Sort release attachments by name (#15008)  
  * Add ui.explore settings to control view of explore pages (#14094)
  * Make internal SSH server host key path configurable (#14918)
  * Hide resync all ssh principals when using internal ssh server (#14904)
@ -2061,7 +1633,6 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Return original URL of Repositories (#13885) (#13886)
 ## [1.13.0](https://github.com/go-gitea/gitea/releases/tag/v1.13.0) - 2020-12-01
 * SECURITY
  * Add Allow-/Block-List for Migrate & Mirrors (#13610) (#13776)
  * Prevent git operations for inactive users (#13527) (#13536)
@ -2975,7 +2546,6 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Blacklist manifest.json & milestones user (#10292) (#10293)
 ## [1.11.0](https://github.com/go-gitea/gitea/releases/tag/v1.11.0) - 2020-02-10
 * BREAKING
  * Fix followers and following tabs in profile (#10202) (#10203)
  * Make CertFile and KeyFile relative to CustomPath (#9868) (#9874)
@ -3428,7 +2998,7 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
 This is a re-tag version of v1.10.5 and also explicitly built with Go 1.13.
-WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be used.
+WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should **not** be used.
 ## [1.10.5](https://github.com/go-gitea/gitea/releases/tag/v1.10.5) - 2020-03-06
@ -3449,7 +3019,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Ensure that 2fa is checked on reset-password (#9857) (#9877)
 ## [1.10.3](https://github.com/go-gitea/gitea/releases/tag/v1.10.3) - 2020-01-17
 * SECURITY
  * Hide credentials when submitting migration (#9102) (#9704)
  * Never allow an empty password to validate (#9682) (#9684)
@ -3468,7 +3037,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Branches not at ref commit ID should not be listed as Merged (#9614) (#9639)
 ## [1.10.2](https://github.com/go-gitea/gitea/releases/tag/v1.10.2) - 2020-01-02
 * BUGFIXES
  * Allow only specific Columns to be updated on Issue via API (#9539) (#9580)
  * Add ErrReactionAlreadyExist error (#9550) (#9564)
@ -3489,7 +3057,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix File Edit: Author/Committer interchanged (#9297) (#9300)
 ## [1.10.1](https://github.com/go-gitea/gitea/releases/tag/v1.10.1) - 2019-12-05
 * BUGFIXES
  * Fix max length check and limit in multiple repo forms (#9148) (#9204)
  * Properly fix displaying virtual session provider in admin panel (#9137) (#9203)
@ -3511,7 +3078,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Shadow password correctly for session config (#8984) (#9002)
 ## [1.10.0](https://github.com/go-gitea/gitea/releases/tag/v1.10.0) - 2019-11-13
 * BREAKING
  * Fix deadline on update issue or PR via API (#8698)
  * Hide some user information via API if user doesn't have enough permission (#8655) (#8657)
@ -3809,7 +3375,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix Statuses API only shows first 10 statuses: Add paging and extend API GetCommitStatuses (#7141)
 ## [1.9.6](https://github.com/go-gitea/gitea/releases/tag/v1.9.6) - 2019-11-13
 * BUGFIXES
  * Allow to merge if file path contains " or \ (#8629) (#8772)
  * Fix 500 when edit hook (#8782) (#8790)
@ -3818,7 +3383,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Add Close() method to gogitRepository (#8901) (#8958)
 ## [1.9.5](https://github.com/go-gitea/gitea/releases/tag/v1.9.5) - 2019-10-30
 * BREAKING
  * Hide some user information via API if user doesn't have enough permission (#8655) (#8658)
 * BUGFIXES
@ -3843,7 +3407,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Update heatmap fixtures to restore tests (#8615) (#8617)
 ## [1.9.4](https://github.com/go-gitea/gitea/releases/tag/v1.9.4) - 2019-10-08
 * BUGFIXES
  * Highlight issue references (#8101) (#8404)
  * Fix bug when migrating a private repository #7917 (#8403)
@ -3870,7 +3433,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Make show private icon when repo avatar set (#8144) (#8175)
 ## [1.9.3](https://github.com/go-gitea/gitea/releases/tag/v1.9.3) - 2019-09-06
 * BUGFIXES
  * Fix go get from a private repository with Go 1.13 (#8100)
  * Strict name matching for Repository.GetTagID() (#8082)
@ -3886,7 +3448,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Keep blame view buttons sequence consistent with normal view when viewing a file (#8007) (#8009)
 ## [1.9.2](https://github.com/go-gitea/gitea/releases/tag/v1.9.2) - 2019-08-22
 * BUGFIXES
  * Fix wrong sender when send slack webhook (#7918) (#7924)
  * Upload support text/plain; charset=utf8 (#7899)
@ -3901,7 +3462,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Drone/docker: prepare multi-arch release + provide arm64 image (#7571) (#7884)
 ## [1.9.1](https://github.com/go-gitea/gitea/releases/tag/v1.9.1) - 2019-08-14
 * BREAKING
  * Add pagination for admin api get orgs and fix only list public orgs bug (#7742) (#7752)
 * SECURITY
@ -3929,7 +3489,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Correct wrong datetime format for git (#7689) (#7690)
 ## [1.9.0](https://github.com/go-gitea/gitea/releases/tag/v1.9.0) - 2019-07-30
 * BREAKING
  * Better logging (#6038) (#6095)
 * SECURITY
@ -4286,7 +3845,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Added docker example for backup (#5846)
 ## [1.8.3](https://github.com/go-gitea/gitea/releases/tag/v1.8.3) - 2019-06-17
 * BUGFIXES
  * Always set userID on LFS authentication (#7224) (Part of #6993)
  * Fix LFS Locks over SSH (#6999) (#7223)
@ -4297,7 +3855,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix GCArgs load from ini (#7156) (#7157)
 ## [1.8.2](https://github.com/go-gitea/gitea/releases/tag/v1.8.2) - 2019-05-29
 * BUGFIXES
  * Fix possbile mysql invalid connnection error (#7051) (#7071)
  * Handle invalid administrator username on install page (#7060) (#7063)
@ -4313,7 +3870,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix wrong init dependency on markup extensions (#7038) (#7074)
 ## [1.8.1](https://github.com/go-gitea/gitea/releases/tag/v1.8.1) - 2019-05-08
 * BUGFIXES
  * Fix 404 when sending pull requests in some situations (#6871) (#6873)
  * Enforce osusergo build tag for releases (#6862) (#6869)
@ -4340,7 +3896,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix config ui error about cache ttl (#6861) (#6865)
 ## [1.8.0](https://github.com/go-gitea/gitea/releases/tag/v1.8.0) - 2019-04-20
 * SECURITY
  * Prevent remote code execution vulnerability with mirror repo URL settings (#6593) (#6594)
  * Resolve 2FA bypass on API (#6676) (#6674)
@ -4575,21 +4130,18 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Migrate database if app.ini found (#5290)
 ## [1.7.6](https://github.com/go-gitea/gitea/releases/tag/v1.7.6) - 2019-04-12
 * SECURITY
  * Prevent remote code execution vulnerability with mirror repo URL settings (#6593) (#6595)
 * BUGFIXES
  * Allow resend of confirmation email when logged in (#6482) (#6487)
 ## [1.7.5](https://github.com/go-gitea/gitea/releases/tag/v1.7.5) - 2019-03-27
 * BUGFIXES
  * Fix unitTypeCode not being used in accessLevelUnit (#6419) (#6423)
  * Fix bug where manifest.json was being requested without cookies and continuously creating new sessions (#6372) (#6383)
  * Fix ParsePatch function to work with quoted diff --git strings (#6323) (#6332)
 ## [1.7.4](https://github.com/go-gitea/gitea/releases/tag/v1.7.4) - 2019-03-12
 * SECURITY
  * Fix potential XSS vulnerability in repository description. (#6306) (#6308)
 * BUGFIXES
@ -4599,7 +4151,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix displaying dashboard even if required to change password (#6214) (#6215)
 ## [1.7.3](https://github.com/go-gitea/gitea/releases/tag/v1.7.3) - 2019-02-27
 * BUGFIXES
  * Fix server 500 when trying to migrate to an already existing repository (#6188) (#6197)
  * Load Issue attributes for API /repos/{owner}/{repo}/issues/{index} (#6122) (#6185)
@ -4614,7 +4165,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Recover panic in orgmode.Render if bad orgfile (#4982) (#5903) (#6097)
 ## [1.7.2](https://github.com/go-gitea/gitea/releases/tag/v1.7.2) - 2019-02-14
 * BUGFIXES
  * Remove all CommitStatus when a repo is deleted (#5940) (#5941)
  * Fix notifications on pushing with deploy keys by setting hook environment variables (#5935) (#5944)
@ -4631,7 +4181,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * In basic auth check for tokens before call UserSignIn (#5725) (#6083)
 ## [1.7.1](https://github.com/go-gitea/gitea/releases/tag/v1.7.1) - 2019-01-31
 * SECURITY
  * Disable redirect for i18n (#5910) (#5916)
  * Only allow local login if password is non-empty (#5906) (#5908)
@ -4653,7 +4202,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Include Go toolchain to --version (#5832) (#5830)
 ## [1.7.0](https://github.com/go-gitea/gitea/releases/tag/v1.7.0) - 2019-01-22
 * SECURITY
  * Do not display the raw OpenID error in the UI (#5705) (#5712)
  * When redirecting clean the path to avoid redirecting to external site (#5669) (#5679)
@ -4810,21 +4358,18 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Only chown directories during docker setup if necessary. Fix #4425 (#5064)
 ## [1.6.4](https://github.com/go-gitea/gitea/releases/tag/v1.6.4) - 2019-01-15
 * BUGFIX
  * Fix SSH key now can be reused as public key after deleting as deploy key (#5671) (#5685)
  * When redirecting clean the path to avoid redirecting to external site (#5669) (#5703)
  * Fix to use correct value for "MSpan Structures Obtained" (#5706) (#5715)
 ## [1.6.3](https://github.com/go-gitea/gitea/releases/tag/v1.6.3) - 2019-01-04
 * SECURITY
  * Prevent DeleteFilePost doing arbitrary deletion (#5631)
 * BUGFIX
  * Fix wrong text getting saved on editing second comment on an issue (#5608)
 ## [1.6.2](https://github.com/go-gitea/gitea/releases/tag/v1.6.2) - 2018-12-21
 * SECURITY
  * Sanitize uploaded file names (#5571) (#5573)
  * HTMLEncode user added text (#5570) (#5575)
@ -4839,7 +4384,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix empty wiki (#5504) (#5508)
 ## [1.6.1](https://github.com/go-gitea/gitea/releases/tag/v1.6.1) - 2018-12-08
 * BUGFIXES
  * Fix dependent issue searching when gitea is run in subpath (#5392) (#5400)
  * API: '/orgs/:org/repos': return private repos with read access (#5393)
@ -4850,7 +4394,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix topic name length on database (#5493) (#5495)
 ## [1.6.0](https://github.com/go-gitea/gitea/releases/tag/v1.6.0) - 2018-11-22
 * BREAKING
  * Respect email privacy option in user search via API (#4512)
  * Simply remove tidb and deps (#3993)
@ -5004,12 +4547,10 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix translation (#4355)
 ## [1.5.3](https://github.com/go-gitea/gitea/releases/tag/v1.5.3) - 2018-10-31
 * SECURITY
  * Fix remote command execution vulnerability in upstream library (#5177) (#5196)
 ## [1.5.2](https://github.com/go-gitea/gitea/releases/tag/v1.5.2) - 2018-10-09
 * SECURITY
  * Enforce token on api routes (#4840) (#4905)
 * BUGFIXES
@ -5026,7 +4567,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix trimming of markup section names (#4864)
 ## [1.5.1](https://github.com/go-gitea/gitea/releases/tag/v1.5.1) - 2018-09-03
 * SECURITY
  * Don't disclose emails of all users when sending out emails (#4784)
  * Improve URL validation for external wiki and external issues (#4710) (#4740)
@ -5041,7 +4581,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix incorrect caption of webhook setting (#4701) (#4718)
 ## [1.5.0](https://github.com/go-gitea/gitea/releases/tag/v1.5.0) - 2018-08-10
 * SECURITY
  * Check that repositories can only be migrated to own user or organizations (#4366) (#4370)
  * Limit uploaded avatar image-size to 4096px x 3072px by default (#4353)
@ -5105,7 +4644,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Sign release binaries (#4188)
 ## [1.4.3](https://github.com/go-gitea/gitea/releases/tag/v1.4.3) - 2018-06-26
 * SECURITY
  * HTML-escape plain-text READMEs (#4192) (#4214)
  * Fix open redirect vulnerability on login screen (#4312) (#4312)
@ -5118,7 +4656,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix webhook type conflation (#4285) (#4285)
 ## [1.4.2](https://github.com/go-gitea/gitea/releases/tag/v1.4.2) - 2018-06-04
 * BUGFIXES
  * Adjust z-index for floating labels (#3939) (#3950)
  * Add missing token validation on application settings page (#3976) #3978
@ -5134,7 +4671,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Respository's home page not updated after first push (#4075)
 ## [1.4.1](https://github.com/go-gitea/gitea/releases/tag/v1.4.1) - 2018-05-03
 * BREAKING
  * Add "error" as reserved username (#3882) (#3886)
 * SECURITY
@ -5152,7 +4688,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Show clipboard button if disable HTTP of git protocol (#3773) (#3774)
 ## [1.4.0](https://github.com/go-gitea/gitea/releases/tag/v1.4.0) - 2018-03-25
 * BREAKING
  * Drop deprecated GOGS\_WORK\_DIR use (#2946)
  * Fix API status code for hook creation (#2814)
@ -5272,7 +4807,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Add owner to delete repo message (#2886)
 ## [1.3.1](https://github.com/go-gitea/gitea/releases/tag/v1.3.1) - 2017-12-08
 * BUGFIXES
  * Sanitize logs for mirror sync (#3057, #3082) (#3078)
  * Fix missing branch in release bug (#3108) (#3117)
@ -5283,7 +4817,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix missing password length check when change password (#3039) (#3071)
 ## [1.3.0](https://github.com/go-gitea/gitea/releases/tag/v1.3.0) - 2017-11-29
 * BREAKING
  * Make URL scheme unambiguous (#2408)
 * FEATURES
@ -5511,13 +5044,11 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Added vendor dir for js/css libs; Documented sources (#1484) (#2241)
 ## [1.2.3](https://github.com/go-gitea/gitea/releases/tag/v1.2.3) - 2017-11-03
 * BUGFIXES
  * Only require one email when validating GPG key (#2266, #2467, #2663) (#2788)
  * Fix order of comments (#2835) (#2839)
 ## [1.2.2](https://github.com/go-gitea/gitea/releases/tag/v1.2.2) - 2017-10-26
 * BUGFIXES
  * Add checks for commits with missing author and time (#2771) (#2785)
  * Fix sending mail with a non-latin display name (#2559) (#2783)
@ -5526,7 +5057,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix emojify image URL (#2769) (#2773)
 ## [1.2.1](https://github.com/go-gitea/gitea/releases/tag/v1.2.1) - 2017-10-16
 * BUGFIXES
  * Fix PR, milestone and label functionality if issue unit is disabled (#2710) (#2714)
  * Fix plain readme didn't render correctly on repo home page (#2705) (#2712)
@ -5535,7 +5065,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix slice out of bounds error in mailer (#2479) (#2696)
 ## [1.2.0](https://github.com/go-gitea/gitea/releases/tag/v1.2.0) - 2017-10-10
 * SECURITY
  * Sanitation fix from Gogs (#1461)
 * BREAKING
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -81,15 +81,13 @@ Here's how to run the test suite:
 |``make lint-frontend`` | lint frontend files  |
 |``make lint-backend``  | lint backend files   |
- run test code (Suggest run in Linux)
+- run test code (Suggest run in Linux)  
 |                                        |                                                  |
 | :------------------------------------- | :----------------------------------------------- |
 |``make test[\#TestSpecificName]``       |  run unit test  |
-|``make test-sqlite[\#TestSpecificName]``|  run [integration](tests/integration) test for SQLite |
+|``make test-sqlite[\#TestSpecificName]``|  run [integration](integrations) test for SQLite |  
-|[More details about integration tests](tests/integration/README.md)  |
+|[More details about integrations](integrations/README.md)  |
 |``make test-e2e-sqlite[\#TestSpecificFileName]``|  run [end-to-end](tests/e2e) test for SQLite |
 |[More details about e2e tests](tests/e2e/README.md)  |
 ## Vendoring
@ -129,42 +127,22 @@ the *[How to get faster PR reviews](https://github.com/kubernetes/community/blob
 it has lots of useful tips for any project you may want to contribute.
 Some of the key points:
- Make small pull requests. The smaller, the faster to review and the
+* Make small pull requests. The smaller, the faster to review and the
  more likely it will be merged soon.
- Don't make changes unrelated to your PR. Maybe there are typos on
+* Don't make changes unrelated to your PR. Maybe there are typos on
  some comments, maybe refactoring would be welcome on a function... but
  if that is not related to your PR, please make *another* PR for that.
- Split big pull requests into multiple small ones. An incremental change
+* Split big pull requests into multiple small ones. An incremental change
  will be faster to review than a huge PR.
 - Use the first comment as a summary explainer of your PR and you should keep this up-to-date as the PR evolves.
 If your PR could cause a breaking change you must add a BREAKING section to this comment e.g.:
 ```
 ## :warning: BREAKING :warning:
 ```
 To explain how this could affect users and how to mitigate these changes.
 Once code review starts on your PR, do not rebase nor squash your branch as it makes it
 difficult to review the new changes. Only if there is a need, sync your branch by merging
 the base branch into yours. Don't worry about merge commits messing up your tree as
 the final merge process squashes all commits into one, with the visible commit message (first
 line) being the PR title + PR index and description being the PR's first comment.
 Once your PR gets the `lgtm/done` label, don't worry about keeping it up-to-date or breaking
 builds (unless there's a merge conflict or a request is made by a maintainer to make
 modifications). It is the maintainer team's responsibility from this point to get it merged.
 ## Styleguide
-For imports you should use the following format (*without* the comments)
+For imports you should use the following format (_without_ the comments)
 ```go
 import (
  // stdlib
  "encoding/json"
  "fmt"
  "math"
  // local packages
  "code.gitea.io/gitea/models"
@ -180,34 +158,25 @@ import (
 To maintain understandable code and avoid circular dependencies it is important to have a good structure of the code. The Gitea code is divided into the following parts:
 - **integration:** Integrations tests
 - **models:** Contains the data structures used by xorm to construct database tables. It also contains supporting functions to query and update the database. Dependencies to other code in Gitea should be avoided although some modules might be needed (for example for logging).
 - **models/fixtures:** Sample model data used in integration tests.
 - **models/migrations:** Handling of database migrations between versions. PRs that changes a database structure shall also have a migration step.
- **modules:** Different modules to handle specific functionality in Gitea. Shall only depend on other modules but not other packages (models, services).
+- **modules:** Different modules to handle specific functionality in Gitea.
 - **public:** Frontend files (javascript, images, css, etc.)
- **routers:** Handling of server requests. As it uses other Gitea packages to serve the request, other packages (models, modules or services) shall not depend on routers.
+- **routers:** Handling of server requests. As it uses other Gitea packages to serve the request, other packages (models, modules or services) shall not depend on routers
 - **services:** Support functions for common routing operations. Uses models and modules to handle the request.
 - **templates:** Golang templates for generating the html output.
 - **tests/e2e:** End to end tests
 - **tests/integration:** Integration tests
 - **vendor:** External code that Gitea depends on.
 ## Documentation
 If you add a new feature or change an existing aspect of Gitea, the documentation for that feature must be created or updated.
 ## API v1
 The API is documented by [swagger](http://try.gitea.io/api/swagger) and is based on [GitHub API v3](https://developer.github.com/v3/).
-
+Thus, Gitea´s API should use the same endpoints and fields as GitHub´s API as far as possible, unless there are good reasons to deviate.  
-Thus, Gitea´s API should use the same endpoints and fields as GitHub´s API as far as possible, unless there are good reasons to deviate.
+If Gitea provides functionality that GitHub does not, a new endpoint can be created.  
 If Gitea provides functionality that GitHub does not, a new endpoint can be created.
 If information is provided by Gitea that is not provided by the GitHub API, a new field can be used that doesn't collide with any GitHub fields.
 Updating an existing API should not remove existing fields unless there is a really good reason to do so.
 The same applies to status responses. If you notice a problem, feel free to leave a comment in the code for future refactoring to APIv2 (which is currently not planned).
 All expected results (errors, success, fail messages) should be documented
@ -216,76 +185,31 @@ All expected results (errors, success, fail messages) should be documented
 All JSON input types must be defined as a struct in [modules/structs/](modules/structs/)
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L76-L91))
 and referenced in
-[routers/api/v1/swagger/options.go](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/options.go).
+[routers/api/v1/swagger/options.go](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/options.go).  
 They can then be used like the following:
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L318)).
 All JSON responses must be defined as a struct in [modules/structs/](modules/structs/)
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L36-L68))
 and referenced in its category in [routers/api/v1/swagger/](routers/api/v1/swagger/)
-([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/issue.go#L11-L16))
+([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/issue.go#L11-L16))  
 They can be used like the following:
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L277-L279))
 In general, HTTP methods are chosen as follows:
 * **GET** endpoints return requested object and status **OK (200)**
 * **DELETE** endpoints return status **No Content (204)**
 * **POST** endpoints return status **Created (201)**, used to **create** new objects (e.g. a User)
 * **PUT** endpoints return status **No Content (204)**, used to **add/assign** existing Objects (e.g. User) to something (e.g. Org-Team)
 * **PATCH** endpoints return changed object and status **OK (200)**, used to **edit/change** an existing object
 - **GET** endpoints return requested object and status **OK (200)**
 - **DELETE** endpoints return status **No Content (204)**
 - **POST** endpoints return status **Created (201)**, used to **create** new objects (e.g. a User)
 - **PUT** endpoints return status **No Content (204)**, used to **add/assign** existing Objects (e.g. User) to something (e.g. Org-Team)
 - **PATCH** endpoints return changed object and status **OK (200)**, used to **edit/change** an existing object
 An endpoint which changes/edits an object expects all fields to be optional (except ones to identify the object, which are required).
 ### Endpoints returning lists should
 * support pagination (`page` & `limit` options in query)
 * set `X-Total-Count` header via **SetTotalCountHeader** ([example](https://github.com/go-gitea/gitea/blob/7aae98cc5d4113f1e9918b7ee7dd09f67c189e3e/routers/api/v1/repo/issue.go#L444))
 - support pagination (`page` & `limit` options in query)
 - set `X-Total-Count` header via **SetTotalCountHeader** ([example](https://github.com/go-gitea/gitea/blob/7aae98cc5d4113f1e9918b7ee7dd09f67c189e3e/routers/api/v1/repo/issue.go#L444))
 ## Backports and Frontports
 Occasionally backports of PRs are required.
 The backported PR title should be:
 ```
 Title of backported PR (#ORIGINAL_PR_NUMBER)
 ```
 The first two lines of the summary of the backporting PR should be:
 ```
 Backport #ORIGINAL_PR_NUMBER
 ```
 with the rest of the summary matching the original PR. Similarly for frontports
 ---
 The below is a script that may be helpful in creating backports. YMMV.
 ```bash
 #!/bin/sh
 PR="$1"
 SHA="$2"
 VERSION="$3"
 if [ -z "$SHA" ]; then
    SHA=$(gh api /repos/go-gitea/gitea/pulls/$PR -q '.merge_commit_sha')
 fi
 if [ -z "$VERSION" ]; then
    VERSION="v1.16"
 fi
 echo git checkout origin/release/"$VERSION" -b backport-$PR-$VERSION
 git checkout origin/release/"$VERSION" -b backport-$PR-$VERSION
 git cherry-pick $SHA && git commit --amend && git push zeripath backport-$PR-$VERSION && xdg-open https://github.com/go-gitea/gitea/compare/release/"$VERSION"...zeripath:backport-$PR-$VERSION
 ```
 ## Developer Certificate of Origin (DCO)
@ -374,35 +298,35 @@ and lead the development of Gitea.
 To honor the past owners, here's the history of the owners and the time
 they served:
- 2022-01-01 ~ 2022-12-31 - https://github.com/go-gitea/gitea/issues/17872
+* 2022-01-01 ~ 2022-12-31 - https://github.com/go-gitea/gitea/issues/17872
-  - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
+  * [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-  - [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
+  * [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
-  - [Andrew Thornton](https://gitea.com/zeripath) <art27@cantab.net>
+  * [Andrew Thornton](https://gitea.com/zeripath) <art27@cantab.net>
- 2021-01-01 ~ 2021-12-31 - https://github.com/go-gitea/gitea/issues/13801
+* 2021-01-01 ~ 2021-12-31 - https://github.com/go-gitea/gitea/issues/13801
-  - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
+  * [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-  - [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
+  * [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
-  - [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
+  * [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
- 2020-01-01 ~ 2020-12-31 - https://github.com/go-gitea/gitea/issues/9230
+* 2020-01-01 ~ 2020-12-31 - https://github.com/go-gitea/gitea/issues/9230
-  - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
+  * [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-  - [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
+  * [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
-  - [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
+  * [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
- 2019-01-01 ~ 2019-12-31 - https://github.com/go-gitea/gitea/issues/5572
+* 2019-01-01 ~ 2019-12-31 - https://github.com/go-gitea/gitea/issues/5572
-  - [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
+  * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
-  - [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
+  * [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
-  - [Matti Ranta](https://github.com/techknowlogick) <techknowlogick@gitea.io>
+  * [Matti Ranta](https://github.com/techknowlogick) <techknowlogick@gitea.io>
- 2018-01-01 ~ 2018-12-31 - https://github.com/go-gitea/gitea/issues/3255
+* 2018-01-01 ~ 2018-12-31 - https://github.com/go-gitea/gitea/issues/3255
-  - [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
+  * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
-  - [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
+  * [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
-  - [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>
+  * [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>
- 2016-11-04 ~ 2017-12-31
+* 2016-11-04 ~ 2017-12-31
-  - [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
+  * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
-  - [Thomas Boerger](https://github.com/tboerger) <thomas@webhippie.de>
+  * [Thomas Boerger](https://github.com/tboerger) <thomas@webhippie.de>
-  - [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>
+  * [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>
 ## Versions
@ -419,27 +343,23 @@ be reviewed by two maintainers and must pass the automatic tests.
 ## Releasing Gitea
- Let $vmaj, $vmin and $vpat be Major, Minor and Patch version numbers, $vpat should be rc1, rc2, 0, 1, ...... $vmaj.$vmin will be kept the same as milestones on github or gitea in future.
+* Let $vmaj, $vmin and $vpat be Major, Minor and Patch version numbers, $vpat should be rc1, rc2, 0, 1, ...... $vmaj.$vmin will be kept the same as milestones on github or gitea in future.
- Before releasing, confirm all the version's milestone issues or PRs has been resolved. Then discuss the release on Discord channel #maintainers and get agreed with almost all the owners and mergers. Or you can declare the version and if nobody against in about serval hours.
+* Before releasing, confirm all the version's milestone issues or PRs has been resolved. Then discuss the release on Discord channel #maintainers and get agreed with almost all the owners and mergers. Or you can declare the version and if nobody against in about serval hours.
- If this is a big version first you have to create PR for changelog on branch `main` with PRs with label `changelog` and after it has been merged do following steps:
+* If this is a big version first you have to create PR for changelog on branch `main` with PRs with label `changelog` and after it has been merged do following steps:
-  - Create `-dev` tag as `git tag -s -F release.notes v$vmaj.$vmin.0-dev` and push the tag as `git push origin v$vmaj.$vmin.0-dev`.
+  * Create `-dev` tag as `git tag -s -F release.notes v$vmaj.$vmin.0-dev` and push the tag as `git push origin v$vmaj.$vmin.0-dev`.
-  - When CI has finished building tag then you have to create a new branch named `release/v$vmaj.$vmin`
+  * When CI has finished building tag then you have to create a new branch named `release/v$vmaj.$vmin`
- If it is bugfix version create PR for changelog on branch `release/v$vmaj.$vmin` and wait till it is reviewed and merged.
+* If it is bugfix version create PR for changelog on branch `release/v$vmaj.$vmin` and wait till it is reviewed and merged.
- Add a tag as `git tag -s -F release.notes v$vmaj.$vmin.$`, release.notes file could be a temporary file to only include the changelog this version which you added to `CHANGELOG.md`.
+* Add a tag as `git tag -s -F release.notes v$vmaj.$vmin.$`, release.notes file could be a temporary file to only include the changelog this version which you added to `CHANGELOG.md`.
- And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically create a release and upload all the compiled binary. (But currently it doesn't add the release notes automatically. Maybe we should fix that.)
+* And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically create a release and upload all the compiled binary. (But currently it doesn't add the release notes automatically. Maybe we should fix that.)
- If needed send a frontport PR for the changelog to branch `main` and update the version in `docs/config.yaml` to refer to the new version.
+* If needed send PR for changelog on branch `main`.
- Send PR to [blog repository](https://gitea.com/gitea/blog) announcing the release.
+* Send PR to [blog repository](https://gitea.com/gitea/blog) announcing the release.
 - Verify all release assets were correctly published through CI on dl.gitea.io and GitHub releases. Once ACKed:
  - bump the version of https://dl.gitea.io/gitea/version.json
  - merge the blog post PR
  - announce the release in discord `#announcements`
 ## Copyright
 Code that you contribute should use the standard copyright header:
 ```
-// Copyright 2022 The Gitea Authors. All rights reserved.
+// Copyright 2020 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 ```
--- a/7
+++ b/7
@ -1,5 +1,5 @@
 #Build stage
-FROM golang:1.19-alpine3.16 AS build-env
+FROM golang:1.18-alpine3.15 AS build-env
 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@ -23,7 +23,7 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go
-FROM alpine:3.16
+FROM alpine:3.13
 LABEL maintainer="maintainers@gitea.io"
 EXPOSE 22 3000
@ -33,7 +33,6 @@ RUN apk --no-cache add \
    ca-certificates \
    curl \
    gettext \
    git \
    linux-pam \
    openssh \
    s6 \
@ -41,6 +40,8 @@ RUN apk --no-cache add \
    su-exec \
    gnupg
 RUN apk add git --repository=http://dl-cdn.alpinelinux.org/alpine/v3.16/main
 RUN addgroup \
    -S -g 1000 \
    git && \
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@ -1,5 +1,5 @@
 #Build stage
-FROM golang:1.19-alpine3.16 AS build-env
+FROM golang:1.18-alpine3.15 AS build-env
 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@ -23,7 +23,7 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go
-FROM alpine:3.16
+FROM alpine:3.13
 LABEL maintainer="maintainers@gitea.io"
 EXPOSE 2222 3000
@ -32,10 +32,11 @@ RUN apk --no-cache add \
    bash \
    ca-certificates \
    gettext \
    git \
    curl \
    gnupg
 RUN apk add git --repository=http://dl-cdn.alpinelinux.org/alpine/v3.16/main
 RUN addgroup \
    -S -g 1000 \
    git && \
@ -62,7 +63,7 @@ ENV GITEA_CUSTOM /var/lib/gitea/custom
 ENV GITEA_TEMP /tmp/gitea
 ENV TMPDIR /tmp/gitea
-#TODO add to docs the ability to define the ini to load (useful to test and revert a config)
+#TODO add to docs the ability to define the ini to load (usefull to test and revert a config)
 ENV GITEA_APP_INI /etc/gitea/app.ini
 ENV HOME "/var/lib/gitea/git"
 VOLUME ["/var/lib/gitea", "/etc/gitea"]
--- a/7
+++ b/7
@ -44,8 +44,5 @@ Janis Estelmann <admin@oldschoolhack.me> (@KN4CK3R)
 Steven Kriegler <sk.bunsenbrenner@gmail.com> (@justusbunsi)
 Jimmy Praet <jimmy.praet@telenet.be> (@jpraet)
 Leon Hofmeister <dev.lh@web.de> (@delvh) 
-silentcode <silentcode@senga.org> (@silentcodeg)
+Gusted <williamzijl7@hotmail.com) (@Gusted)
-Wim <wim@42.be> (@42wim)
+singuliere <singuliere@autistici.org> (@singuliere)
 xinyu <xinyu@nerv.org.cn> (@penlinux)
 Jason Song <i@wolfogre.com> (@wolfogre)
 Yarden Shoham <hrsi88@gmail.com> (@yardenshoham)
--- a/412
+++ b/412
@ -17,25 +17,24 @@ else
 DIST := dist
 DIST_DIRS := $(DIST)/binaries $(DIST)/release
 IMPORT := code.gitea.io/gitea
 export GO111MODULE=on
 GO ?= go
 SHASUM ?= shasum -a 256
 HAS_GO = $(shell hash $(GO) > /dev/null 2>&1 && echo "GO" || echo "NOGO" )
 COMMA := ,
-XGO_VERSION := go-1.19.x
+XGO_VERSION := go-1.18.x
-AIR_PACKAGE ?= github.com/cosmtrek/air@v1.40.4
+AIR_PACKAGE ?= github.com/cosmtrek/air@v1.29.0
-EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/cmd/editorconfig-checker@2.5.0
+EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/cmd/editorconfig-checker@2.4.0
-ERRCHECK_PACKAGE ?= github.com/kisielk/errcheck@v1.6.1
+ERRCHECK_PACKAGE ?= github.com/kisielk/errcheck@v1.6.0
-GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.3.1
+GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.3.0
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.47.0
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.44.2
 GXZ_PAGAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.10
 MISSPELL_PACKAGE ?= github.com/client9/misspell/cmd/misspell@v0.3.4
-SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.30.0
+SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.29.0
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
 GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.3.0
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@latest
 DOCKER_IMAGE ?= gitea/gitea
 DOCKER_TAG ?= latest
@ -68,7 +67,7 @@ endif
 EXTRA_GOFLAGS ?=
-MAKE_VERSION := $(shell "$(MAKE)" -v | head -n 1)
+MAKE_VERSION := $(shell $(MAKE) -v | head -n 1)
 MAKE_EVIDENCE_DIR := .make_evidence
 ifeq ($(RACE_ENABLED),true)
@ -100,8 +99,7 @@ LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(G
 LINUX_ARCHS ?= linux/amd64,linux/386,linux/arm-5,linux/arm-6,linux/arm64
-GO_PACKAGES ?= $(filter-out code.gitea.io/gitea/tests/integration/migration-test code.gitea.io/gitea/tests code.gitea.io/gitea/tests/integration code.gitea.io/gitea/tests/e2e,$(shell $(GO) list ./... | grep -v /vendor/))
+GO_PACKAGES ?= $(filter-out code.gitea.io/gitea/models/migrations code.gitea.io/gitea/integrations/migration-test code.gitea.io/gitea/integrations,$(shell $(GO) list ./... | grep -v /vendor/))
 GO_TEST_PACKAGES ?= $(filter-out $(shell $(GO) list code.gitea.io/gitea/models/migrations/...) code.gitea.io/gitea/tests/integration/migration-test code.gitea.io/gitea/tests code.gitea.io/gitea/tests/integration code.gitea.io/gitea/tests/e2e,$(shell $(GO) list ./... | grep -v /vendor/))
 FOMANTIC_WORK_DIR := web_src/fomantic
@ -113,39 +111,25 @@ WEBPACK_DEST_ENTRIES := public/js public/css public/fonts public/img/webpack pub
 BINDATA_DEST := modules/public/bindata.go modules/options/bindata.go modules/templates/bindata.go
 BINDATA_HASH := $(addsuffix .hash,$(BINDATA_DEST))
 GENERATED_GO_DEST := modules/charset/invisible_gen.go modules/charset/ambiguous_gen.go
 SVG_DEST_DIR := public/img/svg
 AIR_TMP_DIR := .air
 GO_LICENSE_TMP_DIR := .go-licenses
 GO_LICENSE_FILE := assets/go-licenses.json
 TAGS ?=
 TAGS_SPLIT := $(subst $(COMMA), ,$(TAGS))
 TAGS_EVIDENCE := $(MAKE_EVIDENCE_DIR)/tags
 TEST_TAGS ?= sqlite sqlite_unlock_notify
-TAR_EXCLUDES := .git data indexers queues log node_modules $(EXECUTABLE) $(FOMANTIC_WORK_DIR)/node_modules $(DIST) $(MAKE_EVIDENCE_DIR) $(AIR_TMP_DIR) $(GO_LICENSE_TMP_DIR)
+TAR_EXCLUDES := .git data indexers queues log node_modules $(EXECUTABLE) $(FOMANTIC_WORK_DIR)/node_modules $(DIST) $(MAKE_EVIDENCE_DIR) $(AIR_TMP_DIR)
-GO_DIRS := cmd tests models modules routers build services tools
+GO_DIRS := cmd integrations models modules routers build services tools
 WEB_DIRS := web_src/js web_src/less
 GO_SOURCES := $(wildcard *.go)
 GO_SOURCES += $(shell find $(GO_DIRS) -type f -name "*.go" -not -path modules/options/bindata.go -not -path modules/public/bindata.go -not -path modules/templates/bindata.go)
 GO_SOURCES += $(GENERATED_GO_DEST)
 GO_SOURCES_NO_BINDATA := $(GO_SOURCES)
 ifeq ($(filter $(TAGS_SPLIT),bindata),bindata)
 	GO_SOURCES += $(BINDATA_DEST)
 	GENERATED_GO_DEST += $(BINDATA_DEST)
 endif
 # Force installation of playwright dependencies by setting this flag
 ifdef DEPS_PLAYWRIGHT
 	PLAYWRIGHT_FLAGS += --with-deps
 endif
 SWAGGER_SPEC := templates/swagger/v1_json.tmpl
@ -199,7 +183,6 @@ help:
 	@echo " - test                             test everything"
 	@echo " - test-frontend                    test frontend files"
 	@echo " - test-backend                     test backend files"
 	@echo " - test-e2e[\#TestSpecificName]     test end to end using playwright"
 	@echo " - webpack                          build webpack files"
 	@echo " - svg                              build svg files"
 	@echo " - fomantic                         build fomantic files"
@ -211,21 +194,22 @@ help:
 	@echo " - generate-swagger                 generate the swagger spec from code comments"
 	@echo " - swagger-validate                 check if the swagger spec is valid"
 	@echo " - golangci-lint                    run golangci-lint linter"
 	@echo " - go-licenses                      regenerate go licenses"
 	@echo " - vet                              examines Go source code and reports suspicious constructs"
 	@echo " - tidy                             run go mod tidy"
 	@echo " - test[\#TestSpecificName]    	    run unit test"
 	@echo " - test-sqlite[\#TestSpecificName]  run integration test for sqlite"
 	@echo " - pr#<index>                       build and start gitea from a PR with integration test data loaded"
 .PHONY: go-check
 go-check:
-	$(eval MIN_GO_VERSION_STR := $(shell grep -Eo '^go\s+[0-9]+\.[0-9]+' go.mod | cut -d' ' -f2))
+	$(eval MIN_GO_VERSION_STR := $(shell grep -Eo '^go\s+[0-9]+\.[0-9.]+' go.mod | cut -d' ' -f2))
-	$(eval MIN_GO_VERSION := $(shell printf "%03d%03d" $(shell echo '$(MIN_GO_VERSION_STR)' | tr '.' ' ')))
+	$(eval MIN_GO_VERSION := $(shell printf "%03d%03d%03d" $(shell echo '$(MIN_GO_VERSION_STR)' | tr '.' ' ')))
-	$(eval GO_VERSION := $(shell printf "%03d%03d" $(shell $(GO) version | grep -Eo '[0-9]+\.[0-9]+' | tr '.' ' ');))
+	$(eval GO_VERSION_STR := $(shell $(GO) version | grep -Eo '[0-9]+\.[0-9.]+'))
 	$(eval GO_VERSION := $(shell printf "%03d%03d%03d" $(shell echo '$(GO_VERSION_STR)' | tr '.' ' ')))
 	@if [ "$(GO_VERSION)" -lt "$(MIN_GO_VERSION)" ]; then \
-		echo "Gitea requires Go $(MIN_GO_VERSION_STR) or greater to build. You can get it at https://go.dev/dl/"; \
+		echo "Gitea requires Go $(MIN_GO_VERSION_STR) or greater to build, but $(GO_VERSION) was found. You can get an updated version at https://go.dev/dl/"; \
 		exit 1; \
 	else \
 		echo "WARNING: Please ensure Go $(GO_VERSION_STR) is still maintained to avoid possible security problems. You can check it at https://go.dev/dl/"; \
 	fi
 .PHONY: git-check
@ -255,33 +239,14 @@ clean:
 	$(GO) clean -i ./...
 	rm -rf $(EXECUTABLE) $(DIST) $(BINDATA_DEST) $(BINDATA_HASH) \
 		integrations*.test \
-		e2e*.test \
+		integrations/gitea-integration-pgsql/ integrations/gitea-integration-mysql/ integrations/gitea-integration-mysql8/ integrations/gitea-integration-sqlite/ \
-		tests/integration/gitea-integration-pgsql/ tests/integration/gitea-integration-mysql/ tests/integration/gitea-integration-mysql8/ tests/integration/gitea-integration-sqlite/ \
+		integrations/gitea-integration-mssql/ integrations/indexers-mysql/ integrations/indexers-mysql8/ integrations/indexers-pgsql integrations/indexers-sqlite \
-		tests/integration/gitea-integration-mssql/ tests/integration/indexers-mysql/ tests/integration/indexers-mysql8/ tests/integration/indexers-pgsql tests/integration/indexers-sqlite \
+		integrations/indexers-mssql integrations/mysql.ini integrations/mysql8.ini integrations/pgsql.ini integrations/mssql.ini man/
 		tests/integration/indexers-mssql tests/mysql.ini tests/mysql8.ini tests/pgsql.ini tests/mssql.ini man/ \
 		tests/e2e/gitea-e2e-pgsql/ tests/e2e/gitea-e2e-mysql/ tests/e2e/gitea-e2e-mysql8/ tests/e2e/gitea-e2e-sqlite/ \
 		tests/e2e/gitea-e2e-mssql/ tests/e2e/indexers-mysql/ tests/e2e/indexers-mysql8/ tests/e2e/indexers-pgsql/ tests/e2e/indexers-sqlite/ \
 		tests/e2e/indexers-mssql/ tests/e2e/reports/ tests/e2e/test-artifacts/ tests/e2e/test-snapshots/
 .PHONY: fmt
 fmt:
-	GOFUMPT_PACKAGE=$(GOFUMPT_PACKAGE) $(GO) run build/code-batch-process.go gitea-fmt -w '{file-list}'
+	@echo "Running gitea-fmt (with gofumpt)..."
-	$(eval TEMPLATES := $(shell find templates -type f -name '*.tmpl'))
+	@MISSPELL_PACKAGE=$(MISSPELL_PACKAGE) GOFUMPT_PACKAGE=$(GOFUMPT_PACKAGE) $(GO) run build/code-batch-process.go gitea-fmt -w '{file-list}'
 	@# strip whitespace after '{{' and before `}}` unless there is only whitespace before it
 	@$(SED_INPLACE) -e 's/{{[ 	]\{1,\}/{{/g' -e '/^[ 	]\{1,\}}}/! s/[ 	]\{1,\}}}/}}/g' $(TEMPLATES)
 .PHONY: fmt-check
 fmt-check: fmt
 	@diff=$$(git diff $(GO_SOURCES) templates $(WEB_DIRS)); \
 	if [ -n "$$diff" ]; then \
 	  echo "Please run 'make fmt' and commit the result:"; \
 	  echo "$${diff}"; \
 	  exit 1; \
 	fi
 .PHONY: misspell-check
 misspell-check:
 	go run $(MISSPELL_PACKAGE) -error $(GO_DIRS) $(WEB_DIRS)
 .PHONY: vet
 vet:
@ -299,9 +264,7 @@ TAGS_PREREQ := $(TAGS_EVIDENCE)
 endif
 .PHONY: generate-swagger
-generate-swagger: $(SWAGGER_SPEC)
+generate-swagger:
 $(SWAGGER_SPEC): $(GO_SOURCES_NO_BINDATA)
 	$(GO) run $(SWAGGER_PACKAGE) generate spec -x "$(SWAGGER_EXCLUDE)" -o './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) '$(SWAGGER_SPEC_S_TMPL)' './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) $(SWAGGER_NEWLINE_COMMAND) './$(SWAGGER_SPEC)'
@ -326,6 +289,16 @@ errcheck:
 	@echo "Running errcheck..."
 	$(GO) run $(ERRCHECK_PACKAGE) $(GO_PACKAGES)
 .PHONY: fmt-check
 fmt-check:
 	# get all go files and run gitea-fmt (with gofmt) on them
 	@diff=$$(MISSPELL_PACKAGE=$(MISSPELL_PACKAGE) GOFUMPT_PACKAGE=$(GOFUMPT_PACKAGE) $(GO) run build/code-batch-process.go gitea-fmt -l '{file-list}'); \
 	if [ -n "$$diff" ]; then \
 		echo "Please run 'make fmt' and commit the result:"; \
 		echo "$${diff}"; \
 		exit 1; \
 	fi
 .PHONY: checks
 checks: checks-frontend checks-backend
@ -333,20 +306,19 @@ checks: checks-frontend checks-backend
 checks-frontend: lockfile-check svg-check
 .PHONY: checks-backend
-checks-backend: tidy-check swagger-check fmt-check misspell-check swagger-validate
+checks-backend: gomod-check swagger-check swagger-validate
 .PHONY: lint
 lint: lint-frontend lint-backend
 .PHONY: lint-frontend
 lint-frontend: node_modules
-	npx eslint --color --max-warnings=0 --ext js,vue web_src/js build *.config.js docs/assets/js tests/e2e
+	npx eslint --color --max-warnings=0 web_src/js build templates *.config.js docs/assets/js
 	npx stylelint --color --max-warnings=0 web_src/less
-	npx spectral lint -q -F hint $(SWAGGER_SPEC)
+	npx editorconfig-checker templates
 	npx markdownlint docs *.md
 .PHONY: lint-backend
-lint-backend: golangci-lint vet editorconfig-checker
+lint-backend: golangci-lint vet
 .PHONY: watch
 watch:
@ -367,11 +339,11 @@ test: test-frontend test-backend
 .PHONY: test-backend
 test-backend:
 	@echo "Running go test with $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
-	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(GO_TEST_PACKAGES)
+	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(GO_PACKAGES)
 .PHONY: test-frontend
 test-frontend: node_modules
-	npx vitest
+	@NODE_OPTIONS="--experimental-vm-modules --no-warnings" npx jest --color
 .PHONY: test-check
 test-check:
@ -388,62 +360,54 @@ test-check:
 .PHONY: test\#%
 test\#%:
 	@echo "Running go test with -tags '$(TEST_TAGS)'..."
