fix: prevent panic when GitLab release has more links than sources#36295
Merged
wxiaoguang merged 4 commits intogo-gitea:mainfrom Jan 5, 2026
Merged
fix: prevent panic when GitLab release has more links than sources#36295wxiaoguang merged 4 commits intogo-gitea:mainfrom
wxiaoguang merged 4 commits intogo-gitea:mainfrom
Conversation
…n sources The code incorrectly assumed rel.Assets.Links and rel.Assets.Sources arrays have equal length. This causes index out of bounds panic when migrating GitLab releases with more links than sources, which is common with GoReleaser-generated releases. The fix sets ContentType to nil instead of using Sources[k].Format. This is safe because ContentType is not actually used when uploading release assets - the repo_model.Attachment struct has no ContentType field, so the value was being discarded anyway. Fixes go-gitea#36292 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
GiteaBot
added
the
lgtm/need 2
lunny
approved these changes
Jan 4, 2026
GiteaBot
added
lgtm/need 1
wxiaoguang
reviewed
Jan 4, 2026
services/migrations/gitlab.go
Outdated
| ID: int64(asset.ID), | ||
| Name: asset.Name, | ||
| ContentType: &rel.Assets.Sources[k].Format, | ||
| ContentType: nil, // GitLab Links don't provide content type |
Contributor
There was a problem hiding this comment.
GitLab never provides the content type? Or it just sometimes doesn't provide the content type?
Any document?
Contributor
Author
There was a problem hiding this comment.
It does for Sources but not for Links. The thing is that the content type is not used at all later in the flow (as far as Claude could find at least) and hence there is no reason for setting it.
Contributor
There was a problem hiding this comment.
If it's sure that "content type is not used", is it better to completely remove this field? From the ReleaseAsset struct?
Contributor
Author
There was a problem hiding this comment.
I can agree on that. Would you like me to do that change in this PR or as a followup PR?
Contributor
There was a problem hiding this comment.
I think it's better to take the best approach in one PR as long as we found one.
Contributor
Author
There was a problem hiding this comment.
Pushed another commit
Contributor
There was a problem hiding this comment.
Since the field has been removed, the test is not needed anymore.
I added some comments for the removal. If we need the content type in the future, the tests should be redesigned.
The ContentType field was never used during release asset upload since repo_model.Attachment has no ContentType field. Remove it from the struct and all migration downloaders. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
wxiaoguang
approved these changes
Jan 5, 2026
GiteaBot
added
lgtm/done
wxiaoguang
changed the title
wxiaoguang
changed the title
wxiaoguang
added
the
topic/repo-migration
wxiaoguang
added
backport/v1.25
GiteaBot
pushed a commit
to GiteaBot/gitea
that referenced
this pull request
Jan 5, 2026
…o-gitea#36295) The code incorrectly assumed rel.Assets.Links and rel.Assets.Sources arrays have equal length. This causes index out of bounds panic when migrating GitLab releases with more links than sources, which is common with GoReleaser-generated releases. Fixes go-gitea#36292 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
wxiaoguang
added a commit
that referenced
this pull request
Jan 5, 2026
zjjhot
added a commit
to zjjhot/gitea
that referenced
this pull request
Jan 7, 2026
* giteaofficial/main: fix: generate IDs for HTML headings without id attribute (go-gitea#36233) Add 'allow_maintainer_edit' API option for creating a pull request (go-gitea#36283) fix: prevent panic when GitLab release has more links than sources (go-gitea#36295)
saschazepter
pushed a commit
to saschazepter/forgejo
that referenced
this pull request
Mar 3, 2026
It is unfortunately all mixed up, because refreshing the data, means breaking the tests. And changing the code means needing fresh data. - tests: ignore some more headers and sort the rest when dumping http responses - code: fixed #10234 by requesting the latest issues first. - tests: created a new repo to replace the disappeared repo, needed for the skip-numbers test - refreshed the testdata. - follow-up fixes to get the tests green. - including a cherry-pick of go-gitea/gitea#36295 and #11272 Co-authored-by: Joakim Olsson <joakim@unbound.se> Co-authored-by: Robert Wolff <mahlzahn@posteo.de> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11282 Reviewed-by: Robert Wolff <mahlzahn@posteo.de> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Reviewed-by: patdyn <patdyn@noreply.codeberg.org> Co-authored-by: oliverpool <git@olivier.pfad.fr> Co-committed-by: oliverpool <git@olivier.pfad.fr>
saschazepter
pushed a commit
to saschazepter/forgejo
that referenced
this pull request
Mar 3, 2026
It is unfortunately all mixed up, because refreshing the data, means breaking the tests. And changing the code means needing fresh data. - tests: ignore some more headers and sort the rest when dumping http responses - code: fixed #10234 by requesting the latest issues first. - tests: created a new repo to replace the disappeared repo, needed for the skip-numbers test - refreshed the testdata. - follow-up fixes to get the tests green. - including a cherry-pick of go-gitea/gitea#36295 and #11272 Co-authored-by: Joakim Olsson <joakim@unbound.se> Co-authored-by: Robert Wolff <mahlzahn@posteo.de> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11282 Reviewed-by: Robert Wolff <mahlzahn@posteo.de> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Reviewed-by: patdyn <patdyn@noreply.codeberg.org> Co-authored-by: oliverpool <git@olivier.pfad.fr> Co-committed-by: oliverpool <git@olivier.pfad.fr> (cherry picked from commit a0d6970)
