Optimize Get-Contents API

02a0cfa0a6/io/src/main/scala/sbt/io/IO.scala (L611-L630)

```
/home/runner/work/gitbucket/gitbucket/build.sbt:205: warning: method jar in object IO is deprecated (since 1.3.2): Please specify whether to use a static timestamp
  IO jar (contentMappings.map { case (file, path) => (file, path.toString) }, outputFile, manifest)
     ^
```

.github/CODEOWNERS

@@ -0,0 +1,4 @@
+* @takezoe
+
+build.sbt @xuwei-k
+project/* @xuwei-k

.github/CONTRIBUTING.md

@@ -1,6 +1,6 @@
 # The guidelines for contributing
 
 - At first, see [Wiki](https://github.com/gitbucket/gitbucket/wiki) and check issues and pull requests whether there is a same request in the past.
-- The highest priority of GitBucket is the ease of installation and API compatibility with GitHub, so your feature request might be rejected if they go against those principles. If you don't wanna waste your time to make a pull request, ask us about your idea at [gitter room](https://gitter.im/gitbucket/gitbucket) before staring your work.
+- The highest priority of GitBucket is the ease of installation and API compatibility with GitHub, so your feature request might be rejected if they go against those principles. If you don't wanna waste your time to make a pull request, ask us about your idea at [gitter room](https://gitter.im/gitbucket/gitbucket) before starting your work.
 - You can edit the GitBucket documentation on Wiki if you have a GitHub account. When you find any mistakes or lacks in the documentation, please update it directly.
 - All your contributions are handled as [Apache Software License, Version 2.0](https://github.com/gitbucket/gitbucket/blob/master/LICENSE). When you create a pull request or update the documentation, we assume you agreed this clause.

.github/ISSUE_TEMPLATE.md

@@ -12,7 +12,7 @@
 **Deployment mode**: *explain here how you use GitBucket : standalone app, under webcontainer (which one), with an http frontend (nginx, httpd, ...)*
 
 **Problem description**:
-- *be as explicit has you can*
+- *be as explicit as you can*
 - *describe the problem and its symptoms*
 - *explain how to reproduce*
 - *attach whatever information that can help understanding the context (screen capture, log files)*

.github/workflows/build.yml

@@ -5,13 +5,14 @@ on: [push, pull_request]
 jobs:
   build:
     runs-on: ubuntu-latest
+    timeout-minutes: 30
     strategy:
       matrix:
-        java: [8, 11]
+        java: [8, 11, 17]
     steps:
     - uses: actions/checkout@v2
     - name: Cache
-      uses: actions/cache@v2
+      uses: actions/cache@v2.1.6
       env:
         cache-name: cache-sbt-libs
       with:
@@ -21,11 +22,14 @@ jobs:
           ~/.cache/coursier/v1
         key: build-${{ env.cache-name }}-${{ hashFiles('build.sbt') }}
     - name: Set up JDK
-      uses: actions/setup-java@v1
+      uses: actions/setup-java@v2
       with:
         java-version: ${{ matrix.java }}
+        distribution: adopt
     - name: Run tests
       run: sbt scalafmtSbtCheck scalafmtCheck test:scalafmtCheck test
+    - name: Scala 3
+      run: sbt '++ 3.0.1!' update # TODO
     - name: Build executable
       run: sbt executable
     - name: Upload artifacts

.scala-steward.conf

@@ -0,0 +1,7 @@
+updates.limit = 3
+
+updates.includeScala = true
+
+updates.pin = [
+  { groupId = "org.eclipse.jetty", version = "9." }
+]

CHANGELOG.md

@@ -1,6 +1,26 @@
 # Changelog
 All changes to the project will be documented in this file.
 
+### 4.36.2 - 16 Aug 2021
+- Escape user name in avatar image tag
+
+### 4.36.1 - 22 Jul 2021
+- Bump gitbucket-gist-plugin to 4.21.0
+
+### 4.36.0 - 17 Jul 2021
+- Tag selector in the repository viewer
+- Link issues/pull requests of other repositories
+- Files and lines can be linked in the diff view
+- Option to disable XSS protection
+
+### 4.35.3 - 14 Jan 2021
+- Fix a bug that Wiki page cannot be deleted
+- Fix a deployment issue on Tomcat
+
+### 4.35.2 - 30 Dec 2020
+- Upgrade gitbucket-notifications-plugin to 1.10.0
+- Upgrade oauth2-oidc-sdk to 8.29.1 to solve dependency issue
+
 ### 4.35.1 - 29 Dec 2020
 - Fix database migration issue which happens if webhook is configured
 - Call push webhook when pull request is merged

README.md

@@ -8,6 +8,8 @@ GitBucket is a Git web platform powered by Scala offering:
 - High extensibility by plugins
 - API compatibility with GitHub
 
+![GitBucket](https://gitbucket.github.io/img/screenshots/screenshot-repository_viewer.png)
+
 You can try an [online demo](https://gitbucket.herokuapp.com/) *(ID: root / Pass: root)* of GitBucket, and also get the latest information at [GitBucket News](https://gitbucket.github.io/gitbucket-news/).
 