-	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' -run $(subst .,/,$*) $(GO_TEST_PACKAGES)
+	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' -run $(subst .,/,$*) $(GO_PACKAGES)
 .PHONY: coverage
 coverage:
 	grep '^\(mode: .*\)\|\(.*:[0-9]\+\.[0-9]\+,[0-9]\+\.[0-9]\+ [0-9]\+ [0-9]\+\)$$' coverage.out > coverage-bodged.out
 	grep '^\(mode: .*\)\|\(.*:[0-9]\+\.[0-9]\+,[0-9]\+\.[0-9]\+ [0-9]\+ [0-9]\+\)$$' integration.coverage.out > integration.coverage-bodged.out
-	$(GO) run build/gocovmerge.go integration.coverage-bodged.out coverage-bodged.out > coverage.all
+	GO111MODULE=on $(GO) run build/gocovmerge.go integration.coverage-bodged.out coverage-bodged.out > coverage.all || (echo "gocovmerge failed"; echo "integration.coverage.out"; cat integration.coverage.out; echo "coverage.out"; cat coverage.out; exit 1)
 .PHONY: unit-test-coverage
 unit-test-coverage:
 	@echo "Running unit-test-coverage $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
-	@$(GO) test $(GOTESTFLAGS) -timeout=20m -tags='$(TEST_TAGS)' -cover -coverprofile coverage.out $(GO_TEST_PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1
+	@$(GO) test $(GOTESTFLAGS) -timeout=20m -tags='$(TEST_TAGS)' -cover -coverprofile coverage.out $(GO_PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1
-.PHONY: tidy
+.PHONY: vendor
-tidy:
+vendor:
-	$(eval MIN_GO_VERSION := $(shell grep -Eo '^go\s+[0-9]+\.[0-9.]+' go.mod | cut -d' ' -f2))
+	$(GO) mod tidy && $(GO) mod vendor
 	$(GO) mod tidy -compat=$(MIN_GO_VERSION)
 	@$(MAKE) --no-print-directory $(GO_LICENSE_FILE)
-vendor: go.mod go.sum
+.PHONY: gomod-check
-	$(GO) mod vendor
+gomod-check:
-	@touch vendor
+	@$(GO) mod tidy
-
+	@diff=$$(git diff go.sum); \
 .PHONY: tidy-check
 tidy-check: tidy
 	@diff=$$(git diff go.mod go.sum $(GO_LICENSE_FILE)); \
 	if [ -n "$$diff" ]; then \
-		echo "Please run 'make tidy' and commit the result:"; \
+		echo "Please run '$(GO) mod tidy' and commit the result:"; \
 		echo "$${diff}"; \
 		exit 1; \
 	fi
 .PHONY: go-licenses
 go-licenses: $(GO_LICENSE_FILE)
 $(GO_LICENSE_FILE): go.mod go.sum
 	-$(GO) run $(GO_LICENSES_PACKAGE) save . --force --save_path=$(GO_LICENSE_TMP_DIR) 2>/dev/null
 	$(GO) run build/generate-go-licenses.go $(GO_LICENSE_TMP_DIR) $(GO_LICENSE_FILE)
 	@rm -rf $(GO_LICENSE_TMP_DIR)
 generate-ini-sqlite:
 	sed -e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
-		-e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \
+			integrations/sqlite.ini.tmpl > integrations/sqlite.ini
 		-e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \
 			tests/sqlite.ini.tmpl > tests/sqlite.ini
 .PHONY: test-sqlite
 test-sqlite: integrations.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./integrations.sqlite.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test
 .PHONY: test-sqlite\#%
 test-sqlite\#%: integrations.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./integrations.sqlite.test -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test -test.run $(subst .,/,$*)
 .PHONY: test-sqlite-migration
-test-sqlite-migration:  migrations.sqlite.test migrations.individual.sqlite.test
+test-sqlite-migration:  migrations.sqlite.test migrations.individual.sqlite.test generate-ini-sqlite
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.sqlite.test
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.individual.sqlite.test
 .PHONY: test-sqlite-migration\#%
 test-sqlite-migration\#%:  migrations.sqlite.test migrations.individual.sqlite.test generate-ini-sqlite
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.individual.sqlite.test -test.run $(subst .,/,$*)
 generate-ini-mysql:
 	sed -e 's|{{TEST_MYSQL_HOST}}|${TEST_MYSQL_HOST}|g' \
@ -451,20 +415,20 @@ generate-ini-mysql:
 		-e 's|{{TEST_MYSQL_USERNAME}}|${TEST_MYSQL_USERNAME}|g' \
 		-e 's|{{TEST_MYSQL_PASSWORD}}|${TEST_MYSQL_PASSWORD}|g' \
 		-e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
-		-e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \
+			integrations/mysql.ini.tmpl > integrations/mysql.ini
 		-e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \
 			tests/mysql.ini.tmpl > tests/mysql.ini
 .PHONY: test-mysql
 test-mysql: integrations.mysql.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./integrations.mysql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test
 .PHONY: test-mysql\#%
 test-mysql\#%: integrations.mysql.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./integrations.mysql.test -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test -test.run $(subst .,/,$*)
 .PHONY: test-mysql-migration
-test-mysql-migration: migrations.mysql.test migrations.individual.mysql.test
+test-mysql-migration: migrations.mysql.test migrations.individual.mysql.test generate-ini-mysql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./migrations.mysql.test
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./migrations.individual.mysql.test
 generate-ini-mysql8:
 	sed -e 's|{{TEST_MYSQL8_HOST}}|${TEST_MYSQL8_HOST}|g' \
@ -472,20 +436,20 @@ generate-ini-mysql8:
 		-e 's|{{TEST_MYSQL8_USERNAME}}|${TEST_MYSQL8_USERNAME}|g' \
 		-e 's|{{TEST_MYSQL8_PASSWORD}}|${TEST_MYSQL8_PASSWORD}|g' \
 		-e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
-		-e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \
+			integrations/mysql8.ini.tmpl > integrations/mysql8.ini
 		-e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \
 			tests/mysql8.ini.tmpl > tests/mysql8.ini
 .PHONY: test-mysql8
 test-mysql8: integrations.mysql8.test generate-ini-mysql8
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./integrations.mysql8.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql8.ini ./integrations.mysql8.test
 .PHONY: test-mysql8\#%
 test-mysql8\#%: integrations.mysql8.test generate-ini-mysql8
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./integrations.mysql8.test -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql8.ini ./integrations.mysql8.test -test.run $(subst .,/,$*)
 .PHONY: test-mysql8-migration
-test-mysql8-migration: migrations.mysql8.test migrations.individual.mysql8.test
+test-mysql8-migration: migrations.mysql8.test migrations.individual.mysql8.test generate-ini-mysql8
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql8.ini ./migrations.mysql8.test
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql8.ini ./migrations.individual.mysql8.test
 generate-ini-pgsql:
 	sed -e 's|{{TEST_PGSQL_HOST}}|${TEST_PGSQL_HOST}|g' \
@ -494,20 +458,20 @@ generate-ini-pgsql:
 		-e 's|{{TEST_PGSQL_PASSWORD}}|${TEST_PGSQL_PASSWORD}|g' \
 		-e 's|{{TEST_PGSQL_SCHEMA}}|${TEST_PGSQL_SCHEMA}|g' \
 		-e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
-		-e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \
+			integrations/pgsql.ini.tmpl > integrations/pgsql.ini
 		-e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \
 			tests/pgsql.ini.tmpl > tests/pgsql.ini
 .PHONY: test-pgsql
 test-pgsql: integrations.pgsql.test generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./integrations.pgsql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test
 .PHONY: test-pgsql\#%
 test-pgsql\#%: integrations.pgsql.test generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./integrations.pgsql.test -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test -test.run $(subst .,/,$*)
 .PHONY: test-pgsql-migration
-test-pgsql-migration: migrations.pgsql.test migrations.individual.pgsql.test
+test-pgsql-migration: migrations.pgsql.test migrations.individual.pgsql.test generate-ini-pgsql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./migrations.pgsql.test
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./migrations.individual.pgsql.test
 generate-ini-mssql:
 	sed -e 's|{{TEST_MSSQL_HOST}}|${TEST_MSSQL_HOST}|g' \
@ -515,205 +479,98 @@ generate-ini-mssql:
 		-e 's|{{TEST_MSSQL_USERNAME}}|${TEST_MSSQL_USERNAME}|g' \
 		-e 's|{{TEST_MSSQL_PASSWORD}}|${TEST_MSSQL_PASSWORD}|g' \
 		-e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
-		-e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \
+			integrations/mssql.ini.tmpl > integrations/mssql.ini
 		-e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \
 			tests/mssql.ini.tmpl > tests/mssql.ini
 .PHONY: test-mssql
 test-mssql: integrations.mssql.test generate-ini-mssql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./integrations.mssql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test
 .PHONY: test-mssql\#%
 test-mssql\#%: integrations.mssql.test generate-ini-mssql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./integrations.mssql.test -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test -test.run $(subst .,/,$*)
 .PHONY: test-mssql-migration
-test-mssql-migration: migrations.mssql.test migrations.individual.mssql.test
+test-mssql-migration: migrations.mssql.test migrations.individual.mssql.test generate-ini-mssql
-
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./migrations.mssql.test -test.failfast
-.PHONY: playwright
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./migrations.individual.mssql.test -test.failfast
 playwright: $(PLAYWRIGHT_DIR)
 	npm install --no-save @playwright/test
 	npx playwright install $(PLAYWRIGHT_FLAGS)
 .PHONY: test-e2e%
 test-e2e%: TEST_TYPE ?= e2e
 	# Clear display env variable. Otherwise, chromium tests can fail.
 	DISPLAY=
 .PHONY: test-e2e
 test-e2e: test-e2e-sqlite
 .PHONY: test-e2e-sqlite
 test-e2e-sqlite: playwright e2e.sqlite.test generate-ini-sqlite
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./e2e.sqlite.test
 .PHONY: test-e2e-sqlite\#%
 test-e2e-sqlite\#%: playwright e2e.sqlite.test generate-ini-sqlite
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./e2e.sqlite.test -test.run TestE2e/$*
 .PHONY: test-e2e-mysql
 test-e2e-mysql: playwright e2e.mysql.test generate-ini-mysql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./e2e.mysql.test
 .PHONY: test-e2e-mysql\#%
 test-e2e-mysql\#%: playwright e2e.mysql.test generate-ini-mysql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./e2e.mysql.test -test.run TestE2e/$*
 .PHONY: test-e2e-mysql8
 test-e2e-mysql8: playwright e2e.mysql8.test generate-ini-mysql8
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./e2e.mysql8.test
 .PHONY: test-e2e-mysql8\#%
 test-e2e-mysql8\#%: playwright e2e.mysql8.test generate-ini-mysql8
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./e2e.mysql8.test -test.run TestE2e/$*
 .PHONY: test-e2e-pgsql
 test-e2e-pgsql: playwright e2e.pgsql.test generate-ini-pgsql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./e2e.pgsql.test
 .PHONY: test-e2e-pgsql\#%
 test-e2e-pgsql\#%: playwright e2e.pgsql.test generate-ini-pgsql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./e2e.pgsql.test -test.run TestE2e/$*
 .PHONY: test-e2e-mssql
 test-e2e-mssql: playwright e2e.mssql.test generate-ini-mssql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./e2e.mssql.test
 .PHONY: test-e2e-mssql\#%
 test-e2e-mssql\#%: playwright e2e.mssql.test generate-ini-mssql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./e2e.mssql.test -test.run TestE2e/$*
 .PHONY: bench-sqlite
 bench-sqlite: integrations.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./integrations.sqlite.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
 .PHONY: bench-mysql
 bench-mysql: integrations.mysql.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./integrations.mysql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
 .PHONY: bench-mssql
 bench-mssql: integrations.mssql.test generate-ini-mssql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./integrations.mssql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
 .PHONY: bench-pgsql
 bench-pgsql: integrations.pgsql.test generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./integrations.pgsql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
 .PHONY: integration-test-coverage
 integration-test-coverage: integrations.cover.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./integrations.cover.test -test.coverprofile=integration.coverage.out
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.cover.test -test.coverprofile=integration.coverage.out
 .PHONY: integration-test-coverage-sqlite
 integration-test-coverage-sqlite: integrations.cover.sqlite.test generate-ini-sqlite
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./integrations.cover.sqlite.test -test.coverprofile=integration.coverage.out
 integrations.mysql.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.mysql.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.mysql.test
 integrations.mysql8.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.mysql8.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.mysql8.test
 integrations.pgsql.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.pgsql.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.pgsql.test
 integrations.mssql.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.mssql.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.mssql.test
 integrations.sqlite.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.sqlite.test -tags '$(TEST_TAGS)'
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.sqlite.test -tags '$(TEST_TAGS)'
 integrations.cover.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -coverpkg $(shell echo $(GO_TEST_PACKAGES) | tr ' ' ',') -o integrations.cover.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -coverpkg $(shell echo $(GO_PACKAGES) | tr ' ' ',') -o integrations.cover.test
 integrations.cover.sqlite.test: git-check $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -coverpkg $(shell echo $(GO_TEST_PACKAGES) | tr ' ' ',') -o integrations.cover.sqlite.test -tags '$(TEST_TAGS)'
 .PHONY: migrations.mysql.test
-migrations.mysql.test: $(GO_SOURCES) generate-ini-mysql
+migrations.mysql.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.mysql.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.mysql.test
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./migrations.mysql.test
 .PHONY: migrations.mysql8.test
-migrations.mysql8.test: $(GO_SOURCES) generate-ini-mysql8
+migrations.mysql8.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.mysql8.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.mysql8.test
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./migrations.mysql8.test
 .PHONY: migrations.pgsql.test
-migrations.pgsql.test: $(GO_SOURCES) generate-ini-pgsql
+migrations.pgsql.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.pgsql.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.pgsql.test
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./migrations.pgsql.test
 .PHONY: migrations.mssql.test
-migrations.mssql.test: $(GO_SOURCES) generate-ini-mssql
+migrations.mssql.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.mssql.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.mssql.test
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./migrations.mssql.test
 .PHONY: migrations.sqlite.test
-migrations.sqlite.test: $(GO_SOURCES) generate-ini-sqlite
+migrations.sqlite.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.sqlite.test -tags '$(TEST_TAGS)'
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.sqlite.test -tags '$(TEST_TAGS)'
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./migrations.sqlite.test
 .PHONY: migrations.individual.mysql.test
 migrations.individual.mysql.test: $(GO_SOURCES)
-	for pkg in $(shell $(GO) list code.gitea.io/gitea/models/migrations/...); do \
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.mysql.test
 		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg; \
 	done
 .PHONY: migrations.individual.mysql8.test
 migrations.individual.mysql8.test: $(GO_SOURCES)
-	for pkg in $(shell $(GO) list code.gitea.io/gitea/models/migrations/...); do \
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.mysql8.test
 		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg; \
 	done
 .PHONY: migrations.individual.mysql8.test\#%
 migrations.individual.sqlite.test\#%: $(GO_SOURCES) generate-ini-sqlite
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
 .PHONY: migrations.individual.pgsql.test
 migrations.individual.pgsql.test: $(GO_SOURCES)
-	for pkg in $(shell $(GO) list code.gitea.io/gitea/models/migrations/...); do \
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.pgsql.test
 		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg; \
 	done
 .PHONY: migrations.individual.pgsql.test\#%
 migrations.individual.pgsql.test\#%: $(GO_SOURCES) generate-ini-pgsql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
 .PHONY: migrations.individual.mssql.test
-migrations.individual.mssql.test: $(GO_SOURCES) generate-ini-mssql
+migrations.individual.mssql.test: $(GO_SOURCES)
-	for pkg in $(shell $(GO) list code.gitea.io/gitea/models/migrations/...); do \
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.mssql.test
 		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg -test.failfast; \
 	done
 .PHONY: migrations.individual.mssql.test\#%
 migrations.individual.mssql.test\#%: $(GO_SOURCES) generate-ini-mssql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
 .PHONY: migrations.individual.sqlite.test
-migrations.individual.sqlite.test: $(GO_SOURCES) generate-ini-sqlite
+migrations.individual.sqlite.test: $(GO_SOURCES)
-	for pkg in $(shell $(GO) list code.gitea.io/gitea/models/migrations/...); do \
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.sqlite.test -tags '$(TEST_TAGS)'
 		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg; \
 	done
 .PHONY: migrations.individual.sqlite.test\#%
 migrations.individual.sqlite.test\#%: $(GO_SOURCES) generate-ini-sqlite
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
 e2e.mysql.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.mysql.test
 e2e.mysql8.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.mysql8.test
 e2e.pgsql.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.pgsql.test
 e2e.mssql.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.mssql.test
 e2e.sqlite.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.sqlite.test -tags '$(TEST_TAGS)'
 .PHONY: check
 check: test
@ -729,24 +586,13 @@ build: frontend backend
 frontend: $(WEBPACK_DEST)
 .PHONY: backend
-backend: go-check generate-backend $(EXECUTABLE)
+backend: go-check generate $(EXECUTABLE)
 # We generate the backend before the frontend in case we in future we want to generate things in the frontend from generated files in backend
 .PHONY: generate
-generate: generate-backend
+generate: $(TAGS_PREREQ)
 .PHONY: generate-backend
 generate-backend: $(TAGS_PREREQ) generate-go
 .PHONY: generate-go
 generate-go: $(TAGS_PREREQ)
 	@echo "Running go generate..."
 	@CC= GOOS= GOARCH= $(GO) generate -tags '$(TAGS)' $(GO_PACKAGES)
 .PHONY: security-check
 security-check:
 	govulncheck -v ./...
 $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@
@ -762,27 +608,27 @@ release-windows: | $(DIST_DIRS)
 ifeq (,$(findstring gogit,$(TAGS)))
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'netgo osusergo gogit $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION)-gogit .
 endif
-ifeq ($(CI),true)
+ifeq ($(CI),drone)
 	cp /build/* $(DIST)/binaries
 endif
 .PHONY: release-linux
 release-linux: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(LINUX_ARCHS)' -out gitea-$(VERSION) .
-ifeq ($(CI),true)
+ifeq ($(CI),drone)
 	cp /build/* $(DIST)/binaries
 endif
 .PHONY: release-darwin
 release-darwin: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'darwin-10.12/amd64,darwin-10.12/arm64' -out gitea-$(VERSION) .
-ifeq ($(CI),true)
+ifeq ($(CI),drone)
 	cp /build/* $(DIST)/binaries
 endif
 .PHONY: release-copy
 release-copy: | $(DIST_DIRS)
-	cd $(DIST); for file in `find . -type f -name "*"`; do cp $${file} ./release/; done;
+	cd $(DIST); for file in `find /build -type f -name "*"`; do cp $${file} ./release/; done;
 .PHONY: release-check
 release-check: | $(DIST_DIRS)
@ -797,9 +643,7 @@ release-sources: | $(DIST_DIRS)
 	echo $(VERSION) > $(STORED_VERSION_FILE)
 # bsdtar needs a ^ to prevent matching subdirectories
 	$(eval EXCL := --exclude=$(shell tar --help | grep -q bsdtar && echo "^")./)
-# use transform to a add a release-folder prefix; in bsdtar the transform parameter equivalent is -s
+	tar $(addprefix $(EXCL),$(TAR_EXCLUDES)) -czf $(DIST)/release/gitea-src-$(VERSION).tar.gz .
 	$(eval TRANSFORM := $(shell tar --help | grep -q bsdtar && echo "-s '/^./gitea-src-$(VERSION)/'" || echo "--transform 's|^./|gitea-src-$(VERSION)/|'"))
 	tar $(addprefix $(EXCL),$(TAR_EXCLUDES)) $(TRANSFORM) -czf $(DIST)/release/gitea-src-$(VERSION).tar.gz .
 	rm -f $(STORED_VERSION_FILE)
 .PHONY: release-docs
@ -831,8 +675,6 @@ deps-backend:
 	$(GO) install $(MISSPELL_PACKAGE)
 	$(GO) install $(SWAGGER_PACKAGE)
 	$(GO) install $(XGO_PACKAGE)
 	$(GO) install $(GO_LICENSES_PACKAGE)
 	$(GO) install $(GOVULNCHECK_PACKAGE)
 node_modules: package-lock.json
 	npm install --no-save
@ -851,8 +693,8 @@ fomantic:
 	cd $(FOMANTIC_WORK_DIR) && npm install --no-save
 	cp -f $(FOMANTIC_WORK_DIR)/theme.config.less $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/theme.config
 	cp -rf $(FOMANTIC_WORK_DIR)/_site $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/
 	cp -f web_src/js/vendor/dropdown.js $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/definitions/modules
 	cd $(FOMANTIC_WORK_DIR) && npx gulp -f node_modules/fomantic-ui/gulpfile.js build
 	$(SED_INPLACE) -e 's/\r//g' $(FOMANTIC_WORK_DIR)/build/semantic.css $(FOMANTIC_WORK_DIR)/build/semantic.js
 	rm -f $(FOMANTIC_WORK_DIR)/build/*.min.*
 .PHONY: webpack
@ -902,15 +744,15 @@ update-translations:
 .PHONY: generate-license
 generate-license:
-	$(GO) run build/generate-licenses.go
+	GO111MODULE=on $(GO) run build/generate-licenses.go
 .PHONY: generate-gitignore
 generate-gitignore:
-	$(GO) run build/generate-gitignores.go
+	GO111MODULE=on $(GO) run build/generate-gitignores.go
 .PHONY: generate-images
 generate-images: | node_modules
-	npm install --no-save --no-package-lock fabric@5 imagemin-zopfli@7
+	npm install --no-save --no-package-lock fabric@4 imagemin-zopfli@7
 	node build/generate-images.js $(TAGS)
 .PHONY: generate-manpage
@ -919,7 +761,7 @@ generate-manpage:
 	@mkdir -p man/man1/ man/man5
 	@./gitea docs --man > man/man1/gitea.1
 	@gzip -9 man/man1/gitea.1 && echo man/man1/gitea.1.gz created
-	@#TODO A small script that formats config-cheat-sheet.en-us.md nicely for use as a config man page
+	@#TODO A smal script witch format config-cheat-sheet.en-us.md nicely to suit as config man page
 .PHONY: pr\#%
 pr\#%: clean-all
--- a/README.md
+++ b/README.md
@ -33,12 +33,6 @@
  <a href="https://opensource.org/licenses/MIT" title="License: MIT">
    <img src="https://img.shields.io/badge/License-MIT-blue.svg">
  </a>
  <a href="https://gitpod.io/#https://github.com/go-gitea/gitea">
  <img
    src="https://img.shields.io/badge/Contribute%20with-Gitpod-908a85?logo=gitpod"
    alt="Contribute with Gitpod"
  />
  </a>
  <a href="https://crowdin.com/project/gitea" title="Crowdin">
    <img src="https://badges.crowdin.net/gitea/localized.svg">
  </a>
@ -51,21 +45,21 @@
 </p>
 <p align="center">
-  <a href="README_ZH.md">View this document in Chinese</a>
+  <a href="README_ZH.md">View the chinese version of this document</a>
 </p>
 ## Purpose
 The goal of this project is to make the easiest, fastest, and most
 painless way of setting up a self-hosted Git service.
-
+Using Go, this can be done with an independent binary distribution across
-As Gitea is written in Go, it works across **all** the platforms and
+**all platforms** which Go supports, including Linux, macOS, and Windows
-architectures that are supported by Go, including Linux, macOS, and
+on x86, amd64, ARM and PowerPC architectures.
-Windows on x86, amd64, ARM and PowerPC architectures.
+Want to try it before doing anything else?
-You can try it out using [the online demo](https://try.gitea.io/).
+Do it [with the online demo](https://try.gitea.io/)!
 This project has been
 [forked](https://blog.gitea.io/2016/12/welcome-to-gitea/) from
-[Gogs](https://gogs.io) since November of 2016, but a lot has changed.
+[Gogs](https://gogs.io) since 2016.11 but changed a lot.
 ## Building
@ -79,7 +73,7 @@ or if SQLite support is required:
 The `build` target is split into two sub-targets:
- `make backend` which requires [Go Stable](https://go.dev/dl/), required version is defined in [go.mod](/go.mod).
+- `make backend` which requires [Go 1.17](https://go.dev/dl/) or greater.
 - `make frontend` which requires [Node.js LTS](https://nodejs.org/en/download/) or greater and Internet connectivity to download npm dependencies.
 When building from the official source tarballs which include pre-built frontend files, the `frontend` target will not be triggered, making it possible to build without Node.js and Internet connectivity.
@ -106,9 +100,9 @@ NOTES:
 ## Translating
-Translations are done through Crowdin. If you want to translate to a new language ask one of the managers in the Crowdin project to add a new language there.
+Translations are done through Crowdin. If you want to translate to a new language ask one of the managers in the Crowdin project to add a new language there. 
-You can also just create an issue for adding a language or ask on discord on the #translation channel. If you need context or find some translation issues, you can leave a comment on the string or ask on Discord. For general translation questions there is a section in the docs. Currently a bit empty but we hope to fill it as questions pop up.
+You can also just create an issue for adding a language or ask on discord on the #translation channel. If you need context or find some translation issues, you can leave a comment on the string or ask on Discord. For general translation questions there is a section in the docs. Currently a bit empty but we hope fo fill it as questions pop up.
 https://docs.gitea.io/en-us/translation-guidelines/
@ -119,17 +113,15 @@ https://docs.gitea.io/en-us/translation-guidelines/
 For more information and instructions about how to install Gitea, please look at our [documentation](https://docs.gitea.io/en-us/).
 If you have questions that are not covered by the documentation, you can get in contact with us on our [Discord server](https://discord.gg/Gitea) or create  a post in the [discourse forum](https://discourse.gitea.io/).
-We maintain a list of Gitea-related projects at [gitea/awesome-gitea](https://gitea.com/gitea/awesome-gitea).
+We maintain a list of Gitea-related projects at [gitea/awesome-gitea](https://gitea.com/gitea/awesome-gitea).  
-
+The hugo-based documentation theme is hosted at [gitea/theme](https://gitea.com/gitea/theme).  
 The Hugo-based documentation theme is hosted at [gitea/theme](https://gitea.com/gitea/theme).
 The official Gitea CLI is developed at [gitea/tea](https://gitea.com/gitea/tea).
 ## Authors
- [Maintainers](https://github.com/orgs/go-gitea/people)
+* [Maintainers](https://github.com/orgs/go-gitea/people)
- [Contributors](https://github.com/go-gitea/gitea/graphs/contributors)
+* [Contributors](https://github.com/go-gitea/gitea/graphs/contributors)
- [Translators](options/locale/TRANSLATORS)
+* [Translators](options/locale/TRANSLATORS)
 ## Backers
@ -151,7 +143,6 @@ Support this project by becoming a sponsor. Your logo will show up here with a l
 <a href="https://opencollective.com/gitea/sponsor/7/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/7/avatar.svg"></a>
 <a href="https://opencollective.com/gitea/sponsor/8/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/8/avatar.svg"></a>
 <a href="https://opencollective.com/gitea/sponsor/9/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/9/avatar.svg"></a>
 <a href="https://cynkra.com/" target="_blank"><img src="https://images.opencollective.com/cynkra/logo/square/64/192.png"></a>
 ## FAQ
@ -170,7 +161,6 @@ See the [LICENSE](https://github.com/go-gitea/gitea/blob/main/LICENSE) file
 for the full license text.
 ## Screenshots
 Looking for an overview of the interface? Check it out!
 |![Dashboard](https://dl.gitea.io/screenshots/home_timeline.png)|![User Profile](https://dl.gitea.io/screenshots/user_profile.png)|![Global Issues](https://dl.gitea.io/screenshots/global_issues.png)|
--- a/README_ZH.md
+++ b/README_ZH.md
@ -33,12 +33,6 @@
  <a href="https://opensource.org/licenses/MIT" title="License: MIT">
    <img src="https://img.shields.io/badge/License-MIT-blue.svg">
  </a>
  <a href="https://gitpod.io/#https://github.com/go-gitea/gitea">
  <img
    src="https://img.shields.io/badge/Contribute%20with-Gitpod-908a85?logo=gitpod"
    alt="Contribute with Gitpod"
  />
  </a>
  <a href="https://crowdin.com/project/gitea" title="Crowdin">
    <img src="https://badges.crowdin.net/gitea/localized.svg">
  </a>
@ -51,7 +45,7 @@
 </p>
 <p align="center">
-  <a href="README.md">View this document in English</a>
+  <a href="README.md">View the english version of this document</a>
 </p>
 ## 目标
--- a/SECURITY.md
+++ b/SECURITY.md
@ -1,83 +1,10 @@
 # Reporting security issues
-The Gitea maintainers take security seriously.
+The Gitea maintainers take security seriously.  
 If you discover a security issue, please bring it to their attention right away!
-## Reporting a Vulnerability
+### Reporting a Vulnerability
 Please **DO NOT** file a public issue, instead send your report privately to `security@gitea.io`.
 ## Protecting Security Information
 Due to the sensitive nature of security information, you can use below GPG public key encrypt your mail body.
 The PGP key is valid until June 24, 2024.
 ```
 Key ID: 6FCD2D5B
 Key Type: RSA
 Expires: 6/24/2024
 Key Size: 4096/4096
 Fingerprint: 3DE0 3D1E 144A 7F06 9359 99DC AAFD 2381 6FCD 2D5B
 ```
 UserID: Gitea Security <security@gitea.io>
 ```
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mQINBGK1Z/4BEADFMqXA9DeeChmSxUjF0Be5sq99ZUhgrZjcN/wOzz0wuCJZC0l8
 4uC+d6mfv7JpJYlzYzOK97/x5UguKHkYNZ6mm1G9KHaXmoIBDLKDzfPdJopVNv2r
 OajijaE0uMCnMjadlg5pbhMLRQG8a9J32yyaz7ZEAw72Ab31fvvcA53NkuqO4j2w
 k7dtFQzhbNOYV0VffQT90WDZdalYHB1JHyEQ+70U9OjVD5ggNYSzX98Eu3Hjn7V7
 kqFrcAxr5TE1elf0IXJcuBJtFzQSTUGlQldKOHtGTGgGjj9r/FFAE5ioBgVD05bV
 rEEgIMM/GqYaG/nbNpWE6P3mEc2Mnn3pZaRJL0LuF26TLjnqEcMMDp5iIhLdFzXR
 3tMdtKgQFu+Mtzs3ipwWARYgHyU09RJsI2HeBx7RmZO/Xqrec763Z7zdJ7SpCn0Z
 q+pHZl24JYR0Kf3T/ZiOC0cGd2QJqpJtg5J6S/OqfX9NH6MsCczO8pUC1N/aHH2X
 CTme2nF56izORqDWKoiICteL3GpYsCV9nyCidcCmoQsS+DKvE86YhIhVIVWGRY2F
 lzpAjnN9/KLtQroutrm+Ft0mdjDiJUeFVl1cOHDhoyfCsQh62HumoyZoZvqzQd6e
 AbN11nq6aViMe2Q3je1AbiBnRnQSHxt1Tc8X4IshO3MQK1Sk7oPI6LA5oQARAQAB
 tCJHaXRlYSBTZWN1cml0eSA8c2VjdXJpdHlAZ2l0ZWEuaW8+iQJXBBMBCABBFiEE
 PeA9HhRKfwaTWZncqv0jgW/NLVsFAmK1Z/4CGwMFCQPCZwAFCwkIBwICIgIGFQoJ
 CAsCBBYCAwECHgcCF4AACgkQqv0jgW/NLVvnyxAAhxyNnWzw/rQO2qhzqicmZM94
 njSbOg+U2qMBvCdaqCQQeC+uaMmMzkDPanUUmLcyCkWqfCjPNjeSXAkE9npepVJI
 4HtmgxZQ94OU/h3CLbft+9GVRzUkVI29TSYGdvNtV2/BkNGoFFnKWQr119um0o6A
 bgha2Uy5uY8o3ZIoiKkiHRaEoWIjjeBxJxYAojsZY4YElUmsQ3ik2joG6rhFesTa
 ofVt/bL8G2xzpOG26WGIxBbqf2qjV6OtZ0hu/vtTPHeIWMLq0Mz0V3PEDQWfkGPE
 i2RYxxYDs2xzJhSQWqTNVLSq0m5xTJnbHhQPfdCX4C2jvFKgLdfmytQq49S7jiJb
 Z03HVOZ/PsyBlQfH9xJi06R5yQCMEA8h8Z5r3/NXW09kQ6OFRe6xshoTcxZGRPTo
 srhwr3uPbmCRh+YEl7qBLU6+BC5k8IRTZXqhrj/aPJu3MxgbgwV8u3vLoFSXM2lb
 a61FgeCQ0O7lkgVswwF0RppCaH9Ul3ZDapet/vCRg4NVwm9zOI/8q/Vj0FKA1GDR
 JhRu8+Ce8zlFL65D34t+PprAzSeTlbv9um3x/ZIjCco7EEKSBylt+AZj/VyA6+e5
 kjOQwRRc6dFJWBcorsSI2dG+H+QMF7ZabzmeCcz1v9HjLOPzYHoZAHhCmSppWTvX
 AJy6+lhfW2OUTqQeYSi5Ag0EYrVn/gEQALrFLQjCR3GjuHSindz0rd3Fnx/t7Sen
 T+p07yCSSoSlmnJHCQmwh4vfg1blyz0zZ4vkIhtpHsEgc+ZAG+WQXSsJ2iRz+eSN
 GwoOQl4XC3n+QWkc1ws+btr48+6UqXIQU+F8TPQyx/PIgi2nZXJB7f5+mjCqsk46
 XvH4nTr4kJjuqMSR/++wvre2qNQRa/q/dTsK0OaN/mJsdX6Oi+aGNaQJUhIG7F+E
 ZDMkn/O6xnwWNzy/+bpg43qH/Gk0eakOmz5NmQLRkV58SZLiJvuCUtkttf6CyhnX
 03OcWaajv5W8qA39dBYQgDrrPbBWUnwfO3yMveqhwV4JjDoe8sPAyn1NwzakNYqP
 RzsWyLrLS7R7J9s3FkZXhQw/QQcsaSMcGNQO047dm1P83N8JY5aEpiRo9zSWjoiw
 qoExANj5lUTZPe8M50lI182FrcjAN7dClO3QI6pg7wy0erMxfFly3j8UQ91ysS9T
 s+GsP9I3cmWWQcKYxWHtE8xTXnNCVPFZQj2nwhJzae8ypfOtulBRA3dUKWGKuDH/
 axFENhUsT397aOU3qkP/od4a64JyNIEo4CTTSPVeWd7njsGqli2U3A4xL2CcyYvt
 D/MWcMBGEoLSNTswwKdom4FaJpn5KThnK/T0bQcmJblJhoCtppXisbexZnCpuS0x
 Zdlm2T14KJ3LABEBAAGJAjwEGAEIACYWIQQ94D0eFEp/BpNZmdyq/SOBb80tWwUC
 YrVn/gIbDAUJA8JnAAAKCRCq/SOBb80tWyTBD/9AGpW6QoDF7zYjHAozH9S5RGCA
 Y7E82dG/0xmFUwPprAG0BKmmgU6TiipyVGmKIXGYYYU92pMnbvXkYQMoa+WJNncN
 D3fY52UeXeffTf4cFpStlzi9xgYtOLhFamzYu/4xhkjOX+xhOSXscCiFRyT8cF3B
 O6c5BHU+Zj0/rGPgOyPUbx7l7B9MubB/41nNX35k08e+8T3wtWDb4XF+15HnRfva
 6fblO8wgU25Orv2Rm1jnKGa9DxJ8nE40IMrqDapENtDuL+zKJsvR0+ptWvEyL56U
 GtJJG5un6mXiLKuRQT0DEv4MdZRHDgDstDnqcbEiazVEbUuvhZZob6lRY2A19m1+
 7zfnDxkhqCA1RCnv4fdvcPdCMMFHwLpdhjgW0aI/uwgwrvsEz5+JRlnLvdQHlPAg
 q7l2fGcBSpz9U0ayyfRPjPntsNCtZl1UDxGLeciPkZhyG84zEWQbk/j52ZpRN+Ik
 ALpRLa8RBFmFSmXDUmwQrmm1EmARyQXwweKU31hf8ZGbCp2lPuRYm1LuGiirXSVP
 GysjRAJgW+VRpBKOzFQoUAUbReVWSaCwT8s17THzf71DdDb6CTj31jMLLYWwBpA/
 i73DgobDZMIGEZZC1EKqza8eh11xfyHFzGec03tbh+lIen+5IiRtWiEWkDS9ll0G
 zgS/ZdziCvdAutqnGA==
 =gZWO
 -----END PGP PUBLIC KEY BLOCK-----
 ```
 Security reports are greatly appreciated and we will publicly thank you for it, although we keep your name confidential if you request it.
--- a/assets/emoji.json
+++ b/assets/emoji.json
--- a/assets/favicon.svg
+++ b/assets/favicon.svg
@ -1,31 +0,0 @@
 <?xml version="1.0" encoding="utf-8"?>
 <svg version="1.1" id="main_outline" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px"
 	 y="0px" viewBox="0 0 640 640" style="enable-background:new 0 0 640 640;" xml:space="preserve">
 <g>
 	<path id="teabag" style="fill:#FFFFFF" d="M395.9,484.2l-126.9-61c-12.5-6-17.9-21.2-11.8-33.8l61-126.9c6-12.5,21.2-17.9,33.8-11.8
 		c17.2,8.3,27.1,13,27.1,13l-0.1-109.2l16.7-0.1l0.1,117.1c0,0,57.4,24.2,83.1,40.1c3.7,2.3,10.2,6.8,12.9,14.4
 		c2.1,6.1,2,13.1-1,19.3l-61,126.9C423.6,484.9,408.4,490.3,395.9,484.2z"/>
 	<g>
 		<g>
 			<path style="fill:#609926" d="M622.7,149.8c-4.1-4.1-9.6-4-9.6-4s-117.2,6.6-177.9,8c-13.3,0.3-26.5,0.6-39.6,0.7c0,39.1,0,78.2,0,117.2
 				c-5.5-2.6-11.1-5.3-16.6-7.9c0-36.4-0.1-109.2-0.1-109.2c-29,0.4-89.2-2.2-89.2-2.2s-141.4-7.1-156.8-8.5
 				c-9.8-0.6-22.5-2.1-39,1.5c-8.7,1.8-33.5,7.4-53.8,26.9C-4.9,212.4,6.6,276.2,8,285.8c1.7,11.7,6.9,44.2,31.7,72.5
 				c45.8,56.1,144.4,54.8,144.4,54.8s12.1,28.9,30.6,55.5c25,33.1,50.7,58.9,75.7,62c63,0,188.9-0.1,188.9-0.1s12,0.1,28.3-10.3
 				c14-8.5,26.5-23.4,26.5-23.4s12.9-13.8,30.9-45.3c5.5-9.7,10.1-19.1,14.1-28c0,0,55.2-117.1,55.2-231.1
 				C633.2,157.9,624.7,151.8,622.7,149.8z M125.6,353.9c-25.9-8.5-36.9-18.7-36.9-18.7S69.6,321.8,60,295.4
 				c-16.5-44.2-1.4-71.2-1.4-71.2s8.4-22.5,38.5-30c13.8-3.7,31-3.1,31-3.1s7.1,59.4,15.7,94.2c7.2,29.2,24.8,77.7,24.8,77.7
 				S142.5,359.9,125.6,353.9z M425.9,461.5c0,0-6.1,14.5-19.6,15.4c-5.8,0.4-10.3-1.2-10.3-1.2s-0.3-0.1-5.3-2.1l-112.9-55
 				c0,0-10.9-5.7-12.8-15.6c-2.2-8.1,2.7-18.1,2.7-18.1L322,273c0,0,4.8-9.7,12.2-13c0.6-0.3,2.3-1,4.5-1.5c8.1-2.1,18,2.8,18,2.8
 				l110.7,53.7c0,0,12.6,5.7,15.3,16.2c1.9,7.4-0.5,14-1.8,17.2C474.6,363.8,425.9,461.5,425.9,461.5z"/>
 			<path style="fill:#609926" d="M326.8,380.1c-8.2,0.1-15.4,5.8-17.3,13.8c-1.9,8,2,16.3,9.1,20c7.7,4,17.5,1.8,22.7-5.4
 				c5.1-7.1,4.3-16.9-1.8-23.1l24-49.1c1.5,0.1,3.7,0.2,6.2-0.5c4.1-0.9,7.1-3.6,7.1-3.6c4.2,1.8,8.6,3.8,13.2,6.1
 				c4.8,2.4,9.3,4.9,13.4,7.3c0.9,0.5,1.8,1.1,2.8,1.9c1.6,1.3,3.4,3.1,4.7,5.5c1.9,5.5-1.9,14.9-1.9,14.9
 				c-2.3,7.6-18.4,40.6-18.4,40.6c-8.1-0.2-15.3,5-17.7,12.5c-2.6,8.1,1.1,17.3,8.9,21.3c7.8,4,17.4,1.7,22.5-5.3
 				c5-6.8,4.6-16.3-1.1-22.6c1.9-3.7,3.7-7.4,5.6-11.3c5-10.4,13.5-30.4,13.5-30.4c0.9-1.7,5.7-10.3,2.7-21.3
 				c-2.5-11.4-12.6-16.7-12.6-16.7c-12.2-7.9-29.2-15.2-29.2-15.2s0-4.1-1.1-7.1c-1.1-3.1-2.8-5.1-3.9-6.3c4.7-9.7,9.4-19.3,14.1-29
 				c-4.1-2-8.1-4-12.2-6.1c-4.8,9.8-9.7,19.7-14.5,29.5c-6.7-0.1-12.9,3.5-16.1,9.4c-3.4,6.3-2.7,14.1,1.9,19.8
 				C343.2,346.5,335,363.3,326.8,380.1z"/>
 		</g>
 	</g>
 </g>
 </svg>
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
--- a/build.go
+++ b/build.go
@ -3,6 +3,7 @@
 // license that can be found in the LICENSE file.
 //go:build vendor
 // +build vendor
 package main
--- a/build/code-batch-process.go
+++ b/build/code-batch-process.go
@ -3,6 +3,7 @@
 // license that can be found in the LICENSE file.
 //go:build ignore
 // +build ignore
 package main
@ -20,7 +21,7 @@ import (
 )
 // Windows has a limitation for command line arguments, the size can not exceed 32KB.
-// So we have to feed the files to some tools (like gofmt) batch by batch
+// So we have to feed the files to some tools (like gofmt/misspell) batch by batch
 // We also introduce a `gitea-fmt` command, it does better import formatting than gofmt/goimports. `gitea-fmt` calls `gofmt` internally.
@ -61,7 +62,7 @@ func newFileCollector(fileFilter string, batchSize int) (*fileCollector, error)
 			"build",
 			"cmd",
 			"contrib",
-			"tests",
+			"integrations",
 			"models",
 			"modules",
 			"routers",
@ -71,8 +72,8 @@ func newFileCollector(fileFilter string, batchSize int) (*fileCollector, error)
 		co.includePatterns = append(co.includePatterns, regexp.MustCompile(`.*\.go$`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`.*\bbindata\.go$`))
-		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`tests/gitea-repositories-meta`))
+		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`integrations/gitea-repositories-meta`))
-		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`tests/integration/migration-test`))
+		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`integrations/migration-test`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`modules/git/tests`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`models/fixtures`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`models/migrations/fixtures`))
@ -135,7 +136,7 @@ func (fc *fileCollector) collectFiles() (res [][]string, err error) {
 }
 // substArgFiles expands the {file-list} to a real file list for commands
-func substArgFiles(args, files []string) []string {
+func substArgFiles(args []string, files []string) []string {
 	for i, s := range args {
 		if s == "{file-list}" {
 			newArgs := append(args[:i], files...)
@ -195,6 +196,7 @@ Options:
 Commands:
  %[1]s gofmt ...
  %[1]s misspell ...
 Arguments:
  {file-list}     the file list
@ -205,17 +207,6 @@ Example:
 `, "file-batch-exec")
 }
 func getGoVersion() string {
 	goModFile, err := os.ReadFile("go.mod")
 	if err != nil {
 		log.Fatalf(`Faild to read "go.mod": %v`, err)
 		os.Exit(1)
 	}
 	goModVersionRegex := regexp.MustCompile(`go \d+\.\d+`)
 	goModVersionLine := goModVersionRegex.Find(goModFile)
 	return string(goModVersionLine[3:])
 }
 func newFileCollectorFromMainOptions(mainOptions map[string]string) (fc *fileCollector, err error) {
 	fileFilter := mainOptions["file-filter"]
 	if fileFilter == "" {
@ -238,9 +229,9 @@ func containsString(a []string, s string) bool {
 	return false
 }
-func giteaFormatGoImports(files []string, doWriteFile bool) error {
+func giteaFormatGoImports(files []string) error {
 	for _, file := range files {
-		if err := codeformat.FormatGoImports(file, doWriteFile); err != nil {
+		if err := codeformat.FormatGoImports(file); err != nil {
 			log.Printf("failed to format go imports: %s, err=%v", file, err)
 			return err
 		}
@ -276,11 +267,13 @@ func main() {
 		logVerbose("batch cmd: %s %v", subCmd, substArgs)
 		switch subCmd {
 		case "gitea-fmt":
-			if containsString(subArgs, "-d") {
+			if containsString(subArgs, "-w") {
-				log.Print("the -d option is not supported by gitea-fmt")
+				cmdErrors = append(cmdErrors, giteaFormatGoImports(files))
 			}
-			cmdErrors = append(cmdErrors, giteaFormatGoImports(files, containsString(subArgs, "-w")))
+			cmdErrors = append(cmdErrors, giteaFormatGoImports(files, containsString(subArgs, "-l"), containsString(subArgs, "-w")))
-			cmdErrors = append(cmdErrors, passThroughCmd("go", append([]string{"run", os.Getenv("GOFUMPT_PACKAGE"), "-extra", "-lang", getGoVersion()}, substArgs...)))
+			cmdErrors = append(cmdErrors, passThroughCmd("go", append([]string{"run", os.Getenv("GOFUMPT_PACKAGE"), "-extra", "-lang", "1.17"}, substArgs...)))
 		case "misspell":
 			cmdErrors = append(cmdErrors, passThroughCmd("go", append([]string{"run", os.Getenv("MISSPELL_PACKAGE")}, substArgs...)))
 		default:
 			log.Fatalf("unknown cmd: %s %v", subCmd, subArgs)
 		}
--- a/build/codeformat/formatimports.go
+++ b/build/codeformat/formatimports.go
@ -20,10 +20,8 @@ var importPackageGroupOrders = map[string]int{
 var errInvalidCommentBetweenImports = errors.New("comments between imported packages are invalid, please move comments to the end of the package line")
-var (
+var importBlockBegin = []byte("\nimport (\n")
-	importBlockBegin = []byte("\nimport (\n")
+var importBlockEnd = []byte("\n)")
 	importBlockEnd   = []byte("\n)")
 )
 type importLineParsed struct {
 	group   string
@ -61,10 +59,8 @@ func parseImportLine(line string) (*importLineParsed, error) {
 	return il, nil
 }
-type (
+type importLineGroup []*importLineParsed
-	importLineGroup    []*importLineParsed
+type importLineGroupMap map[string]importLineGroup
 	importLineGroupMap map[string]importLineGroup
 )
 func formatGoImports(contentBytes []byte) ([]byte, error) {
 	p1 := bytes.Index(contentBytes, importBlockBegin)
@ -157,8 +153,8 @@ func formatGoImports(contentBytes []byte) ([]byte, error) {
 	return formattedBytes, nil
 }
-// FormatGoImports format the imports by our rules (see unit tests)
+//FormatGoImports format the imports by our rules (see unit tests)
-func FormatGoImports(file string, doWriteFile bool) error {
+func FormatGoImports(file string) error {
 	f, err := os.Open(file)
 	if err != nil {
 		return err
@ -181,16 +177,11 @@ func FormatGoImports(file string, doWriteFile bool) error {
 	if bytes.Equal(contentBytes, formattedBytes) {
 		return nil
 	}
-
+	f, err = os.OpenFile(file, os.O_TRUNC|os.O_WRONLY, 0644)
-	if doWriteFile {
+	if err != nil {
 		f, err = os.OpenFile(file, os.O_TRUNC|os.O_WRONLY, 0o644)
 		if err != nil {
 			return err
 		}
 		defer f.Close()
 		_, err = f.Write(formattedBytes)
 		return err
 	}
-
+	defer f.Close()
 	_, err = f.Write(formattedBytes)
 	return err
 }
--- a/build/generate-bindata.go
+++ b/build/generate-bindata.go
@ -3,6 +3,7 @@
 // license that can be found in the LICENSE file.
