The Forgejo team has announced the release of Forgejo 13.0, the latest version of the self-hosted Git forge software, introducing security improvements, new moderation tools, and enhanced usability across the platform.
One of the most notable additions in the new version is a built-in content reporting system designed to make moderation easier on public instances. Users can now report problematic content—such as repositories, issues, comments, or pull requests—directly to administrators.
Moreover, multiple reports for the same item are automatically grouped together in the admin interface.
On the security front, Forgejo now allows administrators to enforce two-factor authentication globally. The new [security].GLOBAL_TWO_FACTOR_REQUIREMENT setting can require all users—or just admins—to use TOTP or similar authentication methods.
In addition, the handling of Forgejo Actions secrets has been upgraded to use a more secure encryption module introduced in 2024, previously used for TOTP secrets since version 10.
On the privacy side, to protect against metadata leaks, the platform now automatically strips EXIF data from uploaded avatar images. Additionally, a new command-line tool, forgejo doctor avatar-strip-exif, allows administrators to clean existing avatars of embedded data such as GPS coordinates or device info.
For developers, Forgejo Actions gains several usability improvements. It’s now possible to view all previous run attempts for a workflow directly in the web UI, making debugging easier. Workflow files are also statically checked to detect common issues, such as typos or invalid contexts, early on, reducing failed runs.
Additional changes include showing tags in commit lists, displaying timestamps on release attachments, and introducing keyboard shortcuts for bold and italic text in the Markdown editor. The CI status of commits is now displayed inline after force pushes, making it easier to review the build state.
On top of that, administrators will notice updated logger configuration names—LOGGER_<NAME>_MODE—which simplifies environment variable usage in containerized setups, such as when deploying Forgejo via Docker or Helm charts.
It’s worth noting that this release also marks another milestone in Forgejo’s time-based release cycle, with new versions planned every three months and LTS ones arriving annually. In light of this, v13.0 will be supported until January 2026.
Finally, Forgejo continues its migration path for users coming from Pagure, a Git-based forge platform, which Fedora officially transitioned away from in December 2024. The built-in migration tool helps organizations seamlessly import repositories and metadata.
Forgejo 13.0 is available for download now, with container images and binaries published on the official site. Before upgrading, users are advised to review the breaking changes section of the release notes and back up their instances as outlined in the upgrade guide.
For more information, see the announcement.
