Gitea 1.26 adds subpath archive download, OpenAPI rendering, Vite support & security fixes

Gitea 1.26 is now available, featuring key updates for both developer workflow and system administration. Most prominently, users can now download repository subpaths as zip or tarball files, as well as access keyboard shortcuts for file and code search. This release also brings automatic Markdown release notes generation, supporting faster and more consistent release documentation.

Alongside usability improvements, Gitea Actions adds support for concurrency syntax, reusable workflows from private repositories, and a button to re-run failed jobs. These changes are enhanced by new workflow dependency visualization features and configurable permissions for automatic tokens. Actions artifacts can now be downloaded as non-zipped files, and per-runner disable and pause options have been introduced for administrators.

Expanding developer and DevOps support, this update allows Gitea to host Terraform state in its package registry and display rendered OpenAPI documents attached to repositories, enabling in-app exploration of API specifications. Following security improvements, Gitea replaces its cross-site request forgery (CSRF) cookie with a CrossOriginProtection mechanism.

Building on infrastructure upgrades, the front-end toolchain now utilizes Vite instead of webpack, and file editing switches to CodeMirror for in-browser work. Instance-wide banners and maintenance notifications, as well as user badges, further improve the user interface. This release also includes multiple breaking changes, important security fixes, and assorted bug fixes.