 //go:build ignore
 // +build ignore
 package main
@ -19,7 +20,7 @@ import (
 	"github.com/shurcooL/vfsgen"
 )
-func needsUpdate(dir, filename string) (bool, []byte) {
+func needsUpdate(dir string, filename string) (bool, []byte) {
 	needRegen := false
 	_, err := os.Stat(filename)
 	if err != nil {
@ -49,6 +50,7 @@ func needsUpdate(dir, filename string) (bool, []byte) {
 	newHash := hasher.Sum([]byte{})
 	if bytes.Compare(oldHash, newHash) != 0 {
 		return true, newHash
 	}
@ -85,5 +87,5 @@ func main() {
 	if err != nil {
 		log.Fatalf("%v\n", err)
 	}
-	_ = os.WriteFile(filename+".hash", newHash, 0o666)
+	_ = os.WriteFile(filename+".hash", newHash, 0666)
 }
--- a/build/generate-emoji.go
+++ b/build/generate-emoji.go
@ -4,6 +4,7 @@
 // license that can be found in the LICENSE file.
 //go:build ignore
 // +build ignore
 package main
@ -29,7 +30,9 @@ const (
 	maxUnicodeVersion = 12
 )
-var flagOut = flag.String("o", "modules/emoji/emoji_data.go", "out")
+var (
 	flagOut = flag.String("o", "modules/emoji/emoji_data.go", "out")
 )
 // Gemoji is a set of emoji data.
 type Gemoji []Emoji
@ -65,7 +68,7 @@ func main() {
 	}
 	// write
-	err = os.WriteFile(*flagOut, buf, 0o644)
+	err = os.WriteFile(*flagOut, buf, 0644)
 	if err != nil {
 		log.Fatal(err)
 	}
@ -106,7 +109,7 @@ func generate() ([]byte, error) {
 		return nil, err
 	}
-	skinTones := make(map[string]string)
+	var skinTones = make(map[string]string)
 	skinTones["\U0001f3fb"] = "Light Skin Tone"
 	skinTones["\U0001f3fc"] = "Medium-Light Skin Tone"
@ -116,7 +119,7 @@ func generate() ([]byte, error) {
 	var tmp Gemoji
-	// filter out emoji that require greater than max unicode version
+	//filter out emoji that require greater than max unicode version
 	for i := range data {
 		val, _ := strconv.ParseFloat(data[i].UnicodeVersion, 64)
 		if int(val) <= maxUnicodeVersion {
@ -155,7 +158,7 @@ func generate() ([]byte, error) {
 	// write a JSON file to use with tribute (write before adding skin tones since we can't support them there yet)
 	file, _ := json.Marshal(data)
-	_ = os.WriteFile("assets/emoji.json", file, 0o644)
+	_ = os.WriteFile("assets/emoji.json", file, 0644)
 	// Add skin tones to emoji that support it
 	var (
@ -214,7 +217,8 @@ const hdr = `
 package emoji
-// Code generated by build/generate-emoji.go. DO NOT EDIT.
+// Code generated by gen.go. DO NOT EDIT.
 // Sourced from %s
 //
 var GemojiData = %#v
 `
--- a/build/generate-gitignores.go
+++ b/build/generate-gitignores.go
@ -1,4 +1,5 @@
 //go:build ignore
 // +build ignore
 package main
@ -33,6 +34,7 @@ func main() {
 	flag.Parse()
 	file, err := os.CreateTemp(os.TempDir(), prefix)
 	if err != nil {
 		log.Fatalf("Failed to create temp file. %s", err)
 	}
@ -63,6 +65,7 @@ func main() {
 	}
 	gz, err := gzip.NewReader(file)
 	if err != nil {
 		log.Fatalf("Failed to gunzip the archive. %s", err)
 	}
@ -93,6 +96,7 @@ func main() {
 		}
 		out, err := os.Create(path.Join(destination, strings.TrimSuffix(filepath.Base(hdr.Name), ".gitignore")))
 		if err != nil {
 			log.Fatalf("Failed to create new file. %s", err)
 		}
@ -115,7 +119,7 @@ func main() {
 		}
 		// Write data to dst
 		dst = path.Join(destination, dst)
-		err = os.WriteFile(dst, data, 0o644)
+		err = os.WriteFile(dst, data, 0644)
 		if err != nil {
 			log.Fatalf("Failed to write new file. %s", err)
 		}
--- a/build/generate-go-licenses.go
+++ b/build/generate-go-licenses.go
@ -1,82 +0,0 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 //go:build ignore
 package main
 import (
 	"encoding/json"
 	"io/fs"
 	"os"
 	"path/filepath"
 	"regexp"
 	"sort"
 	"strings"
 )
 // regexp is based on go-license, excluding README and NOTICE
 // https://github.com/google/go-licenses/blob/master/licenses/find.go
 var licenseRe = regexp.MustCompile(`^(?i)((UN)?LICEN(S|C)E|COPYING).*$`)
 type LicenseEntry struct {
 	Name        string `json:"name"`
 	Path        string `json:"path"`
 	LicenseText string `json:"licenseText"`
 }
 func main() {
 	base, out := os.Args[1], os.Args[2]
 	paths := []string{}
 	err := filepath.WalkDir(base, func(path string, entry fs.DirEntry, err error) error {
 		if err != nil {
 			return err
 		}
 		if entry.IsDir() || !licenseRe.MatchString(entry.Name()) {
 			return nil
 		}
 		paths = append(paths, path)
 		return nil
 	})
 	if err != nil {
 		panic(err)
 	}
 	sort.Strings(paths)
 	entries := []LicenseEntry{}
 	for _, path := range paths {
 		licenseText, err := os.ReadFile(path)
 		if err != nil {
 			panic(err)
 		}
 		path := strings.Replace(path, base+string(os.PathSeparator), "", 1)
 		name := filepath.Dir(path)
 		// There might be a bug somewhere in go-licenses that sometimes interprets the
 		// root package as "." and sometimes as "code.gitea.io/gitea". Workaround by
 		// removing both of them for the sake of stable output.
 		if name == "." || name == "code.gitea.io/gitea" {
 			continue
 		}
 		entries = append(entries, LicenseEntry{
 			Name:        name,
 			Path:        path,
 			LicenseText: string(licenseText),
 		})
 	}
 	jsonBytes, err := json.MarshalIndent(entries, "", "  ")
 	if err != nil {
 		panic(err)
 	}
 	err = os.WriteFile(out, jsonBytes, 0o644)
 	if err != nil {
 		panic(err)
 	}
 }
--- a/build/generate-images.js
+++ b/build/generate-images.js
@ -1,8 +1,13 @@
 #!/usr/bin/env node
 import imageminZopfli from 'imagemin-zopfli';
 import {optimize} from 'svgo';
 import {fabric} from 'fabric';
-import {readFile, writeFile} from 'fs/promises';
+import fs from 'fs';
 import {resolve, dirname} from 'path';
 import {fileURLToPath} from 'url';
 const {readFile, writeFile} = fs.promises;
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const logoFile = resolve(__dirname, '../assets/logo.svg');
 function exit(err) {
  if (err) console.error(err);
@ -17,10 +22,8 @@ function loadSvg(svg) {
  });
 }
-async function generate(svg, path, {size, bg}) {
+async function generate(svg, outputFile, {size, bg}) {
-  const outputFile = new URL(path, import.meta.url);
+  if (outputFile.endsWith('.svg')) {
  if (String(outputFile).endsWith('.svg')) {
    const {data} = optimize(svg, {
      plugins: [
        'preset-default',
@ -65,18 +68,17 @@ async function generate(svg, path, {size, bg}) {
 async function main() {
  const gitea = process.argv.slice(2).includes('gitea');
-  const logoSvg = await readFile(new URL('../assets/logo.svg', import.meta.url), 'utf8');
+  const svg = await readFile(logoFile, 'utf8');
  const faviconSvg = await readFile(new URL('../assets/favicon.svg', import.meta.url), 'utf8');
  await Promise.all([
-    generate(logoSvg, '../public/img/logo.svg', {size: 32}),
+    generate(svg, resolve(__dirname, '../public/img/logo.svg'), {size: 32}),
-    generate(logoSvg, '../public/img/logo.png', {size: 512}),
+    generate(svg, resolve(__dirname, '../public/img/logo.png'), {size: 512}),
-    generate(faviconSvg, '../public/img/favicon.svg', {size: 32}),
+    generate(svg, resolve(__dirname, '../public/img/favicon.png'), {size: 180}),
-    generate(faviconSvg, '../public/img/favicon.png', {size: 180}),
+    generate(svg, resolve(__dirname, '../public/img/avatar_default.png'), {size: 200}),
-    generate(logoSvg, '../public/img/avatar_default.png', {size: 200}),
+    generate(svg, resolve(__dirname, '../public/img/apple-touch-icon.png'), {size: 180, bg: true}),
-    generate(logoSvg, '../public/img/apple-touch-icon.png', {size: 180, bg: true}),
+    gitea && generate(svg, resolve(__dirname, '../public/img/gitea.svg'), {size: 32}),
    gitea && generate(logoSvg, '../public/img/gitea.svg', {size: 32}),
  ]);
 }
 main().then(exit).catch(exit);
--- a/build/generate-licenses.go
+++ b/build/generate-licenses.go
@ -1,4 +1,5 @@
 //go:build ignore
 // +build ignore
 package main
@ -33,20 +34,13 @@ func main() {
 	flag.Parse()
 	file, err := os.CreateTemp(os.TempDir(), prefix)
 	if err != nil {
 		log.Fatalf("Failed to create temp file. %s", err)
 	}
 	defer util.Remove(file.Name())
 	if err := os.RemoveAll(destination); err != nil {
 		log.Fatalf("Cannot clean destination folder: %v", err)
 	}
 	if err := os.MkdirAll(destination, 0o755); err != nil {
 		log.Fatalf("Cannot create destination: %v", err)
 	}
 	req, err := http.NewRequest("GET", url, nil)
 	if err != nil {
 		log.Fatalf("Failed to download archive. %s", err)
@ -72,6 +66,7 @@ func main() {
 	}
 	gz, err := gzip.NewReader(file)
 	if err != nil {
 		log.Fatalf("Failed to gunzip the archive. %s", err)
 	}
@ -105,6 +100,7 @@ func main() {
 			continue
 		}
 		out, err := os.Create(path.Join(destination, strings.TrimSuffix(filepath.Base(hdr.Name), ".txt")))
 		if err != nil {
 			log.Fatalf("Failed to create new file. %s", err)
 		}
--- a/build/generate-svg.js
+++ b/build/generate-svg.js
@ -1,14 +1,13 @@
 #!/usr/bin/env node
 import fastGlob from 'fast-glob';
 import {optimize} from 'svgo';
-import {parse} from 'path';
+import {resolve, parse, dirname} from 'path';
-import {readFile, writeFile, mkdir} from 'fs/promises';
+import fs from 'fs';
 import {fileURLToPath} from 'url';
-const glob = (pattern) => fastGlob.sync(pattern, {
+const {readFile, writeFile, mkdir} = fs.promises;
-  cwd: fileURLToPath(new URL('..', import.meta.url)),
+const __dirname = dirname(fileURLToPath(import.meta.url));
-  absolute: true,
+const glob = (pattern) => fastGlob.sync(pattern, {cwd: resolve(__dirname), absolute: true});
-});
+const outputDir = resolve(__dirname, '../public/img/svg');
 function exit(err) {
  if (err) console.error(err);
@ -17,6 +16,7 @@ function exit(err) {
 async function processFile(file, {prefix, fullName} = {}) {
  let name;
  if (fullName) {
    name = fullName;
  } else {
@ -35,8 +35,7 @@ async function processFile(file, {prefix, fullName} = {}) {
      {name: 'addAttributesToSVGElement', params: {attributes: [{'width': '16'}, {'height': '16'}, {'aria-hidden': 'true'}]}},
    ],
  });
-
+  await writeFile(resolve(outputDir, `${name}.svg`), data);
  await writeFile(fileURLToPath(new URL(`../public/img/svg/${name}.svg`, import.meta.url)), data);
 }
 function processFiles(pattern, opts) {
@ -45,14 +44,15 @@ function processFiles(pattern, opts) {
 async function main() {
  try {
-    await mkdir(fileURLToPath(new URL('../public/img/svg', import.meta.url)), {recursive: true});
+    await mkdir(outputDir);
  } catch {}
  await Promise.all([
-    ...processFiles('node_modules/@primer/octicons/build/svg/*-16.svg', {prefix: 'octicon'}),
+    ...processFiles('../node_modules/@primer/octicons/build/svg/*-16.svg', {prefix: 'octicon'}),
-    ...processFiles('web_src/svg/*.svg'),
+    ...processFiles('../web_src/svg/*.svg'),
-    ...processFiles('public/img/gitea.svg', {fullName: 'gitea-gitea'}),
+    ...processFiles('../public/img/gitea.svg', {fullName: 'gitea-gitea'}),
  ]);
 }
 main().then(exit).catch(exit);
--- a/build/gitea-format-imports.go
+++ b/build/gitea-format-imports.go
@ -0,0 +1,27 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 //go:build ignore
 // +build ignore
 package main
 import (
 	"log"
 	"os"
 	"code.gitea.io/gitea/build/codeformat"
 )
 func main() {
 	if len(os.Args) <= 1 {
 		log.Fatalf("Usage: gitea-format-imports [files...]")
 	}
 	for _, file := range os.Args[1:] {
 		if err := codeformat.FormatGoImports(file); err != nil {
 			log.Fatalf("can not format file %s, err=%v", file, err)
 		}
 	}
 }
--- a/build/gocovmerge.go
+++ b/build/gocovmerge.go
@ -7,6 +7,7 @@
 // merges them into one profile
 //go:build ignore
 // +build ignore
 package main
@ -21,7 +22,7 @@ import (
 	"golang.org/x/tools/cover"
 )
-func mergeProfiles(p, merge *cover.Profile) {
+func mergeProfiles(p *cover.Profile, merge *cover.Profile) {
 	if p.Mode != merge.Mode {
 		log.Fatalf("cannot merge profiles with different modes")
 	}
--- a/cmd/admin.go
+++ b/cmd/admin.go
@ -13,10 +13,10 @@ import (
 	"strings"
 	"text/tabwriter"
 	"code.gitea.io/gitea/models"
 	asymkey_model "code.gitea.io/gitea/models/asymkey"
-	auth_model "code.gitea.io/gitea/models/auth"
+	"code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/graceful"
@ -57,7 +57,6 @@ var (
 			microcmdUserList,
 			microcmdUserChangePassword,
 			microcmdUserDelete,
 			microcmdUserGenerateAccessToken,
 		},
 	}
@ -156,35 +155,10 @@ var (
 				Name:  "email,e",
 				Usage: "Email of the user to delete",
 			},
 			cli.BoolFlag{
 				Name:  "purge",
 				Usage: "Purge user, all their repositories, organizations and comments",
 			},
 		},
 		Action: runDeleteUser,
 	}
 	microcmdUserGenerateAccessToken = cli.Command{
 		Name:  "generate-access-token",
 		Usage: "Generate a access token for a specific user",
 		Flags: []cli.Flag{
 			cli.StringFlag{
 				Name:  "username,u",
 				Usage: "Username",
 			},
 			cli.StringFlag{
 				Name:  "token-name,t",
 				Usage: "Token name",
 				Value: "gitea-admin",
 			},
 			cli.BoolFlag{
 				Name:  "raw",
 				Usage: "Display only the token value",
 			},
 		},
 		Action: runGenerateAccessToken,
 	}
 	subcmdRepoSyncReleases = cli.Command{
 		Name:   "repo-sync-releases",
 		Usage:  "Synchronize repository releases with tags",
@ -413,9 +387,9 @@ var (
 			Usage: "SMTP Authentication Type (PLAIN/LOGIN/CRAM-MD5) default PLAIN",
 		},
 		cli.StringFlag{
-			Name:  "addr",
+			Name:  "host",
 			Value: "",
-			Usage: "SMTP Addr",
+			Usage: "SMTP Host",
 		},
 		cli.IntFlag{
 			Name:  "port",
@ -494,7 +468,7 @@ func runChangePassword(c *cli.Context) error {
 		return errors.New("The password you chose is on a list of stolen passwords previously exposed in public data breaches. Please try again with a different password.\nFor more details, see https://haveibeenpwned.com/Passwords")
 	}
 	uname := c.String("username")
-	user, err := user_model.GetUserByName(ctx, uname)
+	user, err := user_model.GetUserByName(uname)
 	if err != nil {
 		return err
 	}
@ -502,7 +476,7 @@ func runChangePassword(c *cli.Context) error {
 		return err
 	}
-	if err = user_model.UpdateUserCols(ctx, user, "passwd", "passwd_hash_algo", "salt"); err != nil {
+	if err = user_model.UpdateUserCols(db.DefaultContext, user, "passwd", "passwd_hash_algo", "salt"); err != nil {
 		return err
 	}
@ -556,11 +530,11 @@ func runCreateUser(c *cli.Context) error {
 	}
 	// always default to true
-	changePassword := true
+	var changePassword = true
 	// If this is the first user being created.
 	// Take it as the admin and don't force a password update.
-	if n := user_model.CountUsers(nil); n == 0 {
+	if n := user_model.CountUsers(); n == 0 {
 		changePassword = false
 	}
@ -588,16 +562,16 @@ func runCreateUser(c *cli.Context) error {
 	}
 	if err := user_model.CreateUser(u, overwriteDefault); err != nil {
-		return fmt.Errorf("CreateUser: %w", err)
+		return fmt.Errorf("CreateUser: %v", err)
 	}
 	if c.Bool("access-token") {
-		t := &auth_model.AccessToken{
+		t := &models.AccessToken{
 			Name: "gitea-admin",
 			UID:  u.ID,
 		}
-		if err := auth_model.NewAccessToken(t); err != nil {
+		if err := models.NewAccessToken(t); err != nil {
 			return err
 		}
@ -617,6 +591,7 @@ func runListUsers(c *cli.Context) error {
 	}
 	users, err := user_model.GetAllUsers()
 	if err != nil {
 		return err
 	}
@ -631,16 +606,16 @@ func runListUsers(c *cli.Context) error {
 			}
 		}
 	} else {
-		twofa := user_model.UserList(users).GetTwoFaStatus()
+		fmt.Fprintf(w, "ID\tUsername\tEmail\tIsActive\tIsAdmin\n")
 		fmt.Fprintf(w, "ID\tUsername\tEmail\tIsActive\tIsAdmin\t2FA\n")
 		for _, u := range users {
-			fmt.Fprintf(w, "%d\t%s\t%s\t%t\t%t\t%t\n", u.ID, u.Name, u.Email, u.IsActive, u.IsAdmin, twofa[u.ID])
+			fmt.Fprintf(w, "%d\t%s\t%s\t%t\t%t\n", u.ID, u.Name, u.Email, u.IsActive, u.IsAdmin)
 		}
 	}
 	w.Flush()
 	return nil
 }
 func runDeleteUser(c *cli.Context) error {
@ -664,7 +639,7 @@ func runDeleteUser(c *cli.Context) error {
 	if c.IsSet("email") {
 		user, err = user_model.GetUserByEmail(c.String("email"))
 	} else if c.IsSet("username") {
-		user, err = user_model.GetUserByName(ctx, c.String("username"))
+		user, err = user_model.GetUserByName(c.String("username"))
 	} else {
 		user, err = user_model.GetUserByID(c.Int64("id"))
 	}
@ -679,42 +654,7 @@ func runDeleteUser(c *cli.Context) error {
 		return fmt.Errorf("The user %s does not match the provided id %d", user.Name, c.Int64("id"))
 	}
-	return user_service.DeleteUser(ctx, user, c.Bool("purge"))
+	return user_service.DeleteUser(user)
 }
 func runGenerateAccessToken(c *cli.Context) error {
 	if !c.IsSet("username") {
 		return fmt.Errorf("You must provide the username to generate a token for them")
 	}
 	ctx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(ctx); err != nil {
 		return err
 	}
 	user, err := user_model.GetUserByName(ctx, c.String("username"))
 	if err != nil {
 		return err
 	}
 	t := &auth_model.AccessToken{
 		Name: c.String("token-name"),
 		UID:  user.ID,
 	}
 	if err := auth_model.NewAccessToken(t); err != nil {
 		return err
 	}
 	if c.Bool("raw") {
 		fmt.Printf("%s\n", t.Token)
 	} else {
 		fmt.Printf("Access token was successfully created: %s\n", t.Token)
 	}
 	return nil
 }
 func runRepoSyncReleases(_ *cli.Context) error {
@ -727,15 +667,15 @@ func runRepoSyncReleases(_ *cli.Context) error {
 	log.Trace("Synchronizing repository releases (this may take a while)")
 	for page := 1; ; page++ {
-		repos, count, err := repo_model.SearchRepositoryByName(&repo_model.SearchRepoOptions{
+		repos, count, err := models.SearchRepositoryByName(&models.SearchRepoOptions{
 			ListOptions: db.ListOptions{
-				PageSize: repo_model.RepositoryListDefaultPageSize,
+				PageSize: models.RepositoryListDefaultPageSize,
 				Page:     page,
 			},
 			Private: true,
 		})
 		if err != nil {
-			return fmt.Errorf("SearchRepositoryByName: %w", err)
+			return fmt.Errorf("SearchRepositoryByName: %v", err)
 		}
 		if len(repos) == 0 {
 			break
@ -743,7 +683,7 @@ func runRepoSyncReleases(_ *cli.Context) error {
 		log.Trace("Processing next %d repos of %d", len(repos), count)
 		for _, repo := range repos {
 			log.Trace("Synchronizing repo %s with path %s", repo.FullName(), repo.RepoPath())
-			gitRepo, err := git.OpenRepository(ctx, repo.RepoPath())
+			gitRepo, err := git.OpenRepository(repo.RepoPath())
 			if err != nil {
 				log.Warn("OpenRepository: %v", err)
 				continue
@ -778,9 +718,9 @@ func runRepoSyncReleases(_ *cli.Context) error {
 }
 func getReleaseCount(id int64) (int64, error) {
-	return repo_model.GetReleaseCountByRepoID(
+	return models.GetReleaseCountByRepoID(
 		id,
-		repo_model.FindReleasesOptions{
+		models.FindReleasesOptions{
 			IncludeTags: true,
 		},
 	)
@ -843,8 +783,8 @@ func runAddOauth(c *cli.Context) error {
 		return err
 	}
-	return auth_model.CreateSource(&auth_model.Source{
+	return auth.CreateSource(&auth.Source{
-		Type:     auth_model.OAuth2,
+		Type:     auth.OAuth2,
 		Name:     c.String("name"),
 		IsActive: true,
 		Cfg:      parseOAuth2Config(c),
@ -863,7 +803,7 @@ func runUpdateOauth(c *cli.Context) error {
 		return err
 	}
-	source, err := auth_model.GetSourceByID(c.Int64("id"))
+	source, err := auth.GetSourceByID(c.Int64("id"))
 	if err != nil {
 		return err
 	}
@ -900,6 +840,7 @@ func runUpdateOauth(c *cli.Context) error {
 	if c.IsSet("required-claim-name") {
 		oAuth2Config.RequiredClaimName = c.String("required-claim-name")
 	}
 	if c.IsSet("required-claim-value") {
 		oAuth2Config.RequiredClaimValue = c.String("required-claim-value")
@ -916,7 +857,7 @@ func runUpdateOauth(c *cli.Context) error {
 	}
 	// update custom URL mapping
-	customURLMapping := &oauth2.CustomURLMapping{}
+	var customURLMapping = &oauth2.CustomURLMapping{}
 	if oAuth2Config.CustomURLMapping != nil {
 		customURLMapping.TokenURL = oAuth2Config.CustomURLMapping.TokenURL
@ -943,7 +884,7 @@ func runUpdateOauth(c *cli.Context) error {
 	oAuth2Config.CustomURLMapping = customURLMapping
 	source.Cfg = oAuth2Config
-	return auth_model.UpdateSource(source)
+	return auth.UpdateSource(source)
 }
 func parseSMTPConfig(c *cli.Context, conf *smtp.Source) error {
@ -955,8 +896,8 @@ func parseSMTPConfig(c *cli.Context, conf *smtp.Source) error {
 		}
 		conf.Auth = c.String("auth-type")
 	}
-	if c.IsSet("addr") {
+	if c.IsSet("host") {
-		conf.Addr = c.String("addr")
+		conf.Host = c.String("host")
 	}
 	if c.IsSet("port") {
 		conf.Port = c.Int("port")
@ -999,7 +940,7 @@ func runAddSMTP(c *cli.Context) error {
 	if !c.IsSet("port") {
 		return errors.New("port must be set")
 	}
-	active := true
+	var active = true
 	if c.IsSet("active") {
 		active = c.BoolT("active")
 	}
@ -1014,8 +955,8 @@ func runAddSMTP(c *cli.Context) error {
 		smtpConfig.Auth = "PLAIN"
 	}
-	return auth_model.CreateSource(&auth_model.Source{
+	return auth.CreateSource(&auth.Source{
-		Type:     auth_model.SMTP,
+		Type:     auth.SMTP,
 		Name:     c.String("name"),
 		IsActive: active,
 		Cfg:      &smtpConfig,
@ -1034,7 +975,7 @@ func runUpdateSMTP(c *cli.Context) error {
 		return err
 	}
-	source, err := auth_model.GetSourceByID(c.Int64("id"))
+	source, err := auth.GetSourceByID(c.Int64("id"))
 	if err != nil {
 		return err
 	}
@ -1055,7 +996,7 @@ func runUpdateSMTP(c *cli.Context) error {
 	source.Cfg = smtpConfig
-	return auth_model.UpdateSource(source)
+	return auth.UpdateSource(source)
 }
 func runListAuth(c *cli.Context) error {
@ -1066,7 +1007,8 @@ func runListAuth(c *cli.Context) error {
 		return err
 	}
-	authSources, err := auth_model.Sources()
+	authSources, err := auth.Sources()
 	if err != nil {
 		return err
 	}
@ -1104,7 +1046,7 @@ func runDeleteAuth(c *cli.Context) error {
 		return err
 	}
-	source, err := auth_model.GetSourceByID(c.Int64("id"))
+	source, err := auth.GetSourceByID(c.Int64("id"))
 	if err != nil {
 		return err
 	}
--- a/cmd/admin_auth_ldap.go
+++ b/cmd/admin_auth_ldap.go
@ -34,10 +34,6 @@ var (
 			Name:  "not-active",
 			Usage: "Deactivate the authentication source.",
 		},
 		cli.BoolFlag{
 			Name:  "active",
 			Usage: "Activate the authentication source.",
 		},
 		cli.StringFlag{
 			Name:  "security-protocol",
 			Usage: "Security protocol name.",
@ -121,10 +117,6 @@ var (
 			Name:  "synchronize-users",
 			Usage: "Enable user synchronization.",
 		},
 		cli.BoolFlag{
 			Name:  "disable-synchronize-users",
 			Usage: "Disable user synchronization.",
 		},
 		cli.UintFlag{
 			Name:  "page-size",
 			Usage: "Search page size.",
@ -191,15 +183,9 @@ func parseAuthSource(c *cli.Context, authSource *auth.Source) {
 	if c.IsSet("not-active") {
 		authSource.IsActive = !c.Bool("not-active")
 	}
 	if c.IsSet("active") {
 		authSource.IsActive = c.Bool("active")
 	}
 	if c.IsSet("synchronize-users") {
 		authSource.IsSyncEnabled = c.Bool("synchronize-users")
 	}
 	if c.IsSet("disable-synchronize-users") {
 		authSource.IsSyncEnabled = !c.Bool("disable-synchronize-users")
 	}
 }
 // parseLdapConfig assigns values on config according to command line flags.
@ -274,6 +260,7 @@ func parseLdapConfig(c *cli.Context, config *ldap.Source) error {
 	if c.IsSet("skip-local-2fa") {
 		config.SkipLocalTwoFA = c.Bool("skip-local-2fa")
 	}
 	return nil
 }
--- a/cmd/admin_auth_ldap_test.go
+++ b/cmd/admin_auth_ldap_test.go
@ -17,12 +17,12 @@ import (
 func TestAddLdapBindDn(t *testing.T) {
 	// Mock cli functions to do not exit on error
-	osExiter := cli.OsExiter
+	var osExiter = cli.OsExiter
 	defer func() { cli.OsExiter = osExiter }()
 	cli.OsExiter = func(code int) {}
 	// Test cases
-	cases := []struct {
+	var cases = []struct {
 		args   []string
 		source *auth.Source
 		errMsg string
@ -243,12 +243,12 @@ func TestAddLdapBindDn(t *testing.T) {
 func TestAddLdapSimpleAuth(t *testing.T) {
 	// Mock cli functions to do not exit on error
-	osExiter := cli.OsExiter
+	var osExiter = cli.OsExiter
 	defer func() { cli.OsExiter = osExiter }()
 	cli.OsExiter = func(code int) {}
 	// Test cases
-	cases := []struct {
+	var cases = []struct {
 		args       []string
 		authSource *auth.Source
 		errMsg     string
@ -474,12 +474,12 @@ func TestAddLdapSimpleAuth(t *testing.T) {
 func TestUpdateLdapBindDn(t *testing.T) {
 	// Mock cli functions to do not exit on error
-	osExiter := cli.OsExiter
+	var osExiter = cli.OsExiter
 	defer func() { cli.OsExiter = osExiter }()
 	cli.OsExiter = func(code int) {}
 	// Test cases
-	cases := []struct {
+	var cases = []struct {
 		args               []string
 		id                 int64
 		existingAuthSource *auth.Source
@ -858,36 +858,6 @@ func TestUpdateLdapBindDn(t *testing.T) {
 			},
 			errMsg: "Invalid authentication type. expected: LDAP (via BindDN), actual: OAuth2",
 		},
 		// case 24
 		{
 			args: []string{
 				"ldap-test",
 				"--id", "24",
 				"--name", "ldap (via Bind DN) flip 'active' and 'user sync' attributes",
 				"--active",
 				"--disable-synchronize-users",
 			},
 			id: 24,
 			existingAuthSource: &auth.Source{
 				Type:          auth.LDAP,
 				IsActive:      false,
 				IsSyncEnabled: true,
 				Cfg: &ldap.Source{
 					Name:    "ldap (via Bind DN) flip 'active' and 'user sync' attributes",
 					Enabled: true,
 				},
 			},
 			authSource: &auth.Source{
 				Type:          auth.LDAP,
 				Name:          "ldap (via Bind DN) flip 'active' and 'user sync' attributes",
 				IsActive:      true,
 				IsSyncEnabled: false,
 				Cfg: &ldap.Source{
 					Name:    "ldap (via Bind DN) flip 'active' and 'user sync' attributes",
 					Enabled: true,
 				},
 			},
 		},
 	}
 	for n, c := range cases {
@ -937,12 +907,12 @@ func TestUpdateLdapBindDn(t *testing.T) {
 func TestUpdateLdapSimpleAuth(t *testing.T) {
 	// Mock cli functions to do not exit on error
-	osExiter := cli.OsExiter
+	var osExiter = cli.OsExiter
 	defer func() { cli.OsExiter = osExiter }()
 	cli.OsExiter = func(code int) {}
 	// Test cases
-	cases := []struct {
+	var cases = []struct {
 		args               []string
 		id                 int64
 		existingAuthSource *auth.Source
@ -1191,6 +1161,7 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
 			authSource: &auth.Source{
 				Type: auth.DLDAP,
 				Cfg: &ldap.Source{
 					AttributeMail: "mail",
 				},
 			},
@ -1251,33 +1222,6 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
 			},
 			errMsg: "Invalid authentication type. expected: LDAP (simple auth), actual: PAM",
 		},
 		// case 20
 		{
 			args: []string{
 				"ldap-test",
 				"--id", "20",
 				"--name", "ldap (simple auth) flip 'active' attribute",
 				"--active",
 			},
 			id: 20,
 			existingAuthSource: &auth.Source{
 				Type:     auth.DLDAP,
 				IsActive: false,
 				Cfg: &ldap.Source{
 					Name:    "ldap (simple auth) flip 'active' attribute",
 					Enabled: true,
 				},
 			},
 			authSource: &auth.Source{
 				Type:     auth.DLDAP,
 				Name:     "ldap (simple auth) flip 'active' attribute",
 				IsActive: true,
 				Cfg: &ldap.Source{
 					Name:    "ldap (simple auth) flip 'active' attribute",
 					Enabled: true,
 				},
 			},
 		},
 	}
 	for n, c := range cases {
--- a/cmd/cert.go
+++ b/cmd/cert.go
@ -180,7 +180,7 @@ func runCert(c *cli.Context) error {
 	}
 	log.Println("Written cert.pem")
-	keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o600)
+	keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
 		log.Fatalf("Failed to open key.pem for writing: %v", err)
 	}
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@ -68,7 +68,7 @@ Ensure you are running in the correct environment or set the correct configurati
 If this is the intended configuration file complete the [database] section.`, setting.CustomConf)
 	}
 	if err := db.InitEngine(ctx); err != nil {
-		return fmt.Errorf("unable to initialize the database using the configuration in %q. Error: %w", setting.CustomConf, err)
+		return fmt.Errorf("unable to initialise the database using the configuration in %q. Error: %v", setting.CustomConf, err)
 	}
 	return nil
 }
--- a/cmd/doctor.go
+++ b/cmd/doctor.go
@ -5,7 +5,7 @@
 package cmd
 import (
-	"errors"
+	"context"
 	"fmt"
 	golog "log"
 	"os"
@ -14,7 +14,6 @@ import (
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/migrations"
 	migrate_base "code.gitea.io/gitea/models/migrations/base"
 	"code.gitea.io/gitea/modules/doctor"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@ -26,8 +25,8 @@ import (
 // CmdDoctor represents the available doctor sub-command.
 var CmdDoctor = cli.Command{
 	Name:        "doctor",
-	Usage:       "Diagnose and optionally fix problems",
+	Usage:       "Diagnose problems",
-	Description: "A command to diagnose problems with the current Gitea instance according to the given configuration. Some problems can optionally be fixed by modifying the database or data storage.",
+	Description: "A command to diagnose problems with the current Gitea instance according to the given configuration.",
 	Action:      runDoctor,
 	Flags: []cli.Flag{
 		cli.BoolFlag{
@ -115,21 +114,31 @@ func runRecreateTable(ctx *cli.Context) error {
 	if err != nil {
 		return err
 	}
-	recreateTables := migrate_base.RecreateTables(beans...)
+	recreateTables := migrations.RecreateTables(beans...)
-	return db.InitEngineWithMigration(stdCtx, func(x *xorm.Engine) error {
+	return db.InitEngineWithMigration(context.Background(), func(x *xorm.Engine) error {
 		if err := migrations.EnsureUpToDate(x); err != nil {
 			return err
 		}
 		return recreateTables(x)
 	})
 }
-func setDoctorLogger(ctx *cli.Context) {
+func runDoctor(ctx *cli.Context) error {
 	// Silence the default loggers
 	log.DelNamedLogger("console")
 	log.DelNamedLogger(log.DEFAULT)
 	stdCtx, cancel := installSignals()
 	defer cancel()
 	// Now setup our own
 	logFile := ctx.String("log-file")
 	if !ctx.IsSet("log-file") {
 		logFile = "doctor.log"
 	}
 	colorize := log.CanColorStdout
 	if ctx.IsSet("color") {
 		colorize = ctx.Bool("color")
@ -137,50 +146,11 @@ func setDoctorLogger(ctx *cli.Context) {
 	if len(logFile) == 0 {
 		log.NewLogger(1000, "doctor", "console", fmt.Sprintf(`{"level":"NONE","stacktracelevel":"NONE","colorize":%t}`, colorize))
-		return
+	} else if logFile == "-" {
 	}
 	defer func() {
 		recovered := recover()
 		if recovered == nil {
 			return
 		}
 		err, ok := recovered.(error)
 		if !ok {
 			panic(recovered)
 		}
 		if errors.Is(err, os.ErrPermission) {
 			fmt.Fprintf(os.Stderr, "ERROR: Unable to write logs to provided file due to permissions error: %s\n       %v\n", logFile, err)
 		} else {
 			fmt.Fprintf(os.Stderr, "ERROR: Unable to write logs to provided file: %s\n       %v\n", logFile, err)
 		}
 		fmt.Fprintf(os.Stderr, "WARN: Logging will be disabled\n       Use `--log-file` to configure log file location\n")
 		log.NewLogger(1000, "doctor", "console", fmt.Sprintf(`{"level":"NONE","stacktracelevel":"NONE","colorize":%t}`, colorize))
 	}()
 	if logFile == "-" {
 		log.NewLogger(1000, "doctor", "console", fmt.Sprintf(`{"level":"trace","stacktracelevel":"NONE","colorize":%t}`, colorize))
 	} else {
 		log.NewLogger(1000, "doctor", "file", fmt.Sprintf(`{"filename":%q,"level":"trace","stacktracelevel":"NONE"}`, logFile))
 	}
 }
 func runDoctor(ctx *cli.Context) error {
 	stdCtx, cancel := installSignals()
 	defer cancel()
 	// Silence the default loggers
 	log.DelNamedLogger("console")
 	log.DelNamedLogger(log.DEFAULT)
 	// Now setup our own
 	setDoctorLogger(ctx)
 	colorize := log.CanColorStdout
 	if ctx.IsSet("color") {
 		colorize = ctx.Bool("color")
 	}
 	// Finally redirect the default golog to here
 	golog.SetFlags(0)
@ -235,7 +205,7 @@ func runDoctor(ctx *cli.Context) error {
 	// Now we can set up our own logger to return information about what the doctor is doing
 	if err := log.NewNamedLogger("doctorouter",
-		0,
+		1000,
 		"console",
 		"console",
 		fmt.Sprintf(`{"level":"INFO","stacktracelevel":"NONE","colorize":%t,"flags":-1}`, colorize)); err != nil {
--- a/cmd/dump.go
+++ b/cmd/dump.go
@ -7,7 +7,6 @@ package cmd
 import (
 	"fmt"
 	"io"
 	"os"
 	"path"
 	"path/filepath"
@ -22,25 +21,14 @@ import (
 	"code.gitea.io/gitea/modules/util"
 	"gitea.com/go-chi/session"
-	"github.com/mholt/archiver/v3"
+	archiver "github.com/mholt/archiver/v3"
 	"github.com/urfave/cli"
 )
 func addReader(w archiver.Writer, r io.ReadCloser, info os.FileInfo, customName string, verbose bool) error {
 	if verbose {
 		log.Info("Adding file %s", customName)
 	}
 	return w.Write(archiver.File{
 		FileInfo: archiver.FileInfo{
 			FileInfo:   info,
 			CustomName: customName,
 		},
 		ReadCloser: r,
 	})
 }
 func addFile(w archiver.Writer, filePath, absPath string, verbose bool) error {
 	if verbose {
 		log.Info("Adding file %s\n", filePath)
 	}
 	file, err := os.Open(absPath)
 	if err != nil {
 		return err
@ -51,7 +39,13 @@ func addFile(w archiver.Writer, filePath, absPath string, verbose bool) error {
 		return err
 	}
-	return addReader(w, file, fileInfo, filePath, verbose)
+	return w.Write(archiver.File{
 		FileInfo: archiver.FileInfo{
 			FileInfo:   fileInfo,
 			CustomName: filePath,
 		},
 		ReadCloser: file,
 	})
 }
 func isSubdir(upper, lower string) (bool, error) {
@ -92,7 +86,7 @@ func (o outputType) String() string {
 }
 var outputTypeEnum = &outputType{
-	Enum:    []string{"zip", "tar", "tar.sz", "tar.gz", "tar.xz", "tar.bz2", "tar.br", "tar.lz4", "tar.zst"},
+	Enum:    []string{"zip", "tar", "tar.sz", "tar.gz", "tar.xz", "tar.bz2", "tar.br", "tar.lz4"},
 	Default: "zip",
 }
@ -142,14 +136,6 @@ It can be used for backup and capture Gitea server image to send to maintainer`,
 			Name:  "skip-attachment-data",
 			Usage: "Skip attachment data",
 		},
 		cli.BoolFlag{
 			Name:  "skip-package-data",
 			Usage: "Skip package data",
 		},
 		cli.BoolFlag{
 			Name:  "skip-index",
 			Usage: "Skip bleve index data",
 		},
 		cli.GenericFlag{
 			Name:  "type",
 			Value: outputTypeEnum,
@ -255,7 +241,13 @@ func runDump(ctx *cli.Context) error {
 				return err
 			}
-			return addReader(w, object, info, path.Join("data", "lfs", objPath), verbose)
+			return w.Write(archiver.File{
 				FileInfo: archiver.FileInfo{
 					FileInfo:   info,
 					CustomName: path.Join("data", "lfs", objPath),
 				},
 				ReadCloser: object,
 			})
 		}); err != nil {
 			fatal("Failed to dump LFS objects: %v", err)
 		}
@ -331,15 +323,9 @@ func runDump(ctx *cli.Context) error {
 			excludes = append(excludes, opts.ProviderConfig)
 		}
 		if ctx.IsSet("skip-index") && ctx.Bool("skip-index") {
 			excludes = append(excludes, setting.Indexer.RepoPath)
 			excludes = append(excludes, setting.Indexer.IssuePath)
 		}
 		excludes = append(excludes, setting.RepoRootPath)
 		excludes = append(excludes, setting.LFS.Path)
 		excludes = append(excludes, setting.Attachment.Path)
 		excludes = append(excludes, setting.Packages.Path)
 		excludes = append(excludes, setting.LogRootPath)
 		excludes = append(excludes, absFileName)
 		if err := addRecursiveExclude(w, "data", setting.AppDataPath, excludes, verbose); err != nil {
@ -355,24 +341,17 @@ func runDump(ctx *cli.Context) error {
 			return err
 		}
-		return addReader(w, object, info, path.Join("data", "attachments", objPath), verbose)
+		return w.Write(archiver.File{
 			FileInfo: archiver.FileInfo{
 				FileInfo:   info,
 				CustomName: path.Join("data", "attachments", objPath),
 			},
 			ReadCloser: object,
 		})
 	}); err != nil {
 		fatal("Failed to dump attachments: %v", err)
 	}
 	if ctx.IsSet("skip-package-data") && ctx.Bool("skip-package-data") {
 		log.Info("Skip dumping package data")
 	} else if err := storage.Packages.IterateObjects(func(objPath string, object storage.Object) error {
 		info, err := object.Stat()
 		if err != nil {
 			return err
 		}
 		return addReader(w, object, info, path.Join("data", "packages", objPath), verbose)
 	}); err != nil {
 		fatal("Failed to dump packages: %v", err)
 	}
 	// Doesn't check if LogRootPath exists before processing --skip-log intentionally,
 	// ensuring that it's clear the dump is skipped whether the directory's initialized
 	// yet or not.
@ -396,7 +375,7 @@ func runDump(ctx *cli.Context) error {
 			fatal("Failed to save %s: %v", fileName, err)
 		}
-		if err := os.Chmod(fileName, 0o600); err != nil {
+		if err := os.Chmod(fileName, 0600); err != nil {
 			log.Info("Can't change file access permissions mask to 0600: %v", err)
 		}
 	}
@ -448,23 +427,8 @@ func addRecursiveExclude(w archiver.Writer, insidePath, absPath string, excludeA
 				}
 			}
 		} else {
-			// only copy regular files and symlink regular files, skip non-regular files like socket/pipe/...
+			if err = addFile(w, currentInsidePath, currentAbsPath, verbose); err != nil {
-			shouldAdd := file.Mode().IsRegular()
+				return err
 			if !shouldAdd && file.Mode()&os.ModeSymlink == os.ModeSymlink {
 				target, err := filepath.EvalSymlinks(currentAbsPath)
 				if err != nil {
 					return err
 				}
 				targetStat, err := os.Stat(target)
 				if err != nil {
 					return err
 				}
 				shouldAdd = targetStat.Mode().IsRegular()
 			}
 			if shouldAdd {
 				if err = addFile(w, currentInsidePath, currentAbsPath, verbose); err != nil {
 					return err
 				}
 			}
 		}
 	}
--- a/cmd/dump_repo.go
+++ b/cmd/dump_repo.go
@ -7,17 +7,13 @@ package cmd
 import (
 	"context"
 	"errors"
 	"fmt"
 	"os"
 	"strings"
 	"code.gitea.io/gitea/modules/convert"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	base "code.gitea.io/gitea/modules/migration"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/services/migrations"
 	"github.com/urfave/cli"
@ -87,11 +83,6 @@ func runDumpRepository(ctx *cli.Context) error {
 		return err
 	}
 	// migrations.GiteaLocalUploader depends on git module
 	if err := git.InitSimple(context.Background()); err != nil {
 		return err
 	}
 	log.Info("AppPath: %s", setting.AppPath)
 	log.Info("AppWorkPath: %s", setting.AppWorkPath)
 	log.Info("Custom path: %s", setting.CustomPath)
@ -116,7 +107,7 @@ func runDumpRepository(ctx *cli.Context) error {
 	}
 	serviceType = convert.ToGitServiceType(serviceStr)
-	opts := base.MigrateOptions{
+	var opts = base.MigrateOptions{
 		GitServiceType: serviceType,
 		CloneAddr:      cloneAddr,
 		AuthUsername:   ctx.String("auth_username"),
@ -137,9 +128,7 @@ func runDumpRepository(ctx *cli.Context) error {
 	} else {
 		units := strings.Split(ctx.String("units"), ",")
 		for _, unit := range units {
-			switch strings.ToLower(strings.TrimSpace(unit)) {
+			switch strings.ToLower(unit) {
 			case "":
 				continue
 			case "wiki":
 				opts.Wiki = true
 			case "issues":
@ -156,29 +145,13 @@ func runDumpRepository(ctx *cli.Context) error {
 				opts.Comments = true
 			case "pull_requests":
 				opts.PullRequests = true
 			default:
 				return errors.New("invalid unit: " + unit)
 			}
 		}
 	}
 	// the repo_dir will be removed if error occurs in DumpRepository
 	// make sure the directory doesn't exist or is empty, prevent from deleting user files
 	repoDir := ctx.String("repo_dir")
 	if exists, err := util.IsExist(repoDir); err != nil {
 		return fmt.Errorf("unable to stat repo_dir %q: %w", repoDir, err)
 	} else if exists {
 		if isDir, _ := util.IsDir(repoDir); !isDir {
 			return fmt.Errorf("repo_dir %q already exists but it's not a directory", repoDir)
 		}
 		if dir, _ := os.ReadDir(repoDir); len(dir) > 0 {
 			return fmt.Errorf("repo_dir %q is not empty", repoDir)
 		}
 	}
 	if err := migrations.DumpRepository(
 		context.Background(),
-		repoDir,
+		ctx.String("repo_dir"),
 		ctx.String("owner_name"),
 		opts,
 	); err != nil {
--- a/cmd/embedded.go
+++ b/cmd/embedded.go
@ -3,6 +3,7 @@
 // license that can be found in the LICENSE file.
 //go:build bindata
 // +build bindata
 package cmd
@ -108,6 +109,7 @@ type asset struct {
 }
 func initEmbeddedExtractor(c *cli.Context) error {
 	// Silence the console logger
 	log.DelNamedLogger("console")
 	log.DelNamedLogger(log.DEFAULT)
@ -123,7 +125,7 @@ func initEmbeddedExtractor(c *cli.Context) error {
 	sections["public"] = &section{Path: "public", Names: public.AssetNames, IsDir: public.AssetIsDir, Asset: public.Asset}
 	sections["options"] = &section{Path: "options", Names: options.AssetNames, IsDir: options.AssetIsDir, Asset: options.Asset}
-	sections["templates"] = &section{Path: "templates", Names: templates.BuiltinAssetNames, IsDir: templates.BuiltinAssetIsDir, Asset: templates.BuiltinAsset}
+	sections["templates"] = &section{Path: "templates", Names: templates.AssetNames, IsDir: templates.AssetIsDir, Asset: templates.Asset}
 	for _, sec := range sections {
 		assets = append(assets, buildAssetList(sec, pats, c)...)