 Features
@@ -22,8 +24,6 @@ The current version of GitBucket provides many features such as:
 - Account and group management with LDAP integration
 - a Plug-in system
 
-If you want to try the development version of GitBucket, see the [Developer's Guide](https://github.com/gitbucket/gitbucket/blob/master/doc/readme.md).
-
 Installation
 --------
 GitBucket requires **Java8**. You have to install it, if it is not already installed.
@@ -48,30 +48,31 @@ GitBucket has a plug-in system that allows extra functionality. Officially the f
 
 You can find more plugins made by the community at [GitBucket community plugins](https://gitbucket-plugins.github.io/).
 
+Building and Development
+-----------
+If you want to try the development version of GitBucket, or want to contribute to the project, please see the [Developer's Guide](https://github.com/gitbucket/gitbucket/blob/master/doc/readme.md).
+It provides instructions on building from source and on setting up an IDE for debugging. 
+It also contains documentation of the core concepts used within the project.
+
 Support
 --------
 
 - If you have any questions about GitBucket, see [Wiki](https://github.com/gitbucket/gitbucket/wiki) and check issues whether there is a same question or request in the past.
-- If you can't find same question and report, send it to [gitter room](https://gitter.im/gitbucket/gitbucket) before raising an issue.
+- If you can't find same question and report, send it to our [Gitter room](https://gitter.im/gitbucket/gitbucket) before raising an issue.
 - The highest priority of GitBucket is the ease of installation and API compatibility with GitHub, so your feature request might be rejected if they go against those principles.
 
-What's New in 4.35.x
+What's New in 4.36.x
 -------------
-### 4.35.1 - 29 Dec 2020
+### 4.36.2 - 16 Aug 2021
+- Escape user name in avatar image tag
 
-- Fix database migration issue which happens if webhook is configured
-- Call push webhook when pull request is merged
-- Show commit status at commits tab of pull request
+### 4.36.1 - 22 Jul 2021
+- Bump gitbucket-gist-plugin to 4.21.0
 
-### 4.35.0 - 25 Dec 2020
-
-- Editor and source viewer color theme
-- Auto completion for issues and pull requests
-- Upload image from clipboard
-- Close multiple issues by commit comment
-- Create pull request from online editor
-- Milestone overview
-- Commit status at various places
-- WebAPI coverage improvements
+### 4.36.0 - 17 Jul 2021
+- Tag selector in the repository viewer
+- Link issues/pull requests of other repositories
+- Files and lines can be linked in the diff view
+- Option to disable XSS protection
 
 See the [change log](CHANGELOG.md) for all of the updates.

build.sbt

@@ -1,23 +1,21 @@
 import com.typesafe.sbt.license.{DepModuleInfo, LicenseInfo}
-import com.typesafe.sbt.pgp.PgpKeys._
+import com.jsuereth.sbtpgp.PgpKeys._
 
 val Organization = "io.github.gitbucket"
 val Name = "gitbucket"
-val GitBucketVersion = "4.35.1"
-val ScalatraVersion = "2.7.1"
-val JettyVersion = "9.4.32.v20200930"
-val JgitVersion = "5.9.0.202009080501-r"
+val GitBucketVersion = "4.36.2"
+val ScalatraVersion = "2.8.2"
+val JettyVersion = "9.4.44.v20210927"
+val JgitVersion = "5.13.0.202109080827-r"
 
 lazy val root = (project in file("."))
   .enablePlugins(SbtTwirl, ScalatraPlugin)
-  .settings(
-    )
 
 sourcesInBase := false
 organization := Organization
 name := Name
 version := GitBucketVersion
-scalaVersion := "2.13.3"
+scalaVersion := "2.13.7"
 
