This is a security release. See the documentation for more information on the upgrade procedure.
- Security bug fixes
The scope of application tokens was not verified when writing containers or Conan packages. This is of no consequence when the user associated with the application token does not have write access to packages. If the user has write access to packages, such a token can be used to write containers and Conan packages. An application token that was used to write containers or Conan packages without the
package:writescope will now fail with an unauthorized error. It must be re-created to include thepackage:writescope.
- User Interface bug fixes
- PR (backported): Overflow for images on project cards.
- Bug fixes
- PR (backported): The scope of application tokens is not verified when writing containers or Conan packages.
- PR (backported): Run full PR checks on AGit push.
- PR (backported): - commit When a repository is adopted, its object format is not set in the database.
- PR (backported): - commit During a migration from bitbucket, LFS downloads fail.
- Localization
- PR (backported): Backports of #4889 and #4984 to v7