@ -186,11 +188,11 @@ func runViewDo(c *cli.Context) error {
 	data, err := assets[0].Section.Asset(assets[0].Name)
 	if err != nil {
-		return fmt.Errorf("%s: %w", assets[0].Path, err)
+		return fmt.Errorf("%s: %v", assets[0].Path, err)
 	}
 	if _, err = os.Stdout.Write(data); err != nil {
-		return fmt.Errorf("%s: %w", assets[0].Path, err)
+		return fmt.Errorf("%s: %v", assets[0].Path, err)
 	}
 	return nil
@ -251,19 +253,19 @@ func extractAsset(d string, a asset, overwrite, rename bool) error {
 	data, err := a.Section.Asset(a.Name)
 	if err != nil {
-		return fmt.Errorf("%s: %w", a.Path, err)
+		return fmt.Errorf("%s: %v", a.Path, err)
 	}
 	if err := os.MkdirAll(dir, os.ModePerm); err != nil {
-		return fmt.Errorf("%s: %w", dir, err)
+		return fmt.Errorf("%s: %v", dir, err)
 	}
-	perms := os.ModePerm & 0o666
+	perms := os.ModePerm & 0666
 	fi, err := os.Lstat(dest)
 	if err != nil {
 		if !errors.Is(err, os.ErrNotExist) {
-			return fmt.Errorf("%s: %w", dest, err)
+			return fmt.Errorf("%s: %v", dest, err)
 		}
 	} else if !overwrite && !rename {
 		fmt.Printf("%s already exists; skipped.\n", dest)
@ -272,7 +274,7 @@ func extractAsset(d string, a asset, overwrite, rename bool) error {
 		return fmt.Errorf("%s already exists, but it's not a regular file", dest)
 	} else if rename {
 		if err := util.Rename(dest, dest+".bak"); err != nil {
-			return fmt.Errorf("Error creating backup for %s: %w", dest, err)
+			return fmt.Errorf("Error creating backup for %s: %v", dest, err)
 		}
 		// Attempt to respect file permissions mask (even if user:group will be set anew)
 		perms = fi.Mode()
@ -280,12 +282,12 @@ func extractAsset(d string, a asset, overwrite, rename bool) error {
 	file, err := os.OpenFile(dest, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, perms)
 	if err != nil {
-		return fmt.Errorf("%s: %w", dest, err)
+		return fmt.Errorf("%s: %v", dest, err)
 	}
 	defer file.Close()
 	if _, err = file.Write(data); err != nil {
-		return fmt.Errorf("%s: %w", dest, err)
+		return fmt.Errorf("%s: %v", dest, err)
 	}
 	fmt.Println(dest)
@ -294,7 +296,7 @@ func extractAsset(d string, a asset, overwrite, rename bool) error {
 }
 func buildAssetList(sec *section, globs []glob.Glob, c *cli.Context) []asset {
-	results := make([]asset, 0, 64)
+	var results = make([]asset, 0, 64)
 	for _, name := range sec.Names() {
 		if isdir, err := sec.IsDir(name); !isdir && err == nil {
 			if sec.Path == "public" &&
@ -305,11 +307,9 @@ func buildAssetList(sec *section, globs []glob.Glob, c *cli.Context) []asset {
 			matchName := sec.Path + "/" + name
 			for _, g := range globs {
 				if g.Match(matchName) {
-					results = append(results, asset{
+					results = append(results, asset{Section: sec,
-						Section: sec,
+						Name: name,
-						Name:    name,
+						Path: sec.Path + "/" + name})
 						Path:    sec.Path + "/" + name,
 					})
 					break
 				}
 			}
@ -325,7 +325,7 @@ func getPatterns(args []string) ([]glob.Glob, error) {
 	pat := make([]glob.Glob, len(args))
 	for i := range args {
 		if g, err := glob.Compile(args[i], '/'); err != nil {
-			return nil, fmt.Errorf("'%s': Invalid glob pattern: %w", args[i], err)
+			return nil, fmt.Errorf("'%s': Invalid glob pattern: %v", args[i], err)
 		} else {
 			pat[i] = g
 		}
--- a/cmd/embedded_stub.go
+++ b/cmd/embedded_stub.go
@ -3,6 +3,7 @@
 // license that can be found in the LICENSE file.
 //go:build !bindata
 // +build !bindata
 package cmd
--- a/cmd/hook.go
+++ b/cmd/hook.go
@ -15,9 +15,9 @@ import (
 	"strings"
 	"time"
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/private"
 	repo_module "code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
@ -162,7 +162,7 @@ func (n *nilWriter) WriteString(s string) (int, error) {
 }
 func runHookPreReceive(c *cli.Context) error {
-	if isInternal, _ := strconv.ParseBool(os.Getenv(repo_module.EnvIsInternal)); isInternal {
+	if os.Getenv(models.EnvIsInternal) == "true" {
 		return nil
 	}
 	ctx, cancel := installSignals()
@ -180,12 +180,12 @@ Gitea or set your environment appropriately.`, "")
 	}
 	// the environment is set by serv command
-	isWiki, _ := strconv.ParseBool(os.Getenv(repo_module.EnvRepoIsWiki))
+	isWiki := os.Getenv(models.EnvRepoIsWiki) == "true"
-	username := os.Getenv(repo_module.EnvRepoUsername)
+	username := os.Getenv(models.EnvRepoUsername)
-	reponame := os.Getenv(repo_module.EnvRepoName)
+	reponame := os.Getenv(models.EnvRepoName)
-	userID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPusherID), 10, 64)
+	userID, _ := strconv.ParseInt(os.Getenv(models.EnvPusherID), 10, 64)
-	prID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPRID), 10, 64)
+	prID, _ := strconv.ParseInt(os.Getenv(models.EnvPRID), 10, 64)
-	deployKeyID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvDeployKeyID), 10, 64)
+	deployKeyID, _ := strconv.ParseInt(os.Getenv(models.EnvDeployKeyID), 10, 64)
 	hookOptions := private.HookOptions{
 		UserID:                          userID,
@ -308,18 +308,18 @@ func runHookPostReceive(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 	setup("hooks/post-receive.log", c.Bool("debug"))
 	// First of all run update-server-info no matter what
-	if _, _, err := git.NewCommand(ctx, "update-server-info").RunStdString(nil); err != nil {
+	if _, err := git.NewCommandContext(ctx, "update-server-info").Run(); err != nil {
-		return fmt.Errorf("Failed to call 'git update-server-info': %w", err)
+		return fmt.Errorf("Failed to call 'git update-server-info': %v", err)
 	}
 	// Now if we're an internal don't do anything else
-	if isInternal, _ := strconv.ParseBool(os.Getenv(repo_module.EnvIsInternal)); isInternal {
+	if os.Getenv(models.EnvIsInternal) == "true" {
 		return nil
 	}
 	setup("hooks/post-receive.log", c.Bool("debug"))
 	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
 		if setting.OnlyAllowPushIfGiteaEnvironmentSet {
 			return fail(`Rejecting changes as Gitea environment not set.
@ -343,11 +343,11 @@ Gitea or set your environment appropriately.`, "")
 	}
 	// the environment is set by serv command
-	repoUser := os.Getenv(repo_module.EnvRepoUsername)
+	repoUser := os.Getenv(models.EnvRepoUsername)
-	isWiki, _ := strconv.ParseBool(os.Getenv(repo_module.EnvRepoIsWiki))
+	isWiki := os.Getenv(models.EnvRepoIsWiki) == "true"
-	repoName := os.Getenv(repo_module.EnvRepoName)
+	repoName := os.Getenv(models.EnvRepoName)
-	pusherID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPusherID), 10, 64)
+	pusherID, _ := strconv.ParseInt(os.Getenv(models.EnvPusherID), 10, 64)
-	pusherName := os.Getenv(repo_module.EnvPusherName)
+	pusherName := os.Getenv(models.EnvPusherName)
 	hookOptions := private.HookOptions{
 		UserName:                        pusherName,
@ -503,10 +503,10 @@ Gitea or set your environment appropriately.`, "")
 	}
 	reader := bufio.NewReader(os.Stdin)
-	repoUser := os.Getenv(repo_module.EnvRepoUsername)
+	repoUser := os.Getenv(models.EnvRepoUsername)
-	repoName := os.Getenv(repo_module.EnvRepoName)
+	repoName := os.Getenv(models.EnvRepoName)
-	pusherID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPusherID), 10, 64)
+	pusherID, _ := strconv.ParseInt(os.Getenv(models.EnvPusherID), 10, 64)
-	pusherName := os.Getenv(repo_module.EnvPusherName)
+	pusherName := os.Getenv(models.EnvPusherName)
 	// 1. Version and features negotiation.
 	// S: PKT-LINE(version=1\0push-options atomic...) / PKT-LINE(version=1\n)
@ -792,7 +792,7 @@ func writeDataPktLine(out io.Writer, data []byte) error {
 	if err != nil {
 		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
 	}
-	if lr != 4 {
+	if 4 != lr {
 		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
 	}
--- a/cmd/main_test.go
+++ b/cmd/main_test.go
@ -1,23 +0,0 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
 import (
 	"testing"
 	"code.gitea.io/gitea/models/unittest"
 	"code.gitea.io/gitea/modules/setting"
 )
 func init() {
 	setting.SetCustomPathAndConf("", "", "")
 	setting.LoadForTest()
 }
 func TestMain(m *testing.M) {
 	unittest.MainTest(m, &unittest.TestOptions{
 		GiteaRootPath: "..",
 	})
 }
--- a/cmd/manager.go
+++ b/cmd/manager.go
@ -10,6 +10,7 @@ import (
 	"os"
 	"time"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/private"
 	"github.com/urfave/cli"
@ -26,7 +27,6 @@ var (
 			subcmdRestart,
 			subcmdFlushQueues,
 			subcmdLogging,
 			subCmdProcesses,
 		},
 	}
 	subcmdShutdown = cli.Command{
@ -58,8 +58,7 @@ var (
 				Name:  "timeout",
 				Value: 60 * time.Second,
 				Usage: "Timeout for the flushing process",
-			},
+			}, cli.BoolFlag{
 			cli.BoolFlag{
 				Name:  "non-blocking",
 				Usage: "Set to true to not wait for flush to complete before returning",
 			},
@ -68,38 +67,326 @@ var (
 			},
 		},
 	}
-	subCmdProcesses = cli.Command{
+	defaultLoggingFlags = []cli.Flag{
-		Name:   "processes",
+		cli.StringFlag{
-		Usage:  "Display running processes within the current process",
+			Name:  "group, g",
-		Action: runProcesses,
+			Usage: "Group to add logger to - will default to \"default\"",
-		Flags: []cli.Flag{
+		}, cli.StringFlag{
-			cli.BoolFlag{
+			Name:  "name, n",
-				Name: "debug",
+			Usage: "Name of the new logger - will default to mode",
-			},
+		}, cli.StringFlag{
-			cli.BoolFlag{
+			Name:  "level, l",
-				Name:  "flat",
+			Usage: "Logging level for the new logger",
-				Usage: "Show processes as flat table rather than as tree",
+		}, cli.StringFlag{
-			},
+			Name:  "stacktrace-level, L",
-			cli.BoolFlag{
+			Usage: "Stacktrace logging level",
-				Name:  "no-system",
+		}, cli.StringFlag{
-				Usage: "Do not show system processes",
+			Name:  "flags, F",
-			},
+			Usage: "Flags for the logger",
-			cli.BoolFlag{
+		}, cli.StringFlag{
-				Name:  "stacktraces",
+			Name:  "expression, e",
-				Usage: "Show stacktraces",
+			Usage: "Matching expression for the logger",
-			},
+		}, cli.StringFlag{
-			cli.BoolFlag{
+			Name:  "prefix, p",
-				Name:  "json",
+			Usage: "Prefix for the logger",
-				Usage: "Output as json",
+		}, cli.BoolFlag{
-			},
+			Name:  "color",
-			cli.StringFlag{
+			Usage: "Use color in the logs",
-				Name:  "cancel",
+		}, cli.BoolFlag{
-				Usage: "Process PID to cancel. (Only available for non-system processes.)",
+			Name: "debug",
 		},
 	}
 	subcmdLogging = cli.Command{
 		Name:  "logging",
 		Usage: "Adjust logging commands",
 		Subcommands: []cli.Command{
 			{
 				Name:  "pause",
 				Usage: "Pause logging (Gitea will buffer logs up to a certain point and will drop them after that point)",
 				Flags: []cli.Flag{
 					cli.BoolFlag{
 						Name: "debug",
 					},
 				},
 				Action: runPauseLogging,
 			}, {
 				Name:  "resume",
 				Usage: "Resume logging",
 				Flags: []cli.Flag{
 					cli.BoolFlag{
 						Name: "debug",
 					},
 				},
 				Action: runResumeLogging,
 			}, {
 				Name:  "release-and-reopen",
 				Usage: "Cause Gitea to release and re-open files used for logging",
 				Flags: []cli.Flag{
 					cli.BoolFlag{
 						Name: "debug",
 					},
 				},
 				Action: runReleaseReopenLogging,
 			}, {
 				Name:      "remove",
 				Usage:     "Remove a logger",
 				ArgsUsage: "[name] Name of logger to remove",
 				Flags: []cli.Flag{
 					cli.BoolFlag{
 						Name: "debug",
 					}, cli.StringFlag{
 						Name:  "group, g",
 						Usage: "Group to add logger to - will default to \"default\"",
 					},
 				},
 				Action: runRemoveLogger,
 			}, {
 				Name:  "add",
 				Usage: "Add a logger",
 				Subcommands: []cli.Command{
 					{
 						Name:  "console",
 						Usage: "Add a console logger",
 						Flags: append(defaultLoggingFlags,
 							cli.BoolFlag{
 								Name:  "stderr",
 								Usage: "Output console logs to stderr - only relevant for console",
 							}),
 						Action: runAddConsoleLogger,
 					}, {
 						Name:  "file",
 						Usage: "Add a file logger",
 						Flags: append(defaultLoggingFlags, []cli.Flag{
 							cli.StringFlag{
 								Name:  "filename, f",
 								Usage: "Filename for the logger - this must be set.",
 							}, cli.BoolTFlag{
 								Name:  "rotate, r",
 								Usage: "Rotate logs",
 							}, cli.Int64Flag{
 								Name:  "max-size, s",
 								Usage: "Maximum size in bytes before rotation",
 							}, cli.BoolTFlag{
 								Name:  "daily, d",
 								Usage: "Rotate logs daily",
 							}, cli.IntFlag{
 								Name:  "max-days, D",
 								Usage: "Maximum number of daily logs to keep",
 							}, cli.BoolTFlag{
 								Name:  "compress, z",
 								Usage: "Compress rotated logs",
 							}, cli.IntFlag{
 								Name:  "compression-level, Z",
 								Usage: "Compression level to use",
 							},
 						}...),
 						Action: runAddFileLogger,
 					}, {
 						Name:  "conn",
 						Usage: "Add a net conn logger",
 						Flags: append(defaultLoggingFlags, []cli.Flag{
 							cli.BoolFlag{
 								Name:  "reconnect-on-message, R",
 								Usage: "Reconnect to host for every message",
 							}, cli.BoolFlag{
 								Name:  "reconnect, r",
 								Usage: "Reconnect to host when connection is dropped",
 							}, cli.StringFlag{
 								Name:  "protocol, P",
 								Usage: "Set protocol to use: tcp, unix, or udp (defaults to tcp)",
 							}, cli.StringFlag{
 								Name:  "address, a",
 								Usage: "Host address and port to connect to (defaults to :7020)",
 							},
 						}...),
 						Action: runAddConnLogger,
 					}, {
 						Name:  "smtp",
 						Usage: "Add an SMTP logger",
 						Flags: append(defaultLoggingFlags, []cli.Flag{
 							cli.StringFlag{
 								Name:  "username, u",
 								Usage: "Mail server username",
 							}, cli.StringFlag{
 								Name:  "password, P",
 								Usage: "Mail server password",
 							}, cli.StringFlag{
 								Name:  "host, H",
 								Usage: "Mail server host (defaults to: 127.0.0.1:25)",
 							}, cli.StringSliceFlag{
 								Name:  "send-to, s",
 								Usage: "Email address(es) to send to",
 							}, cli.StringFlag{
 								Name:  "subject, S",
 								Usage: "Subject header of sent emails",
 							},
 						}...),
 						Action: runAddSMTPLogger,
 					},
 				},
 			},
 		},
 	}
 )
 func runRemoveLogger(c *cli.Context) error {
 	setup("manager", c.Bool("debug"))
 	group := c.String("group")
 	if len(group) == 0 {
 		group = log.DEFAULT
 	}
 	name := c.Args().First()
 	ctx, cancel := installSignals()
 	defer cancel()
 	statusCode, msg := private.RemoveLogger(ctx, group, name)
 	switch statusCode {
 	case http.StatusInternalServerError:
 		return fail("InternalServerError", msg)
 	}
 	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }
 func runAddSMTPLogger(c *cli.Context) error {
 	setup("manager", c.Bool("debug"))
 	vals := map[string]interface{}{}
 	mode := "smtp"
 	if c.IsSet("host") {
 		vals["host"] = c.String("host")
 	} else {
 		vals["host"] = "127.0.0.1:25"
 	}
 	if c.IsSet("username") {
 		vals["username"] = c.String("username")
 	}
 	if c.IsSet("password") {
 		vals["password"] = c.String("password")
 	}
 	if !c.IsSet("send-to") {
 		return fmt.Errorf("Some recipients must be provided")
 	}
 	vals["sendTos"] = c.StringSlice("send-to")
 	if c.IsSet("subject") {
 		vals["subject"] = c.String("subject")
 	} else {
 		vals["subject"] = "Diagnostic message from Gitea"
 	}
 	return commonAddLogger(c, mode, vals)
 }
 func runAddConnLogger(c *cli.Context) error {
 	setup("manager", c.Bool("debug"))
 	vals := map[string]interface{}{}
 	mode := "conn"
 	vals["net"] = "tcp"
 	if c.IsSet("protocol") {
 		switch c.String("protocol") {
 		case "udp":
 			vals["net"] = "udp"
 		case "unix":
 			vals["net"] = "unix"
 		}
 	}
 	if c.IsSet("address") {
 		vals["address"] = c.String("address")
 	} else {
 		vals["address"] = ":7020"
 	}
 	if c.IsSet("reconnect") {
 		vals["reconnect"] = c.Bool("reconnect")
 	}
 	if c.IsSet("reconnect-on-message") {
 		vals["reconnectOnMsg"] = c.Bool("reconnect-on-message")
 	}
 	return commonAddLogger(c, mode, vals)
 }
 func runAddFileLogger(c *cli.Context) error {
 	setup("manager", c.Bool("debug"))
 	vals := map[string]interface{}{}
 	mode := "file"
 	if c.IsSet("filename") {
 		vals["filename"] = c.String("filename")
 	} else {
 		return fmt.Errorf("filename must be set when creating a file logger")
 	}
 	if c.IsSet("rotate") {
 		vals["rotate"] = c.Bool("rotate")
 	}
 	if c.IsSet("max-size") {
 		vals["maxsize"] = c.Int64("max-size")
 	}
 	if c.IsSet("daily") {
 		vals["daily"] = c.Bool("daily")
 	}
 	if c.IsSet("max-days") {
 		vals["maxdays"] = c.Int("max-days")
 	}
 	if c.IsSet("compress") {
 		vals["compress"] = c.Bool("compress")
 	}
 	if c.IsSet("compression-level") {
 		vals["compressionLevel"] = c.Int("compression-level")
 	}
 	return commonAddLogger(c, mode, vals)
 }
 func runAddConsoleLogger(c *cli.Context) error {
 	setup("manager", c.Bool("debug"))
 	vals := map[string]interface{}{}
 	mode := "console"
 	if c.IsSet("stderr") && c.Bool("stderr") {
 		vals["stderr"] = c.Bool("stderr")
 	}
 	return commonAddLogger(c, mode, vals)
 }
 func commonAddLogger(c *cli.Context, mode string, vals map[string]interface{}) error {
 	if len(c.String("level")) > 0 {
 		vals["level"] = log.FromString(c.String("level")).String()
 	}
 	if len(c.String("stacktrace-level")) > 0 {
 		vals["stacktraceLevel"] = log.FromString(c.String("stacktrace-level")).String()
 	}
 	if len(c.String("expression")) > 0 {
 		vals["expression"] = c.String("expression")
 	}
 	if len(c.String("prefix")) > 0 {
 		vals["prefix"] = c.String("prefix")
 	}
 	if len(c.String("flags")) > 0 {
 		vals["flags"] = log.FlagsFromString(c.String("flags"))
 	}
 	if c.IsSet("color") {
 		vals["colorize"] = c.Bool("color")
 	}
 	group := "default"
 	if c.IsSet("group") {
 		group = c.String("group")
 	}
 	name := mode
 	if c.IsSet("name") {
 		name = c.String("name")
 	}
 	ctx, cancel := installSignals()
 	defer cancel()
 	statusCode, msg := private.AddLogger(ctx, group, name, mode, vals)
 	switch statusCode {
 	case http.StatusInternalServerError:
 		return fail("InternalServerError", msg)
 	}
 	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }
 func runShutdown(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
@ -145,16 +432,47 @@ func runFlushQueues(c *cli.Context) error {
 	return nil
 }
-func runProcesses(c *cli.Context) error {
+func runPauseLogging(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 	setup("manager", c.Bool("debug"))
-	statusCode, msg := private.Processes(ctx, os.Stdout, c.Bool("flat"), c.Bool("no-system"), c.Bool("stacktraces"), c.Bool("json"), c.String("cancel"))
+	statusCode, msg := private.PauseLogging(ctx)
 	switch statusCode {
 	case http.StatusInternalServerError:
 		return fail("InternalServerError", msg)
 	}
 	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }
 func runResumeLogging(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 	setup("manager", c.Bool("debug"))
 	statusCode, msg := private.ResumeLogging(ctx)
 	switch statusCode {
 	case http.StatusInternalServerError:
 		return fail("InternalServerError", msg)
 	}
 	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }
 func runReleaseReopenLogging(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 	setup("manager", c.Bool("debug"))
 	statusCode, msg := private.ReleaseReopenLogging(ctx)
 	switch statusCode {
 	case http.StatusInternalServerError:
 		return fail("InternalServerError", msg)
 	}
 	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }
--- a/cmd/manager_logging.go
+++ b/cmd/manager_logging.go
@ -1,410 +0,0 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
 import (
 	"fmt"
 	"net/http"
 	"os"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/private"
 	"github.com/urfave/cli"
 )
 var (
 	defaultLoggingFlags = []cli.Flag{
 		cli.StringFlag{
 			Name:  "group, g",
 			Usage: "Group to add logger to - will default to \"default\"",
 		}, cli.StringFlag{
 			Name:  "name, n",
 			Usage: "Name of the new logger - will default to mode",
 		}, cli.StringFlag{
 			Name:  "level, l",
 			Usage: "Logging level for the new logger",
 		}, cli.StringFlag{
 			Name:  "stacktrace-level, L",
 			Usage: "Stacktrace logging level",
 		}, cli.StringFlag{
 			Name:  "flags, F",
 			Usage: "Flags for the logger",
 		}, cli.StringFlag{
 			Name:  "expression, e",
 			Usage: "Matching expression for the logger",
 		}, cli.StringFlag{
 			Name:  "prefix, p",
 			Usage: "Prefix for the logger",
 		}, cli.BoolFlag{
 			Name:  "color",
 			Usage: "Use color in the logs",
 		}, cli.BoolFlag{
 			Name: "debug",
 		},
 	}
 	subcmdLogging = cli.Command{
 		Name:  "logging",
 		Usage: "Adjust logging commands",
 		Subcommands: []cli.Command{
 			{
 				Name:  "pause",
 				Usage: "Pause logging (Gitea will buffer logs up to a certain point and will drop them after that point)",
 				Flags: []cli.Flag{
 					cli.BoolFlag{
 						Name: "debug",
 					},
 				},
 				Action: runPauseLogging,
 			}, {
 				Name:  "resume",
 				Usage: "Resume logging",
 				Flags: []cli.Flag{
 					cli.BoolFlag{
 						Name: "debug",
 					},
 				},
 				Action: runResumeLogging,
 			}, {
 				Name:  "release-and-reopen",
 				Usage: "Cause Gitea to release and re-open files used for logging",
 				Flags: []cli.Flag{
 					cli.BoolFlag{
 						Name: "debug",
 					},
 				},
 				Action: runReleaseReopenLogging,
 			}, {
 				Name:      "remove",
 				Usage:     "Remove a logger",
 				ArgsUsage: "[name] Name of logger to remove",
 				Flags: []cli.Flag{
 					cli.BoolFlag{
 						Name: "debug",
 					}, cli.StringFlag{
 						Name:  "group, g",
 						Usage: "Group to add logger to - will default to \"default\"",
 					},
 				},
 				Action: runRemoveLogger,
 			}, {
 				Name:  "add",
 				Usage: "Add a logger",
 				Subcommands: []cli.Command{
 					{
 						Name:  "console",
 						Usage: "Add a console logger",
 						Flags: append(defaultLoggingFlags,
 							cli.BoolFlag{
 								Name:  "stderr",
 								Usage: "Output console logs to stderr - only relevant for console",
 							}),
 						Action: runAddConsoleLogger,
 					}, {
 						Name:  "file",
 						Usage: "Add a file logger",
 						Flags: append(defaultLoggingFlags, []cli.Flag{
 							cli.StringFlag{
 								Name:  "filename, f",
 								Usage: "Filename for the logger - this must be set.",
 							}, cli.BoolTFlag{
 								Name:  "rotate, r",
 								Usage: "Rotate logs",
 							}, cli.Int64Flag{
 								Name:  "max-size, s",
 								Usage: "Maximum size in bytes before rotation",
 							}, cli.BoolTFlag{
 								Name:  "daily, d",
 								Usage: "Rotate logs daily",
 							}, cli.IntFlag{
 								Name:  "max-days, D",
 								Usage: "Maximum number of daily logs to keep",
 							}, cli.BoolTFlag{
 								Name:  "compress, z",
 								Usage: "Compress rotated logs",
 							}, cli.IntFlag{
 								Name:  "compression-level, Z",
 								Usage: "Compression level to use",
 							},
 						}...),
 						Action: runAddFileLogger,
 					}, {
 						Name:  "conn",
 						Usage: "Add a net conn logger",
 						Flags: append(defaultLoggingFlags, []cli.Flag{
 							cli.BoolFlag{
 								Name:  "reconnect-on-message, R",
 								Usage: "Reconnect to host for every message",
 							}, cli.BoolFlag{
 								Name:  "reconnect, r",
 								Usage: "Reconnect to host when connection is dropped",
 							}, cli.StringFlag{
 								Name:  "protocol, P",
 								Usage: "Set protocol to use: tcp, unix, or udp (defaults to tcp)",
 							}, cli.StringFlag{
 								Name:  "address, a",
 								Usage: "Host address and port to connect to (defaults to :7020)",
 							},
 						}...),
 						Action: runAddConnLogger,
 					}, {
 						Name:  "smtp",
 						Usage: "Add an SMTP logger",
 						Flags: append(defaultLoggingFlags, []cli.Flag{
 							cli.StringFlag{
 								Name:  "username, u",
 								Usage: "Mail server username",
 							}, cli.StringFlag{
 								Name:  "password, P",
 								Usage: "Mail server password",
 							}, cli.StringFlag{
 								Name:  "host, H",
 								Usage: "Mail server host (defaults to: 127.0.0.1:25)",
 							}, cli.StringSliceFlag{
 								Name:  "send-to, s",
 								Usage: "Email address(es) to send to",
 							}, cli.StringFlag{
 								Name:  "subject, S",
 								Usage: "Subject header of sent emails",
 							},
 						}...),
 						Action: runAddSMTPLogger,
 					},
 				},
 			}, {
 				Name:  "log-sql",
 				Usage: "Set LogSQL",
 				Flags: []cli.Flag{
 					cli.BoolFlag{
 						Name: "debug",
 					}, cli.BoolFlag{
 						Name:  "off",
 						Usage: "Switch off SQL logging",
 					},
 				},
 				Action: runSetLogSQL,
 			},
 		},
 	}
 )
 func runRemoveLogger(c *cli.Context) error {
 	setup("manager", c.Bool("debug"))
 	group := c.String("group")
 	if len(group) == 0 {
 		group = log.DEFAULT
 	}
 	name := c.Args().First()
 	ctx, cancel := installSignals()
 	defer cancel()
 	statusCode, msg := private.RemoveLogger(ctx, group, name)
 	switch statusCode {
 	case http.StatusInternalServerError:
 		return fail("InternalServerError", msg)
 	}
 	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }
 func runAddSMTPLogger(c *cli.Context) error {
 	setup("manager", c.Bool("debug"))
 	vals := map[string]interface{}{}
 	mode := "smtp"
 	if c.IsSet("host") {
 		vals["host"] = c.String("host")
 	} else {
 		vals["host"] = "127.0.0.1:25"
 	}
 	if c.IsSet("username") {
 		vals["username"] = c.String("username")
 	}
 	if c.IsSet("password") {
 		vals["password"] = c.String("password")
 	}
 	if !c.IsSet("send-to") {
 		return fmt.Errorf("Some recipients must be provided")
 	}
 	vals["sendTos"] = c.StringSlice("send-to")
 	if c.IsSet("subject") {
 		vals["subject"] = c.String("subject")
 	} else {
 		vals["subject"] = "Diagnostic message from Gitea"
 	}
 	return commonAddLogger(c, mode, vals)
 }
 func runAddConnLogger(c *cli.Context) error {
 	setup("manager", c.Bool("debug"))
 	vals := map[string]interface{}{}
 	mode := "conn"
 	vals["net"] = "tcp"
 	if c.IsSet("protocol") {
 		switch c.String("protocol") {
 		case "udp":
 			vals["net"] = "udp"
 		case "unix":
 			vals["net"] = "unix"
 		}
 	}
 	if c.IsSet("address") {
 		vals["address"] = c.String("address")
 	} else {
 		vals["address"] = ":7020"
 	}
 	if c.IsSet("reconnect") {
 		vals["reconnect"] = c.Bool("reconnect")
 	}
 	if c.IsSet("reconnect-on-message") {
 		vals["reconnectOnMsg"] = c.Bool("reconnect-on-message")
 	}
 	return commonAddLogger(c, mode, vals)
 }
 func runAddFileLogger(c *cli.Context) error {
 	setup("manager", c.Bool("debug"))
 	vals := map[string]interface{}{}
 	mode := "file"
 	if c.IsSet("filename") {
 		vals["filename"] = c.String("filename")
 	} else {
 		return fmt.Errorf("filename must be set when creating a file logger")
 	}
 	if c.IsSet("rotate") {
 		vals["rotate"] = c.Bool("rotate")
 	}
 	if c.IsSet("max-size") {
 		vals["maxsize"] = c.Int64("max-size")
 	}
 	if c.IsSet("daily") {
 		vals["daily"] = c.Bool("daily")
 	}
 	if c.IsSet("max-days") {
 		vals["maxdays"] = c.Int("max-days")
 	}
 	if c.IsSet("compress") {
 		vals["compress"] = c.Bool("compress")
 	}
 	if c.IsSet("compression-level") {
 		vals["compressionLevel"] = c.Int("compression-level")
 	}
 	return commonAddLogger(c, mode, vals)
 }
 func runAddConsoleLogger(c *cli.Context) error {
 	setup("manager", c.Bool("debug"))
 	vals := map[string]interface{}{}
 	mode := "console"
 	if c.IsSet("stderr") && c.Bool("stderr") {
 		vals["stderr"] = c.Bool("stderr")
 	}
 	return commonAddLogger(c, mode, vals)
 }
 func commonAddLogger(c *cli.Context, mode string, vals map[string]interface{}) error {
 	if len(c.String("level")) > 0 {
 		vals["level"] = log.FromString(c.String("level")).String()
 	}
 	if len(c.String("stacktrace-level")) > 0 {
 		vals["stacktraceLevel"] = log.FromString(c.String("stacktrace-level")).String()
 	}
 	if len(c.String("expression")) > 0 {
 		vals["expression"] = c.String("expression")
 	}
 	if len(c.String("prefix")) > 0 {
 		vals["prefix"] = c.String("prefix")
 	}
 	if len(c.String("flags")) > 0 {
 		vals["flags"] = log.FlagsFromString(c.String("flags"))
 	}
 	if c.IsSet("color") {
 		vals["colorize"] = c.Bool("color")
 	}
 	group := "default"
 	if c.IsSet("group") {
 		group = c.String("group")
 	}
 	name := mode
 	if c.IsSet("name") {
 		name = c.String("name")
 	}
 	ctx, cancel := installSignals()
 	defer cancel()
 	statusCode, msg := private.AddLogger(ctx, group, name, mode, vals)
 	switch statusCode {
 	case http.StatusInternalServerError:
 		return fail("InternalServerError", msg)
 	}
 	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }
 func runPauseLogging(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 	setup("manager", c.Bool("debug"))
 	statusCode, msg := private.PauseLogging(ctx)
 	switch statusCode {
 	case http.StatusInternalServerError:
 		return fail("InternalServerError", msg)
 	}
 	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }
 func runResumeLogging(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 	setup("manager", c.Bool("debug"))
 	statusCode, msg := private.ResumeLogging(ctx)
 	switch statusCode {
 	case http.StatusInternalServerError:
 		return fail("InternalServerError", msg)
 	}
 	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }
 func runReleaseReopenLogging(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 	setup("manager", c.Bool("debug"))
 	statusCode, msg := private.ReleaseReopenLogging(ctx)
 	switch statusCode {
 	case http.StatusInternalServerError:
 		return fail("InternalServerError", msg)
 	}
 	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }
 func runSetLogSQL(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 	setup("manager", c.Bool("debug"))
 	statusCode, msg := private.SetLogSQL(ctx, !c.Bool("off"))
 	switch statusCode {
 	case http.StatusInternalServerError:
 		return fail("InternalServerError", msg)
 	}
 	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }
--- a/cmd/migrate_storage.go
+++ b/cmd/migrate_storage.go
@ -9,14 +9,12 @@ import (
 	"fmt"
 	"strings"
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
 	git_model "code.gitea.io/gitea/models/git"
 	"code.gitea.io/gitea/models/migrations"
 	packages_model "code.gitea.io/gitea/models/packages"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
 	packages_module "code.gitea.io/gitea/modules/packages"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/storage"
@ -27,13 +25,13 @@ import (
 var CmdMigrateStorage = cli.Command{
 	Name:        "migrate-storage",
 	Usage:       "Migrate the storage",
-	Description: "Copies stored files from storage configured in app.ini to parameter-configured storage",
+	Description: "This is a command for migrating storage.",
 	Action:      runMigrateStorage,
 	Flags: []cli.Flag{
 		cli.StringFlag{
 			Name:  "type, t",
 			Value: "",
-			Usage: "Type of stored files to copy.  Allowed types: 'attachments', 'lfs', 'avatars', 'repo-avatars', 'repo-archivers', 'packages'",
+			Usage: "Kinds of files to migrate, currently only 'attachments' is supported",
 		},
 		cli.StringFlag{
 			Name:  "storage, s",
@ -82,50 +80,34 @@ var CmdMigrateStorage = cli.Command{
 	},
 }
-func migrateAttachments(ctx context.Context, dstStorage storage.ObjectStorage) error {
+func migrateAttachments(dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, attach *repo_model.Attachment) error {
+	return repo_model.IterateAttachment(func(attach *repo_model.Attachment) error {
 		_, err := storage.Copy(dstStorage, attach.RelativePath(), storage.Attachments, attach.RelativePath())
 		return err
 	})
 }
-func migrateLFS(ctx context.Context, dstStorage storage.ObjectStorage) error {
+func migrateLFS(dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, mo *git_model.LFSMetaObject) error {
+	return models.IterateLFS(func(mo *models.LFSMetaObject) error {
 		_, err := storage.Copy(dstStorage, mo.RelativePath(), storage.LFS, mo.RelativePath())
 		return err
 	})
 }
-func migrateAvatars(ctx context.Context, dstStorage storage.ObjectStorage) error {
+func migrateAvatars(dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, user *user_model.User) error {
+	return user_model.IterateUser(func(user *user_model.User) error {
 		_, err := storage.Copy(dstStorage, user.CustomAvatarRelativePath(), storage.Avatars, user.CustomAvatarRelativePath())
 		return err
 	})
 }
-func migrateRepoAvatars(ctx context.Context, dstStorage storage.ObjectStorage) error {
+func migrateRepoAvatars(dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, repo *repo_model.Repository) error {
+	return repo_model.IterateRepository(func(repo *repo_model.Repository) error {
 		_, err := storage.Copy(dstStorage, repo.CustomAvatarRelativePath(), storage.RepoAvatars, repo.CustomAvatarRelativePath())
 		return err
 	})
 }
 func migrateRepoArchivers(ctx context.Context, dstStorage storage.ObjectStorage) error {
 	return db.Iterate(ctx, nil, func(ctx context.Context, archiver *repo_model.RepoArchiver) error {
 		p := archiver.RelativePath()
 		_, err := storage.Copy(dstStorage, p, storage.RepoArchives, p)
 		return err
 	})
 }
 func migratePackages(ctx context.Context, dstStorage storage.ObjectStorage) error {
 	return db.Iterate(ctx, nil, func(ctx context.Context, pb *packages_model.PackageBlob) error {
 		p := packages_module.KeyToRelativePath(packages_module.BlobHash256Key(pb.HashSHA256))
 		_, err := storage.Copy(dstStorage, p, storage.Packages, p)
 		return err
 	})
 }
 func runMigrateStorage(ctx *cli.Context) error {
 	stdCtx, cancel := installSignals()
 	defer cancel()
@ -145,6 +127,8 @@ func runMigrateStorage(ctx *cli.Context) error {
 		return err
 	}
 	goCtx := context.Background()
 	if err := storage.Init(); err != nil {
 		return err
 	}
@ -161,13 +145,13 @@ func runMigrateStorage(ctx *cli.Context) error {
 			return nil
 		}
 		dstStorage, err = storage.NewLocalStorage(
-			stdCtx,
+			goCtx,
 			storage.LocalStorageConfig{
 				Path: p,
 			})
 	case string(storage.MinioStorageType):
 		dstStorage, err = storage.NewMinioStorage(
-			stdCtx,
+			goCtx,
 			storage.MinioStorageConfig{
 				Endpoint:        ctx.String("minio-endpoint"),
 				AccessKeyID:     ctx.String("minio-access-key-id"),
@ -178,29 +162,35 @@ func runMigrateStorage(ctx *cli.Context) error {
 				UseSSL:          ctx.Bool("minio-use-ssl"),
 			})
 	default:
-		return fmt.Errorf("unsupported storage type: %s", ctx.String("storage"))
+		return fmt.Errorf("Unsupported storage type: %s", ctx.String("storage"))
 	}
 	if err != nil {
 		return err
 	}
 	migratedMethods := map[string]func(context.Context, storage.ObjectStorage) error{
 		"attachments":    migrateAttachments,
 		"lfs":            migrateLFS,
 		"avatars":        migrateAvatars,
 		"repo-avatars":   migrateRepoAvatars,
 		"repo-archivers": migrateRepoArchivers,
 		"packages":       migratePackages,
 	}
 	tp := strings.ToLower(ctx.String("type"))
-	if m, ok := migratedMethods[tp]; ok {
+	switch tp {
-		if err := m(stdCtx, dstStorage); err != nil {
+	case "attachments":
 		if err := migrateAttachments(dstStorage); err != nil {
 			return err
 		}
-		log.Info("%s files have successfully been copied to the new storage.", tp)
+	case "lfs":
-		return nil
+		if err := migrateLFS(dstStorage); err != nil {
 			return err
 		}
 	case "avatars":
 		if err := migrateAvatars(dstStorage); err != nil {
 			return err
 		}
 	case "repo-avatars":
 		if err := migrateRepoAvatars(dstStorage); err != nil {
 			return err
 		}
 	default:
 		return fmt.Errorf("Unsupported storage: %s", ctx.String("type"))
 	}
-	return fmt.Errorf("unsupported storage: %s", ctx.String("type"))
+	log.Warn("All files have been copied to the new placement but old files are still on the original placement.")
 	return nil
 }
--- a/cmd/migrate_storage_test.go
+++ b/cmd/migrate_storage_test.go
@ -1,74 +0,0 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
 import (
 	"context"
 	"os"
 	"strings"
 	"testing"
 	"code.gitea.io/gitea/models/packages"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
 	packages_module "code.gitea.io/gitea/modules/packages"
 	"code.gitea.io/gitea/modules/storage"
 	packages_service "code.gitea.io/gitea/services/packages"
 	"github.com/stretchr/testify/assert"
 )
 func TestMigratePackages(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	creator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
 	content := "package main\n\nfunc main() {\nfmt.Println(\"hi\")\n}\n"
 	buf, err := packages_module.CreateHashedBufferFromReader(strings.NewReader(content), 1024)
 	assert.NoError(t, err)
 	defer buf.Close()
 	v, f, err := packages_service.CreatePackageAndAddFile(&packages_service.PackageCreationInfo{
 		PackageInfo: packages_service.PackageInfo{
 			Owner:       creator,
 			PackageType: packages.TypeGeneric,
 			Name:        "test",
 			Version:     "1.0.0",
 		},
 		Creator:           creator,
 		SemverCompatible:  true,
 		VersionProperties: map[string]string{},
 	}, &packages_service.PackageFileCreationInfo{
 		PackageFileInfo: packages_service.PackageFileInfo{
 			Filename: "a.go",
 		},
 		Creator: creator,
 		Data:    buf,
 		IsLead:  true,
 	})
 	assert.NoError(t, err)
 	assert.NotNil(t, v)
 	assert.NotNil(t, f)
 	ctx := context.Background()
 	p := t.TempDir()
 	dstStorage, err := storage.NewLocalStorage(
 		ctx,
 		storage.LocalStorageConfig{
 			Path: p,
 		})
 	assert.NoError(t, err)
 	err = migratePackages(ctx, dstStorage)
 	assert.NoError(t, err)
 	entries, err := os.ReadDir(p)
 	assert.NoError(t, err)
 	assert.EqualValues(t, 2, len(entries))
 	assert.EqualValues(t, "01", entries[0].Name())
 	assert.EqualValues(t, "tmp", entries[1].Name())
 }
--- a/cmd/restore_repo.go
+++ b/cmd/restore_repo.go
@ -7,7 +7,6 @@ package cmd
 import (
 	"errors"
 	"net/http"
 	"strings"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/private"
@ -44,10 +43,6 @@ var CmdRestoreRepository = cli.Command{
 			Usage: `Which items will be restored, one or more units should be separated as comma.
 wiki, issues, labels, releases, release_assets, milestones, pull_requests, comments are allowed. Empty means all units.`,
 		},
 		cli.BoolFlag{
 			Name:  "validation",
 			Usage: "Sanity check the content of the files before trying to load them",
 		},
 	},
 }
@ -56,17 +51,13 @@ func runRestoreRepository(c *cli.Context) error {
 	defer cancel()
 	setting.LoadFromExisting()
-	var units []string
+
 	if s := c.String("units"); s != "" {
 		units = strings.Split(s, ",")
 	}
 	statusCode, errStr := private.RestoreRepo(
 		ctx,
 		c.String("repo_dir"),
 		c.String("owner_name"),
 		c.String("repo_name"),
-		units,
+		c.StringSlice("units"),
 		c.Bool("validation"),
 	)
 	if statusCode == http.StatusOK {
 		return nil
--- a/cmd/serv.go
+++ b/cmd/serv.go
@ -6,7 +6,6 @@
 package cmd
 import (
 	"context"
 	"fmt"
 	"net/http"
 	"net/url"
@ -17,8 +16,8 @@ import (
 	"strings"
 	"time"
 	"code.gitea.io/gitea/models"
 	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	git_model "code.gitea.io/gitea/models/git"
 	"code.gitea.io/gitea/models/perm"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/json"
@ -26,7 +25,6 @@ import (
 	"code.gitea.io/gitea/modules/pprof"
 	"code.gitea.io/gitea/modules/private"
 	"code.gitea.io/gitea/modules/process"
 	repo_module "code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/services/lfs"
@ -43,7 +41,7 @@ const (
 var CmdServ = cli.Command{
 	Name:        "serv",
 	Usage:       "This command should only be called by SSH shell",
-	Description: "Serv provides access auth for repositories",
+	Description: `Serv provide access auth for repositories`,
 	Action:      runServ,
 	Flags: []cli.Flag{
 		cli.BoolFlag{
@ -66,21 +64,6 @@ func setup(logPath string, debug bool) {
 	if debug {
 		setting.RunMode = "dev"
 	}
 	// Check if setting.RepoRootPath exists. It could be the case that it doesn't exist, this can happen when
 	// `[repository]` `ROOT` is a relative path and $GITEA_WORK_DIR isn't passed to the SSH connection.
 	if _, err := os.Stat(setting.RepoRootPath); err != nil {
 		if os.IsNotExist(err) {
 			_ = fail("Incorrect configuration, no repository directory.", "Directory `[repository].ROOT` %q was not found, please check if $GITEA_WORK_DIR is passed to the SSH connection or make `[repository].ROOT` an absolute value.", setting.RepoRootPath)
 		} else {
 			_ = fail("Incorrect configuration, repository directory is inaccessible", "Directory `[repository].ROOT` %q is inaccessible. err: %v", setting.RepoRootPath, err)
 		}
 		return
 	}
 	if err := git.InitSimple(context.Background()); err != nil {
 		_ = fail("Failed to init git", "Failed to init git, err: %v", err)
 	}
 }
 var (
@ -96,12 +79,12 @@ var (
 func fail(userMessage, logMessage string, args ...interface{}) error {
 	// There appears to be a chance to cause a zombie process and failure to read the Exit status
 	// if nothing is outputted on stdout.
-	_, _ = fmt.Fprintln(os.Stdout, "")
+	fmt.Fprintln(os.Stdout, "")
-	_, _ = fmt.Fprintln(os.Stderr, "Gitea:", userMessage)
+	fmt.Fprintln(os.Stderr, "Gitea:", userMessage)
 	if len(logMessage) > 0 {
 		if !setting.IsProd {
-			_, _ = fmt.Fprintf(os.Stderr, logMessage+"\n", args...)
+			fmt.Fprintf(os.Stderr, logMessage+"\n", args...)
 		}
 	}
 	ctx, cancel := installSignals()
@ -253,6 +236,17 @@ func runServ(c *cli.Context) error {
 		}
 		return fail("Internal Server Error", "%s", err.Error())
 	}
 	os.Setenv(models.EnvRepoIsWiki, strconv.FormatBool(results.IsWiki))
 	os.Setenv(models.EnvRepoName, results.RepoName)
 	os.Setenv(models.EnvRepoUsername, results.OwnerName)
 	os.Setenv(models.EnvPusherName, results.UserName)
 	os.Setenv(models.EnvPusherEmail, results.UserEmail)
 	os.Setenv(models.EnvPusherID, strconv.FormatInt(results.UserID, 10))
 	os.Setenv(models.EnvRepoID, strconv.FormatInt(results.RepoID, 10))
 	os.Setenv(models.EnvPRID, fmt.Sprintf("%d", 0))
 	os.Setenv(models.EnvDeployKeyID, fmt.Sprintf("%d", results.DeployKeyID))
 	os.Setenv(models.EnvKeyID, fmt.Sprintf("%d", results.KeyID))
 	os.Setenv(models.EnvAppURL, setting.AppURL)
 	// LFS token authentication
 	if verb == lfsAuthenticateVerb {
@ -260,9 +254,10 @@ func runServ(c *cli.Context) error {
 		now := time.Now()
 		claims := lfs.Claims{
-			RegisteredClaims: jwt.RegisteredClaims{
+			// FIXME: we need to migrate to RegisteredClaims
-				ExpiresAt: jwt.NewNumericDate(now.Add(setting.LFS.HTTPAuthExpiry)),
+			StandardClaims: jwt.StandardClaims{ // nolint
-				NotBefore: jwt.NewNumericDate(now),
+				ExpiresAt: now.Add(setting.LFS.HTTPAuthExpiry).Unix(),
 				NotBefore: now.Unix(),
 			},
 			RepoID: results.RepoID,
 			Op:     lfsVerb,
@ -276,7 +271,7 @@ func runServ(c *cli.Context) error {
 			return fail("Internal error", "Failed to sign JWT token: %v", err)
 		}
-		tokenAuthentication := &git_model.LFSTokenResponse{
+		tokenAuthentication := &models.LFSTokenResponse{
 			Header: make(map[string]string),
 			Href:   url,
 		}
@ -303,29 +298,20 @@ func runServ(c *cli.Context) error {
 		gitcmd = exec.CommandContext(ctx, verb, repoPath)
 	}
 	// Check if setting.RepoRootPath exists. It could be the case that it doesn't exist, this can happen when
 	// `[repository]` `ROOT` is a relative path and $GITEA_WORK_DIR isn't passed to the SSH connection.
 	if _, err := os.Stat(setting.RepoRootPath); err != nil {
 		if os.IsNotExist(err) {
 			return fail("Incorrect configuration.",
 				"Directory `[repository]` `ROOT` was not found, please check if $GITEA_WORK_DIR is passed to the SSH connection or make `[repository]` `ROOT` an absolute value.")