 scalafmtOnCompile := true
 
@@ -33,64 +31,80 @@ resolvers ++= Seq(
 libraryDependencies ++= Seq(
   "org.eclipse.jgit"                % "org.eclipse.jgit.http.server" % JgitVersion,
   "org.eclipse.jgit"                % "org.eclipse.jgit.archive"     % JgitVersion,
-  "org.scalatra"                    %% "scalatra"                    % ScalatraVersion,
-  "org.scalatra"                    %% "scalatra-json"               % ScalatraVersion,
-  "org.scalatra"                    %% "scalatra-forms"              % ScalatraVersion,
-  "org.json4s"                      %% "json4s-jackson"              % "3.6.10",
-  "commons-io"                      % "commons-io"                   % "2.8.0",
+  "org.scalatra"                    %% "scalatra"                    % ScalatraVersion cross CrossVersion.for3Use2_13,
+  "org.scalatra"                    %% "scalatra-json"               % ScalatraVersion cross CrossVersion.for3Use2_13,
+  "org.scalatra"                    %% "scalatra-forms"              % ScalatraVersion cross CrossVersion.for3Use2_13,
+  "org.json4s"                      %% "json4s-jackson"              % "4.0.3" cross CrossVersion.for3Use2_13,
+  "commons-io"                      % "commons-io"                   % "2.11.0",
   "io.github.gitbucket"             % "solidbase"                    % "1.0.3",
   "io.github.gitbucket"             % "markedj"                      % "1.0.16",
-  "org.apache.commons"              % "commons-compress"             % "1.20",
+  "org.apache.commons"              % "commons-compress"             % "1.21",
   "org.apache.commons"              % "commons-email"                % "1.5",
-  "commons-net"                     % "commons-net"                  % "3.7",
-  "org.apache.httpcomponents"       % "httpclient"                   % "4.5.12",
+  "commons-net"                     % "commons-net"                  % "3.8.0",
+  "org.apache.httpcomponents"       % "httpclient"                   % "4.5.13",
   "org.apache.sshd"                 % "apache-sshd"                  % "2.1.0" exclude ("org.slf4j", "slf4j-jdk14") exclude ("org.apache.sshd", "sshd-mina") exclude ("org.apache.sshd", "sshd-netty"),
-  "org.apache.tika"                 % "tika-core"                    % "1.24.1",
-  "com.github.takezoe"              %% "blocking-slick-32"           % "0.0.12",
+  "org.apache.tika"                 % "tika-core"                    % "2.1.0",
+  "com.github.takezoe"              %% "blocking-slick-32"           % "0.0.12" cross CrossVersion.for3Use2_13,
   "com.novell.ldap"                 % "jldap"                        % "2009-10-07",
   "com.h2database"                  % "h2"                           % "1.4.199",
-  "org.mariadb.jdbc"                % "mariadb-java-client"          % "2.7.0",
-  "org.postgresql"                  % "postgresql"                   % "42.2.6",
-  "ch.qos.logback"                  % "logback-classic"              % "1.2.3",
-  "com.zaxxer"                      % "HikariCP"                     % "3.4.5",
-  "com.typesafe"                    % "config"                       % "1.4.0",
+  "org.mariadb.jdbc"                % "mariadb-java-client"          % "2.7.4",
+  "org.postgresql"                  % "postgresql"                   % "42.3.1",
+  "ch.qos.logback"                  % "logback-classic"              % "1.2.6",
+  "com.zaxxer"                      % "HikariCP"                     % "4.0.3" exclude ("org.slf4j", "slf4j-api"),
+  "com.typesafe"                    % "config"                       % "1.4.1",
   "fr.brouillard.oss.security.xhub" % "xhub4j-core"                  % "1.1.0",
-  "com.github.bkromhout"            % "java-diff-utils"              % "2.1.1",
-  "org.cache2k"                     % "cache2k-all"                  % "1.2.4.Final",
-  "net.coobird"                     % "thumbnailator"                % "0.4.12",
+  "io.github.java-diff-utils"       % "java-diff-utils"              % "4.11",
+  "org.cache2k"                     % "cache2k-all"                  % "1.6.0.Final",
+  "net.coobird"                     % "thumbnailator"                % "0.4.14",
   "com.github.zafarkhaja"           % "java-semver"                  % "0.9.0",
-  "com.nimbusds"                    % "oauth2-oidc-sdk"              % "5.64.4",
+  "com.nimbusds"                    % "oauth2-oidc-sdk"              % "9.19",
   "org.eclipse.jetty"               % "jetty-webapp"                 % JettyVersion % "provided",
   "javax.servlet"                   % "javax.servlet-api"            % "3.1.0" % "provided",
-  "junit"                           % "junit"                        % "4.13" % "test",
-  "org.scalatra"                    %% "scalatra-scalatest"          % ScalatraVersion % "test",
-  "org.mockito"                     % "mockito-core"                 % "3.3.3" % "test",
-  "com.dimafeng"                    %% "testcontainers-scala"        % "0.37.0" % "test",
-  "org.testcontainers"              % "mysql"                        % "1.14.3" % "test",
-  "org.testcontainers"              % "postgresql"                   % "1.14.3" % "test",
+  "junit"                           % "junit"                        % "4.13.2" % "test",
+  "org.scalatra"                    %% "scalatra-scalatest"          % ScalatraVersion % "test" cross CrossVersion.for3Use2_13,
+  "org.mockito"                     % "mockito-core"                 % "4.0.0" % "test",
+  "com.dimafeng"                    %% "testcontainers-scala"        % "0.39.11" % "test",
+  "org.testcontainers"              % "mysql"                        % "1.16.2" % "test",
+  "org.testcontainers"              % "postgresql"                   % "1.16.2" % "test",
   "net.i2p.crypto"                  % "eddsa"                        % "0.3.0",
   "is.tagomor.woothee"              % "woothee-java"                 % "1.11.0",
-  "org.ec4j.core"                   % "ec4j-core"                    % "0.0.3",
-  "org.kohsuke"                     % "github-api"                   % "1.116" % "test"
+  "org.ec4j.core"                   % "ec4j-core"                    % "0.3.0",
+  "org.kohsuke"                     % "github-api"                   % "1.135" % "test"
 )
 
