chore(release-notes): Forgejo v7.0.16 (#8473)

https://codeberg.org/forgejo/forgejo/milestone/17405 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8473 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org> Co-committed-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
2025-08-02 16:35:19 +02:00 · 2025-07-10 10:50:11 +02:00 · 2025-07-10 10:50:11 +02:00 · ddc9240a14
commit ddc9240a14
parent 3c7e3ec9e2
1 changed files with 11 additions and 0 deletions
--- a/release-notes-published/7.0.16.md
+++ b/release-notes-published/7.0.16.md
@ -0,0 +1,11 @@
+## Git update fixing CVE-2025-48385
+
+Git vulnerabilities were [disclosed 8 July 2025](https://groups.google.com/g/git-packagers/c/cYJ6peBtyxk/m/xVukiATcBQAJ) and require an update of the Git version used by Forgejo to Git [v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, or v2.50.1](https://nvd.nist.gov/vuln/detail/CVE-2025-48385). The [containers of this release](https://codeberg.org/forgejo/-/packages/container/forgejo/7.0.16) include a Git binary that is not vulnerable. If Forgejo was installed using a container, it is enough to upgrade  the container to get the latest Git binary.
+
+Security bug fixes are only for Git, there are no security fixes for Forgejo itself in this release.
+
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+<!--end release-notes-assistant-->