Forgejo v13.0 adds content reporting, stronger security, and improved Actions workflows

Forgejo v13.0 introduces a content reporting system as an initial step toward federation moderation. Users and administrators can now flag problematic users, organizations, repositories, issues, pull requests, or comments, which are then reviewed in the admin interface. Reports for the same content are grouped and display an open report counter, improving visibility for moderators. These updates arrive alongside ongoing work on ActivityPub integration.

Repositories hosted on Pagure can now be migrated to Forgejo, easing transitions for projects like Fedora. Users testing the release can try it on a public instance, though a full backup and review of breaking changes are recommended before upgrading.

Security and usability have also improved. Forgejo Actions now rely on a more secure secrets module, and administrators can enforce two-factor authentication globally or for admins only. Avatar uploads have EXIF metadata automatically removed, with a CLI tool available to clean existing files. Workflows are statically verified in the web UI to catch common syntax or context errors early, and all past action runs are visible with CI status now shown directly next to commit SHAs after force pushes.