From ddc9240a1481e3e6565ebb8e73911aac4ac60ce1 Mon Sep 17 00:00:00 2001
From: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Date: Thu, 10 Jul 2025 10:50:11 +0200
Subject: [PATCH] chore(release-notes): Forgejo v7.0.16 (#8473)

https://codeberg.org/forgejo/forgejo/milestone/17405
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8473
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Co-committed-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
---
 release-notes-published/7.0.16.md | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 release-notes-published/7.0.16.md

diff --git a/release-notes-published/7.0.16.md b/release-notes-published/7.0.16.md
new file mode 100644
index 0000000000..5d09ddc245
--- /dev/null
+++ b/release-notes-published/7.0.16.md
@@ -0,0 +1,11 @@
+## Git update fixing CVE-2025-48385
+
+Git vulnerabilities were [disclosed 8 July 2025](https://groups.google.com/g/git-packagers/c/cYJ6peBtyxk/m/xVukiATcBQAJ) and require an update of the Git version used by Forgejo to Git [v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, or v2.50.1](https://nvd.nist.gov/vuln/detail/CVE-2025-48385). The [containers of this release](https://codeberg.org/forgejo/-/packages/container/forgejo/7.0.16) include a Git binary that is not vulnerable. If Forgejo was installed using a container, it is enough to upgrade  the container to get the latest Git binary.
+
+Security bug fixes are only for Git, there are no security fixes for Forgejo itself in this release.
+
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+<!--end release-notes-assistant-->