+libraryDependencies ~= {
+  _.map {
+    case x if x.name == "twirl-api" =>
+      x cross CrossVersion.for3Use2_13
+    case x =>
+      x
+  }
+}
+
 // Compiler settings
-scalacOptions := Seq("-deprecation", "-language:postfixOps", "-opt:l:method", "-feature")
-javacOptions in compile ++= Seq("-target", "8", "-source", "8")
-javaOptions in Jetty += "-Dlogback.configurationFile=/logback-dev.xml"
+scalacOptions := Seq(
+  "-deprecation",
+  "-language:postfixOps",
+  "-opt:l:method",
+  "-feature",
+  "-Wunused:imports",
+  "-Wconf:cat=unused&src=twirl/.*:s,cat=unused&src=scala/gitbucket/core/model/[^/]+\\.scala:s"
+)
+compile / javacOptions ++= Seq("-target", "8", "-source", "8")
+Jetty / javaOptions += "-Dlogback.configurationFile=/logback-dev.xml"
 
 // Test settings
 //testOptions in Test += Tests.Argument("-l", "ExternalDBTest")
-javaOptions in Test += "-Dgitbucket.home=target/gitbucket_home_for_test"
-testOptions in Test += Tests.Setup(() => new java.io.File("target/gitbucket_home_for_test").mkdir())
-fork in Test := true
+Test / javaOptions += "-Dgitbucket.home=target/gitbucket_home_for_test"
+Test / testOptions += Tests.Setup(() => new java.io.File("target/gitbucket_home_for_test").mkdir())
+Test / fork := true
 
 // Packaging options
 packageOptions += Package.MainClass("JettyLauncher")
 
 // Assembly settings
-test in assembly := {}
-assemblyMergeStrategy in assembly := {
+assembly / test := {}
+assembly / assemblyMergeStrategy := {
   case PathList("META-INF", xs @ _*) =>
     (xs map { _.toLowerCase }) match {
       case ("manifest.mf" :: Nil) => MergeStrategy.discard
@@ -122,9 +136,9 @@ libraryDependencies ++= Seq(
 )
 
 // Run package task before test to generate target/webapp for integration test
-test in Test := {
+Test / test := {
   _root_.sbt.Keys.`package`.value
-  (test in Test).value
+  (Test / test).value
 }
 
 val executableKey = TaskKey[File]("executable")
@@ -155,7 +169,7 @@ executableKey := {
   IO unzip (warFile, temp)
 
   // include launcher classes
-  val classDir = (Keys.classDirectory in Compile).value
+  val classDir = (Compile / Keys.classDirectory).value
   val launchClasses = Seq("JettyLauncher.class" /*, "HttpsSupportConnector.class" */ )
   launchClasses foreach { name =>
     IO copyFile (classDir / name, temp / name)
@@ -186,7 +200,7 @@ executableKey := {
   manifest.getMainAttributes put (AttrName.MANIFEST_VERSION, "1.0")
   manifest.getMainAttributes put (AttrName.MAIN_CLASS, "JettyLauncher")
   val outputFile = workDir / warName
-  IO jar (contentMappings.map { case (file, path) => (file, path.toString) }, outputFile, manifest)
+  IO jar (contentMappings.map { case (file, path) => (file, path.toString) }, outputFile, manifest, None)
 
   // generate checksums
   Seq(
@@ -258,12 +272,7 @@ pomExtra := (
   </developers>
 )
 