rohitkumarankam
pushed a commit
to rohitkumarankam/forgejo
that referenced
this pull request
Mar 5, 2026
… (#11484) **Backport:** https://codeberg.org/forgejo/forgejo/pulls/11282 It is unfortunately all mixed up, because refreshing the data, means breaking the tests. And changing the code means needing fresh data. - tests: ignore some more headers and sort the rest when dumping http responses - code: fixed #10234 by requesting the latest issues first. - tests: created a new repo to replace the disappeared repo, needed for the skip-numbers test - refreshed the testdata. - follow-up fixes to get the tests green. - including a cherry-pick of go-gitea/gitea#36295 and #11272 Co-authored-by: oliverpool <git@olivier.pfad.fr> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11484 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Reviewed-by: Robert Wolff <mahlzahn@posteo.de> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
chudnyi
pushed a commit
to integratop/helm-gitea-mirror
that referenced
this pull request
Mar 25, 2026
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [go-gitea/gitea](https://github.com/go-gitea/gitea) | patch | `1.25.3` -> `1.25.4` | --- ### Release Notes <details> <summary>go-gitea/gitea (go-gitea/gitea)</summary> ### [`v1.25.4`](https://github.com/go-gitea/gitea/releases/tag/v1.25.4) [Compare Source](go-gitea/gitea@v1.25.3...v1.25.4) - SECURITY - Release attachments must belong to the intended repo ([#​36347](go-gitea/gitea#36347)) ([#​36375](go-gitea/gitea#36375)) - Fix permission check on org project operations ([#​36318](go-gitea/gitea#36318)) ([#​36373](go-gitea/gitea#36373)) - Clean watches when make a repository private and check permission when send release emails ([#​36319](go-gitea/gitea#36319)) ([#​36370](go-gitea/gitea#36370)) - Add more check for stopwatch read or list ([#​36340](go-gitea/gitea#36340)) ([#​36368](go-gitea/gitea#36368)) - Fix openid setting check ([#​36346](go-gitea/gitea#36346)) ([#​36361](go-gitea/gitea#36361)) - Fix cancel auto merge bug ([#​36341](go-gitea/gitea#36341)) ([#​36356](go-gitea/gitea#36356)) - Fix delete attachment check ([#​36320](go-gitea/gitea#36320)) ([#​36355](go-gitea/gitea#36355)) - LFS locks must belong to the intended repo ([#​36344](go-gitea/gitea#36344)) ([#​36349](go-gitea/gitea#36349)) - Fix bug on notification read ([#​36339](go-gitea/gitea#36339)) [#​36387](go-gitea/gitea#36387) - ENHANCEMENTS - Add more routes to the "expensive" list ([#​36290](go-gitea/gitea#36290)) - Make "commit statuses" API accept slashes in "ref" ([#​36264](go-gitea/gitea#36264)) ([#​36275](go-gitea/gitea#36275)) - BUGFIXES - Fix markdown newline handling during IME composition ([#​36421](go-gitea/gitea#36421)) [#​36424](go-gitea/gitea#36424) - Fix missing repository id when migrating release attachments ([#​36389](go-gitea/gitea#36389)) - Fix bug when compare in the pull request ([#​36363](go-gitea/gitea#36363)) ([#​36372](go-gitea/gitea#36372)) - Fix incorrect text content detection ([#​36364](go-gitea/gitea#36364)) ([#​36369](go-gitea/gitea#36369)) - Fill missing `has_code` in repository api ([#​36338](go-gitea/gitea#36338)) ([#​36359](go-gitea/gitea#36359)) - Fix notifications pagination query parameters ([#​36351](go-gitea/gitea#36351)) ([#​36358](go-gitea/gitea#36358)) - Fix some trivial problems ([#​36336](go-gitea/gitea#36336)) ([#​36337](go-gitea/gitea#36337)) - Prevent panic when GitLab release has more links than sources ([#​36295](go-gitea/gitea#36295)) ([#​36305](go-gitea/gitea#36305)) - Fix stats bug when syncing release ([#​36285](go-gitea/gitea#36285)) ([#​36294](go-gitea/gitea#36294)) - Always honor user's choice for "delete branch after merge" ([#​36281](go-gitea/gitea#36281)) ([#​36286](go-gitea/gitea#36286)) - Use the requested host for LFS links ([#​36242](go-gitea/gitea#36242)) ([#​36258](go-gitea/gitea#36258)) - Fix panic when get editor config file ([#​36241](go-gitea/gitea#36241)) ([#​36247](go-gitea/gitea#36247)) - Fix regression in writing authorized principals ([#​36213](go-gitea/gitea#36213)) ([#​36218](go-gitea/gitea#36218)) - Fix WebAuthn error checking ([#​36219](go-gitea/gitea#36219)) ([#​36235](go-gitea/gitea#36235)) Instances on **[Gitea Cloud](https://cloud.gitea.com)** will be automatically upgraded to this version during the specified maintenance window. </details> --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xOC4xIiwidXBkYXRlZEluVmVyIjoiNDEuMTguMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsia2luZC9kZXBlbmRlbmN5Il19--> Reviewed-on: https://gitea.com/gitea/helm-gitea/pulls/1012 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The code incorrectly assumed rel.Assets.Links and rel.Assets.Sources arrays have equal length. This causes index out of bounds panic when migrating GitLab releases with more links than sources, which is common with GoReleaser-generated releases.
The fix sets ContentType to nil instead of using Sources[k].Format. This is safe because ContentType is not actually used when uploading release assets - the repo_model.Attachment struct has no ContentType field, so the value was being discarded anyway.
Fixes #36292