 		}
 	}
 	process.SetSysProcAttribute(gitcmd)
 	gitcmd.Dir = setting.RepoRootPath
 	gitcmd.Stdout = os.Stdout
 	gitcmd.Stdin = os.Stdin
 	gitcmd.Stderr = os.Stderr
 	gitcmd.Env = append(gitcmd.Env, os.Environ()...)
 	gitcmd.Env = append(gitcmd.Env,
 		repo_module.EnvRepoIsWiki+"="+strconv.FormatBool(results.IsWiki),
 		repo_module.EnvRepoName+"="+results.RepoName,
 		repo_module.EnvRepoUsername+"="+results.OwnerName,
 		repo_module.EnvPusherName+"="+results.UserName,
 		repo_module.EnvPusherEmail+"="+results.UserEmail,
 		repo_module.EnvPusherID+"="+strconv.FormatInt(results.UserID, 10),
 		repo_module.EnvRepoID+"="+strconv.FormatInt(results.RepoID, 10),
 		repo_module.EnvPRID+"="+fmt.Sprintf("%d", 0),
 		repo_module.EnvDeployKeyID+"="+fmt.Sprintf("%d", results.DeployKeyID),
 		repo_module.EnvKeyID+"="+fmt.Sprintf("%d", results.KeyID),
 		repo_module.EnvAppURL+"="+setting.AppURL,
 	)
 	// to avoid breaking, here only use the minimal environment variables for the "gitea serv" command.
 	// it could be re-considered whether to use the same git.CommonGitCmdEnvs() as "git" command later.
 	gitcmd.Env = append(gitcmd.Env, git.CommonCmdServEnvs()...)
 	if err = gitcmd.Run(); err != nil {
 		return fail("Internal error", "Failed to execute git command: %v", err)
 	}
--- a/cmd/web.go
+++ b/cmd/web.go
@ -16,12 +16,10 @@ import (
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/process"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/routers"
 	"code.gitea.io/gitea/routers/install"
 	"github.com/felixge/fgprof"
 	"github.com/urfave/cli"
 	ini "gopkg.in/ini.v1"
 )
@ -61,9 +59,6 @@ and it takes care of all the other things for you`,
 }
 func runHTTPRedirector() {
 	_, _, finished := process.GetManager().AddTypedContext(graceful.GetManager().HammerContext(), "Web: HTTP Redirector", process.SystemProcessType, true)
 	defer finished()
 	source := fmt.Sprintf("%s:%s", setting.HTTPAddr, setting.PortToRedirect)
 	dest := strings.TrimSuffix(setting.AppURL, "/")
 	log.Info("Redirecting: %s to %s", source, dest)
@ -76,7 +71,8 @@ func runHTTPRedirector() {
 		http.Redirect(w, r, target, http.StatusTemporaryRedirect)
 	})
-	err := runHTTP("tcp", source, "HTTP Redirector", handler, setting.RedirectorUseProxyProtocol)
+	var err = runHTTP("tcp", source, "HTTP Redirector", handler)
 	if err != nil {
 		log.Fatal("Failed to start port redirection: %v", err)
 	}
@ -92,7 +88,7 @@ func runWeb(ctx *cli.Context) error {
 	}
 	defer func() {
 		if panicked := recover(); panicked != nil {
-			log.Fatal("PANIC: %v\n%s", panicked, log.Stack(2))
+			log.Fatal("PANIC: %v\n%s", panicked, string(log.Stack(2)))
 		}
 	}()
@ -126,10 +122,8 @@ func runWeb(ctx *cli.Context) error {
 				return err
 			}
 		}
-		installCtx, cancel := context.WithCancel(graceful.GetManager().HammerContext())
+		c := install.Routes()
 		c := install.Routes(installCtx)
 		err := listen(c, false)
 		cancel()
 		if err != nil {
 			log.Critical("Unable to open listener for installer. Is Gitea already running?")
 			graceful.GetManager().DoGracefulShutdown()
@ -148,12 +142,8 @@ func runWeb(ctx *cli.Context) error {
 	if setting.EnablePprof {
 		go func() {
 			http.DefaultServeMux.Handle("/debug/fgprof", fgprof.Handler())
 			_, _, finished := process.GetManager().AddTypedContext(context.Background(), "Web: PProf Server", process.SystemProcessType, true)
 			// The pprof server is for debug purpose only, it shouldn't be exposed on public network. At the moment it's not worth to introduce a configurable option for it.
 			log.Info("Starting pprof server on localhost:6060")
-			log.Info("Stopped pprof server: %v", http.ListenAndServe("localhost:6060", nil))
+			log.Info("%v", http.ListenAndServe("localhost:6060", nil))
 			finished()
 		}()
 	}
@ -177,7 +167,7 @@ func runWeb(ctx *cli.Context) error {
 	}
 	// Set up Chi routes
-	c := routers.NormalRoutes(graceful.GetManager().HammerContext())
+	c := routers.NormalRoutes()
 	err := listen(c, true)
 	<-graceful.GetManager().Done()
 	log.Info("PID: %d Gitea Web Finished", os.Getpid())
@ -203,7 +193,7 @@ func setPort(port string) error {
 		defaultLocalURL += ":" + setting.HTTPPort + "/"
 		// Save LOCAL_ROOT_URL if port changed
-		setting.CreateOrAppendToCustomConf("server.LOCAL_ROOT_URL", func(cfg *ini.File) {
+		setting.CreateOrAppendToCustomConf(func(cfg *ini.File) {
 			cfg.Section("server").Key("LOCAL_ROOT_URL").SetValue(defaultLocalURL)
 		})
 	}
@ -215,8 +205,6 @@ func listen(m http.Handler, handleRedirector bool) error {
 	if setting.Protocol != setting.HTTPUnix && setting.Protocol != setting.FCGIUnix {
 		listenAddr = net.JoinHostPort(listenAddr, setting.HTTPPort)
 	}
 	_, _, finished := process.GetManager().AddTypedContext(graceful.GetManager().HammerContext(), "Web: Gitea Server", process.SystemProcessType, true)
 	defer finished()
 	log.Info("Listen: %v://%s%s", setting.Protocol, listenAddr, setting.AppSubURL)
 	// This can be useful for users, many users do wrong to their config and get strange behaviors behind a reverse-proxy.
 	// A user may fix the configuration mistake when he sees this log.
@ -233,10 +221,10 @@ func listen(m http.Handler, handleRedirector bool) error {
 		if handleRedirector {
 			NoHTTPRedirector()
 		}
-		err = runHTTP("tcp", listenAddr, "Web", m, setting.UseProxyProtocol)
+		err = runHTTP("tcp", listenAddr, "Web", m)
 	case setting.HTTPS:
-		if setting.EnableAcme {
+		if setting.EnableLetsEncrypt {
-			err = runACME(listenAddr, m)
+			err = runLetsEncrypt(listenAddr, setting.Domain, setting.LetsEncryptDirectory, setting.LetsEncryptEmail, m)
 			break
 		}
 		if handleRedirector {
@ -246,25 +234,26 @@ func listen(m http.Handler, handleRedirector bool) error {
 				NoHTTPRedirector()
 			}
 		}
-		err = runHTTPS("tcp", listenAddr, "Web", setting.CertFile, setting.KeyFile, m, setting.UseProxyProtocol, setting.ProxyProtocolTLSBridging)
+		err = runHTTPS("tcp", listenAddr, "Web", setting.CertFile, setting.KeyFile, m)
 	case setting.FCGI:
 		if handleRedirector {
 			NoHTTPRedirector()
 		}
-		err = runFCGI("tcp", listenAddr, "FCGI Web", m, setting.UseProxyProtocol)
+		err = runFCGI("tcp", listenAddr, "FCGI Web", m)
 	case setting.HTTPUnix:
 		if handleRedirector {
 			NoHTTPRedirector()
 		}
-		err = runHTTP("unix", listenAddr, "Web", m, setting.UseProxyProtocol)
+		err = runHTTP("unix", listenAddr, "Web", m)
 	case setting.FCGIUnix:
 		if handleRedirector {
 			NoHTTPRedirector()
 		}
-		err = runFCGI("unix", listenAddr, "Web", m, setting.UseProxyProtocol)
+		err = runFCGI("unix", listenAddr, "Web", m)
 	default:
 		log.Fatal("Invalid protocol: %s", setting.Protocol)
 	}
 	if err != nil {
 		log.Critical("Failed to start server: %v", err)
 	}
--- a/cmd/web_graceful.go
+++ b/cmd/web_graceful.go
@ -15,8 +15,8 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 )
-func runHTTP(network, listenAddr, name string, m http.Handler, useProxyProtocol bool) error {
+func runHTTP(network, listenAddr, name string, m http.Handler) error {
-	return graceful.HTTPListenAndServe(network, listenAddr, name, m, useProxyProtocol)
+	return graceful.HTTPListenAndServe(network, listenAddr, name, m)
 }
 // NoHTTPRedirector tells our cleanup routine that we will not be using a fallback http redirector
@ -36,7 +36,7 @@ func NoInstallListener() {
 	graceful.GetManager().InformCleanup()
 }
-func runFCGI(network, listenAddr, name string, m http.Handler, useProxyProtocol bool) error {
+func runFCGI(network, listenAddr, name string, m http.Handler) error {
 	// This needs to handle stdin as fcgi point
 	fcgiServer := graceful.NewServer(network, listenAddr, name)
@ -47,7 +47,7 @@ func runFCGI(network, listenAddr, name string, m http.Handler, useProxyProtocol
 			}
 			m.ServeHTTP(resp, req)
 		}))
-	}, useProxyProtocol)
+	})
 	if err != nil {
 		log.Fatal("Failed to start FCGI main server: %v", err)
 	}
--- a/cmd/web_https.go
+++ b/cmd/web_https.go
@ -129,14 +129,14 @@ var (
 	defaultCiphersChaChaFirst = append(defaultCiphersChaCha, defaultCiphersAES...)
 )
-// runHTTPS listens on the provided network address and then calls
+// runHTTPs listens on the provided network address and then calls
 // Serve to handle requests on incoming TLS connections.
 //
 // Filenames containing a certificate and matching private key for the server must
 // be provided. If the certificate is signed by a certificate authority, the
 // certFile should be the concatenation of the server's certificate followed by the
 // CA's certificate.
-func runHTTPS(network, listenAddr, name, certFile, keyFile string, m http.Handler, useProxyProtocol, proxyProtocolTLSBridging bool) error {
+func runHTTPS(network, listenAddr, name, certFile, keyFile string, m http.Handler) error {
 	tlsConfig := &tls.Config{}
 	if tlsConfig.NextProtos == nil {
 		tlsConfig.NextProtos = []string{"h2", "http/1.1"}
@ -184,9 +184,9 @@ func runHTTPS(network, listenAddr, name, certFile, keyFile string, m http.Handle
 		return err
 	}
-	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m, useProxyProtocol, proxyProtocolTLSBridging)
+	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m)
 }
-func runHTTPSWithTLSConfig(network, listenAddr, name string, tlsConfig *tls.Config, m http.Handler, useProxyProtocol, proxyProtocolTLSBridging bool) error {
+func runHTTPSWithTLSConfig(network, listenAddr, name string, tlsConfig *tls.Config, m http.Handler) error {
-	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m, useProxyProtocol, proxyProtocolTLSBridging)
+	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m)
 }
--- a/cmd/web_letsencrypt.go
+++ b/cmd/web_letsencrypt.go
@ -5,41 +5,19 @@
 package cmd
 import (
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
 	"net/http"
 	"os"
 	"strconv"
 	"strings"
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/process"
 	"code.gitea.io/gitea/modules/setting"
 	"github.com/caddyserver/certmagic"
 )
-func getCARoot(path string) (*x509.CertPool, error) {
+func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler) error {
 	r, err := os.ReadFile(path)
 	if err != nil {
 		return nil, err
 	}
 	block, _ := pem.Decode(r)
 	if block == nil {
 		return nil, fmt.Errorf("no PEM found in the file %s", path)
 	}
 	caRoot, err := x509.ParseCertificate(block.Bytes)
 	if err != nil {
 		return nil, err
 	}
 	certPool := x509.NewCertPool()
 	certPool.AddCert(caRoot)
 	return certPool, nil
 }
 func runACME(listenAddr string, m http.Handler) error {
 	// If HTTP Challenge enabled, needs to be serving on port 80. For TLSALPN needs 443.
 	// Due to docker port mapping this can't be checked programmatically
 	// TODO: these are placeholders until we add options for each in settings with appropriate warning
@ -56,21 +34,10 @@ func runACME(listenAddr string, m http.Handler) error {
 	}
 	magic := certmagic.NewDefault()
-	magic.Storage = &certmagic.FileStorage{Path: setting.AcmeLiveDirectory}
+	magic.Storage = &certmagic.FileStorage{Path: directory}
-	// Try to use private CA root if provided, otherwise defaults to system's trust
+	myACME := certmagic.NewACMEManager(magic, certmagic.ACMEManager{
-	var certPool *x509.CertPool
+		Email:                   email,
-	if setting.AcmeCARoot != "" {
+		Agreed:                  setting.LetsEncryptTOS,
 		var err error
 		certPool, err = getCARoot(setting.AcmeCARoot)
 		if err != nil {
 			log.Warn("Failed to parse CA Root certificate, using default CA trust: %v", err)
 		}
 	}
 	myACME := certmagic.NewACMEIssuer(magic, certmagic.ACMEIssuer{
 		CA:                      setting.AcmeURL,
 		TrustedRoots:            certPool,
 		Email:                   setting.AcmeEmail,
 		Agreed:                  setting.AcmeTOS,
 		DisableHTTPChallenge:    !enableHTTPChallenge,
 		DisableTLSALPNChallenge: !enableTLSALPNChallenge,
 		ListenHost:              setting.HTTPAddr,
@ -81,7 +48,7 @@ func runACME(listenAddr string, m http.Handler) error {
 	magic.Issuers = []certmagic.Issuer{myACME}
 	// this obtains certificates or renews them if necessary
-	err := magic.ManageSync(graceful.GetManager().HammerContext(), []string{setting.Domain})
+	err := magic.ManageSync(graceful.GetManager().HammerContext(), []string{domain})
 	if err != nil {
 		return err
 	}
@ -108,19 +75,16 @@ func runACME(listenAddr string, m http.Handler) error {
 	if enableHTTPChallenge {
 		go func() {
 			_, _, finished := process.GetManager().AddTypedContext(graceful.GetManager().HammerContext(), "Web: ACME HTTP challenge server", process.SystemProcessType, true)
 			defer finished()
 			log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
 			// all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
-			err := runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, "Let's Encrypt HTTP Challenge", myACME.HTTPChallengeHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)), setting.RedirectorUseProxyProtocol)
+			var err = runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, "Let's Encrypt HTTP Challenge", myACME.HTTPChallengeHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)))
 			if err != nil {
 				log.Fatal("Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
 			}
 		}()
 	}
-	return runHTTPSWithTLSConfig("tcp", listenAddr, "Web", tlsConfig, m, setting.UseProxyProtocol, setting.ProxyProtocolTLSBridging)
+	return runHTTPSWithTLSConfig("tcp", listenAddr, "Web", tlsConfig, m)
 }
 func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {
@ -132,5 +96,5 @@ func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {
 	// URI always contains a leading slash, which would result in a double
 	// slash
 	target := strings.TrimSuffix(setting.AppURL, "/") + r.URL.RequestURI()
-	http.Redirect(w, r, target, http.StatusTemporaryRedirect)
+	http.Redirect(w, r, target, http.StatusFound)
 }
--- a/contrib/fixtures/fixture_generation.go
+++ b/contrib/fixtures/fixture_generation.go
@ -66,7 +66,7 @@ func generate(name string) error {
 				return err
 			}
 			path := filepath.Join(fixturesDir, name+".yml")
-			if err := os.WriteFile(path, []byte(data), 0o644); err != nil {
+			if err := os.WriteFile(path, []byte(data), 0644); err != nil {
 				return fmt.Errorf("%s: %+v", path, err)
 			}
 			fmt.Printf("%s created.\n", path)
--- a/contrib/ide/vscode/launch.json
+++ b/contrib/ide/vscode/launch.json
@ -7,10 +7,10 @@
      "request": "launch",
      "mode": "debug",
      "buildFlags": "",
      "port": 2345,
      "host": "127.0.0.1",
      "program": "${workspaceRoot}/main.go",
-      "env": {
+      "env": {},
        "GITEA_WORK_DIR": "${workspaceRoot}",
      },
      "args": ["web"],
      "showLog": true
    },
@ -20,10 +20,10 @@
      "request": "launch",
      "mode": "debug",
      "buildFlags": "-tags='sqlite sqlite_unlock_notify'",
      "port": 2345,
      "host": "127.0.0.1",
      "program": "${workspaceRoot}/main.go",
-      "env": {
+      "env": {},
        "GITEA_WORK_DIR": "${workspaceRoot}",
      },
      "args": ["web"],
      "showLog": true
    }
--- a/contrib/init/gentoo/gitea
+++ b/contrib/init/gentoo/gitea
@ -2,43 +2,14 @@
 DIR=/var/lib/gitea
 USER=git
 HOME=/home/${USER}
 GITEA_WORK_DIR=${DIR}
 EXECUTABLE=/usr/local/bin/gitea
 export USER
 export HOME
 export GITEA_WORK_DIR
 name=$RC_SVCNAME
 cfgfile="/etc/$RC_SVCNAME/app.ini"
 command="${EXECUTABLE}"
 command_user="${USER}"
 command_args="web -c /etc/$RC_SVCNAME/app.ini"
 command_background="yes"
 pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid"
 start_stop_daemon_args="--user ${USER} --chdir ${DIR}"
 command="/usr/local/bin/gitea"
 command_args="web -c /etc/gitea/app.ini"
 command_background=yes
 pidfile=/run/gitea.pid
 depend()
 {
    need net
    ###
    # Don't forget to add the database service requirements
    ###
    #after postgresql
    #after mysql
    #after mariadb
    #after memcached
    #after redis
 }
 start_pre()
 {
        checkpath --directory --owner $command_user:$command_user --mode 0750 \
                /run/$RC_SVCNAME /var/log/$RC_SVCNAME
        ##
        # If you want to bind Gitea to a port below 1024, uncomment
        # the value below
        ##
        #setcap cap_net_bind_service=+ep "${EXECUTABLE}"
 }
--- a/contrib/init/openwrt/gitea
+++ b/contrib/init/openwrt/gitea
@ -1,35 +0,0 @@
 #!/bin/sh /etc/rc.common
 USE_PROCD=1
 # PROCD_DEBUG=1
 START=90
 STOP=10
 PROG=/opt/gitea/gitea
 GITEA_WORK_DIR=/opt/gitea
 CONF_FILE=$GITEA_WORK_DIR/app.ini
 start_service(){
    procd_open_instance gitea
    procd_set_param env GITEA_WORK_DIR=$GITEA_WORK_DIR
    procd_set_param env HOME=$GITEA_WORK_DIR
    procd_set_param command $PROG web -c $CONF_FILE
    procd_set_param file $CONF_FILE
    procd_set_param user git
    procd_set_param respawn ${respawn_threshold:-3600} ${respawn_timeout:-5} ${respawn_retry:-5} # respawn automatically if something died, be careful if you have an alternative process supervisor
    procd_close_instance
 }
 start(){
    service_start $PROG
 }
 stop(){
    service_stop $PROG
 }
 reload(){
    service_reload $PROG
 }
--- a/contrib/pr/checkout.go
+++ b/contrib/pr/checkout.go
@ -14,6 +14,7 @@ import (
 	"fmt"
 	"log"
 	"net/http"
 	"net/url"
 	"os"
 	"os/exec"
 	"os/user"
@ -23,17 +24,15 @@ import (
 	"strconv"
 	"time"
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/unittest"
 	gitea_git "code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/markup"
 	"code.gitea.io/gitea/modules/markup/external"
 	repo_module "code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/routers"
 	markup_service "code.gitea.io/gitea/services/markup"
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/config"
@ -62,7 +61,11 @@ func runPR() {
 	}
 	setting.AppWorkPath = curDir
 	setting.StaticRootPath = curDir
-	setting.GravatarSource = "https://secure.gravatar.com/avatar/"
+	setting.GravatarSourceURL, err = url.Parse("https://secure.gravatar.com/avatar/")
 	if err != nil {
 		log.Fatalf("url.Parse: %v\n", err)
 	}
 	setting.AppURL = "http://localhost:8080/"
 	setting.HTTPPort = "8080"
 	setting.SSH.Domain = "localhost"
@ -77,6 +80,7 @@ func runPR() {
 	setting.RunUser = curUser.Username
 	log.Printf("[PR] Loading fixtures data ...\n")
 	gitea_git.CheckLFSVersion()
 	//models.LoadConfigs()
 	/*
 		setting.Database.Type = "sqlite3"
@ -89,13 +93,13 @@ func runPR() {
 	routers.InitGitServices()
 	setting.Database.LogSQL = true
-	// x, err = xorm.NewEngine("sqlite3", "file::memory:?cache=shared")
+	//x, err = xorm.NewEngine("sqlite3", "file::memory:?cache=shared")
 	db.InitEngineWithMigration(context.Background(), func(_ *xorm.Engine) error {
 		return nil
 	})
 	db.HasEngine = true
-	// x.ShowSQL(true)
+	//x.ShowSQL(true)
 	err = unittest.InitFixtures(
 		unittest.FixturesOptions{
 			Dir: path.Join(curDir, "models/fixtures/"),
@ -107,14 +111,14 @@ func runPR() {
 	}
 	unittest.LoadFixtures()
 	util.RemoveAll(setting.RepoRootPath)
-	util.RemoveAll(repo_module.LocalCopyPath())
+	util.RemoveAll(models.LocalCopyPath())
-	unittest.CopyDir(path.Join(curDir, "tests/gitea-repositories-meta"), setting.RepoRootPath)
+	util.CopyDir(path.Join(curDir, "integrations/gitea-repositories-meta"), setting.RepoRootPath)
 	log.Printf("[PR] Setting up router\n")
-	// routers.GlobalInit()
+	//routers.GlobalInit()
 	external.RegisterRenderers()
-	markup.Init(markup_service.ProcessorHelper())
+	markup.Init()
-	c := routers.NormalRoutes(graceful.GetManager().HammerContext())
+	c := routers.NormalRoutes()
 	log.Printf("[PR] Ready for testing !\n")
 	log.Printf("[PR] Login with user1, user2, user3, ... with pass: password\n")
@ -133,7 +137,7 @@ func runPR() {
 		}
 	*/
-	// Start the server
+	//Start the server
 	http.ListenAndServe(":8080", c)
 	log.Printf("[PR] Cleaning up ...\n")
@ -156,7 +160,7 @@ func runPR() {
 }
 func main() {
-	runPRFlag := flag.Bool("run", false, "Run the PR code")
+	var runPRFlag = flag.Bool("run", false, "Run the PR code")
 	flag.Parse()
 	if *runPRFlag {
 		runPR()
@ -169,15 +173,15 @@ func main() {
 		force = false
 	}
-	// Otherwise checkout PR
+	//Otherwise checkout PR
 	if len(os.Args) != 2 {
 		log.Fatal("Need only one arg: the PR number")
 	}
 	pr := os.Args[1]
-	codeFilePath = filepath.FromSlash(codeFilePath) // Convert to running OS
+	codeFilePath = filepath.FromSlash(codeFilePath) //Convert to running OS
-	// Copy this file if it will not exist in the PR branch
+	//Copy this file if it will not exist in the PR branch
 	dat, err := os.ReadFile(codeFilePath)
 	if err != nil {
 		log.Fatalf("Failed to cache this code file : %v", err)
@ -188,16 +192,16 @@ func main() {
 		log.Fatalf("Failed to open the repo : %v", err)
 	}
-	// Find remote upstream
+	//Find remote upstream
 	remotes, err := repo.Remotes()
 	if err != nil {
 		log.Fatalf("Failed to list remotes of repo : %v", err)
 	}
-	remoteUpstream := "origin" // Default
+	remoteUpstream := "origin" //Default
 	for _, r := range remotes {
 		if r.Config().URLs[0] == "https://github.com/go-gitea/gitea.git" ||
 			r.Config().URLs[0] == "https://github.com/go-gitea/gitea" ||
-			r.Config().URLs[0] == "git@github.com:go-gitea/gitea.git" { // fetch at index 0
+			r.Config().URLs[0] == "git@github.com:go-gitea/gitea.git" { //fetch at index 0
 			remoteUpstream = r.Config().Name
 			break
 		}
@ -208,7 +212,7 @@ func main() {
 	log.Printf("Fetching PR #%s in %s\n", pr, branch)
 	if runtime.GOOS == "windows" {
-		// Use git cli command for windows
+		//Use git cli command for windows
 		runCmd("git", "fetch", remoteUpstream, fmt.Sprintf("pull/%s/head:%s", pr, branch))
 	} else {
 		ref := fmt.Sprintf("%s%s/head:%s", gitea_git.PullPrefix, pr, branchRef)
@ -236,23 +240,22 @@ func main() {
 		log.Fatalf("Failed to checkout %s : %v", branch, err)
 	}
-	// Copy this file if not exist
+	//Copy this file if not exist
 	if _, err := os.Stat(codeFilePath); os.IsNotExist(err) {
-		err = os.MkdirAll(filepath.Dir(codeFilePath), 0o755)
+		err = os.MkdirAll(filepath.Dir(codeFilePath), 0755)
 		if err != nil {
 			log.Fatalf("Failed to duplicate this code file in PR : %v", err)
 		}
-		err = os.WriteFile(codeFilePath, dat, 0o644)
+		err = os.WriteFile(codeFilePath, dat, 0644)
 		if err != nil {
 			log.Fatalf("Failed to duplicate this code file in PR : %v", err)
 		}
 	}
-	// Force build of js, css, bin, ...
+	//Force build of js, css, bin, ...
 	runCmd("make", "build")
-	// Start with integration test
+	//Start with integration test
 	runCmd("go", "run", "-mod", "vendor", "-tags", "sqlite sqlite_unlock_notify", codeFilePath, "-run")
 }
 func runCmd(cmd ...string) {
 	log.Printf("Executing : %s ...\n", cmd)
 	c := exec.Command(cmd[0], cmd[1:]...)
--- a/contrib/systemd/gitea.service
+++ b/contrib/systemd/gitea.service
@ -49,8 +49,12 @@ After=network.target
 ###
 [Service]
-# Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that
+# Modify these two values and uncomment them if you have
-# LimitNOFILE=524288:524288
+# repos with lots of files and get an HTTP error 500 because
 # of that
 ###
 #LimitMEMLOCK=infinity
 #LimitNOFILE=65535
 RestartSec=2s
 Type=simple
 User=git
@ -74,13 +78,6 @@ Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
 #CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 #AmbientCapabilities=CAP_NET_BIND_SERVICE
 ###
 # In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to
 # set the following value to false to allow capabilities to be applied on gitea process. The following
 # value if set to true sandboxes gitea service and prevent any processes from running with privileges
 # in the host user namespace.
 ###
 #PrivateUsers=false
 ###
 [Install]
 WantedBy=multi-user.target
--- a/contrib/update_dependencies.sh
+++ b/contrib/update_dependencies.sh
@ -4,5 +4,5 @@ grep 'git' go.mod | grep '\.com' | grep -v indirect | grep -v replace | cut -f 2
  go get -u "$line"
  make vendor
  git add .
-  git commit -m "update $line"
+  git commit -S -m "update $line"
 done
--- a/contrib/upgrade.sh
+++ b/contrib/upgrade.sh
@ -1,126 +0,0 @@
 #!/usr/bin/env bash
 # This is an update script for gitea installed via the binary distribution
 # from dl.gitea.io on linux as systemd service. It performs a backup and updates
 # Gitea in place.
 # NOTE: This adds the GPG Signing Key of the Gitea maintainers to the keyring.
 # Depends on: bash, curl, xz, sha256sum. optionally jq, gpg
 #   See section below for available environment vars.
 #   When no version is specified, updates to the latest release.
 # Examples:
 #   upgrade.sh 1.15.10
 #   giteahome=/opt/gitea giteaconf=$giteahome/app.ini upgrade.sh
 # apply variables from environment
 : "${giteabin:="/usr/local/bin/gitea"}"
 : "${giteahome:="/var/lib/gitea"}"
 : "${giteaconf:="/etc/gitea/app.ini"}"
 : "${giteauser:="git"}"
 : "${sudocmd:="sudo"}"
 : "${arch:="linux-amd64"}"
 : "${service_start:="$sudocmd systemctl start gitea"}"
 : "${service_stop:="$sudocmd systemctl stop gitea"}"
 : "${service_status:="$sudocmd systemctl status gitea"}"
 : "${backupopts:=""}" # see `gitea dump --help` for available options
 function giteacmd {
  if [[ $sudocmd = "su" ]]; then
    # `-c` only accept one string as argument.
    "$sudocmd" - "$giteauser" -c "$(printf "%q " "$giteabin" "--config" "$giteaconf" "--work-path" "$giteahome" "$@")"
  else
    "$sudocmd" --user "$giteauser" "$giteabin" --config "$giteaconf" --work-path "$giteahome" "$@"
  fi
 }
 function require {
  for exe in "$@"; do
    command -v "$exe" &>/dev/null || (echo "missing dependency '$exe'"; exit 1)
  done
 }
 # parse command line arguments
 while true; do
  case "$1" in
    -v | --version ) giteaversion="$2"; shift 2 ;;
    -y | --yes ) no_confirm="yes"; shift ;;
    --ignore-gpg) ignore_gpg="yes"; shift ;;
    "" | -- ) shift; break ;;
    * ) echo "Usage:  [<environment vars>] upgrade.sh [-v <version>] [-y] [--ignore-gpg]"; exit 1;; 
  esac
 done
 # exit once any command fails. this means that each step should be idempotent!
 set -euo pipefail
 if [[ -f /etc/os-release ]]; then
  os_release=$(cat /etc/os-release)
  if [[ "$os_release" =~ "OpenWrt" ]]; then
    sudocmd="su"
    service_start="/etc/init.d/gitea start"
    service_stop="/etc/init.d/gitea stop"
    service_status="/etc/init.d/gitea status"
  else
    require systemctl
  fi
 fi
 require curl xz sha256sum "$sudocmd"
 # select version to install
 if [[ -z "${giteaversion:-}" ]]; then
  require jq
  giteaversion=$(curl --connect-timeout 10 -sL https://dl.gitea.io/gitea/version.json | jq -r .latest.version)
  echo "Latest available version is $giteaversion"
 fi
 # confirm update
 echo "Checking currently installed version..."
 current=$(giteacmd --version | cut -d ' ' -f 3)
 [[ "$current" == "$giteaversion" ]] && echo "$current is already installed, stopping." && exit 1
 if [[ -z "${no_confirm:-}"  ]]; then
  echo "Make sure to read the changelog first: https://github.com/go-gitea/gitea/blob/main/CHANGELOG.md"
  echo "Are you ready to update Gitea from ${current} to ${giteaversion}? (y/N)"
  read -r confirm
  [[ "$confirm" == "y" ]] || [[ "$confirm" == "Y" ]] || exit 1
 fi
 echo "Upgrading gitea from $current to $giteaversion ..."
 pushd "$(pwd)" &>/dev/null
 cd "$giteahome" # needed for gitea dump later
 # download new binary
 binname="gitea-${giteaversion}-${arch}"
 binurl="https://dl.gitea.io/gitea/${giteaversion}/${binname}.xz"
 echo "Downloading $binurl..."
 curl --connect-timeout 10 --silent --show-error --fail --location -O "$binurl{,.sha256,.asc}"
 # validate checksum & gpg signature
 sha256sum -c "${binname}.xz.sha256"
 if [[ -z "${ignore_gpg:-}" ]]; then
  require gpg
  gpg --keyserver keys.openpgp.org --recv 7C9E68152594688862D62AF62D9AE806EC1592E2
  gpg --verify "${binname}.xz.asc" "${binname}.xz" || { echo 'Signature does not match'; exit 1; }
 fi
 rm "${binname}".xz.{sha256,asc}
 # unpack binary + make executable
 xz --decompress --force "${binname}.xz"
 chown "$giteauser" "$binname"
 chmod +x "$binname"
 # stop gitea, create backup, replace binary, restart gitea
 echo "Flushing gitea queues at $(date)"
 giteacmd manager flush-queues
 echo "Stopping gitea at $(date)"
 $service_stop
 echo "Creating backup in $giteahome"
 giteacmd dump $backupopts
 echo "Updating binary at $giteabin"
 cp -f "$giteabin" "$giteabin.bak" && mv -f "$binname" "$giteabin"
 $service_start
 $service_status
 echo "Upgrade to $giteaversion successful!"
 popd
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@ -29,18 +29,6 @@ RUN_MODE = ; prod
 ;; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'. Defaults to 'http'
 ;PROTOCOL = http
 ;;
 ;; Expect PROXY protocol headers on connections
 ;USE_PROXY_PROTOCOL = false
 ;;
 ;; Use PROXY protocol in TLS Bridging mode
 ;PROXY_PROTOCOL_TLS_BRIDGING = false
 ;;
 ; Timeout to wait for PROXY protocol header (set to 0 to have no timeout)
 ;PROXY_PROTOCOL_HEADER_TIMEOUT=5s
 ;;
 ; Accept PROXY protocol headers with UNKNOWN type
 ;PROXY_PROTOCOL_ACCEPT_UNKNOWN=false
 ;;
 ;; Set the domain for the server
 ;DOMAIN = localhost
 ;;
@ -63,8 +51,6 @@ RUN_MODE = ; prod
 ;REDIRECT_OTHER_PORT = false
 ;PORT_TO_REDIRECT = 80
 ;;
 ;; expect PROXY protocol header on connections to https redirector.
 ;REDIRECTOR_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL)
 ;; Minimum and maximum supported TLS versions
 ;SSL_MIN_VERSION=TLSv1.2
 ;SSL_MAX_VERSION=
@ -75,7 +61,7 @@ RUN_MODE = ; prod
 ;; SSL Cipher Suites
 ;SSL_CIPHER_SUITES=; Will default to "ecdhe_ecdsa_with_aes_256_gcm_sha384,ecdhe_rsa_with_aes_256_gcm_sha384,ecdhe_ecdsa_with_aes_128_gcm_sha256,ecdhe_rsa_with_aes_128_gcm_sha256,ecdhe_ecdsa_with_chacha20_poly1305,ecdhe_rsa_with_chacha20_poly1305" if aes is supported by hardware, otherwise chacha will be first.
 ;;
-;; Timeout for any write to the connection. (Set to -1 to disable all timeouts.)
+;; Timeout for any write to the connection. (Set to 0 to disable all timeouts.)
 ;PER_WRITE_TIMEOUT = 30s
 ;;
 ;; Timeout per Kb written to connections.
@ -90,27 +76,18 @@ RUN_MODE = ; prod
 ;; Do not set this variable if PROTOCOL is set to 'unix'.
 ;LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
 ;;
 ;; When making local connections pass the PROXY protocol header.
 ;LOCAL_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL)
 ;;
 ;; Disable SSH feature when not available
 ;DISABLE_SSH = false
 ;;
 ;; Whether to use the builtin SSH server or not.
 ;START_SSH_SERVER = false
 ;;
 ;; Expect PROXY protocol header on connections to the built-in SSH server
 ;SSH_SERVER_USE_PROXY_PROTOCOL = false
 ;;
 ;; Username to use for the builtin SSH server. If blank, then it is the value of RUN_USER.
-;BUILTIN_SSH_SERVER_USER = %(RUN_USER)s
+;BUILTIN_SSH_SERVER_USER =
 ;;
 ;; Domain name to be exposed in clone URL
 ;SSH_DOMAIN = %(DOMAIN)s
 ;;
 ;; SSH username displayed in clone URLs.
 ;SSH_USER = %(BUILTIN_SSH_SERVER_USER)s
 ;;
 ;; The network interface the builtin SSH server should listen on
 ;SSH_LISTEN_HOST =
 ;;
@ -133,15 +110,15 @@ RUN_MODE = ; prod
 ;;
 ;; For the built-in SSH server, choose the ciphers to support for SSH connections,
 ;; for system SSH this setting has no effect
-;SSH_SERVER_CIPHERS = chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com
+;SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
 ;;
 ;; For the built-in SSH server, choose the key exchange algorithms to support for SSH connections,
 ;; for system SSH this setting has no effect
-;SSH_SERVER_KEY_EXCHANGES = curve25519-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1
+;SSH_SERVER_KEY_EXCHANGES = diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org
 ;;
 ;; For the built-in SSH server, choose the MACs to support for SSH connections,
 ;; for system SSH this setting has no effect
-;SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1
+;SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96
 ;;
 ;; For the built-in SSH server, choose the keypair to offer as the host key
 ;; The private key should be at SSH_SERVER_HOST_KEY and the public SSH_SERVER_HOST_KEY.pub
@ -183,7 +160,7 @@ RUN_MODE = ; prod
 ;; Enable exposure of SSH clone URL to anonymous visitors, default is false
 ;SSH_EXPOSE_ANONYMOUS = false
 ;;
-;; Timeout for any write to ssh connections. (Set to -1 to disable all timeouts.)
+;; Timeout for any write to ssh connections. (Set to 0 to disable all timeouts.)
 ;; Will default to the PER_WRITE_TIMEOUT.
 ;SSH_PER_WRITE_TIMEOUT = 30s
 ;;
@ -198,36 +175,6 @@ RUN_MODE = ; prod
 ;OFFLINE_MODE = false
 ;DISABLE_ROUTER_LOG = false
 ;;
 ;; TLS Settings: Either ACME or manual
 ;; (Other common TLS configuration are found before)
 ;ENABLE_ACME = false
 ;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; ACME automatic TLS settings
 ;;
 ;; ACME directory URL (e.g. LetsEncrypt's staging/testing URL: https://acme-staging-v02.api.letsencrypt.org/directory)
 ;; Leave empty to default to LetsEncrypt's (production) URL
 ;ACME_URL =
 ;;
 ;; Explicitly accept the ACME's TOS. The specific TOS cannot be retrieved at the moment.
 ;ACME_ACCEPTTOS = false
 ;;
 ;; If the ACME CA is not in your system's CA trust chain, it can be manually added here
 ;ACME_CA_ROOT =
 ;;
 ;; Email used for the ACME registration service
 ;; Can be left blank to initialize at first run and use the cached value
 ;ACME_EMAIL =
 ;;
 ;; ACME live directory (not to be confused with ACME directory URL: ACME_URL)
 ;; (Refer to caddy's ACME manager https://github.com/caddyserver/certmagic)
 ;ACME_DIRECTORY = https
 ;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;;  Manual TLS settings: (Only applicable if ENABLE_ACME=false)
 ;;
 ;; Generate steps:
 ;; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com
 ;;
@ -257,13 +204,15 @@ RUN_MODE = ; prod
 ;; PPROF_DATA_PATH, use an absolute path when you start gitea as service
 ;PPROF_DATA_PATH = data/tmp/pprof
 ;;
-;; Landing page, can be "home", "explore", "organizations", "login", or any URL such as "/org/repo" or even "https://anotherwebsite.com"
+;; Landing page, can be "home", "explore", "organizations" or "login"
 ;; The "login" choice is not a security measure but just a UI flow change, use REQUIRE_SIGNIN_VIEW to force users to log in.
 ;LANDING_PAGE = home
 ;;
 ;; Enables git-lfs support. true or false, default is false.
 ;LFS_START_SERVER = false
 ;;
 ;; Where your lfs files reside, default is data/lfs.
 ;LFS_CONTENT_PATH = data/lfs
 ;;
 ;; LFS authentication secret, change this yourself
 LFS_JWT_SECRET =
@ -333,7 +282,6 @@ USER = root
 ;DB_TYPE = sqlite3
 ;PATH= ; defaults to data/gitea.db
 ;SQLITE_TIMEOUT = ; Query timeout defaults to: 500
 ;SQLITE_JOURNAL_MODE = ; defaults to sqlite database default (often DELETE), can be used to enable WAL mode. https://www.sqlite.org/pragma.html#pragma_journal_mode
 ;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
@ -379,19 +327,14 @@ LOG_SQL = false ; if unset defaults to true
 ;; Whether the installer is disabled (set to true to disable the installer)
 INSTALL_LOCK = false
 ;;
-;; Global secret key that will be used
+;; Global secret key that will be used - if blank will be regenerated.
 ;; This key is VERY IMPORTANT. If you lose it, the data encrypted by it (like 2FA secret) can't be decrypted anymore.
 SECRET_KEY =
 ;;
 ;; Alternative location to specify secret key, instead of this file; you cannot specify both this and SECRET_KEY, and must pick one
 ;; This key is VERY IMPORTANT. If you lose it, the data encrypted by it (like 2FA secret) can't be decrypted anymore.
 ;SECRET_KEY_URI = file:/etc/gitea/secret_key
 ;;
 ;; Secret used to validate communication within Gitea binary.
 INTERNAL_TOKEN=
 ;;
-;; Alternative location to specify internal token, instead of this file; you cannot specify both this and INTERNAL_TOKEN, and must pick one
+;; Instead of defining internal token in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: file:/etc/gitea/internal_token)
-;INTERNAL_TOKEN_URI = file:/etc/gitea/internal_token
+;INTERNAL_TOKEN_URI = ;e.g. /etc/gitea/internal_token
 ;;
 ;; How long to remember that a user is logged in before requiring relogin (in days)
 ;LOGIN_REMEMBER_DAYS = 7
@ -402,10 +345,9 @@ INTERNAL_TOKEN=
 ;; Name of cookie used to store authentication information.
 ;COOKIE_REMEMBER_NAME = gitea_incredible
 ;;
-;; Reverse proxy authentication header name of user name, email, and full name
+;; Reverse proxy authentication header name of user name and email
 ;REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
 ;REVERSE_PROXY_AUTHENTICATION_EMAIL = X-WEBAUTH-EMAIL
 ;REVERSE_PROXY_AUTHENTICATION_FULL_NAME = X-WEBAUTH-FULLNAME
 ;;
 ;; Interpret X-Forwarded-For header or the X-Real-IP header and set this as the remote IP for the request
 ;REVERSE_PROXY_LIMIT = 1
@ -425,7 +367,6 @@ INTERNAL_TOKEN=
 ;; By modifying the Gitea database, users can gain Gitea administrator privileges.
 ;; It also enables them to access other resources available to the user on the operating system that is running the Gitea instance and perform arbitrary actions in the name of the Gitea OS user.
 ;; WARNING: This maybe harmful to you website or your operating system.
 ;; WARNING: Setting this to true does not change existing hooks in git repos; adjust it before if necessary.
 ;DISABLE_GIT_HOOKS = true
 ;;
 ;; Set to true to disable webhooks feature.
@ -452,23 +393,6 @@ INTERNAL_TOKEN=
 ;; This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security.
 ;SUCCESSFUL_TOKENS_CACHE_SIZE = 20
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 [camo]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; At the moment we only support images
 ;;
 ;; if the camo is enabled
 ;ENABLED = false
 ;; url to a camo image proxy, it **is required** if camo is enabled.
 ;SERVER_URL =
 ;; HMAC to encode urls with, it **is required** if camo is enabled.
 ;HMAC_KEY =
 ;; Set to true to use camo for https too lese only non https urls are proxyed
 ;ALLWAYS = false
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 [oauth2]
@ -502,6 +426,20 @@ ENABLE = true
 ;; Maximum length of oauth2 token/cookie stored on server
 ;MAX_TOKEN_LENGTH = 32767
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 [U2F]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; NOTE: THE DEFAULT VALUES HERE WILL NEED TO BE CHANGED
 ;; Two Factor authentication with security keys
 ;; https://developers.yubico.com/U2F/App_ID.html
 ;;
 ;; DEPRECATED - this only applies to previously registered security keys using the U2F standard
 APP_ID = ; e.g. http://localhost:3000/
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 [log]
@ -517,35 +455,26 @@ ENABLE = true
 ;; Use comma to separate multiple modes, e.g. "console, file"
 MODE = console
 ;;
-;; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical" or "None", default is "Info"
+;; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
 LEVEL = Info
 ;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Router Logger
 ;;
 ;; Switch off the router log
-;DISABLE_ROUTER_LOG=false
+;DISABLE_ROUTER_LOG= ; false
 ;;
 ;; Set the log "modes" for the router log (if file is set the log file will default to router.log)
 ROUTER = console
 ;;
-;; The router will log different things at different levels.
+;; The level at which the router logs
 ;ROUTER_LOG_LEVEL = Info
 ;;
 ;; * started messages will be logged at TRACE level
 ;; * polling/completed routers will be logged at INFO
 ;; * slow routers will be logged at WARN
 ;; * failed routers will be logged at WARN
 ;;
 ;; The routing level will default to that of the system but individual router level can be set in
 ;; [log.<mode>.router] LEVEL
 ;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; Access Logger (Creates log in NCSA common log format)
 ;;
 ;ENABLE_ACCESS_LOG = false
 ;;
 ;; Set the log "modes" for the access log (if file is set the log file will default to access.log)
 ;ACCESS = file
 ;;
@ -630,10 +559,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; The path of git executable. If empty, Gitea searches through the PATH environment.
-;PATH =
+PATH =
 ;;
 ;; The HOME directory for Git
 ;HOME_PATH = %(APP_DATA_PATH)/home
 ;;
 ;; Disables highlight of added and removed changes
 ;DISABLE_DIFF_HIGHLIGHT = false
@ -658,7 +584,6 @@ ROUTER = console
 ;GC_ARGS =
 ;;
 ;; If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1
 ;; To enable this for Git over SSH when using a OpenSSH server, add `AcceptEnv GIT_PROTOCOL` to your sshd_config file.
 ;ENABLE_AUTO_GIT_WIRE_PROTOCOL = true
 ;;
 ;; Respond to pushes to a non-default branch with a URL for creating a Pull Request (if the repository has them enabled)
@ -720,16 +645,13 @@ ROUTER = console
 ;ENABLE_REVERSE_PROXY_AUTHENTICATION = false
 ;ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
 ;ENABLE_REVERSE_PROXY_EMAIL = false
 ;ENABLE_REVERSE_PROXY_FULL_NAME = false
 ;;
 ;; Enable captcha validation for registration
 ;ENABLE_CAPTCHA = false
 ;;
-;; Type of captcha you want to use. Options: image, recaptcha, hcaptcha, mcaptcha.
+;; Type of captcha you want to use. Options: image, recaptcha, hcaptcha
 ;CAPTCHA_TYPE = image
 ;;
 ;; Change this to use recaptcha.net or other recaptcha service
 ;RECAPTCHA_URL = https://www.google.com/recaptcha/
 ;; Enable recaptcha to use Google's recaptcha service
 ;; Go to https://www.google.com/recaptcha/admin to sign up for a key
 ;RECAPTCHA_SECRET =
@ -739,13 +661,8 @@ ROUTER = console
 ;HCAPTCHA_SECRET =
 ;HCAPTCHA_SITEKEY =
 ;;
-;; Change this to use demo.mcaptcha.org or your self-hosted mcaptcha.org instance.
+;; Change this to use recaptcha.net or other recaptcha service
-;MCAPTCHA_URL = https://demo.mcaptcha.org
+;RECAPTCHA_URL = https://www.google.com/recaptcha/
 ;;
 ;; Go to your configured mCaptcha instance and register a sitekey
 ;; and use your account's secret.
 ;MCAPTCHA_SECRET =
 ;MCAPTCHA_SITEKEY =
 ;;
 ;; Default value for KeepEmailPrivate
 ;; Each new user will get the value of this setting copied into their profile
@ -838,8 +755,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[repository]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Root path for storing all repository data. By default, it is set to %(APP_DATA_PATH)/gitea-repositories.
+;; Root path for storing all repository data. It must be an absolute path. By default, it is stored in a sub-directory of `APP_DATA_PATH`.
 ;; A relative path is interpreted as %(GITEA_WORK_DIR)/%(ROOT)
 ;ROOT =
 ;;
 ;; The script type this server supports. Usually this is `bash`, but some users report that only `sh` is available.
@ -887,7 +803,7 @@ ROUTER = console
 ;USE_COMPAT_SSH_URI = false
 ;;
 ;; Close issues as long as a commit on any branch marks it as fixed
-;; Comma separated list of globally disabled repo units. Allowed values: repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki, repo.projects
+;; Comma separated list of globally disabled repo units. Allowed values: repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki
 ;DISABLED_REPO_UNITS =
 ;;
 ;; Comma separated list of default repo units. Allowed values: repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects.
@ -906,7 +822,7 @@ ROUTER = console
 ;DISABLE_STARS = false
 ;;
 ;; The default branch name of new repositories
-;DEFAULT_BRANCH = main
+;DEFAULT_BRANCH = master
 ;;
 ;; Allow adoption of unadopted repositories
 ;ALLOW_ADOPTION_OF_UNADOPTED_REPOSITORIES = false
@ -914,9 +830,6 @@ ROUTER = console
 ;; Allow deletion of unadopted repositories
 ;ALLOW_DELETION_OF_UNADOPTED_REPOSITORIES = false
 ;; Don't allow download source archive files from UI
 ;DISABLE_DOWNLOAD_SOURCE_ARCHIVES = false
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[repository.editor]
@ -937,7 +850,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;; Path for local repository copy. Defaults to `tmp/local-repo` (content gets deleted on gitea restart)
+;; Path for local repository copy. Defaults to `tmp/local-repo`
 ;LOCAL_COPY_PATH = tmp/local-repo
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -949,7 +862,7 @@ ROUTER = console
 ;; Whether repository file uploads are enabled. Defaults to `true`
 ;ENABLED = true
 ;;
-;; Path for uploads. Defaults to `data/tmp/uploads` (content gets deleted on gitea restart)
+;; Path for uploads. Defaults to `data/tmp/uploads` (tmp gets deleted on gitea restart)
 ;TEMP_PATH = data/tmp/uploads
 ;;
 ;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
@ -976,9 +889,6 @@ ROUTER = console
 ;; List of keywords used in Pull Request comments to automatically reopen a related issue
 ;REOPEN_KEYWORDS = reopen,reopens,reopened
 ;;
 ;; Set default merge style for repository creating, valid options: merge, rebase, rebase-merge, squash
 ;DEFAULT_MERGE_STYLE = merge
 ;;
 ;; In the default merge message for squash commits include at most this many commits
 ;DEFAULT_MERGE_MESSAGE_COMMITS_LIMIT = 50
 ;;
@ -1117,7 +1027,7 @@ ROUTER = console
 ;EXPLORE_PAGING_NUM = 20
 ;;
 ;; Number of issues that are displayed on one page
-;ISSUE_PAGING_NUM = 20
+;ISSUE_PAGING_NUM = 10
 ;;
 ;; Number of maximum commits displayed in one activity feed
 ;FEED_MAX_COMMIT_NUM = 5
@ -1125,9 +1035,6 @@ ROUTER = console
 ;; Number of items that are displayed in home feed
 ;FEED_PAGING_NUM = 20
 ;;
 ;; Number of items that are displayed in a single subsitemap
 ;SITEMAP_PAGING_NUM = 20
 ;;
 ;; Number of maximum commits displayed in commit graph.
 ;GRAPH_MAX_COMMIT_NUM = 100
 ;;
@ -1169,10 +1076,6 @@ ROUTER = console
 ;;
 ;; Whether to enable a Service Worker to cache frontend assets
 ;USE_SERVICE_WORKER = false
 ;;
 ;; Whether to only show relevant repos on the explore page when no keyword is specified and default sorting is used.
 ;; A repo is considered irrelevant if it's a fork or if it has no metadata (no description, no icon, no topic).
 ;ONLY_SHOW_RELEVANT_REPOS = false
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -1217,7 +1120,7 @@ ROUTER = console
 ;;
 ;; Control how often the notification endpoint is polled to update the notification
 ;; The timeout will increase to MAX_TIMEOUT in TIMEOUT_STEPs if the notification count is unchanged
-;; Set MIN_TIMEOUT to -1 to turn off
+;; Set MIN_TIMEOUT to 0 to turn off
 ;MIN_TIMEOUT = 10s
 ;MAX_TIMEOUT = 60s
 ;TIMEOUT_STEP = 10s
@ -1267,9 +1170,6 @@ ROUTER = console
 ;; List of file extensions that should be rendered/edited as Markdown
 ;; Separate the extensions with a comma. To render files without any extension as markdown, just put a comma
 ;FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
 ;;
 ;; Enables math inline and block detection
 ;ENABLE_MATH = true
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -1280,7 +1180,7 @@ ROUTER = console
 ;; Define allowed algorithms and their minimum key length (use -1 to disable a type)
 ;ED25519 = 256
 ;ECDSA = 256
-;RSA = 2047 ; we allow 2047 here because an otherwise valid 2048 bit RSA key can be reported as having 2047 bit length
+;RSA = 2048
 ;DSA = -1 ; set to 1024 to switch on
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -1305,7 +1205,7 @@ ROUTER = console
 ;ISSUE_INDEXER_NAME = gitea_issues
 ;;
 ;; Timeout the indexer if it takes longer than this to start.
-;; Set to -1 to disable timeout.
+;; Set to zero to disable timeout.
 ;STARTUP_TIMEOUT = 30s
 ;;
 ;; Issue indexer queue, currently support: channel, levelqueue or redis, default is levelqueue (deprecated - use [queue.issue_indexer])
@ -1537,11 +1437,6 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; NOTICE: this section is for Gitea 1.18 and later. If you are using Gitea 1.17 or older,
 ;; please refer to
 ;; https://github.com/go-gitea/gitea/blob/release/v1.17/custom/conf/app.example.ini
 ;; https://github.com/go-gitea/gitea/blob/release/v1.17/docs/content/doc/advanced/config-cheat-sheet.en-us.md
 ;;
 ;ENABLED = false
 ;;
 ;; Buffer length of channel, keep it as it is if you don't know what it is.
@ -1550,42 +1445,30 @@ ROUTER = console
 ;; Prefix displayed before subject in mail
 ;SUBJECT_PREFIX =
 ;;
-;; Mail server protocol. One of "smtp", "smtps", "smtp+startls", "smtp+unix", "sendmail", "dummy".
+;; Mail server
-;; - sendmail: use the operating system's `sendmail` command instead of SMTP. This is common on Linux systems.
+;; Gmail: smtp.gmail.com:587
-;; - dummy: send email messages to the log as a testing phase.
+;; QQ: smtp.qq.com:465
-;; If your provider does not explicitly say which protocol it uses but does provide a port,
+;; As per RFC 8314 using Implicit TLS/SMTPS on port 465 (if supported) is recommended,
-;; you can set SMTP_PORT instead and this will be inferred.
+;; otherwise STARTTLS on port 587 should be used.
-;; (Before 1.18, see the notice, this was controlled via MAILER_TYPE and IS_TLS_ENABLED.)
+;HOST =
 ;PROTOCOL =
 ;;
-;; Mail server address, e.g. smtp.gmail.com.
+;; Disable HELO operation when hostnames are different.
-;; For smtp+unix, this should be a path to a unix socket instead.
+;DISABLE_HELO =
 ;; (Before 1.18, see the notice, this was combined with SMTP_PORT as HOST.)
 ;SMTP_ADDR =
 ;;
-;; Mail server port. Common ports are:
+;; Custom hostname for HELO operation, if no value is provided, one is retrieved from system.
 ;;   25:  insecure SMTP
 ;;   465: SMTP Secure
 ;;   587: StartTLS
 ;; If no protocol is specified, it will be inferred by this setting.
 ;; (Before 1.18, this was combined with SMTP_ADDR as HOST.)
 ;SMTP_PORT =
 ;;
 ;; Enable HELO operation. Defaults to true.
 ;ENABLE_HELO = true
 ;;
 ;; Custom hostname for HELO operation.
 ;; If no value is provided, one is retrieved from system.
 ;HELO_HOSTNAME =
 ;;
-;; If set to `true`, completely ignores server certificate validation errors.
+;; Whether or not to skip verification of certificates; `true` to disable verification. This option is unsafe. Consider adding the certificate to the system trust store instead.
-;; This option is unsafe. Consider adding the certificate to the system trust store instead.
+;SKIP_VERIFY = false
 ;FORCE_TRUST_SERVER_CERT = false
 ;;
-;; Use client certificate in connection.
+;; Use client certificate
-;USE_CLIENT_CERT = false
+;USE_CERTIFICATE = false
-;CLIENT_CERT_FILE = custom/mailer/cert.pem
+;CERT_FILE = custom/mailer/cert.pem
-;CLIENT_KEY_FILE = custom/mailer/key.pem
+;KEY_FILE = custom/mailer/key.pem
 ;;
 ;; Should SMTP connect with TLS, (if port ends with 465 TLS will always be used.)
 ;; If this is false but STARTTLS is supported the connection will be upgraded to TLS opportunistically.
 ;IS_TLS_ENABLED = false
 ;;
 ;; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
 ;FROM =
@ -1593,20 +1476,23 @@ ROUTER = console
 ;; Sometimes it is helpful to use a different address on the envelope. Set this to use ENVELOPE_FROM as the from on the envelope. Set to `<>` to send an empty address.
 ;ENVELOPE_FROM =
 ;;
-;; Mailer user name and password, if required by provider.
+;; Mailer user name and password
 ;; Please Note: Authentication is only supported when the SMTP server communication is encrypted with TLS (this can be via STARTTLS) or `HOST=localhost`.
 ;USER =
 ;;
 ;; Use PASSWD = `your password` for quoting if you use special characters in the password.
 ;PASSWD =
 ;;
-;; Send mails only in plain text, without HTML alternative
+;; Send mails as plain text
 ;SEND_AS_PLAIN_TEXT = false
 ;;
 ;; Set Mailer Type (either SMTP, sendmail or dummy to just send to the log)
 ;MAILER_TYPE = smtp
 ;;
 ;; Specify an alternative sendmail binary
 ;SENDMAIL_PATH = sendmail
 ;;
 ;; Specify any extra sendmail arguments
 ;; WARNING: if your sendmail program interprets options you should set this to "--" or terminate these args with "--"
 ;SENDMAIL_ARGS =
 ;;
 ;; Timeout for Sendmail
@ -1637,7 +1523,7 @@ ROUTER = console
 ;HOST =
 ;;
 ;; Time to keep items in cache if not used, default is 16 hours.
-;; Setting it to -1 disables caching
+;; Setting it to 0 disables caching
 ;ITEM_TTL = 16h
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -1651,7 +1537,7 @@ ROUTER = console
 ;ENABLED = true
 ;;
 ;; Time to keep items in cache if not used, default is 8760 hours.
-;; Setting it to -1 disables caching
+;; Setting it to 0 disables caching
 ;ITEM_TTL = 8760h
 ;;
 ;; Only enable the cache when repository's commits count great than
@ -1663,8 +1549,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;; Either "memory", "file", "redis", "db", "mysql", "couchbase", "memcache" or "postgres"
+;; Either "memory", "file", or "redis", default is "memory"
 ;; Default is "memory". "db" will reuse the configuration in [database]
 ;PROVIDER = memory
 ;;
 ;; Provider config options
@ -1738,7 +1623,7 @@ ROUTER = console
 ;ENABLED = true
 ;;
 ;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
-;ALLOWED_TYPES = .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
+;ALLOWED_TYPES = .docx,.gif,.gz,.jpeg,.jpg,.mp4,.log,.pdf,.png,.pptx,.txt,.xlsx,.zip
 ;;
 ;; Max size of each file. Defaults to 4MB
 ;MAX_SIZE = 4
@ -1826,8 +1711,8 @@ ROUTER = console
 ;ENABLED = true
 ;; Whether to always run at least once at start up time (if ENABLED)
 ;RUN_AT_START = true
-;; Whether to emit notice on successful execution too
+;; Notice if not success
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;; Time interval for job to run
 ;SCHEDULE = @midnight
 ;; Archives created more than OLDER_THAN ago are subject to deletion
@ -1846,7 +1731,7 @@ ROUTER = console
 ;; Run Update mirrors task when Gitea starts.
 ;RUN_AT_START = false
 ;; Notice if not success
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = true
 ;; Limit the number of mirrors added to the queue to this number
 ;; (negative values mean no limit, 0 will result in no result in no mirrors being queued effectively disabling pull mirror updating.)
 ;PULL_LIMIT=50
@ -1867,7 +1752,7 @@ ROUTER = console
 ;; Run Repository health check task when Gitea starts.
 ;RUN_AT_START = false
 ;; Notice if not success
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;TIMEOUT = 60s
 ;; Arguments for command 'git fsck', e.g. "--unreachable --tags"
 ;; see more on http://git-scm.com/docs/git-fsck
@ -1885,7 +1770,7 @@ ROUTER = console
 ;; Run check repository statistics task when Gitea starts.
 ;RUN_AT_START = true
 ;; Notice if not success
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @midnight
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -1898,7 +1783,7 @@ ROUTER = console
 ;; Update migrated repositories' issues and comments' posterid when starting server (default true)
 ;RUN_AT_START = true
 ;; Notice if not success
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;; Interval as a duration between each synchronization. (default every 24h)
 ;SCHEDULE = @midnight
@ -1913,7 +1798,7 @@ ROUTER = console
 ;; Synchronize external user data when starting server (default false)
 ;RUN_AT_START = false
 ;; Notice if not success
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;; Interval as a duration between each synchronization (default every 24h)
 ;SCHEDULE = @midnight
 ;; Create new users, update existing user data and disable users that are not in external source anymore (default)
@ -1931,7 +1816,7 @@ ROUTER = console
 ;; Clean-up deleted branches when starting server (default true)
 ;RUN_AT_START = true
 ;; Notice if not success
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;; Interval as a duration between each synchronization (default every 24h)
 ;SCHEDULE = @midnight
 ;; deleted branches than OLDER_THAN ago are subject to deletion
@ -1957,24 +1842,6 @@ ROUTER = console
 ;; If CLEANUP_TYPE is set to PerWebhook, this is number of hook_task records to keep for a webhook (i.e. keep the most recent x deliveries).
 ;NUMBER_TO_KEEP = 10
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Cleanup expired packages
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[cron.cleanup_packages]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Whether to enable the job
 ;ENABLED = true
 ;; Whether to always run at least once at start up time (if ENABLED)
 ;RUN_AT_START = true
 ;; Whether to emit notice on successful execution too
 ;NOTICE_ON_SUCCESS = false
 ;; Time interval for job to run
 ;SCHEDULE = @midnight
 ;; Unreferenced blobs created more than OLDER_THAN ago are subject to deletion
 ;OLDER_THAN = 24h
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -1992,7 +1859,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @annually
 ;OLDER_THAN = 168h
@ -2005,7 +1872,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @annually;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -2017,7 +1884,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 72h
 ;TIMEOUT = 60s
 ;; Arguments for command 'git gc'
@ -2033,7 +1900,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 72h
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -2045,7 +1912,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 72h
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -2057,7 +1924,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 72h
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -2069,7 +1936,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 72h
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -2081,7 +1948,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 72h
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -2093,7 +1960,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 168h
 ;OLDER_THAN = 8760h
@ -2110,19 +1977,6 @@ ROUTER = console
 ;SCHEDULE = @every 168h
 ;HTTP_ENDPOINT = https://dl.gitea.io/gitea/version.json
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Delete all old system notices from database
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[cron.delete_old_system_notices]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
 ;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 168h
 ;OLDER_THAN = 8760h
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Git Operation timeout in seconds
@ -2142,7 +1996,7 @@ ROUTER = console
 ;[mirror]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Enables the mirror functionality. Set to **false** to disable all mirrors. Pre-existing mirrors remain valid but won't be updated; may be converted to regular repo.
+;; Enables the mirror functionality. Set to **false** to disable all mirrors.
 ;ENABLED = true
 ;; Disable the creation of **new** pull mirrors. Pre-existing mirrors remain valid. Will be ignored if `mirror.ENABLED` is `false`.
 ;DISABLE_NEW_PULL = false
@ -2158,7 +2012,7 @@ ROUTER = console
 ;[api]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Enables the API documentation endpoints (/api/swagger, /api/v1/swagger, …). True or false.
+;; Enables Swagger. True or false; default is true.
 ;ENABLE_SWAGGER = true
 ;; Max number of items in a page
 ;MAX_RESPONSE_ITEMS = 50
@ -2166,7 +2020,7 @@ ROUTER = console
 ;DEFAULT_PAGING_NUM = 30
 ;; Default and maximum number of items per page for git trees api
 ;DEFAULT_GIT_TREES_PER_PAGE = 1000
-;; Default max size of a blob returned by the blobs API (default is 10MiB)
+;; Default size of a blob returned by the blobs API (default is 10MiB)
 ;DEFAULT_MAX_BLOB_SIZE = 10485760
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -2174,9 +2028,8 @@ ROUTER = console
 ;[i18n]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; The first locale will be used as the default if user browser's language doesn't match any locale in the list.
+;LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN
-;LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN
+;NAMES = English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,français,Nederlands,latviešu,русский,Українська,日本語,español,português do Brasil,Português de Portugal,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어,ελληνικά,فارسی,magyar nyelv,bahasa Indonesia,മലയാളം
 ;NAMES = English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,Français,Nederlands,Latviešu,Русский,Українська,日本語,Español,Português do Brasil,Português de Portugal,Polski,Български,Italiano,Suomi,Türkçe,Čeština,Српски,Svenska,한국어,Ελληνικά,فارسی,Magyar nyelv,Bahasa Indonesia,മലയാളം
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -2196,8 +2049,7 @@ ROUTER = console
 ;SHOW_FOOTER_VERSION = true
 ;; Show template execution time in the footer
 ;SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
-;; Generate sitemap. Defaults to `true`.
+
 ; ENABLE_SITEMAP = true
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -2233,11 +2085,6 @@ ROUTER = console
 ;RENDER_COMMAND = "asciidoc --out-file=- -"
 ;; Don't pass the file on STDIN, pass the filename as argument instead.
 ;IS_INPUT_FILE = false
 ;; How the content will be rendered.
 ;; * sanitized: Sanitize the content and render it inside current page, default to only allow a few HTML tags and attributes. Customized sanitizer rules can be defined in [markup.sanitizer.*] .
 ;; * no-sanitizer: Disable the sanitizer and render the content inside current page. It's **insecure** and may lead to XSS attack if the content contains malicious code.
 ;; * iframe: Render the content in a separate standalone page and embed it into current page by iframe. The iframe is in sandbox mode with same-origin disabled, and the JS code are safely isolated from parent page.
 ;RENDER_CONTENT_MODE=sanitized
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -2283,16 +2130,13 @@ ROUTER = console
 ;;
 ;; Allowed domains for migrating, default is blank. Blank means everything will be allowed.
 ;; Multiple domains could be separated by commas.
 ;; Wildcard is supported: "github.com, *.github.com"
 ;ALLOWED_DOMAINS =
 ;;
 ;; Blocklist for migrating, default is blank. Multiple domains could be separated by commas.
 ;; When ALLOWED_DOMAINS is not blank, this option has a higher priority to deny domains.
 ;; Wildcard is supported.
 ;BLOCKED_DOMAINS =
 ;;
 ;; Allow private addresses defined by RFC 1918, RFC 1122, RFC 4632 and RFC 4291 (false by default)
 ;; If a domain is allowed by ALLOWED_DOMAINS, this option will be ignored.
 ;ALLOW_LOCALNETWORKS = false
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -2302,68 +2146,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; Enable/Disable federation capabilities
-;ENABLED = false
+; ENABLED = true
 ;;
 ;; Enable/Disable user statistics for nodeinfo if federation is enabled
 ;SHARE_USER_STATISTICS = true
 ;;
 ;; Maximum federation request and response size (MB)
 ;MAX_SIZE = 4
 ;;
 ;; WARNING: Changing the settings below can break federation.
 ;;
 ;; HTTP signature algorithms
 ;ALGORITHMS = rsa-sha256, rsa-sha512, ed25519
 ;;
 ;; HTTP signature digest algorithm
 ;DIGEST_ALGORITHM = SHA-256
 ;;
 ;; GET headers for federation requests
 ;GET_HEADERS = (request-target), Date
 ;;
 ;; POST headers for federation requests
 ;POST_HEADERS = (request-target), Date, Digest
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[packages]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; Enable/Disable package registry capabilities
 ;ENABLED = true
 ;;
 ;; Path for chunked uploads. Defaults to APP_DATA_PATH + `tmp/package-upload`
 ;CHUNKED_UPLOAD_PATH = tmp/package-upload
 ;;
 ;; Maxmimum count of package versions a single owner can have (`-1` means no limits)
 ;LIMIT_TOTAL_OWNER_COUNT = -1
 ;; Maxmimum size of packages a single owner can use (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_TOTAL_OWNER_SIZE = -1
 ;; Maxmimum size of a Composer upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_COMPOSER = -1
 ;; Maxmimum size of a Conan upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_CONAN = -1
 ;; Maxmimum size of a Container upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_CONTAINER = -1
 ;; Maxmimum size of a Generic upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_GENERIC = -1
 ;; Maxmimum size of a Helm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_HELM = -1
 ;; Maxmimum size of a Maven upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_MAVEN = -1
 ;; Maxmimum size of a npm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_NPM = -1
 ;; Maxmimum size of a NuGet upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_NUGET = -1
 ;; Maxmimum size of a Pub upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_PUB = -1
 ;; Maxmimum size of a PyPI upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_PYPI = -1
 ;; Maxmimum size of a RubyGems upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_RUBYGEMS = -1
 ;; Maxmimum size of a Vagrant upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_VAGRANT = -1
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -2391,19 +2174,6 @@ ROUTER = console
 ;;
 ;[lfs]
 ;STORAGE_TYPE = local
 ;;
 ;; Where your lfs files reside, default is data/lfs.
 ;PATH = data/lfs
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; settings for packages, will override storage setting
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[storage.packages]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; storage type
 ;STORAGE_TYPE = local
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
--- a/docker/manifest.rootless.tmpl
+++ b/docker/manifest.rootless.tmpl
@ -4,7 +4,6 @@ tags:
 {{#each build.tags}}
  - {{this}}-rootless
 {{/each}}
  - "latest-rootless"
 {{/if}}
 manifests:
  -
--- a/docker/manifest.tmpl
+++ b/docker/manifest.tmpl
@ -4,7 +4,6 @@ tags:
 {{#each build.tags}}
  - {{this}}
 {{/each}}
  - "latest"
 {{/if}}
 manifests:
  -
--- a/docker/root/etc/s6/openssh/setup
+++ b/docker/root/etc/s6/openssh/setup
@ -14,6 +14,11 @@ if [ ! -f /data/ssh/ssh_host_rsa_key ]; then
    ssh-keygen -t rsa -b 2048 -f /data/ssh/ssh_host_rsa_key -N "" > /dev/null
 fi
 if [ ! -f /data/ssh/ssh_host_dsa_key ]; then
    echo "Generating /data/ssh/ssh_host_dsa_key..."
    ssh-keygen -t dsa -f /data/ssh/ssh_host_dsa_key -N "" > /dev/null
 fi
 if [ ! -f /data/ssh/ssh_host_ecdsa_key ]; then
    echo "Generating /data/ssh/ssh_host_ecdsa_key..."
    ssh-keygen -t ecdsa -b 256 -f /data/ssh/ssh_host_ecdsa_key -N "" > /dev/null
@ -31,16 +36,19 @@ if [ -e /data/ssh/ssh_host_ecdsa_cert ]; then
  SSH_ECDSA_CERT=${SSH_ECDSA_CERT:-"/data/ssh/ssh_host_ecdsa_cert"}
 fi
 if [ -e /data/ssh/ssh_host_dsa_cert ]; then
  SSH_DSA_CERT=${SSH_DSA_CERT:-"/data/ssh/ssh_host_dsa_cert"}
 fi
 if [ -d /etc/ssh ]; then
    SSH_PORT=${SSH_PORT:-"22"} \
    SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-"${SSH_PORT}"} \
    SSH_ED25519_CERT="${SSH_ED25519_CERT:+"HostCertificate "}${SSH_ED25519_CERT}" \
    SSH_RSA_CERT="${SSH_RSA_CERT:+"HostCertificate "}${SSH_RSA_CERT}" \
    SSH_ECDSA_CERT="${SSH_ECDSA_CERT:+"HostCertificate "}${SSH_ECDSA_CERT}" \
    SSH_DSA_CERT="${SSH_DSA_CERT:+"HostCertificate "}${SSH_DSA_CERT}" \
    SSH_MAX_STARTUPS="${SSH_MAX_STARTUPS:+"MaxStartups "}${SSH_MAX_STARTUPS}" \
    SSH_MAX_SESSIONS="${SSH_MAX_SESSIONS:+"MaxSessions "}${SSH_MAX_SESSIONS}" \
    SSH_INCLUDE_FILE="${SSH_INCLUDE_FILE:+"Include "}${SSH_INCLUDE_FILE}" \
    SSH_LOG_LEVEL=${SSH_LOG_LEVEL:-"INFO"} \
    envsubst < /etc/templates/sshd_config > /etc/ssh/sshd_config
    chmod 0644 /etc/ssh/sshd_config
--- a/docker/root/etc/templates/app.ini
+++ b/docker/root/etc/templates/app.ini
@ -20,6 +20,7 @@ DISABLE_SSH      = $DISABLE_SSH
 SSH_PORT         = $SSH_PORT
 SSH_LISTEN_PORT  = $SSH_LISTEN_PORT
 LFS_START_SERVER = $LFS_START_SERVER
 LFS_CONTENT_PATH = /data/git/lfs
 [database]
 PATH = /data/gitea/gitea.db
@ -58,6 +59,3 @@ REVERSE_PROXY_TRUSTED_PROXIES = *
 [service]
 DISABLE_REGISTRATION = $DISABLE_REGISTRATION
 REQUIRE_SIGNIN_VIEW  = $REQUIRE_SIGNIN_VIEW
 [lfs]
 PATH = /data/git/lfs
--- a/docker/root/etc/templates/sshd_config
+++ b/docker/root/etc/templates/sshd_config
@ -8,7 +8,7 @@ ListenAddress ::
 ${SSH_MAX_STARTUPS}
 ${SSH_MAX_SESSIONS}
-LogLevel ${SSH_LOG_LEVEL}
+LogLevel INFO
 HostKey /data/ssh/ssh_host_ed25519_key
 ${SSH_ED25519_CERT}
@ -16,6 +16,8 @@ HostKey /data/ssh/ssh_host_rsa_key
 ${SSH_RSA_CERT}
 HostKey /data/ssh/ssh_host_ecdsa_key
 ${SSH_ECDSA_CERT}
 HostKey /data/ssh/ssh_host_dsa_key
 ${SSH_DSA_CERT}
 AuthorizedKeysFile .ssh/authorized_keys
 AuthorizedPrincipalsFile .ssh/authorized_principals
@ -39,5 +41,3 @@ Banner none
 Subsystem sftp /usr/lib/ssh/sftp-server
 AcceptEnv GIT_PROTOCOL
 ${SSH_INCLUDE_FILE}
--- a/docker/root/usr/bin/entrypoint
+++ b/docker/root/usr/bin/entrypoint
@ -1,11 +1,5 @@
 #!/bin/sh
 # Protect against buggy runc in docker <20.10.6 causing problems in with Alpine >= 3.14
 if [ ! -x /bin/sh ]; then
  echo "Executable test for /bin/sh failed. Your Docker version is too old to run Alpine 3.14+ and Gitea. You must upgrade Docker.";
  exit 1;
 fi
 if [ "${USER}" != "git" ]; then
    # rename user
    sed -i -e "s/^git\:/${USER}\:/g" /etc/passwd
--- a/docker/root/usr/local/bin/gitea
+++ b/docker/root/usr/local/bin/gitea
@ -13,3 +13,5 @@ CUSTOM_PATH="/data/gitea"
 # Provide docker defaults
 GITEA_WORK_DIR="${GITEA_WORK_DIR:-$WORK_DIR}" GITEA_CUSTOM="${GITEA_CUSTOM:-$CUSTOM_PATH}" exec -a "$0" "$GITEA" $CONF_ARG "$@"
--- a/docker/rootless/etc/templates/app.ini
+++ b/docker/rootless/etc/templates/app.ini
@ -23,6 +23,7 @@ SSH_PORT         = $SSH_PORT
 SSH_LISTEN_PORT  = $SSH_LISTEN_PORT
 BUILTIN_SSH_SERVER_USER = $RUN_USER
 LFS_START_SERVER = $LFS_START_SERVER
 LFS_CONTENT_PATH = $GITEA_WORK_DIR/git/lfs
 [database]
 PATH = $GITEA_WORK_DIR/data/gitea.db
@ -54,6 +55,3 @@ REVERSE_PROXY_TRUSTED_PROXIES = *
 [service]
 DISABLE_REGISTRATION = $DISABLE_REGISTRATION
 REQUIRE_SIGNIN_VIEW  = $REQUIRE_SIGNIN_VIEW
 [lfs]
 PATH = $GITEA_WORK_DIR/git/lfs
--- a/docker/rootless/usr/local/bin/docker-entrypoint.sh
+++ b/docker/rootless/usr/local/bin/docker-entrypoint.sh
@ -1,11 +1,5 @@
 #!/bin/sh
 # Protect against buggy runc in docker <20.10.6 causing problems in with Alpine >= 3.14
 if [ ! -x /bin/sh ]; then
  echo "Executable test for /bin/sh failed. Your Docker version is too old to run Alpine 3.14+ and Gitea. You must upgrade Docker.";
  exit 1;
 fi
 if [ -x /usr/local/bin/docker-setup.sh ]; then
    /usr/local/bin/docker-setup.sh || { echo 'docker setup failed' ; exit 1; }
 fi
--- a/docker/rootless/usr/local/bin/docker-setup.sh
+++ b/docker/rootless/usr/local/bin/docker-setup.sh
@ -5,7 +5,7 @@ mkdir -p ${HOME} && chmod 0700 ${HOME}
 if [ ! -w ${HOME} ]; then echo "${HOME} is not writable"; exit 1; fi
 # Prepare custom folder
-mkdir -p ${GITEA_CUSTOM} && chmod 0700 ${GITEA_CUSTOM}
+mkdir -p ${GITEA_CUSTOM} && chmod 0500 ${GITEA_CUSTOM}
 # Prepare temp folder
 mkdir -p ${GITEA_TEMP} && chmod 0700 ${GITEA_TEMP}
--- a/docs/.gitignore
+++ b/docs/.gitignore
@ -2,6 +2,3 @@ public/
 templates/swagger/v1_json.tmpl
 themes/
 resources/
 # Temporary lock file while building
 /.hugo_build.lock
--- a/docs/config.yaml
+++ b/docs/config.yaml
@ -18,11 +18,10 @@ params:
  description: Git with a cup of tea
  author: The Gitea Authors
  website: https://docs.gitea.io
-  version: 1.17.3
+  version: 1.16.4
-  minGoVersion: 1.18
+  minGoVersion: 1.16
-  goVersion: 1.19
+  goVersion: 1.18
-  minNodeVersion: 14
+  minNodeVersion: 12.17
  search: nav
 outputs:
  home:
--- a/docs/content/doc/advanced/clone-filter.en-us.md
+++ b/docs/content/doc/advanced/clone-filter.en-us.md
@ -30,6 +30,7 @@ see Git version of the server.
 By default, clone filters are enabled, unless `DISABLE_PARTIAL_CLONE` under
 `[git]` is set to `true`.
 See [GitHub blog post: Get up to speed with partial clone](https://github.blog/2020-12-21-get-up-to-speed-with-partial-clone-and-shallow-clone/)
 for common use cases of clone filters (blobless and treeless clones), and
 [GitLab docs for partial clone](https://docs.gitlab.com/ee/topics/git/partial_clone.html)
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@ -42,8 +42,8 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 ## Repository (`repository`)
- `ROOT`: **%(APP_DATA_PATH)/gitea-repositories**: Root path for storing all repository data.
+- `ROOT`: **data/gitea-repositories/**: Root path for storing all repository data. It must be
-   A relative path is interpreted as **%(GITEA_WORK_DIR)/%(ROOT)**.
+   an absolute path. By default it is stored in a sub-directory of `APP_DATA_PATH`.
 - `SCRIPT_TYPE`: **bash**: The script type this server supports. Usually this is `bash`,
   but some users report that only `sh` is available.
 - `DETECTED_CHARSETS_ORDER`: **UTF-8, UTF-16BE, UTF-16LE, UTF-32BE, UTF-32LE, ISO-8859, windows-1252, ISO-8859, windows-1250, ISO-8859, ISO-8859, ISO-8859, windows-1253, ISO-8859, windows-1255, ISO-8859, windows-1251, windows-1256, KOI8-R, ISO-8859, windows-1254, Shift_JIS, GB18030, EUC-JP, EUC-KR, Big5, ISO-2022, ISO-2022, ISO-2022, IBM424_rtl, IBM424_ltr, IBM420_rtl, IBM420_ltr**: Tie-break order of detected charsets - if the detected charsets have equal confidence, charsets earlier in the list will be chosen in preference to those later. Adding `defaults` will place the unnamed charsets at that point.
@ -75,10 +75,9 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `PREFIX_ARCHIVE_FILES`: **true**: Prefix archive files by placing them in a directory named after the repository.
 - `DISABLE_MIGRATIONS`: **false**: Disable migrating feature.
 - `DISABLE_STARS`: **false**: Disable stars feature.
- `DEFAULT_BRANCH`: **main**: Default branch name of all repositories.
+- `DEFAULT_BRANCH`: **master**: Default branch name of all repositories.
 - `ALLOW_ADOPTION_OF_UNADOPTED_REPOSITORIES`: **false**: Allow non-admin users to adopt unadopted repositories
 - `ALLOW_DELETION_OF_UNADOPTED_REPOSITORIES`: **false**: Allow non-admin users to delete unadopted repositories
 - `DISABLE_DOWNLOAD_SOURCE_ARCHIVES`: **false**: Don't allow download source archive files from UI
 ### Repository - Editor (`repository.editor`)
@ -93,7 +92,6 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 keywords used in Pull Request comments to automatically close a related issue
 - `REOPEN_KEYWORDS`: **reopen**, **reopens**, **reopened**: List of keywords used in Pull Request comments to automatically reopen
 a related issue
 - `DEFAULT_MERGE_STYLE`: **merge**: Set default merge style for repository creating, valid options: `merge`, `rebase`, `rebase-merge`, `squash`
 - `DEFAULT_MERGE_MESSAGE_COMMITS_LIMIT`: **50**: In the default merge message for squash commits include at most this many commits. Set to `-1` to include all commits
 - `DEFAULT_MERGE_MESSAGE_SIZE`: **5120**: In the default merge message for squash commits limit the size of the commit messages. Set to `-1` to have no limit. Only used if `POPULATE_SQUASH_COMMENT_WITH_COMMIT_MESSAGES` is `true`.
 - `DEFAULT_MERGE_MESSAGE_ALL_AUTHORS`: **false**: In the default merge message for squash commits walk all commits to include all authors in the Co-authored-by otherwise just use those in the limited list
@ -109,7 +107,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 ### Repository - Upload (`repository.upload`)
 - `ENABLED`: **true**: Whether repository file uploads are enabled
- `TEMP_PATH`: **data/tmp/uploads**: Path for uploads (content gets deleted on Gitea restart)
+- `TEMP_PATH`: **data/tmp/uploads**: Path for uploads (tmp gets deleted on Gitea restart)
 - `ALLOWED_TYPES`: **\<empty\>**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
 - `FILE_MAX_SIZE`: **3**: Max size of each file in megabytes.
 - `MAX_FILES`: **5**: Max number of files per upload
@ -131,9 +129,9 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
  - `always`: Always sign
  - Options other than `never` and `always` can be combined as a comma separated list.
 - `DEFAULT_TRUST_MODEL`: **collaborator**: \[collaborator, committer, collaboratorcommitter\]: The default trust model used for verifying commits.
-  - `collaborator`: Trust signatures signed by keys of collaborators.
+   - `collaborator`: Trust signatures signed by keys of collaborators.
-  - `committer`: Trust signatures that match committers (This matches GitHub and will force Gitea signed commits to have Gitea as the committer).
+   - `committer`: Trust signatures that match committers (This matches GitHub and will force Gitea signed commits to have Gitea as the committer).
-  - `collaboratorcommitter`: Trust signatures signed by keys of collaborators which match the committer.
+   - `collaboratorcommitter`: Trust signatures signed by keys of collaborators which match the committer.
 - `WIKI`: **never**: \[never, pubkey, twofa, always, parentsigned\]: Sign commits to wiki.
 - `CRUD_ACTIONS`: **pubkey, twofa, parentsigned**: \[never, pubkey, twofa, parentsigned, always\]: Sign CRUD actions.
  - Options as above, with the addition of:
@ -146,14 +144,13 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 ## Repository - Local (`repository.local`)
- `LOCAL_COPY_PATH`: **tmp/local-repo**: Path for temporary local repository copies. Defaults to `tmp/local-repo` (content gets deleted on Gitea restart)
+- `LOCAL_COPY_PATH`: **tmp/local-repo**: Path for temporary local repository copies. Defaults to `tmp/local-repo`
 ## Repository -  MIME type mapping (`repository.mimetype_mapping`)
 Configuration for set the expected MIME type based on file extensions of downloadable files. Configuration presents in key-value pairs and file extensions starts with leading `.`.
 The following configuration set `Content-Type: application/vnd.android.package-archive` header when downloading files with `.apk` file extension.
 ```ini
 .apk=application/vnd.android.package-archive
 ```
@ -172,11 +169,10 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 ## UI (`ui`)
 - `EXPLORE_PAGING_NUM`: **20**: Number of repositories that are shown in one explore page.
- `ISSUE_PAGING_NUM`: **20**: Number of issues that are shown in one page (for all pages that list issues, milestones, projects).
+- `ISSUE_PAGING_NUM`: **10**: Number of issues that are shown in one page (for all pages that list issues).
 - `MEMBERS_PAGING_NUM`: **20**: Number of members that are shown in organization members.
 - `FEED_MAX_COMMIT_NUM`: **5**: Number of maximum commits shown in one activity feed.
 - `FEED_PAGING_NUM`: **20**: Number of items that are displayed in home feed.
 - `SITEMAP_PAGING_NUM`: **20**: Number of items that are displayed in a single subsitemap.
 - `GRAPH_MAX_COMMIT_NUM`: **100**: Number of maximum commits shown in the commit graph.
 - `CODE_COMMENT_LINES`: **4**: Number of line of codes shown for a code comment.
 - `DEFAULT_THEME`: **auto**: \[auto, gitea, arc-green\]: Set the default theme for the Gitea install.
@ -194,8 +190,6 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `DEFAULT_SHOW_FULL_NAME`: **false**: Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
 - `SEARCH_REPO_DESCRIPTION`: **true**: Whether to search within description at repository search on explore page.
 - `USE_SERVICE_WORKER`: **false**: Whether to enable a Service Worker to cache frontend assets.
 - `ONLY_SHOW_RELEVANT_REPOS`: **false** Whether to only show relevant repos on the explore page when no keyword is specified and default sorting is used.
    A repo is considered irrelevant if it's a fork or if it has no metadata (no description, no icon, no topic).
 ### UI - Admin (`ui.admin`)
@ -212,7 +206,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 ### UI - Notification (`ui.notification`)
- `MIN_TIMEOUT`: **10s**: These options control how often notification endpoint is polled to update the notification count. On page load the notification count will be checked after `MIN_TIMEOUT`. The timeout will increase to `MAX_TIMEOUT` by `TIMEOUT_STEP` if the notification count is unchanged. Set MIN_TIMEOUT to -1 to turn off.
+- `MIN_TIMEOUT`: **10s**: These options control how often notification endpoint is polled to update the notification count. On page load the notification count will be checked after `MIN_TIMEOUT`. The timeout will increase to `MAX_TIMEOUT` by `TIMEOUT_STEP` if the notification count is unchanged. Set MIN_TIMEOUT to 0 to turn off.
 - `MAX_TIMEOUT`: **60s**.
 - `TIMEOUT_STEP`: **10s**.
 - `EVENT_SOURCE_UPDATE_TIME`: **10s**: This setting determines how often the database is queried to update notification counts. If the browser client supports `EventSource` and `SharedWorker`, a `SharedWorker` will be used in preference to polling notification endpoint. Set to **-1** to disable the `EventSource`.
@ -236,15 +230,10 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `CUSTOM_URL_SCHEMES`: Use a comma separated list (ftp,git,svn) to indicate additional
  URL hyperlinks to be rendered in Markdown. URLs beginning in http and https are
  always displayed
 - `ENABLE_MATH`: **true**: Enables detection of `\(...\)`, `\[...\]`, `$...$` and `$$...$$` blocks as math blocks.
 ## Server (`server`)
 - `PROTOCOL`: **http**: \[http, https, fcgi, http+unix, fcgi+unix\]
 - `USE_PROXY_PROTOCOL`: **false**: Expect PROXY protocol headers on connections
 - `PROXY_PROTOCOL_TLS_BRIDGING`: **false**: When protocol is https, expect PROXY protocol headers after TLS negotiation.
 - `PROXY_PROTOCOL_HEADER_TIMEOUT`: **5s**: Timeout to wait for PROXY protocol header (set to 0 to have no timeout)
 - `PROXY_PROTOCOL_ACCEPT_UNKNOWN`: **false**: Accept PROXY protocol headers with Unknown type.
 - `DOMAIN`: **localhost**: Domain name of this server.
 - `ROOT_URL`: **%(PROTOCOL)s://%(DOMAIN)s:%(HTTP\_PORT)s/**:
   Overwrite the automatically generated public URL.
@ -257,11 +246,11 @@ The following configuration set `Content-Type: application/vnd.android.package-a
   Requests are then made as `%(ROOT_URL)s/static/css/index.css` and `https://cdn.example.com/css/index.css` respective.
   The static files are located in the `public/` directory of the Gitea source repository.
 - `HTTP_ADDR`: **0.0.0.0**: HTTP listen address.
-  - If `PROTOCOL` is set to `fcgi`, Gitea will listen for FastCGI requests on TCP socket
+   - If `PROTOCOL` is set to `fcgi`, Gitea will listen for FastCGI requests on TCP socket
     defined by `HTTP_ADDR` and `HTTP_PORT` configuration settings.
-  - If `PROTOCOL` is set to `http+unix` or `fcgi+unix`, this should be the name of the Unix socket file to use. Relative paths will be made absolute against the AppWorkPath.
+   - If `PROTOCOL` is set to `http+unix` or `fcgi+unix`, this should be the name of the Unix socket file to use. Relative paths will be made absolute against the AppWorkPath.
 - `HTTP_PORT`: **3000**: HTTP listen port.
-  - If `PROTOCOL` is set to `fcgi`, Gitea will listen for FastCGI requests on TCP socket
+   - If `PROTOCOL` is set to `fcgi`, Gitea will listen for FastCGI requests on TCP socket
     defined by `HTTP_ADDR` and `HTTP_PORT` configuration settings.
 - `UNIX_SOCKET_PERMISSION`: **666**: Permissions for the Unix socket.
 - `LOCAL_ROOT_URL`: **%(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/**: Local
@ -269,17 +258,13 @@ The following configuration set `Content-Type: application/vnd.android.package-a
   most cases you do not need to change the default value. Alter it only if
   your SSH server node is not the same as HTTP node. Do not set this variable
   if `PROTOCOL` is set to `http+unix`.
- `LOCAL_USE_PROXY_PROTOCOL`: **%(USE_PROXY_PROTOCOL)**: When making local connections pass the PROXY protocol header.
+- `PER_WRITE_TIMEOUT`: **30s**: Timeout for any write to the connection. (Set to 0 to
   This should be set to false if the local connection will go through the proxy.
 - `PER_WRITE_TIMEOUT`: **30s**: Timeout for any write to the connection. (Set to -1 to
   disable all timeouts.)
 - `PER_WRITE_PER_KB_TIMEOUT`: **10s**: Timeout per Kb written to connections.
 - `DISABLE_SSH`: **false**: Disable SSH feature when it's not available.
 - `START_SSH_SERVER`: **false**: When enabled, use the built-in SSH server.
 - `SSH_SERVER_USE_PROXY_PROTOCOL`: **false**: Expect PROXY protocol header on connections to the built-in SSH Server.
 - `BUILTIN_SSH_SERVER_USER`: **%(RUN_USER)s**: Username to use for the built-in SSH Server.
 - `SSH_USER`: **%(BUILTIN_SSH_SERVER_USER)**: SSH username displayed in clone URLs. This is only for people who configure the SSH server themselves; in most cases, you want to leave this blank and modify the `BUILTIN_SSH_SERVER_USER`.
 - `SSH_DOMAIN`: **%(DOMAIN)s**: Domain name of this server, used for displayed clone URL.
 - `SSH_PORT`: **22**: SSH port displayed in clone URL.
 - `SSH_LISTEN_HOST`: **0.0.0.0**: Listen address for the built-in SSH server.
@ -293,28 +278,30 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE`: **false/true**: Gitea will create a authorized_principals file by default when it is not using the internal ssh server and `SSH_AUTHORIZED_PRINCIPALS_ALLOW` is not `off`.
 - `SSH_AUTHORIZED_PRINCIPALS_BACKUP`: **false/true**: Enable SSH Authorized Principals Backup when rewriting all keys, default is true if `SSH_AUTHORIZED_PRINCIPALS_ALLOW` is not `off`.
 - `SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE`: **{{.AppPath}} --config={{.CustomConf}} serv key-{{.Key.ID}}**: Set the template for the command to passed on authorized keys. Possible keys are: AppPath, AppWorkPath, CustomConf, CustomPath, Key - where Key is a `models/asymkey.PublicKey` and the others are strings which are shellquoted.
- `SSH_SERVER_CIPHERS`: **chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com**: For the built-in SSH server, choose the ciphers to support for SSH connections, for system SSH this setting has no effect.
+- `SSH_SERVER_CIPHERS`: **aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128**: For the built-in SSH server, choose the ciphers to support for SSH connections, for system SSH this setting has no effect.
- `SSH_SERVER_KEY_EXCHANGES`: **curve25519-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1**: For the built-in SSH server, choose the key exchange algorithms to support for SSH connections, for system SSH this setting has no effect.
+- `SSH_SERVER_KEY_EXCHANGES`: **diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org**: For the built-in SSH server, choose the key exchange algorithms to support for SSH connections, for system SSH this setting has no effect.
- `SSH_SERVER_MACS`: **hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1**: For the built-in SSH server, choose the MACs to support for SSH connections, for system SSH this setting has no effect
+- `SSH_SERVER_MACS`: **hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96**: For the built-in SSH server, choose the MACs to support for SSH connections, for system SSH this setting has no effect
 - `SSH_SERVER_HOST_KEYS`: **ssh/gitea.rsa, ssh/gogs.rsa**: For the built-in SSH server, choose the keypairs to offer as the host key. The private key should be at `SSH_SERVER_HOST_KEY` and the public `SSH_SERVER_HOST_KEY.pub`. Relative paths are made absolute relative to the `APP_DATA_PATH`. If no key exists a 4096 bit RSA key will be created for you.
 - `SSH_KEY_TEST_PATH`: **/tmp**: Directory to create temporary files in when testing public keys using ssh-keygen, default is the system temporary directory.
 - `SSH_KEYGEN_PATH`: **ssh-keygen**: Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
 - `SSH_EXPOSE_ANONYMOUS`: **false**: Enable exposure of SSH clone URL to anonymous visitors, default is false.
 - `SSH_PER_WRITE_TIMEOUT`: **30s**: Timeout for any write to the SSH connections. (Set to
-  -1 to disable all timeouts.)
+  0 to disable all timeouts.)
 - `SSH_PER_WRITE_PER_KB_TIMEOUT`: **10s**: Timeout per Kb written to SSH connections.
 - `MINIMUM_KEY_SIZE_CHECK`: **true**: Indicate whether to check minimum key size with corresponding type.
 - `OFFLINE_MODE`: **false**: Disables use of CDN for static files and Gravatar for profile pictures.
- `CERT_FILE`: **https/cert.pem**: Cert file path used for HTTPS. When chaining, the server certificate must come first, then intermediate CA certificates (if any). This is ignored if `ENABLE_ACME=true`. Paths are relative to `CUSTOM_PATH`.
+- `DISABLE_ROUTER_LOG`: **false**: Mute printing of the router log.
- `KEY_FILE`: **https/key.pem**: Key file path used for HTTPS. This is ignored if `ENABLE_ACME=true`. Paths are relative to `CUSTOM_PATH`.
+- `CERT_FILE`: **https/cert.pem**: Cert file path used for HTTPS. When chaining, the server certificate must come first, then intermediate CA certificates (if any). From 1.11 paths are relative to `CUSTOM_PATH`.
 - `KEY_FILE`: **https/key.pem**: Key file path used for HTTPS. From 1.11 paths are relative to `CUSTOM_PATH`.
 - `STATIC_ROOT_PATH`: **./**: Upper level of template and static files path.
 - `APP_DATA_PATH`: **data** (**/data/gitea** on docker): Default path for application data.
 - `STATIC_CACHE_TIME`: **6h**: Web browser cache time for static resources on `custom/`, `public/` and all uploaded avatars. Note that this cache is disabled when `RUN_MODE` is "dev".
 - `ENABLE_GZIP`: **false**: Enable gzip compression for runtime-generated content, static resources excluded.
- `ENABLE_PPROF`: **false**: Application profiling (memory and cpu). For "web" command it listens on `localhost:6060`. For "serv" command it dumps to disk at `PPROF_DATA_PATH` as `(cpuprofile|memprofile)_<username>_<temporary id>`
+- `ENABLE_PPROF`: **false**: Application profiling (memory and cpu). For "web" command it listens on localhost:6060. For "serv" command it dumps to disk at `PPROF_DATA_PATH` as `(cpuprofile|memprofile)_<username>_<temporary id>`
 - `PPROF_DATA_PATH`: **data/tmp/pprof**: `PPROF_DATA_PATH`, use an absolute path when you start Gitea as service
- `LANDING_PAGE`: **home**: Landing page for unauthenticated users \[home, explore, organizations, login, **custom**\]. Where custom would instead be any URL such as "/org/repo" or even `https://anotherwebsite.com`
+- `LANDING_PAGE`: **home**: Landing page for unauthenticated users \[home, explore, organizations, login\].
 - `LFS_START_SERVER`: **false**: Enables Git LFS support.
 - `LFS_CONTENT_PATH`: **%(APP_DATA_PATH)/lfs**: Default LFS content path. (if it is on local storage.) **DEPRECATED** use settings in `[lfs]`.
 - `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string.
@ -323,14 +310,13 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `LFS_LOCKS_PAGING_NUM`: **50**: Maximum number of LFS Locks returned per page.
 - `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, allows redirecting http requests on `PORT_TO_REDIRECT` to the https port Gitea listens on.
 - `REDIRECTOR_USE_PROXY_PROTOCOL`: **%(USE_PROXY_PROTOCOL)**: expect PROXY protocol header on connections to https redirector.
 - `PORT_TO_REDIRECT`: **80**: Port for the http redirection service to listen on. Used when `REDIRECT_OTHER_PORT` is true.
 - `SSL_MIN_VERSION`: **TLSv1.2**: Set the minimum version of ssl support.
 - `SSL_MAX_VERSION`: **\<empty\>**: Set the maximum version of ssl support.
 - `SSL_CURVE_PREFERENCES`: **X25519,P256**: Set the preferred curves,
 - `SSL_CIPHER_SUITES`: **ecdhe_ecdsa_with_aes_256_gcm_sha384,ecdhe_rsa_with_aes_256_gcm_sha384,ecdhe_ecdsa_with_aes_128_gcm_sha256,ecdhe_rsa_with_aes_128_gcm_sha256,ecdhe_ecdsa_with_chacha20_poly1305,ecdhe_rsa_with_chacha20_poly1305**: Set the preferred cipher suites.
-  - If there is no hardware support for AES suites, by default the ChaCha suites will be preferred over the AES suites.
+  - If there is not hardware support for AES suites by default the cha cha suites will be preferred over the AES suites
-  - supported suites as of Go 1.18 are:
+  - supported suites as of go 1.17 are:
    - TLS 1.0 - 1.2 cipher suites
      - "rsa_with_rc4_128_sha"
      - "rsa_with_3des_ede_cbc_sha"
@ -361,12 +347,11 @@ The following configuration set `Content-Type: application/vnd.android.package-a
    - Aliased names
      - "ecdhe_rsa_with_chacha20_poly1305" is an alias for "ecdhe_rsa_with_chacha20_poly1305_sha256"
      - "ecdhe_ecdsa_with_chacha20_poly1305" is alias for "ecdhe_ecdsa_with_chacha20_poly1305_sha256"
- `ENABLE_ACME`: **false**: Flag to enable automatic certificate management via an ACME capable Certificate Authority (CA) server (default: Lets Encrypt). If enabled, `CERT_FILE` and `KEY_FILE` are ignored, and the CA must resolve `DOMAIN` to this gitea server. Ensure that DNS records are set and either port `80` or port `443` are accessible by the CA server (the public internet by default), and redirected to the appropriate ports `PORT_TO_REDIRECT` or `HTTP_PORT` respectively.
+- `ENABLE_LETSENCRYPT`: **false**: If enabled you must set `DOMAIN` to valid internet facing domain (ensure DNS is set and port 80 is accessible by letsencrypt validation server).
- `ACME_URL`: **\<empty\>**: The CA's ACME directory URL, e.g. for a self-hosted [smallstep CA server](https://github.com/smallstep/certificates), it can look like `https://ca.example.com/acme/acme/directory`. If left empty, it defaults to using Let's Encerypt's production CA (check `LETSENCRYPT_ACCEPTTOS` as well).
+   By using Lets Encrypt **you must consent** to their [terms of service](https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf).
- `ACME_ACCEPTTOS`: **false**: This is an explicit check that you accept the terms of service of the ACME provider. The default is Lets Encrypt [terms of service](https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf).
+- `LETSENCRYPT_ACCEPTTOS`: **false**: This is an explicit check that you accept the terms of service for Let's Encrypt.
- `ACME_DIRECTORY`: **https**: Directory that the certificate manager will use to cache information such as certs and private keys.
+- `LETSENCRYPT_DIRECTORY`: **https**: Directory that Letsencrypt will use to cache information such as certs and private keys.
- `ACME_EMAIL`: **\<empty\>**: Email used for the ACME registration. Usually it is to notify about problems with issued certificates.
+- `LETSENCRYPT_EMAIL`: **email@example.com**: Email used by Letsencrypt to notify about problems with issued certificates. (No default)
 - `ACME_CA_ROOT`: **\<empty\>**: The CA's root certificate. If left empty, it defaults to using the system's trust chain.
 - `ALLOW_GRACEFUL_RESTARTS`: **true**: Perform a graceful restart on SIGHUP
 - `GRACEFUL_HAMMER_TIME`: **60s**: After a restart the parent process will stop accepting new connections and will allow requests to finish before stopping. Shutdown will be forced if it takes longer than this time.
 - `STARTUP_TIMEOUT`: **0**: Shutsdown the server if startup takes longer than the provided time. On Windows setting this sends a waithint to the SVC host to tell the SVC host startup may take some time. Please note startup is determined by the opening of the listeners - HTTP/HTTPS/SSH. Indexers may take longer to startup and can have their own timeouts.
@ -383,18 +368,17 @@ The following configuration set `Content-Type: application/vnd.android.package-a
  (e.g. `ALTER USER user SET SEARCH_PATH = schema_name,"$user",public;`).
 - `SSL_MODE`: **disable**: SSL/TLS encryption mode for connecting to the database. This option is only applied for PostgreSQL and MySQL.
  - Valid values for MySQL:
-    - `true`: Enable TLS with verification of the database server certificate against its root certificate. When selecting this option make sure that the root certificate required to validate the database server certificate (e.g. the CA certificate) is on the system certificate store of both the database and Gitea servers. See your system documentation for instructions on how to add a CA certificate to the certificate store.
+     - `true`: Enable TLS with verification of the database server certificate against its root certificate. When selecting this option make sure that the root certificate required to validate the database server certificate (e.g. the CA certificate) is on the system certificate store of both the database and Gitea servers. See your system documentation for instructions on how to add a CA certificate to the certificate store.
-    - `false`: Disable TLS.
+     - `false`: Disable TLS.
-    - `disable`: Alias for `false`, for compatibility with PostgreSQL.
+     - `disable`: Alias for `false`, for compatibility with PostgreSQL.
-    - `skip-verify`: Enable TLS without database server certificate verification. Use this option if you have self-signed or invalid certificate on the database server.
+     - `skip-verify`: Enable TLS without database server certificate verification. Use this option if you have self-signed or invalid certificate on the database server.
-    - `prefer`: Enable TLS with fallback to non-TLS connection.
+     - `prefer`: Enable TLS with fallback to non-TLS connection.
  - Valid values for PostgreSQL:
-    - `disable`: Disable TLS.
+     - `disable`: Disable TLS.
-    - `require`: Enable TLS without any verifications.
+     - `require`: Enable TLS without any verifications.
-    - `verify-ca`: Enable TLS with verification of the database server certificate against its root certificate.
+     - `verify-ca`: Enable TLS with verification of the database server certificate against its root certificate.
-    - `verify-full`: Enable TLS and verify the database server name matches the given certificate in either the `Common Name` or `Subject Alternative Name` fields.
+     - `verify-full`: Enable TLS and verify the database server name matches the given certificate in either the `Common Name` or `Subject Alternative Name` fields.
 - `SQLITE_TIMEOUT`: **500**: Query timeout for SQLite3 only.
 - `SQLITE_JOURNAL_MODE`: **""**: Change journal mode for SQlite3. Can be used to enable [WAL mode](https://www.sqlite.org/wal.html) when high load causes write congestion. See [SQlite3 docs](https://www.sqlite.org/pragma.html#pragma_journal_mode) for possible values. Defaults to the default for the database file, often DELETE.
 - `ITERATE_BUFFER_SIZE`: **50**: Internal buffer size for iterating.
 - `CHARSET`: **utf8mb4**: For MySQL only, either "utf8" or "utf8mb4". NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this.
 - `PATH`: **data/gitea.db**: For SQLite3 only, the database file path.
@ -431,7 +415,7 @@ relation to port exhaustion.
 - `REPO_INDEXER_EXCLUDE_VENDORED`: **true**: Exclude vendored files from index.
 - `UPDATE_BUFFER_LEN`: **20**: Buffer length of index request. **DEPRECATED** use settings in `[queue.issue_indexer]`.
 - `MAX_FILE_SIZE`: **1048576**: Maximum size in bytes of files to be indexed.
- `STARTUP_TIMEOUT`: **30s**: If the indexer takes longer than this timeout to start - fail. (This timeout will be added to the hammer time above for child processes - as bleve will not start until the previous parent is shutdown.) Set to -1 to never timeout.
+- `STARTUP_TIMEOUT`: **30s**: If the indexer takes longer than this timeout to start - fail. (This timeout will be added to the hammer time above for child processes - as bleve will not start until the previous parent is shutdown.) Set to zero to never timeout.
 ## Queue (`queue` and `queue.*`)
@ -449,11 +433,11 @@ Configuration at `[queue]` will set defaults for queues with overrides for indiv
 - `MAX_ATTEMPTS`: **10**: Maximum number of attempts to create the wrapped queue
 - `TIMEOUT`: **GRACEFUL_HAMMER_TIME + 30s**: Timeout the creation of the wrapped queue if it takes longer than this to create.
 - Queues by default come with a dynamically scaling worker pool. The following settings configure this:
- `WORKERS`: **0**: Number of initial workers for the queue.
+- `WORKERS`: **0** (v1.14 and before: **1**): Number of initial workers for the queue.
 - `MAX_WORKERS`: **10**: Maximum number of worker go-routines for the queue.
 - `BLOCK_TIMEOUT`: **1s**: If the queue blocks for this time, boost the number of workers - the `BLOCK_TIMEOUT` will then be doubled before boosting again whilst the boost is ongoing.
 - `BOOST_TIMEOUT`: **5m**: Boost workers will timeout after this long.
- `BOOST_WORKERS`: **1**: This many workers will be added to the worker pool if there is a boost.
+- `BOOST_WORKERS`: **1** (v1.14 and before: **5**): This many workers will be added to the worker pool if there is a boost.
 Gitea creates the following non-unique queues:
@ -494,8 +478,7 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o
 ## Security (`security`)
 - `INSTALL_LOCK`: **false**: Controls access to the installation page. When set to "true", the installation page is not accessible.
- `SECRET_KEY`: **\<random at every install\>**: Global secret key. This key is VERY IMPORTANT, if you lost it, the data encrypted by it (like 2FA secret) can't be decrypted anymore.
+- `SECRET_KEY`: **\<random at every install\>**: Global secret key. This should be changed.
 - `SECRET_KEY_URI`: **<empty>**: Instead of defining SECRET_KEY, this option can be used to use the key stored in a file (example value: `file:/etc/gitea/secret_key`). It shouldn't be lost like SECRET_KEY.
 - `LOGIN_REMEMBER_DAYS`: **7**: Cookie lifetime, in days.
 - `COOKIE_USERNAME`: **gitea\_awesome**: Name of the cookie used to store the current username.
 - `COOKIE_REMEMBER_NAME`: **gitea\_incredible**: Name of cookie used to store authentication
@ -504,8 +487,6 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o
   authentication.
 - `REVERSE_PROXY_AUTHENTICATION_EMAIL`: **X-WEBAUTH-EMAIL**: Header name for reverse proxy
   authentication provided email.
 - `REVERSE_PROXY_AUTHENTICATION_FULL_NAME`: **X-WEBAUTH-FULLNAME**: Header name for reverse proxy
   authentication provided full name.
 - `REVERSE_PROXY_LIMIT`: **1**: Interpret X-Forwarded-For header or the X-Real-IP header and set this as the remote IP for the request.
   Number of trusted proxy count. Set to zero to not use these headers.
 - `REVERSE_PROXY_TRUSTED_PROXIES`: **127.0.0.0/8,::1/128**: List of IP addresses and networks separated by comma of trusted proxy servers. Use `*` to trust all.
@ -516,30 +497,22 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o
   It also enables them to access other resources available to the user on the operating system that is running the
   Gitea instance and perform arbitrary actions in the name of the Gitea OS user.
   This maybe harmful to you website or your operating system.
   Setting this to true does not change existing hooks in git repos; adjust it before if necessary.
 - `DISABLE_WEBHOOKS`: **false**: Set to `true` to disable webhooks feature.
 - `ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET`: **true**: Set to `false` to allow local users to push to gitea-repositories without setting up the Gitea environment. This is not recommended and if you want local users to push to Gitea repositories you should set the environment appropriately.
 - `IMPORT_LOCAL_PATHS`: **false**: Set to `false` to prevent all users (including admin) from importing local path on server.
 - `INTERNAL_TOKEN`: **\<random at every install if no uri set\>**: Secret used to validate communication within Gitea binary.
- `INTERNAL_TOKEN_URI`: **<empty>**: Instead of defining INTERNAL_TOKEN in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: `file:/etc/gitea/internal_token`)
+- `INTERNAL_TOKEN_URI`: **<empty>**: Instead of defining internal token in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: `file:/etc/gitea/internal_token`)
 - `PASSWORD_HASH_ALGO`: **pbkdf2**: The hash algorithm to use \[argon2, pbkdf2, scrypt, bcrypt\], argon2 will spend more memory than others.
 - `CSRF_COOKIE_HTTP_ONLY`: **true**: Set false to allow JavaScript to read CSRF cookie.
 - `MIN_PASSWORD_LENGTH`: **6**: Minimum password length for new users.
 - `PASSWORD_COMPLEXITY`: **off**: Comma separated list of character classes required to pass minimum complexity. If left empty or no valid values are specified, checking is disabled (off):
-  - lower - use one or more lower latin characters
+    - lower - use one or more lower latin characters
-  - upper - use one or more upper latin characters
+    - upper - use one or more upper latin characters
-  - digit - use one or more digits
+    - digit - use one or more digits
-  - spec - use one or more special characters as ``!"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~``
+    - spec - use one or more special characters as ``!"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~``
-  - off - do not check password complexity
+    - off - do not check password complexity
 - `PASSWORD_CHECK_PWN`: **false**: Check [HaveIBeenPwned](https://haveibeenpwned.com/Passwords) to see if a password has been exposed.
- `SUCCESSFUL_TOKENS_CACHE_SIZE`: **20**: Cache successful token hashes. API tokens are stored in the DB as pbkdf2 hashes however, this means that there is a potentially significant hashing load when there are multiple API operations. This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security.
+- `SUCCESSFUL_TOKENS_CACHE_SIZE`: **20**: Cache successful token hashes. API tokens are stored in the DB as pbkdf2 hashes however, this means that there is a potentially significant hashing load when there are multiple API operations. This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security. 
 ## Camo (`camo`)
 - `ENABLED`: **false**: Enable media proxy, we support images only at the moment.
 - `SERVER_URL`: **<empty>**: URL of camo server, it **is required** if camo is enabled.
 - `HMAC_KEY`: **<empty>**: Provide the HMAC key for encoding URLs, it **is required** if camo is enabled.
 - `ALLWAYS`: **false**: Set to true to use camo for both HTTP and HTTPS content, otherwise only non-HTTPS URLs are proxied
 ## OpenID (`openid`)
@ -552,18 +525,18 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o
 ## OAuth2 Client (`oauth2_client`)
- `REGISTER_EMAIL_CONFIRM`: _[service]_ **REGISTER\_EMAIL\_CONFIRM**: Set this to enable or disable email confirmation of OAuth2 auto-registration. (Overwrites the REGISTER\_EMAIL\_CONFIRM setting of the `[service]` section)
+- `REGISTER_EMAIL_CONFIRM`: *[service]* **REGISTER\_EMAIL\_CONFIRM**: Set this to enable or disable email confirmation of OAuth2 auto-registration. (Overwrites the REGISTER\_EMAIL\_CONFIRM setting of the `[service]` section)
 - `OPENID_CONNECT_SCOPES`: **\<empty\>**: List of additional openid connect scopes. (`openid` is implicitly added)
 - `ENABLE_AUTO_REGISTRATION`: **false**: Automatically create user accounts for new oauth2 users.
 - `USERNAME`: **nickname**: The source of the username for new oauth2 accounts:
-  - userid - use the userid / sub attribute
+    - userid - use the userid / sub attribute
-  - nickname - use the nickname attribute
+    - nickname - use the nickname attribute
-  - email - use the username part of the email attribute
+    - email - use the username part of the email attribute
 - `UPDATE_AVATAR`: **false**: Update avatar if available from oauth2 provider. Update will be performed on each login.
 - `ACCOUNT_LINKING`: **login**: How to handle if an account / email already exists:
-  - disabled - show an error
+    - disabled - show an error
-  - login - show an account linking login
+    - login - show an account linking login
-  - auto - automatically link with the account (Please be aware that this will grant access to an existing account just because the same username or email is provided. You must make sure that this does not cause issues with your authentication providers.)
+    - auto - automatically link with the account (Please be aware that this will grant access to an existing account just because the same username or email is provided. You must make sure that this does not cause issues with your authentication providers.)
 ## Service (`service`)
@ -591,20 +564,15 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o
   for reverse authentication.
 - `ENABLE_REVERSE_PROXY_EMAIL`: **false**: Enable this to allow to auto-registration with a
   provided email rather than a generated email.
 - `ENABLE_REVERSE_PROXY_FULL_NAME`: **false**: Enable this to allow to auto-registration with a
   provided full name for the user.
 - `ENABLE_CAPTCHA`: **false**: Enable this to use captcha validation for registration.
 - `REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA`: **false**: Enable this to force captcha validation
-   even for External Accounts (i.e. GitHub, OpenID Connect, etc). You also must enable `ENABLE_CAPTCHA`.
+   even for External Accounts (i.e. GitHub, OpenID Connect, etc). You must `ENABLE_CAPTCHA` also.
- `CAPTCHA_TYPE`: **image**: \[image, recaptcha, hcaptcha, mcaptcha\]
+- `CAPTCHA_TYPE`: **image**: \[image, recaptcha, hcaptcha\]
 - `RECAPTCHA_SECRET`: **""**: Go to https://www.google.com/recaptcha/admin to get a secret for recaptcha.
 - `RECAPTCHA_SITEKEY`: **""**: Go to https://www.google.com/recaptcha/admin to get a sitekey for recaptcha.
 - `RECAPTCHA_URL`: **https://www.google.com/recaptcha/**: Set the recaptcha url - allows the use of recaptcha net.
 - `HCAPTCHA_SECRET`: **""**: Sign up at https://www.hcaptcha.com/ to get a secret for hcaptcha.
 - `HCAPTCHA_SITEKEY`: **""**: Sign up at https://www.hcaptcha.com/ to get a sitekey for hcaptcha.
 - `MCAPTCHA_SECRET`: **""**: Go to your mCaptcha instance to get a secret for mCaptcha.
 - `MCAPTCHA_SITEKEY`: **""**: Go to your mCaptcha instance to get a sitekey for mCaptcha.
 - `MCAPTCHA_URL` **https://demo.mcaptcha.org/**: Set the mCaptcha URL.
 - `DEFAULT_KEEP_EMAIL_PRIVATE`: **false**: By default set users to keep their email address private.
 - `DEFAULT_ALLOW_CREATE_ORGANIZATION`: **true**: Allow new users to create organizations by default.
 - `DEFAULT_USER_IS_RESTRICTED`: **false**: Give new users restricted permissions by default
@ -643,18 +611,18 @@ Define allowed algorithms and their minimum key length (use -1 to disable a type
 - `ED25519`: **256**
 - `ECDSA`: **256**
- `RSA`: **2047**: We set 2047 here because an otherwise valid 2048 RSA key can be reported as 2047 length.
+- `RSA`: **2048**
 - `DSA`: **-1**: DSA is now disabled by default. Set to **1024** to re-enable but ensure you may need to reconfigure your SSHD provider
 ## Webhook (`webhook`)
 - `QUEUE_LENGTH`: **1000**: Hook task queue length. Use caution when editing this value.
 - `DELIVER_TIMEOUT`: **5**: Delivery timeout (sec) for shooting webhooks.
- `ALLOWED_HOST_LIST`: **external**: Webhook can only call allowed hosts for security reasons. Comma separated list.
+- `ALLOWED_HOST_LIST`: **external**: Since 1.15.7. Default to `*` for 1.15.x, `external` for 1.16 and later. Webhook can only call allowed hosts for security reasons. Comma separated list.
  - Built-in networks:
    - `loopback`: 127.0.0.0/8 for IPv4 and ::1/128 for IPv6, localhost is included.
    - `private`: RFC 1918 (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) and RFC 4193 (FC00::/7). Also called LAN/Intranet.
-    - `external`: A valid non-private unicast IP, you can access all hosts on public internet.
+    - `external`: A valid non-private unicast IP, you can access all hosts on public internet. 
    - `*`: All hosts are allowed.
  - CIDR list: `1.2.3.0/8` for IPv4 and `2001:db8::/32` for IPv6
  - Wildcard hosts: `*.mydomain.com`, `192.168.100.*`
@ -665,42 +633,42 @@ Define allowed algorithms and their minimum key length (use -1 to disable a type
 ## Mailer (`mailer`)
 ⚠️ This section is for Gitea 1.18 and later. If you are using Gitea 1.17 or older,
 please refer to
 [Gitea 1.17 app.ini example](https://github.com/go-gitea/gitea/blob/release/v1.17/custom/conf/app.example.ini)
 and
 [Gitea 1.17 configuration document](https://github.com/go-gitea/gitea/blob/release/v1.17/docs/content/doc/advanced/config-cheat-sheet.en-us.md)
 - `ENABLED`: **false**: Enable to use a mail service.
- `PROTOCOL`: **\<empty\>**: Mail server protocol. One of "smtp", "smtps", "smtp+startls", "smtp+unix", "sendmail", "dummy". _Before 1.18, this was inferred from a combination of `MAILER_TYPE` and `IS_TLS_ENABLED`._
+- `DISABLE_HELO`: **\<empty\>**: Disable HELO operation.
-  - SMTP family, if your provider does not explicitly say which protocol it uses but does provide a port, you can set SMTP_PORT instead and this will be inferred.
+- `HELO_HOSTNAME`: **\<empty\>**: Custom hostname for HELO operation.
-  - **sendmail** Use the operating system's `sendmail` command instead of SMTP. This is common on Linux systems.
+- `HOST`: **\<empty\>**: SMTP mail host address and port (example: smtp.gitea.io:587).
-  - **dummy** Send email messages to the log as a testing phase.
+  - As per RFC 8314, if supported, Implicit TLS/SMTPS on port 465 is recommended, otherwise opportunistic TLS via STARTTLS on port 587 should be used.
-  - Note that enabling sendmail will ignore all other `mailer` settings except `ENABLED`, `FROM`, `SUBJECT_PREFIX` and `SENDMAIL_PATH`.
+- `IS_TLS_ENABLED` :  **false** : Forcibly use TLS to connect even if not on a default SMTPS port.
-  - Enabling dummy will ignore all settings except `ENABLED`, `SUBJECT_PREFIX` and `FROM`.
+  - Note, if the port ends with `465` Implicit TLS/SMTPS/SMTP over TLS will be used despite this setting.
- `SMTP_ADDR`: **\<empty\>**: Mail server address. e.g. smtp.gmail.com. For smtp+unix, this should be a path to a unix socket instead. _Before 1.18, this was combined with `SMTP_PORT` under the name `HOST`._
+  - Otherwise if `IS_TLS_ENABLED=false` and the server supports `STARTTLS` this will be used. Thus if `STARTTLS` is preferred you should set `IS_TLS_ENABLED=false`.
- `SMTP_PORT`: **\<empty\>**: Mail server port. If no protocol is specified, it will be inferred by this setting. Common ports are listed below. _Before 1.18, this was combined with `SMTP_ADDR` under the name `HOST`._
+- `FROM`: **\<empty\>**: Mail from address, RFC 5322. This can be just an email address, or
-  - 25:  insecure SMTP
+   the "Name" \<email@example.com\> format.
-  - 465: SMTP Secure
+- `ENVELOPE_FROM`: **\<empty\>**: Address set as the From address on the SMTP mail envelope. Set to `<>` to send an empty address.
  - 587: StartTLS
 - `USE_CLIENT_CERT`: **false**: Use client certificate for TLS/SSL.
 - `CLIENT_CERT_FILE`: **custom/mailer/cert.pem**: Client certificate file.
 - `CLIENT_KEY_FILE`: **custom/mailer/key.pem**: Client key file.
 - `FORCE_TRUST_SERVER_CERT`: **false**: If set to `true`, completely ignores server certificate validation errors. This option is unsafe. Consider adding the certificate to the system trust store instead.
 - `USER`: **\<empty\>**: Username of mailing user (usually the sender's e-mail address).
 - `PASSWD`: **\<empty\>**: Password of mailing user.  Use \`your password\` for quoting if you use special characters in the password.
-  - Please note: authentication is only supported when the SMTP server communication is encrypted with TLS (this can be via `STARTTLS`) or SMTP host is localhost. See [Email Setup]({{< relref "doc/usage/email-setup.en-us.md" >}}) for more information.
+   - Please note: authentication is only supported when the SMTP server communication is encrypted with TLS (this can be via `STARTTLS`) or `HOST=localhost`. See [Email Setup]({{< relref "doc/usage/email-setup.en-us.md" >}}) for more information.
- `ENABLE_HELO`: **true**: Enable HELO operation.
+- `SEND_AS_PLAIN_TEXT`: **false**: Send mails as plain text.
- `HELO_HOSTNAME`: **(retrieved from system)**: HELO hostname.
+- `SKIP_VERIFY`: **false**: Whether or not to skip verification of certificates; `true` to disable verification.
- `FROM`: **\<empty\>**: Mail from address, RFC 5322. This can be just an email address, or the "Name" \<email@example.com\> format.
+   - **Warning:** This option is unsafe. Consider adding the certificate to the system trust store instead.
- `ENVELOPE_FROM`: **\<empty\>**: Address set as the From address on the SMTP mail envelope. Set to `<>` to send an empty address.
+   - **Note:** Gitea only supports SMTP with STARTTLS.
 - `USE_CERTIFICATE`: **false**: Use client certificate.
 - `CERT_FILE`: **custom/mailer/cert.pem**
 - `KEY_FILE`: **custom/mailer/key.pem**
 - `SUBJECT_PREFIX`: **\<empty\>**: Prefix to be placed before e-mail subject lines.
- `SENDMAIL_PATH`: **sendmail**: The location of sendmail on the operating system (can be command or full path).
+- `MAILER_TYPE`: **smtp**: \[smtp, sendmail, dummy\]
- `SENDMAIL_ARGS`: **\<empty\>**: Specify any extra sendmail arguments. (NOTE: you should be aware that email addresses can look like options - if your `sendmail` command takes options you must set the option terminator `--`)
+   - **smtp** Use SMTP to send mail
   - **sendmail** Use the operating system's `sendmail` command instead of SMTP.
   This is common on Linux systems.
   - **dummy** Send email messages to the log as a testing phase.
   - Note that enabling sendmail will ignore all other `mailer` settings except `ENABLED`,
     `FROM`, `SUBJECT_PREFIX` and `SENDMAIL_PATH`.
   - Enabling dummy will ignore all settings except `ENABLED`, `SUBJECT_PREFIX` and `FROM`.
 - `SENDMAIL_PATH`: **sendmail**: The location of sendmail on the operating system (can be
   command or full path).
 - `SENDMAIL_ARGS`: **_empty_**: Specify any extra sendmail arguments.
 - `SENDMAIL_TIMEOUT`: **5m**: default timeout for sending email through sendmail
 - `SENDMAIL_CONVERT_CRLF`: **true**: Most versions of sendmail prefer LF line endings rather than CRLF line endings. Set this to false if your version of sendmail requires CRLF line endings.
 - `SEND_BUFFER_LEN`: **100**: Buffer length of mailing queue. **DEPRECATED** use `LENGTH` in `[queue.mailer]`
 - `SEND_AS_PLAIN_TEXT`: **false**: Send mails only in plain text, without HTML alternative.
 ## Cache (`cache`)
@ -708,20 +676,20 @@ and
 - `ADAPTER`: **memory**: Cache engine adapter, either `memory`, `redis`, `twoqueue` or `memcache`. (`twoqueue` represents a size limited LRU cache.)
 - `INTERVAL`: **60**: Garbage Collection interval (sec), for memory and twoqueue cache only.
 - `HOST`: **\<empty\>**: Connection string for `redis` and `memcache`. For `twoqueue` sets configuration for the queue.
-  - Redis: `redis://:macaron@127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
+   - Redis: `redis://:macaron@127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
-  - Memcache: `127.0.0.1:9090;127.0.0.1:9091`
+   - Memcache: `127.0.0.1:9090;127.0.0.1:9091`
-  - TwoQueue LRU cache: `{"size":50000,"recent_ratio":0.25,"ghost_ratio":0.5}` or `50000` representing the maximum number of objects stored in the cache.
+   - TwoQueue LRU cache: `{"size":50000,"recent_ratio":0.25,"ghost_ratio":0.5}` or `50000` representing the maximum number of objects stored in the cache.
- `ITEM_TTL`: **16h**: Time to keep items in cache if not used, Setting it to -1 disables caching.
+- `ITEM_TTL`: **16h**: Time to keep items in cache if not used, Setting it to 0 disables caching.
 ## Cache - LastCommitCache settings (`cache.last_commit`)
 - `ENABLED`: **true**: Enable the cache.
- `ITEM_TTL`: **8760h**: Time to keep items in cache if not used, Setting it to -1 disables caching.
+- `ITEM_TTL`: **8760h**: Time to keep items in cache if not used, Setting it to 0 disables caching.
 - `COMMITS_COUNT`: **1000**: Only enable the cache when repository's commits count great than.
 ## Session (`session`)
- `PROVIDER`: **memory**: Session engine provider \[memory, file, redis, db, mysql, couchbase, memcache, postgres\]. Setting `db` will reuse the configuration in `[database]`
+- `PROVIDER`: **memory**: Session engine provider \[memory, file, redis, db, mysql, couchbase, memcache, postgres\].
 - `PROVIDER_CONFIG`: **data/sessions**: For file, the root path; for db, empty (database config will be used); for others, the connection string.
 - `COOKIE_SECURE`: **false**: Enable this to force using HTTPS for all session access.
 - `COOKIE_NAME`: **i\_like\_gitea**: The name of the cookie used for the session ID.
@ -753,6 +721,7 @@ and
  - image = default image will be used (which is set in `REPOSITORY_AVATAR_FALLBACK_IMAGE`)
 - `REPOSITORY_AVATAR_FALLBACK_IMAGE`: **/img/repo_default.png**: Image used as default repository avatar (if `REPOSITORY_AVATAR_FALLBACK` is set to image and none was uploaded)
 ## Project (`project`)
 Default templates for project boards:
@ -763,7 +732,7 @@ Default templates for project boards:
 ## Issue and pull request attachments (`attachment`)
 - `ENABLED`: **true**: Whether issue and pull request attachments are enabled.
- `ALLOWED_TYPES`: **.csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
+- `ALLOWED_TYPES`: **.docx,.gif,.gz,.jpeg,.jpg,mp4,.log,.pdf,.png,.pptx,.txt,.xlsx,.zip**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
 - `MAX_SIZE`: **4**: Maximum size (MB).
 - `MAX_FILES`: **5**: Maximum number of attachments that can be uploaded at once.
 - `STORAGE_TYPE`: **local**: Storage type for attachments, `local` for local disk or `minio` for s3 compatible object storage service, default is `local` or other name defined with `[storage.xxx]`
@ -783,18 +752,11 @@ Default templates for project boards:
 - `MODE`: **console**: Logging mode. For multiple modes, use a comma to separate values. You can configure each mode in per mode log subsections `\[log.modename\]`. By default the file mode will log to `$ROOT_PATH/gitea.log`.
 - `LEVEL`: **Info**: General log level. \[Trace, Debug, Info, Warn, Error, Critical, Fatal, None\]
 - `STACKTRACE_LEVEL`: **None**: Default log level at which to log create stack traces. \[Trace, Debug, Info, Warn, Error, Critical, Fatal, None\]
- `ENABLE_SSH_LOG`: **false**: save ssh log to log file
+- `ROUTER_LOG_LEVEL`: **Info**: The log level that the router should log at. (If you are setting the access log, its recommended to place this at Debug.)
 - `ENABLE_XORM_LOG`: **true**: Set whether to perform XORM logging. Please note SQL statement logging can be disabled by setting `LOG_SQL` to false in the `[database]` section.
 ### Router Log (`log`)
 - `DISABLE_ROUTER_LOG`: **false**: Mute printing of the router log.
 - `ROUTER`: **console**: The mode or name of the log the router should log to. (If you set this to `,` it will log to default Gitea logger.)
-  NB: You must have `DISABLE_ROUTER_LOG` set to `false` for this option to take effect. Configure each mode in per mode log subsections `\[log.modename.router\]`.
+NB: You must have `DISABLE_ROUTER_LOG` set to `false` for this option to take effect. Configure each mode in per mode log subsections `\[log.modename.router\]`.
 ### Access Log (`log`)
 - `ENABLE_ACCESS_LOG`: **false**: Creates an access.log in NCSA common log format, or as per the following template
 - `ENABLE_SSH_LOG`: **false**: save ssh log to log file
 - `ACCESS`: **file**: Logging mode for the access logger, use a comma to separate values. Configure each mode in per mode log subsections `\[log.modename.access\]`. By default the file mode will log to `$ROOT_PATH/access.log`. (If you set this to `,` it will log to the default Gitea logger.)
 - `ACCESS_LOG_TEMPLATE`: **`{{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"`**: Sets the template used to create the access log.
  - The following variables are available:
@ -803,6 +765,7 @@ Default templates for project boards:
  - `Start`: the start time of the request.
  - `ResponseWriter`: the responseWriter from the request.
  - You must be very careful to ensure that this template does not throw errors or panics as this template runs outside of the panic/recovery script.
 - `ENABLE_XORM_LOG`: **true**: Set whether to perform XORM logging. Please note SQL statement logging can be disabled by setting `LOG_SQL` to false in the `[database]` section.
 ### Log subsections (`log.name`, `log.name.*`)
@ -810,9 +773,9 @@ Default templates for project boards:
 - `STACKTRACE_LEVEL`: **log.STACKTRACE_LEVEL**: Sets the log level at which to log stack traces.
 - `MODE`: **name**: Sets the mode of this sublogger - Defaults to the provided subsection name. This allows you to have two different file loggers at different levels.
 - `EXPRESSION`: **""**: A regular expression to match either the function name, file or message. Defaults to empty. Only log messages that match the expression will be saved in the logger.
- `FLAGS`: **stdflags**: A comma separated string representing the log flags. Defaults to `stdflags` which represents the prefix: `2009/01/23 01:23:23 ...a/b/c/d.go:23:runtime.Caller() [I]: message`. `none` means don't prefix log lines. See `modules/log/flags.go` for more information.
+- `FLAGS`: **stdflags**: A comma separated string representing the log flags. Defaults to `stdflags` which represents the prefix: `2009/01/23 01:23:23 ...a/b/c/d.go:23:runtime.Caller() [I]: message`. `none` means don't prefix log lines. See `modules/log/base.go` for more information.
 - `PREFIX`: **""**: An additional prefix for every log line in this logger. Defaults to empty.
- `COLORIZE`: **false**: Whether to colorize the log lines
+- `COLORIZE`: **false**: Colorize the log lines by default
 ### Console log mode (`log.console`, `log.console.*`, or `MODE=console`)
@ -848,12 +811,12 @@ Default templates for project boards:
 - `ENABLED`: **false**: Enable to run all cron tasks periodically with default settings.
 - `RUN_AT_START`: **false**: Run cron tasks at application start-up.
- `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
+- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
 - `SCHEDULE` accept formats
-  - Full crontab specs, e.g. `* * * * * ?`
+   - Full crontab specs, e.g. `* * * * * ?`
-  - Descriptors, e.g. `@midnight`, `@every 1h30m` ...
+   - Descriptors, e.g. `@midnight`, `@every 1h30m` ...
-  - See more: [cron documentation](https://pkg.go.dev/github.com/gogs/cron@v0.0.0-20171120032916-9f6c956d3e14)
+   - See more: [cron decument](https://pkg.go.dev/github.com/gogs/cron@v0.0.0-20171120032916-9f6c956d3e14)
 ### Basic cron tasks - enabled by default
@ -867,6 +830,7 @@ Default templates for project boards:
 #### Cron - Update Mirrors (`cron.update_mirrors`)
 - `SCHEDULE`: **@every 10m**: Cron syntax for scheduling update mirrors, e.g. `@every 3h`.
 - `NO_SUCCESS_NOTICE`: **true**: The cron task for update mirrors success report is not very useful - as it just means that the mirrors have been queued. Therefore this is turned off by default.
 - `PULL_LIMIT`: **50**: Limit the number of mirrors added to the queue to this number (negative values mean no limit, 0 will result in no mirrors being queued effectively disabling pull mirror updating).
 - `PUSH_LIMIT`: **50**: Limit the number of mirrors added to the queue to this number (negative values mean no limit, 0 will result in no mirrors being queued effectively disabling push mirror updating).
@ -881,7 +845,7 @@ Default templates for project boards:
 - `RUN_AT_START`: **true**: Run repository statistics check at start time.
 - `SCHEDULE`: **@midnight**: Cron syntax for scheduling repository statistics check.
-#### Cron - Cleanup hook_task Table (`cron.cleanup_hook_task_table`)
+### Cron - Cleanup hook_task Table (`cron.cleanup_hook_task_table`)
 - `ENABLED`: **true**: Enable cleanup hook_task job.
 - `RUN_AT_START`: **false**: Run cleanup hook_task at start time (if ENABLED).
@ -890,14 +854,6 @@ Default templates for project boards:
 - `OLDER_THAN`: **168h**: If CLEANUP_TYPE is set to OlderThan, then any delivered hook_task records older than this expression will be deleted.
 - `NUMBER_TO_KEEP`: **10**: If CLEANUP_TYPE is set to PerWebhook, this is number of hook_task records to keep for a webhook (i.e. keep the most recent x deliveries).
 #### Cron - Cleanup expired packages (`cron.cleanup_packages`)
 - `ENABLED`: **true**: Enable cleanup expired packages job.
 - `RUN_AT_START`: **true**: Run job at start time (if ENABLED).
 - `NOTICE_ON_SUCCESS`: **false**: Notify every time this job runs.
 - `SCHEDULE`: **@midnight**: Cron syntax for the job.
 - `OLDER_THAN`: **24h**: Unreferenced package data created more than OLDER_THAN ago is subject to deletion.
 #### Cron - Update Migration Poster ID (`cron.update_migration_poster_id`)
 - `SCHEDULE`: **@midnight** : Interval as a duration between each synchronization, it will always attempt synchronization when the instance starts.
@ -910,78 +866,60 @@ Default templates for project boards:
 ### Extended cron tasks (not enabled by default)
 #### Cron - Garbage collect all repositories ('cron.git_gc_repos')
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.
 - `TIMEOUT`: **60s**: Time duration syntax for garbage collection execution timeout.
- `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
+- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
 - `ARGS`: **\<empty\>**: Arguments for command `git gc`, e.g. `--aggressive --auto`. The default value is same with [git] -> GC_ARGS
 #### Cron - Update the '.ssh/authorized_keys' file with Gitea SSH keys ('cron.resync_all_sshkeys')
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
- `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
+- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.
 #### Cron - Resynchronize pre-receive, update and post-receive hooks of all repositories ('cron.resync_all_hooks')
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
- `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
+- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.
 #### Cron - Reinitialize all missing Git repositories for which records exist ('cron.reinit_missing_repos')
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
- `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
+- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.
 #### Cron - Delete all repositories missing their Git files ('cron.delete_missing_repos')
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
- `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
+- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.
 #### Cron -  Delete generated repository avatars ('cron.delete_generated_repository_avatars')
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
- `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
+- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.
 #### Cron -  Delete all old actions from database ('cron.delete_old_actions')
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
- `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
+- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
 - `SCHEDULE`: **@every 168h**: Cron syntax to set how often to check.
 - `OLDER_THAN`: **@every 8760h**: any action older than this expression will be deleted from database, suggest using `8760h` (1 year) because that's the max length of heatmap.
 #### Cron -  Check for new Gitea versions ('cron.update_checker')
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `ENABLE_SUCCESS_NOTICE`: **true**: Set to false to switch off success notices.
 - `SCHEDULE`: **@every 168h**: Cron syntax for scheduling a work, e.g. `@every 168h`.
 - `HTTP_ENDPOINT`: **https://dl.gitea.io/gitea/version.json**: the endpoint that Gitea will check for newer versions
 #### Cron -  Delete all old system notices from database ('cron.delete_old_system_notices')
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
 - `SCHEDULE`: **@every 168h**: Cron syntax to set how often to check.
 - `OLDER_THAN`: **@every 8760h**: any system notice older than this expression will be deleted from database.
 ## Git (`git`)
 - `PATH`: **""**: The path of Git executable. If empty, Gitea searches through the PATH environment.
 - `HOME_PATH`: **%(APP_DATA_PATH)/home**: The HOME directory for Git.
   This directory will be used to contain the `.gitconfig` and possible `.gnupg` directories that Gitea's git calls will use. If you can confirm Gitea is the only application running in this environment, you can set it to the normal home directory for Gitea user.
 - `DISABLE_DIFF_HIGHLIGHT`: **false**: Disables highlight of added and removed changes.
 - `MAX_GIT_DIFF_LINES`: **1000**: Max number of lines allowed of a single file in diff view.
 - `MAX_GIT_DIFF_LINE_CHARACTERS`: **5000**: Max character count per line highlighted in diff view.
@ -989,8 +927,7 @@ Default templates for project boards:
 - `COMMITS_RANGE_SIZE`: **50**: Set the default commits range size
 - `BRANCHES_RANGE_SIZE`: **20**: Set the default branches range size
 - `GC_ARGS`: **\<empty\>**: Arguments for command `git gc`, e.g. `--aggressive --auto`. See more on http://git-scm.com/docs/git-gc/
- `ENABLE_AUTO_GIT_WIRE_PROTOCOL`: **true**: If use Git wire protocol version 2 when Git version >= 2.18, default is true, set to false when you always want Git wire protocol version 1.
+- `ENABLE_AUTO_GIT_WIRE_PROTOCOL`: **true**: If use Git wire protocol version 2 when Git version >= 2.18, default is true, set to false when you always want Git wire protocol version 1
  To enable this for Git over SSH when using a OpenSSH server, add `AcceptEnv GIT_PROTOCOL` to your sshd_config file.
 - `PULL_REQUEST_PUSH_MESSAGE`: **true**: Respond to pushes to a non-default branch with a URL for creating a Pull Request (if the repository has them enabled)
 - `VERBOSE_PUSH`: **true**: Print status information about pushes as they are being processed.
 - `VERBOSE_PUSH_DELAY`: **5s**: Only print verbose information if push takes longer than this delay.
@ -999,7 +936,6 @@ Default templates for project boards:
 - `DISABLE_PARTIAL_CLONE`: **false** Disable the usage of using partial clones for git.
 ## Git - Timeout settings (`git.timeout`)
 - `DEFAUlT`: **360**: Git operations default timeout seconds.
 - `MIGRATE`: **600**: Migrate external repositories timeout seconds.
 - `MIRROR`: **300**: Mirror external repositories timeout seconds.
@ -1016,11 +952,11 @@ Default templates for project boards:
 ## API (`api`)
- `ENABLE_SWAGGER`: **true**: Enables the API documentation endpoints (`/api/swagger`, `/api/v1/swagger`, …). True or false.
+- `ENABLE_SWAGGER`: **true**: Enables /api/swagger, /api/v1/swagger etc. endpoints. True or false; default is true.
 - `MAX_RESPONSE_ITEMS`: **50**: Max number of items in a page.
 - `DEFAULT_PAGING_NUM`: **30**: Default paging number of API.
 - `DEFAULT_GIT_TREES_PER_PAGE`: **1000**: Default and maximum number of items per page for Git trees API.
- `DEFAULT_MAX_BLOB_SIZE`: **10485760** (10MiB): Default max size of a blob that can be returned by the blobs API.
+- `DEFAULT_MAX_BLOB_SIZE`: **10485760**: Default max size of a blob that can be return by the blobs API.
 ## OAuth2 (`oauth2`)
@ -1035,9 +971,11 @@ Default templates for project boards:
 ## i18n (`i18n`)
- `LANGS`: **en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN**:
+- `LANGS`: **en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN**: List of locales shown in language selector
-     List of locales shown in language selector. The first locale will be used as the default if user browser's language doesn't match any locale in the list.
+- `NAMES`: **English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,français,Nederlands,latviešu,русский,日本語,español,português do Brasil,Português de Portugal,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어,ελληνικά,فارسی,magyar nyelv,bahasa Indonesia,മലയാളം**: Visible names corresponding to the locales
- `NAMES`: **English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,Français,Nederlands,Latviešu,Русский,Українська,日本語,Español,Português do Brasil,Português de Portugal,Polski,Български,Italiano,Suomi,Türkçe,Čeština,Српски,Svenska,한국어,Ελληνικά,فارسی,Magyar nyelv,Bahasa Indonesia,മലയാളം**: Visible names corresponding to the locales
+
 ## U2F (`U2F`) **DEPRECATED**
 - `APP_ID`: **`ROOT_URL`**: Declares the facet of the application which is used for authentication of previously registered U2F keys. Requires HTTPS.
 ## Markup (`markup`)
@ -1060,17 +998,13 @@ IS_INPUT_FILE = false
   command. Multiple extensions needs a comma as splitter.
 - RENDER\_COMMAND: External command to render all matching extensions.
 - IS\_INPUT\_FILE: **false** Input is not a standard input but a file param followed `RENDER_COMMAND`.
 - RENDER_CONTENT_MODE: **sanitized** How the content will be rendered.
  - sanitized: Sanitize the content and render it inside current page, default to only allow a few HTML tags and attributes. Customized sanitizer rules can be defined in `[markup.sanitizer.*]`.
  - no-sanitizer: Disable the sanitizer and render the content inside current page. It's **insecure** and may lead to XSS attack if the content contains malicious code.
  - iframe: Render the content in a separate standalone page and embed it into current page by iframe. The iframe is in sandbox mode with same-origin disabled, and the JS code are safely isolated from parent page.
 Two special environment variables are passed to the render command:
 - `GITEA_PREFIX_SRC`, which contains the current URL prefix in the `src` path tree. To be used as prefix for links.
 - `GITEA_PREFIX_RAW`, which contains the current URL prefix in the `raw` path tree. To be used as prefix for image paths.
-If `RENDER_CONTENT_MODE` is `sanitized`, Gitea supports customizing the sanitization policy for rendered HTML. The example below will support KaTeX output from pandoc.
+
 Gitea supports customizing the sanitization policy for rendered HTML. The example below will support KaTeX output from pandoc.
 ```ini
 [markup.sanitizer.TeX]
@ -1082,10 +1016,10 @@ REGEXP = ^\s*((math(\s+|$)|inline(\s+|$)|display(\s+|$)))+
 ALLOW_DATA_URI_IMAGES = true
 ```
- `ELEMENT`: The element this policy applies to. Must be non-empty.
+ - `ELEMENT`: The element this policy applies to. Must be non-empty.
- `ALLOW_ATTR`: The attribute this policy allows. Must be non-empty.
+ - `ALLOW_ATTR`: The attribute this policy allows. Must be non-empty.
- `REGEXP`: A regex to match the contents of the attribute against. Must be present but may be empty for unconditional whitelisting of this attribute.
+ - `REGEXP`: A regex to match the contents of the attribute against. Must be present but may be empty for unconditional whitelisting of this attribute.
- `ALLOW_DATA_URI_IMAGES`: **false** Allow data uri images (`<img src="data:image/png;base64,..."/>`).
+ - `ALLOW_DATA_URI_IMAGES`: **false** Allow data uri images (`<img src="data:image/png;base64,..."/>`).
 Multiple sanitisation rules can be defined by adding unique subsections, e.g. `[markup.sanitizer.TeX-2]`.
 To apply a sanitisation rules only for a specify external renderer they must use the renderer name, e.g. `[markup.sanitizer.asciidoc.rule-1]`.
@ -1116,46 +1050,18 @@ Task queue configuration has been moved to `queue.task`. However, the below conf
 - `MAX_ATTEMPTS`: **3**: Max attempts per http/https request on migrations.
 - `RETRY_BACKOFF`: **3**: Backoff time per http/https request retry (seconds)
- `ALLOWED_DOMAINS`: **\<empty\>**: Domains allowlist for migrating repositories, default is blank. It means everything will be allowed. Multiple domains could be separated by commas. Wildcard is supported: `github.com, *.github.com`.
+- `ALLOWED_DOMAINS`: **\<empty\>**: Domains allowlist for migrating repositories, default is blank. It means everything will be allowed. Multiple domains could be separated by commas.
- `BLOCKED_DOMAINS`: **\<empty\>**: Domains blocklist for migrating repositories, default is blank. Multiple domains could be separated by commas. When `ALLOWED_DOMAINS` is not blank, this option has a higher priority to deny domains. Wildcard is supported.
+- `BLOCKED_DOMAINS`: **\<empty\>**: Domains blocklist for migrating repositories, default is blank. Multiple domains could be separated by commas. When `ALLOWED_DOMAINS` is not blank, this option has a higher priority to deny domains.
- `ALLOW_LOCALNETWORKS`: **false**: Allow private addresses defined by RFC 1918, RFC 1122, RFC 4632 and RFC 4291. If a domain is allowed by `ALLOWED_DOMAINS`, this option will be ignored.
+- `ALLOW_LOCALNETWORKS`: **false**: Allow private addresses defined by RFC 1918, RFC 1122, RFC 4632 and RFC 4291
 - `SKIP_TLS_VERIFY`: **false**: Allow skip tls verify
 ## Federation (`federation`)
- `ENABLED`: **false**: Enable/Disable federation capabilities
+- `ENABLED`: **true**: Enable/Disable federation capabilities
 - `SHARE_USER_STATISTICS`: **true**: Enable/Disable user statistics for nodeinfo if federation is enabled
 - `MAX_SIZE`: **4**: Maximum federation request and response size (MB)
 WARNING: Changing the settings below can break federation.
 - `ALGORITHMS`: **rsa-sha256, rsa-sha512, ed25519**: HTTP signature algorithms
 - `DIGEST_ALGORITHM`: **SHA-256**: HTTP signature digest algorithm
 - `GET_HEADERS`: **(request-target), Date**: GET headers for federation requests
 - `POST_HEADERS`: **(request-target), Date, Digest**: POST headers for federation requests
 ## Packages (`packages`)
 - `ENABLED`: **true**: Enable/Disable package registry capabilities
 - `CHUNKED_UPLOAD_PATH`: **tmp/package-upload**: Path for chunked uploads. Defaults to `APP_DATA_PATH` + `tmp/package-upload`
 - `LIMIT_TOTAL_OWNER_COUNT`: **-1**: Maxmimum count of package versions a single owner can have (`-1` means no limits)
 - `LIMIT_TOTAL_OWNER_SIZE`: **-1**: Maxmimum size of packages a single owner can use (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 - `LIMIT_SIZE_COMPOSER`: **-1**: Maxmimum size of a Composer upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 - `LIMIT_SIZE_CONAN`: **-1**: Maxmimum size of a Conan upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 - `LIMIT_SIZE_CONTAINER`: **-1**: Maxmimum size of a Container upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 - `LIMIT_SIZE_GENERIC`: **-1**: Maxmimum size of a Generic upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 - `LIMIT_SIZE_HELM`: **-1**: Maxmimum size of a Helm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 - `LIMIT_SIZE_MAVEN`: **-1**: Maxmimum size of a Maven upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 - `LIMIT_SIZE_NPM`: **-1**: Maxmimum size of a npm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 - `LIMIT_SIZE_NUGET`: **-1**: Maxmimum size of a NuGet upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 - `LIMIT_SIZE_PUB`: **-1**: Maxmimum size of a Pub upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 - `LIMIT_SIZE_PYPI`: **-1**: Maxmimum size of a PyPI upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 - `LIMIT_SIZE_RUBYGEMS`: **-1**: Maxmimum size of a RubyGems upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 - `LIMIT_SIZE_VAGRANT`: **-1**: Maxmimum size of a Vagrant upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ## Mirror (`mirror`)
- `ENABLED`: **true**: Enables the mirror functionality. Set to **false** to disable all mirrors. Pre-existing mirrors remain valid but won't be updated; may be converted to regular repo.
+- `ENABLED`: **true**: Enables the mirror functionality. Set to **false** to disable all mirrors.
 - `DISABLE_NEW_PULL`: **false**: Disable the creation of **new** pull mirrors. Pre-existing mirrors remain valid. Will be ignored if `mirror.ENABLED` is `false`.
 - `DISABLE_NEW_PUSH`: **false**: Disable the creation of **new** push mirrors. Pre-existing mirrors remain valid. Will be ignored if `mirror.ENABLED` is `false`.
 - `DEFAULT_INTERVAL`: **8h**: Default interval between each check
@ -1235,7 +1141,6 @@ is `data/repo-archive` and the default of `MINIO_BASE_PATH` is `repo-archive/`.
 - `PROXY_HOSTS`: **\<empty\>**: Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.
 i.e.
 ```ini
 PROXY_ENABLED = true
 PROXY_URL = socks://127.0.0.1:1080
@ -1247,4 +1152,3 @@ PROXY_HOSTS = *.github.com
 - `SHOW_FOOTER_BRANDING`: **false**: Show Gitea branding in the footer.
 - `SHOW_FOOTER_VERSION`: **true**: Show Gitea and Go version information in the footer.
 - `SHOW_FOOTER_TEMPLATE_LOAD_TIME`: **true**: Show time of template execution in the footer.
 - `ENABLE_SITEMAP`: **true**: Generate sitemap.
--- a/docs/content/doc/advanced/config-cheat-sheet.zh-cn.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.zh-cn.md
@ -15,14 +15,7 @@ menu:
 # 配置说明
-这是针对Gitea配置文件的说明，你可以了解Gitea的强大配置。需要说明的是，你的所有改变请修改 `custom/conf/app.ini` 文件而不是源文件。
+这是针对Gitea配置文件的说明，你可以了解Gitea的强大配置。需要说明的是，你的所有改变请修改 `custom/conf/app.ini` 文件而不是源文件。所有默认值可以通过 [app.example.ini](https://github.com/go-gitea/gitea/blob/master/custom/conf/app.example.ini) 查看到。如果你发现 `%(X)s` 这样的内容，请查看 [ini](https://github.com/go-ini/ini/#recursive-values) 这里的说明。标注了 :exclamation: 的配置项表明除非你真的理解这个配置项的意义，否则最好使用默认值。
 所有默认值可以通过 [app.example.ini](https://github.com/go-gitea/gitea/blob/master/custom/conf/app.example.ini) 查看到。
 如果你发现 `%(X)s` 这样的内容，请查看 [ini](https://github.com/go-ini/ini/#recursive-values) 这里的说明。
 标注了 :exclamation: 的配置项表明除非你真的理解这个配置项的意义，否则最好使用默认值。
 ## ⚠️时效性警告⚠️
 此文档的内容可能过于陈旧或者错误，请参考英文文档。
 {{< toc >}}
@ -87,7 +80,7 @@ menu:
 - `LFS_START_SERVER`: 是否启用 git-lfs 支持. 可以为 `true` 或 `false`， 默认是 `false`。
 - `LFS_JWT_SECRET`: LFS 认证密钥，改成自己的。
- `LFS_CONTENT_PATH`: **已废弃**, 存放 lfs 命令上传的文件的地方，默认是 `data/lfs`。**废弃** 请使用 `[lfs]` 的设置。
+- `LFS_CONTENT_PATH`: **已废弃**, 存放 lfs 命令上传的文件的地方，默认是 `data/lfs`。
 ## Database (`database`)
@ -180,14 +173,14 @@ menu:
 - `ADAPTER`: **memory**: 缓存引擎，可以为 `memory`, `redis` 或 `memcache`。
 - `INTERVAL`: **60**: 只对内存缓存有效，GC间隔，单位秒。
 - `HOST`: **\<empty\>**: 针对redis和memcache有效，主机地址和端口。
-  - Redis: `network=tcp,addr=127.0.0.1:6379,password=macaron,db=0,pool_size=100,idle_timeout=180`
+    - Redis: `network=tcp,addr=127.0.0.1:6379,password=macaron,db=0,pool_size=100,idle_timeout=180`
-  - Memache: `127.0.0.1:9090;127.0.0.1:9091`
+    - Memache: `127.0.0.1:9090;127.0.0.1:9091`
- `ITEM_TTL`: **16h**: 缓存项目失效时间，设置为 -1 则禁用缓存。
+- `ITEM_TTL`: **16h**: 缓存项目失效时间，设置为 0 则禁用缓存。
 ## Cache - LastCommitCache settings (`cache.last_commit`)
 - `ENABLED`: **true**: 是否启用。
- `ITEM_TTL`: **8760h**: 缓存项目失效时间，设置为 -1 则禁用缓存。
+- `ITEM_TTL`: **8760h**: 缓存项目失效时间，设置为 0 则禁用缓存。
 - `COMMITS_COUNT`: **1000**: 仅当仓库的提交数大于时才启用缓存。
 ## Session (`session`)
@ -246,6 +239,7 @@ file -I test01.xls
 test01.xls: application/vnd.ms-excel; charset=binary
 ```
 ## Log (`log`)
 - `ROOT_PATH`: 日志文件根目录。
@ -257,9 +251,10 @@ test01.xls: application/vnd.ms-excel; charset=binary
 - `ENABLED`: 是否在后台运行定期任务。
 - `RUN_AT_START`: 是否启动时自动运行。
 - `SCHEDULE` 所接受的格式
-  - 完整 crontab 控制, 例如 `* * * * * ?`
+   - 完整 crontab 控制, 例如 `* * * * * ?`
-  - 描述符, 例如 `@midnight`, `@every 1h30m` ...
+   - 描述符, 例如 `@midnight`, `@every 1h30m` ...
-  - 更多细节参见 [cron api文档](https://pkg.go.dev/github.com/gogs/cron@v0.0.0-20171120032916-9f6c956d3e14)
+   - 更多细节参见 [cron api文档](https://pkg.go.dev/github.com/gogs/cron@v0.0.0-20171120032916-9f6c956d3e14)
 ### Cron - Update Mirrors (`cron.update_mirrors`)
@ -299,7 +294,7 @@ test01.xls: application/vnd.ms-excel; charset=binary
 ## API (`api`)
- `ENABLE_SWAGGER`: **true**: 是否启用swagger路由 /api/swagger, /api/v1/swagger etc. endpoints. True 或 false.
+- `ENABLE_SWAGGER`: **true**: 是否启用swagger路由 /api/swagger, /api/v1/swagger etc. endpoints. True 或 false; 默认是  true.
 - `MAX_RESPONSE_ITEMS`: **50**: 一个页面最大的项目数。
 - `DEFAULT_PAGING_NUM`: **30**: API中默认分页条数。
 - `DEFAULT_GIT_TREES_PER_PAGE`: **1000**: GIT TREES API每页的默认最大项数.
@ -323,36 +318,6 @@ IS_INPUT_FILE = false
 - FILE_EXTENSIONS: 关联的文档的扩展名，多个扩展名用都好分隔。
 - RENDER_COMMAND: 工具的命令行命令及参数。
 - IS_INPUT_FILE: 输入方式是最后一个参数为文件路径还是从标准输入读取。
 - RENDER_CONTENT_MODE: **sanitized** 内容如何被渲染。
  - sanitized: 对内容进行净化并渲染到当前页面中，仅有一部分 HTML 标签和属性是被允许的。
  - no-sanitizer: 禁用净化器，把内容渲染到当前页面中。此模式是**不安全**的，如果内容中含有恶意代码，可能会导致 XSS 攻击。
  - iframe: 把内容渲染在一个独立的页面中并使用 iframe 嵌入到当前页面中。使用的 iframe 工作在沙箱模式并禁用了同源请求，JS 代码被安全的从父页面中隔离出去。
 以下两个环境变量将会被传递给渲染命令：
 - `GITEA_PREFIX_SRC`：包含当前的`src`路径的URL前缀，可以被用于链接的前缀。
 - `GITEA_PREFIX_RAW`：包含当前的`raw`路径的URL前缀，可以被用于图片的前缀。
 如果 `RENDER_CONTENT_MODE` 为 `sanitized`，则 Gitea 支持自定义渲染 HTML 的净化策略。以下例子将用 pandoc 支持 KaTeX 输出。
 ```ini
 [markup.sanitizer.TeX]
 ; Pandoc renders TeX segments as <span>s with the "math" class, optionally
 ; with "inline" or "display" classes depending on context.
 ELEMENT = span
 ALLOW_ATTR = class
 REGEXP = ^\s*((math(\s+|$)|inline(\s+|$)|display(\s+|$)))+
 ALLOW_DATA_URI_IMAGES = true
 ```
 - `ELEMENT`: 将要被应用到该策略的 HTML 元素，不能为空。
 - `ALLOW_ATTR`: 将要被应用到该策略的属性，不能为空。
 - `REGEXP`: 正则表达式，用来匹配属性的内容。如果为空，则跟属性内容无关。
 - `ALLOW_DATA_URI_IMAGES`: **false** 允许 data uri 图片 (`<img src="data:image/png;base64,..."/>`)。
 多个净化规则可以被同时定义，只要section名称最后一位不重复即可。如： `[markup.sanitizer.TeX-2]`。
 为了针对一种渲染类型进行一个特殊的净化策略，必须使用形如 `[markup.sanitizer.asciidoc.rule-1]` 的方式来命名 section。
 如果此规则没有匹配到任何渲染类型，它将会被应用到所有的渲染类型。
 ## Time (`time`)
@ -445,7 +410,6 @@ Repository archive 的存储配置。 如果 `STORAGE_TYPE` 为空，则此配
 - `PROXY_HOSTS`: **\<empty\>**: 逗号分隔的多个需要代理的网址，支持 * 号匹配符号， ** 表示匹配所有网站
 i.e.
 ```ini
 PROXY_ENABLED = true
 PROXY_URL = socks://127.0.0.1:1080
--- a/docs/content/doc/advanced/customizing-gitea.en-us.md
+++ b/docs/content/doc/advanced/customizing-gitea.en-us.md
@ -60,15 +60,14 @@ the url `http://gitea.domain.tld/assets/image.png`.
 ## Changing the logo
-To build a custom logo and/or favicon clone the Gitea source repository, replace `assets/logo.svg` and/or `assets/favicon.svg` and run
+To build a custom logo clone the Gitea source repository, replace `assets/logo.svg` and run
-`make generate-images`. `assets/favicon.svg` is used for the favicon only. This will update below output files which you can then place in `$GITEA_CUSTOM/public/img` on your server:
+`make generate-images`. This will update below output files which you can then place in `$GITEA_CUSTOM/public/img` on your server:
- `public/img/logo.svg` - Used for site icon, app icon
+- `public/img/logo.svg` - Used for favicon, site icon, app icon
 - `public/img/logo.png` - Used for Open Graph
 - `public/img/favicon.png` - Used as fallback for browsers that don't support SVG favicons
 - `public/img/avatar_default.png` - Used as the default avatar image
 - `public/img/apple-touch-icon.png` - Used on iOS devices for bookmarks
 - `public/img/favicon.svg` - Used for favicon
 - `public/img/favicon.png` - Used as fallback for browsers that don't support SVG favicons
 In case the source image is not in vector format, you can attempt to convert a raster image using tools like [this](https://www.aconvert.com/image/png-to-svg/).
@ -121,7 +120,7 @@ Apart from `extra_links.tmpl` and `extra_tabs.tmpl`, there are other useful temp
 - `body_inner_pre.tmpl`, before the top navigation bar, but already inside the main container `<div class="full height">`.
 - `body_inner_post.tmpl`, before the end of the main container.
 - `body_outer_post.tmpl`, before the bottom `<footer>` element.
- `footer.tmpl`, right before the end of the `<body>` tag, a good place for additional JavaScript.
+- `footer.tmpl`, right before the end of the `<body>` tag, a good place for additional Javascript.
 #### Example: PlantUML
@ -129,33 +128,30 @@ You can add [PlantUML](https://plantuml.com/) support to Gitea's markdown by usi
 The data is encoded and sent to the PlantUML server which generates the picture. There is an online
 demo server at http://www.plantuml.com/plantuml, but if you (or your users) have sensitive data you
 can set up your own [PlantUML server](https://plantuml.com/server) instead. To set up PlantUML rendering,
-copy JavaScript files from https://gitea.com/davidsvantesson/plantuml-code-highlight and put them in your
+copy javascript files from https://gitea.com/davidsvantesson/plantuml-code-highlight and put them in your
 `$GITEA_CUSTOM/public` folder. Then add the following to `custom/footer.tmpl`:
 ```html
 {{if .RequireHighlightJS}}
 <script src="https://your-server.com/deflate.js"></script>
 <script src="https://your-server.com/encode.js"></script>
 <script src="https://your-server.com/plantuml_codeblock_parse.js"></script>
 <script>
-  $(async () => {
+  <!-- Replace call with address to your plantuml server-->
-    if (!$('.language-plantuml').length) return;
+  parsePlantumlCodeBlocks("http://www.plantuml.com/plantuml");
    await Promise.all([
      $.getScript('https://your-gitea-server.com/assets/deflate.js'),
      $.getScript('https://your-gitea-server.com/assets/encode.js'),
      $.getScript('https://your-gitea-server.com/assets/plantuml_codeblock_parse.js'),
    ]);
    // Replace call with address to your plantuml server
    parsePlantumlCodeBlocks("https://www.plantuml.com/plantuml");
  });
 </script>
 {{end}}
 ```
 You can then add blocks like the following to your markdown:
-```plantuml
+    ```plantuml
-Alice -> Bob: Authentication Request
+        Alice -> Bob: Authentication Request
-Bob --> Alice: Authentication Response
+        Bob --> Alice: Authentication Response
-Alice -> Bob: Another authentication Request
+        Alice -> Bob: Another authentication Request
-Alice <-- Bob: Another authentication Response
+        Alice <-- Bob: Another authentication Response
-```
+    ```
 The script will detect tags with `class="language-plantuml"`, but you can change this by providing a second argument to `parsePlantumlCodeBlocks`.
@ -202,7 +198,7 @@ You can display STL file directly in Gitea by adding:
 to the file `templates/custom/footer.tmpl`
-You also need to download the content of the library [Madeleine.js](https://github.com/beige90/Madeleine.js) and place it under `$GITEA_CUSTOM/public/` folder.
+You also need to download the content of the library [Madeleine.js](https://jinjunho.github.io/Madeleine.js/) and place it under `$GITEA_CUSTOM/public/` folder.
 You should end-up with a folder structure similar to:
@ -303,8 +299,6 @@ LANGS = en-US,foo-BAR
 NAMES = English,FooBar
 ```
 The first locale will be used as the default if user browser's language doesn't match any locale in the list.
 Locales may change between versions, so keeping track of your customized locales is highly encouraged.
 ### Readmes
@ -335,8 +329,8 @@ The list of themes a user can choose from can be configured with the `THEMES` va
 To make a custom theme available to all users:
-1. Add a CSS file to `$GITEA_CUSTOM/public/css/theme-<theme-name>.css`.
+1. Add a CSS file to `$GITEA_PUBLIC/public/css/theme-<theme-name>.css`.
-  The value of `$GITEA_CUSTOM` of your instance can be queried by calling `gitea help` and looking up the value of "CustomPath".
+  The value of `$GITEA_PUBLIC` of your instance can be queried by calling `gitea help` and looking up the value of "CustomPath".
 2. Add `<theme-name>` to the comma-separated list of setting `THEMES` in `app.ini`
 Community themes are listed in [gitea/awesome-gitea#themes](https://gitea.com/gitea/awesome-gitea#themes).
--- a/docs/content/doc/advanced/environment-variables.zh-cn.md
+++ b/docs/content/doc/advanced/environment-variables.zh-cn.md
@ -25,31 +25,31 @@ GITEA_CUSTOM=/home/gitea/custom ./gitea web
 因为 Gitea 使用 Go 语言编写，因此它使用了一些相关的 Go 的配置参数：
-* `GOOS`
+  * `GOOS`
-* `GOARCH`
+  * `GOARCH`
-* [`GOPATH`](https://golang.org/cmd/go/#hdr-GOPATH_environment_variable)
+  * [`GOPATH`](https://golang.org/cmd/go/#hdr-GOPATH_environment_variable)
 您可以在[官方文档](https://golang.org/cmd/go/#hdr-Environment_variables)中查阅这些配置参数的详细信息。
 ## Gitea 的文件目录
-* `GITEA_WORK_DIR`：工作目录的绝对路径
+  * `GITEA_WORK_DIR`：工作目录的绝对路径
-* `GITEA_CUSTOM`：默认情况下 Gitea 使用默认目录 `GITEA_WORK_DIR`/custom，您可以使用这个参数来配置 *custom* 目录
+  * `GITEA_CUSTOM`：默认情况下 Gitea 使用默认目录 `GITEA_WORK_DIR`/custom，您可以使用这个参数来配置 *custom* 目录
-* `GOGS_WORK_DIR`： 已废弃，请使用 `GITEA_WORK_DIR` 替代
+  * `GOGS_WORK_DIR`： 已废弃，请使用 `GITEA_WORK_DIR` 替代
-* `GOGS_CUSTOM`： 已废弃，请使用 `GITEA_CUSTOM` 替代
+  * `GOGS_CUSTOM`： 已废弃，请使用 `GITEA_CUSTOM` 替代
 ## 操作系统配置
-* `USER`：Gitea 运行时使用的系统用户，它将作为一些 repository 的访问地址的一部分
+  * `USER`：Gitea 运行时使用的系统用户，它将作为一些 repository 的访问地址的一部分
-* `USERNAME`： 如果没有配置 `USER`， Gitea 将使用 `USERNAME`
+  * `USERNAME`： 如果没有配置 `USER`， Gitea 将使用 `USERNAME`
-* `HOME`： 用户的 home 目录，在 Windows 中会使用 `USERPROFILE` 环境变量
+  * `HOME`： 用户的 home 目录，在 Windows 中会使用 `USERPROFILE` 环境变量
 ### 仅限于 Windows 的配置
-* `USERPROFILE`： 用户的主目录，如果未配置则会使用 `HOMEDRIVE` + `HOMEPATH`
+  * `USERPROFILE`： 用户的主目录，如果未配置则会使用 `HOMEDRIVE` + `HOMEPATH`
-* `HOMEDRIVE`: 用于访问 home 目录的主驱动器路径（C盘）
+  * `HOMEDRIVE`: 用于访问 home 目录的主驱动器路径（C盘）
-* `HOMEPATH`：在指定主驱动器下的 home 目录相对路径
+  * `HOMEPATH`：在指定主驱动器下的 home 目录相对路径
 ## Miscellaneous
-* `SKIP_MINWINSVC`：如果设置为 1，在 Windows 上不会以 service 的形式运行。
+  * `SKIP_MINWINSVC`：如果设置为 1，在 Windows 上不会以 service 的形式运行。
--- a/docs/content/doc/advanced/external-renderers.en-us.md
+++ b/docs/content/doc/advanced/external-renderers.en-us.md
@ -74,13 +74,12 @@ RENDER_COMMAND = "timeout 30s pandoc +RTS -M512M -RTS -f rst"
 IS_INPUT_FILE = false
 ```
-If your external markup relies on additional classes and attributes on the generated HTML elements, you might need to enable custom sanitizer policies. Gitea uses the [`bluemonday`](https://godoc.org/github.com/microcosm-cc/bluemonday) package as our HTML sanitizer. The example below could be used to support server-side [KaTeX](https://katex.org/) rendering output from [`pandoc`](https://pandoc.org/).
+If your external markup relies on additional classes and attributes on the generated HTML elements, you might need to enable custom sanitizer policies. Gitea uses the [`bluemonday`](https://godoc.org/github.com/microcosm-cc/bluemonday) package as our HTML sanitizier. The example below will support [KaTeX](https://katex.org/) output from [`pandoc`](https://pandoc.org/).
 ```ini
 [markup.sanitizer.TeX]
 ; Pandoc renders TeX segments as <span>s with the "math" class, optionally
 ; with "inline" or "display" classes depending on context.
 ; - note this is different from the built-in math support in our markdown parser which uses <code>
 ELEMENT = span
 ALLOW_ATTR = class
 REGEXP = ^\s*((math(\s+|$)|inline(\s+|$)|display(\s+|$)))+
@ -104,31 +103,9 @@ Once your configuration changes have been made, restart Gitea to have changes ta
 **Note**: Prior to Gitea 1.12 there was a single `markup.sanitiser` section with keys that were redefined for multiple rules, however,
 there were significant problems with this method of configuration necessitating configuration through multiple sections.
 ### Example: HTML
 Render HTML files directly:
 ```ini
 [markup.html]
 ENABLED         = true
 FILE_EXTENSIONS = .html,.htm
 RENDER_COMMAND  = cat
 ; Input is not a standard input but a file
 IS_INPUT_FILE   = true
 [markup.sanitizer.html.1]
 ELEMENT = div
 ALLOW_ATTR = class
 [markup.sanitizer.html.2]
 ELEMENT = a
 ALLOW_ATTR = class
 ```
 ### Example: Office DOCX
 Display Office DOCX files with [`pandoc`](https://pandoc.org/):
 ```ini
 [markup.docx]
 ENABLED = true
@ -140,7 +117,6 @@ ALLOW_DATA_URI_IMAGES = true
 ```
 The template file has the following content:
 ```
 $body$
 ```
@ -148,7 +124,6 @@ $body$
 ### Example: Jupyter Notebook
 Display Jupyter Notebook files with [`nbconvert`](https://github.com/jupyter/nbconvert):
 ```ini
 [markup.jupyter]
 ENABLED = true
@ -160,11 +135,9 @@ ALLOW_DATA_URI_IMAGES = true
 ```
 ## Customizing CSS
-
+The external renderer is specified in the .ini in the format `[markup.XXXXX]` and the HTML supplied by your external renderer will be wrapped in a `<div>` with classes `markup` and `XXXXX`. The `markup` class provides out of the box styling (as does `markdown` if `XXXXX` is `markdown`). Otherwise you can use these classes to specifically target the contents of your rendered HTML. 
 The external renderer is specified in the .ini in the format `[markup.XXXXX]` and the HTML supplied by your external renderer will be wrapped in a `<div>` with classes `markup` and `XXXXX`. The `markup` class provides out of the box styling (as does `markdown` if `XXXXX` is `markdown`). Otherwise you can use these classes to specifically target the contents of your rendered HTML.
 And so you could write some CSS:
 ```css
 .markup.XXXXX html {
  font-size: 100%;
@ -190,7 +163,6 @@ And so you could write some CSS:
 ```
 Add your stylesheet to your custom directory e.g `custom/public/css/my-style-XXXXX.css` and import it using a custom header file `custom/templates/custom/header.tmpl`:
 ```html
 <link type="text/css" href="{{AppSubUrl}}/assets/css/my-style-XXXXX.css" />
 ```
--- a/docs/content/doc/advanced/hacking-on-gitea.zh-cn.md
+++ b/docs/content/doc/advanced/hacking-on-gitea.zh-cn.md
@ -0,0 +1,43 @@
 ---
 date: "2016-12-01T16:00:00+02:00"
 title: "加入 Gitea 开源"
 slug: "hacking-on-gitea"
 weight: 10
 toc: false
 draft: false
 menu:
  sidebar:
    parent: "advanced"
    name: "加入 Gitea 开源"
    weight: 10
    identifier: "hacking-on-gitea"
 ---
 # Hacking on Gitea
 首先你需要一些运行环境，这和 [从源代码安装]({{< relref "from-source.zh-cn.md" >}}) 相同，如果你还没有设置好，可以先阅读那个章节。
 如果你想为 Gitea 贡献代码，你需要 Fork 这个项目并且以 `master` 为开发分支。Gitea 使用 Govendor
 来管理依赖，因此所有依赖项都被工具自动 copy 在 vendor 子目录下。用下面的命令来下载源码：
 ```
 go get -d code.gitea.io/gitea
 ```
 然后你可以在 Github 上 fork [Gitea 项目](https://github.com/go-gitea/gitea)，之后可以通过下面的命令进入源码目录：
 ```
 cd $GOPATH/src/code.gitea.io/gitea
 ```
 要创建 pull requests 你还需要在源码中新增一个 remote 指向你 Fork 的地址，直接推送到 origin 的话会告诉你没有写权限：
 ```
 git remote rename origin upstream
 git remote add origin git@github.com:<USERNAME>/gitea.git
 git fetch --all --prune
 ```
 然后你就可以开始开发了。你可以看一下 `Makefile` 的内容。`make test` 可以运行测试程序， `make build` 将生成一个 `gitea` 可运行文件在根目录。如果你的提交比较复杂，尽量多写一些单元测试代码。
 好了，到这里你已经设置好了所有的开发 Gitea 所需的环境。欢迎成为 Gitea 的 Contributor。
--- a/docs/content/doc/advanced/logging-documentation.en-us.md
+++ b/docs/content/doc/advanced/logging-documentation.en-us.md
@ -15,14 +15,12 @@ menu:
 # Logging Configuration
 The logging framework has been revamped in Gitea 1.9.0.
 **Table of Contents**
 {{< toc >}}
 ## Collecting Logs for Help
 To collect logs for help and issue report, see [Support Options]({{< relref "doc/help/seek-help.en-us.md" >}}).
 ## Log Groups
 The fundamental thing to be aware of in Gitea is that there are several
@ -70,23 +68,16 @@ multiple subloggers that will log to files.
 ### The "Router" logger
-The Router logger has been substantially changed in v1.17. If you are using the router logger for fail2ban or other monitoring
+You can disable Router log by setting `DISABLE_ROUTER_LOG`.
 you will need to update this configuration.
 You can disable Router log by setting `DISABLE_ROUTER_LOG` or by setting all of its sublogger configurations to `none`.
 You can configure the outputs of this
 router log by setting the `ROUTER` value in the `[log]` section of the
-configuration. `ROUTER` will default to `console` if unset and will default to same level as main logger.
+configuration. `ROUTER` will default to `console` if unset. The Gitea
 Router logs at the `Info` level by default, but this can be
 changed if desired by setting the `ROUTER_LOG_LEVEL` value.
-The Router logger logs the following:
+Please note, setting the `LEVEL` of this logger to a level above
-
+`ROUTER_LOG_LEVEL` will result in no router logs.
 - `started` messages will be logged at TRACE level
 - `polling`/`completed` routers will be logged at INFO
 - `slow` routers will be logged at WARN
 - `failed` routers will be logged at WARN
 The logging level for the router will default to that of the main configuration. Set `[log.<mode>.router]` `LEVEL` to change this.
 Each output sublogger for this logger is configured in
 `[log.sublogger.router]` sections. There are certain default values
@ -289,7 +280,6 @@ MODE = console
 LEVEL = debug ; please set the level to debug when we are debugging a problem
 ROUTER = console
 COLORIZE = false ; this can be true if you can strip out the ansi coloring
 ENABLE_SSH_LOG = true ; shows logs related to git over SSH.
 ```
 Sometimes it will be helpful get some specific `TRACE` level logging restricted
@ -351,7 +341,7 @@ recommended that pausing only done for a very short period of time.
 It is possible to add and remove logging whilst Gitea is running using the `gitea manager logging add` and `remove` subcommands.
 This functionality can only adjust running log systems and cannot be used to start the access or router loggers if they
-were not already initialized. If you wish to start these systems you are advised to adjust the app.ini and (gracefully) restart
+were not already initialised. If you wish to start these systems you are advised to adjust the app.ini and (gracefully) restart
 the Gitea service.
 The main intention of these commands is to easily add a temporary logger to investigate problems on running systems where a restart
@ -448,7 +438,7 @@ Gitea includes built-in log rotation, which should be enough for most deployment
 - Disable built-in log rotation by setting `LOG_ROTATE` to `false` in your `app.ini`.
 - Install `logrotate`.
 - Configure `logrotate` to match your deployment requirements, see `man 8 logrotate` for configuration syntax details. In the `postrotate/endscript` block send Gitea a `USR1` signal via `kill -USR1` or `kill -10` to the `gitea` process itself, or run `gitea manager logging release-and-reopen` (with the appropriate environment). Ensure that your configurations apply to all files emitted by Gitea loggers as described in the above sections.
- Always do `logrotate /etc/logrotate.conf --debug` to test your configurations.
+- Always do `logrotate /etc/logrotate.conf --debug` to test your configurations. 
 - If you are using docker and are running from outside of the container you can use `docker exec -u $OS_USER $CONTAINER_NAME sh -c 'gitea manager logging release-and-reopen'` or `docker exec $CONTAINER_NAME sh -c '/bin/s6-svc -1 /etc/s6/gitea/'` or send `USR1` directly to the Gitea process itself.
 The next `logrotate` jobs will include your configurations, so no restart is needed. You can also immediately reload `logrotate` with `logrotate /etc/logrotate.conf --force`.
--- a/docs/content/doc/advanced/mail-templates.en-us.md
+++ b/docs/content/doc/advanced/mail-templates.en-us.md
@ -251,7 +251,7 @@ This template produces something along these lines:
 >
 > \_********************************\_********************************
 >
-> Mike, I think we should tone down the blues a little.
+> Mike, I think we should tone down the blues a little.  
 > \_********************************\_********************************
 >
 > [View it on Gitea](#).
--- a/docs/content/doc/advanced/make.fr-fr.md
+++ b/docs/content/doc/advanced/make.fr-fr.md
@ -0,0 +1,44 @@
 ---
 date: "2017-08-23T09:00:00+02:00"
 title: "Make"
 slug: "make"
 weight: 10
 toc: false
 draft: false
 menu:
  sidebar:
    parent: "advanced"
    name: "Make"
    weight: 30
    identifier: "make"
 ---
 # Make
 Gitea fait largement usage de Make pour automatiser les tâches et avoir un développement plus rapide. Ce guide explique comment installer Make.
 ### Linux
 Vous pouvez installer Make avec votre gestionnaire de paquetages
 Depuis Ubuntu/Debian:
 ```bash
 sudo apt-get install build-essential
 ```
 Depuis Fedora/RHEL/CentOS:
 ```bash
 sudo yum install make
 ```
 ### Windows
 Si vous utilisez Windows, vous pouvez télécharger une des versions suivantes de Make:
 - [Simple binaire](http://www.equation.com/servlet/equation.cmd?fa=make). Copiez-le quelque part et mettez à jour `PATH`.
  - [32-bits version](ftp://ftp.equation.com/make/32/make.exe)
  - [64-bits version](ftp://ftp.equation.com/make/64/make.exe)
 - [MinGW](http://www.mingw.org/) inclut un _build_. Le fichier binaire est nommé `mingw32-make.exe` plutôt que `make.exe`. Ajoutez le dossier `bin` à votre `PATH`.
 - [Chocolatey package](https://chocolatey.org/packages/make). Exécutez `choco install make`.
--- a/docs/content/doc/advanced/make.zh-cn.md
+++ b/docs/content/doc/advanced/make.zh-cn.md
@ -0,0 +1,45 @@
 ---
 date: "2017-01-14T11:00:00-02:00"
 title: "Make 安装"
 slug: "make"
 weight: 10
 toc: false
 draft: false
 menu:
  sidebar:
    parent: "advanced"
    name: "Make 安装"
    weight: 30
    identifier: "make"
 ---
 # 安装 Make
 Gitea 大量使用了 Make 工具来自动执行任务并改进开发，本文将介绍如何安装 Make。
 ### 在 Linux 环境下
 可以使用包管理工具来安装 Make。
 Ubuntu/Debian 环境，执行以下命令：
 ```bash
 sudo apt-get install make
 ```
 Fedora/RHEL/CentOS，执行以下命令：
 ```bash
 sudo yum install make
 ```
 ### 在 Windows 环境下
 您可以参照以下三种方案在 Windows 环境安装 Make：
 - 直接使用 [exe文件](http://www.equation.com/servlet/equation.cmd?fa=make)：将适合您系统的exe文件拷贝到某处并添加至环境变量 `PATH` 中。
  - [32 位版本](ftp://ftp.equation.com/make/32/make.exe)
  - [64 位版本](ftp://ftp.equation.com/make/64/make.exe)
 - 使用 [MinGW](http://www.mingw.org/) 工具：
  - 此处使用二进制文件 `mingw32-make.exe` 替代前面提到的 `make.exe`文件。同样您需要将包含此exe文件的 `bin` 目录添加至环境变量 `PATH`中。
 - 通过 [Chocolatey](https://chocolatey.org/packages/make) 安装： 执行 `choco install make` 命令即可。
--- a/docs/content/doc/advanced/protected-tags.en-us.md
+++ b/docs/content/doc/advanced/protected-tags.en-us.md
@ -15,7 +15,7 @@ menu:
 # Protected tags
-Protected tags allow control over who has permission to create or update Git tags. Each rule allows you to match either an individual tag name, or use an appropriate pattern to control multiple tags at once.
+Protected tags allow control over who has permission to create or update Git tags. Each rule allows you to match either an individual tag name, or use an appropriate pattern to control multiple tags at once. 
 **Table of Contents**
--- a/docs/content/doc/advanced/repo-mirror.en-us.md
+++ b/docs/content/doc/advanced/repo-mirror.en-us.md
@ -37,7 +37,7 @@ For an existing remote repository, you can set up pull mirroring as follows:
 3. Enter a repository URL.
 4. If the repository needs authentication fill in your authentication information.
 5. Check the box **This repository will be a mirror**.
-6. Select **Migrate repository** to save the configuration.
+5. Select **Migrate repository** to save the configuration.
 The repository now gets mirrored periodically from the remote repository. You can force a sync by selecting **Synchronize Now** in the repository settings.
--- a/docs/content/doc/advanced/search-engines-indexation.en-us.md
+++ b/docs/content/doc/advanced/search-engines-indexation.en-us.md
@ -25,6 +25,7 @@ create a file called `robots.txt` in the [`custom` folder or `CustomPath`]({{< r
 Examples on how to configure the `robots.txt` can be found at [https://moz.com/learn/seo/robotstxt](https://moz.com/learn/seo/robotstxt).
 ```txt
 User-agent: *
 Disallow: /
--- a/docs/content/doc/advanced/signing.en-us.md
+++ b/docs/content/doc/advanced/signing.en-us.md
@ -83,7 +83,8 @@ The first option to discuss is the `SIGNING_KEY`. There are three main
 options:
 - `none` - this prevents Gitea from signing any commits
- `default` - Gitea will default to the key configured within `git config`
+- `default` - Gitea will default to the key configured within
  `git config`
 - `KEYID` - Gitea will sign commits with the gpg key with the ID
  `KEYID`. In this case you should provide a `SIGNING_NAME` and
  `SIGNING_EMAIL` to be displayed for this key.
@ -97,13 +98,6 @@ repositories, `SIGNING_KEY=default` could be used to provide different
 signing keys on a per-repository basis. However, this is clearly not an
 ideal UI and therefore subject to change.
 **Since 1.17**, Gitea runs git in its own home directory `[git].HOME_PATH` (default to `%(APP_DATA_PATH)/home`)
 and uses its own config `{[git].HOME_PATH}/.gitconfig`.
 If you have your own customized git config for Gitea, you should set these configs in system git config (aka `/etc/gitconfig`)
 or the Gitea internal git config `{[git].HOME_PATH}/.gitconfig`.
 Related home files for git command (like `.gnupg`) should also be put in Gitea's git home directory `[git].HOME_PATH`.
 If you like to keep the `.gnupg` directory outside of `{[git].HOME_PATH}/`, consider setting the `$GNUPGHOME` environment variable to your preferred location.
 ### `INITIAL_COMMIT`
 This option determines whether Gitea should sign the initial commit
@ -124,7 +118,7 @@ The possible values are:
 - `never`: Never sign
 - `pubkey`: Only sign if the user has a public key
- `twofa`: Only sign if the user logs in with two-factor authentication
+- `twofa`: Only sign if the user logs in with two factor authentication
 - `parentsigned`: Only sign if the parent commit is signed.
 - `always`: Always sign
@ -138,7 +132,7 @@ editor or API CRUD actions. The possible values are:
 - `never`: Never sign
 - `pubkey`: Only sign if the user has a public key
- `twofa`: Only sign if the user logs in with two-factor authentication
+- `twofa`: Only sign if the user logs in with two factor authentication
 - `parentsigned`: Only sign if the parent commit is signed.
 - `always`: Always sign
@ -152,7 +146,7 @@ The possible options are:
 - `never`: Never sign
 - `pubkey`: Only sign if the user has a public key
- `twofa`: Only sign if the user logs in with two-factor authentication
+- `twofa`: Only sign if the user logs in with two factor authentication
 - `basesigned`: Only sign if the parent commit in the base repo is signed.
 - `headsigned`: Only sign if the head commit in the head branch is signed.
 - `commitssigned`: Only sign if all the commits in the head branch to the merge point are signed.
--- a/docs/content/doc/advanced/third-party-tools.zh-cn.md
+++ b/docs/content/doc/advanced/third-party-tools.zh-cn.md
@ -0,0 +1,36 @@
 ---
 date: "2019-03-11T21:45:00+00:00"
 title: "高级: 第三方工具"
 slug: "third-party-tools"
 weight: 50
 toc: false
 draft: false
 menu:
  sidebar:
    parent: "advanced"
    name: "第三方工具"
    weight: 50
    identifier: "third-party-tools"
 ---
 # 第三方工具列表
 **注意:** 这些工具并没有经过Gitea的检验，在这里列出它们只是为了便捷.
 *此列表并不是完整的列表，可以随时咨询如何添加!*
 ### 持续集成
 [BuildKite 连接器](https://github.com/techknowlogick/gitea-buildkite-connector)  
 [Jenkins 插件](https://github.com/jenkinsci/gitea-plugin)  
 [Gitea搭配Drone](https://docs.drone.io/installation/gitea)
 ### 迁移
 [Gitea安装脚本](https://git.coolaj86.com/coolaj86/gitea-installer.sh)  
 [GitHub迁移](https://gitea.com/gitea/migrator)
 ### 移动端
 [安卓客户端GitNex](https://gitlab.com/mmarif4u/gitnex)
 ###  编辑器扩展
 - [Gitea的Visual Studio扩展](https://github.com/maikebing/Gitea.VisualStudio)    从   [Visual Studio 扩展市场](https://marketplace.visualstudio.com/items?itemName=MysticBoy.GiteaExtensionforVisualStudio) 下载
--- a/docs/content/doc/developers.en-us.md
+++ b/docs/content/doc/developers.en-us.md
@ -8,6 +8,6 @@ draft: false
 menu:
  sidebar:
    name: "Developers"
-    weight: 55
+    weight: 50
    identifier: "developers"
 ---
--- a/docs/content/doc/developers.zh-cn.md
+++ b/docs/content/doc/developers.zh-cn.md
@ -8,6 +8,6 @@ draft: false
 menu:
  sidebar:
    name: "开发者"
-    weight: 55
+    weight: 50
    identifier: "developers"
 ---
--- a/Show More
+++ b/Show More
`@ -13,3 +13,5 @@ CUSTOM_PATH="/data/gitea"`

	`# Provide docker defaults`	`# Provide docker defaults`
	`GITEA_WORK_DIR="${GITEA_WORK_DIR:-$WORK_DIR}" GITEA_CUSTOM="${GITEA_CUSTOM:-$CUSTOM_PATH}" exec -a "$0" "$GITEA" $CONF_ARG "$@"`	`GITEA_WORK_DIR="${GITEA_WORK_DIR:-$WORK_DIR}" GITEA_CUSTOM="${GITEA_CUSTOM:-$CUSTOM_PATH}" exec -a "$0" "$GITEA" $CONF_ARG "$@"`