-licenseOverrides := {
-  case DepModuleInfo("com.github.bkromhout", "java-diff-utils", _) =>
-    LicenseInfo(LicenseCategory.Apache, "Apache-2.0", "http://www.apache.org/licenses/LICENSE-2.0")
-}
-
-testOptions in Test ++= {
+Test / testOptions ++= {
   if (scala.util.Properties.isWin) {
     Seq(
       Tests.Exclude(
@@ -276,3 +285,8 @@ testOptions in Test ++= {
     Nil
   }
 }
+
+Jetty / javaOptions ++= Seq(
+  "-Xdebug",
+  "-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=8000"
+)

doc/authenticator.md

@@ -2,7 +2,7 @@ Authentication in Controller
 ========
 GitBucket provides many [authenticators](https://github.com/gitbucket/gitbucket/blob/master/src/main/scala/gitbucket/core/util/Authenticator.scala) to access controlling in the controller.
 
-For example, in the case of `RepositoryViwerController`,
+For example, in the case of `RepositoryViewerController`,
 it references three authenticators: `ReadableUsersAuthenticator`, `ReferrerAuthenticator` and `CollaboratorsAuthenticator`.
 
 ```scala
@@ -19,13 +19,13 @@ trait RepositoryViewerControllerBase extends ControllerBase {
   ...
 ```
 
-Authenticators provides a method to add guard to actions in the controller:
+Authenticators provide a method to add guard to actions in the controller:
 
 - `ReadableUsersAuthenticator` provides `readableUsersOnly` method
 - `ReferrerAuthenticator` provides `referrersOnly` method
 - `CollaboratorsAuthenticator` provides `collaboratorsOnly` method
 
-These methods are available in each actions as below:
+These methods are available in each action as below:
 
 ```scala
 // Allows only the repository owner (or manager for group repository) and administrators.
@@ -38,7 +38,7 @@ get("/:owner/:repository/new/*")(collaboratorsOnly { repository =>
   ...
 })
 
-// Allows only signed in users which can access the repository.
+// Allows only signed-in users which can access the repository.
 post("/:owner/:repository/commit/:id/comment/new", commentForm)(readableUsersOnly { (form, repository) =>
   ...
 })
@@ -50,11 +50,11 @@ Currently, GitBucket provides below authenticators:
 |--------------------------|-----------------|--------------------------------------------------------------------------------------|
 |OneselfAuthenticator      |oneselfOnly      |Allows only oneself and administrators.                                               |
 |OwnerAuthenticator        |ownerOnly        |Allows only the repository owner and administrators.                                  |
-|UsersAuthenticator        |usersOnly        |Allows only signed in users.                                                          |
+|UsersAuthenticator        |usersOnly        |Allows only signed-in users.                                                          |
 |AdminAuthenticator        |adminOnly        |Allows only administrators.                                                           |
 |CollaboratorsAuthenticator|collaboratorsOnly|Allows only collaborators and administrators.                                         |
 |ReferrerAuthenticator     |referrersOnly    |Allows only the repository owner (or manager for group repository) and administrators.|
-|ReadableUsersAuthenticator|readableUsersOnly|Allows only signed in users which can access the repository.                          |
+|ReadableUsersAuthenticator|readableUsersOnly|Allows only signed-in users which can access the repository.                          |
 |GroupManagerAuthenticator |managersOnly     |Allows only the group managers.                                                       |
 
-Of course, if you make a new plugin, you can define a your own authenticator according to requirement in your plugin.
+Of course, if you make a new plugin, you can implement your own authenticator according to requirement in your plugin.

doc/auto_update.md

@@ -2,7 +2,7 @@ Automatic Schema Updating
 ========
 GitBucket updates database schema automatically using [Solidbase](https://github.com/gitbucket/solidbase) in the first run after the upgrading.
 
-To release a new version of GitBucket, add the version definition to the [gitbucket.core.GitBucketCoreModule](https://github.com/gitbucket/gitbucket/blob/master/src/main/scala/gitbucket/core/GitBucketCoreModule.scala) at first.
+To release a new version of GitBucket, add the version definition to [gitbucket.core.GitBucketCoreModule](https://github.com/gitbucket/gitbucket/blob/master/src/main/scala/gitbucket/core/GitBucketCoreModule.scala) at first.
 
 ```scala
 object GitBucketCoreModule extends Module("gitbucket-core",
@@ -17,7 +17,7 @@ object GitBucketCoreModule extends Module("gitbucket-core",
 )
 ```
 
-Next, add a XML file which updates database schema into [/src/main/resources/update/](https://github.com/gitbucket/gitbucket/tree/master/src/main/resources/update) with a filenane defined in `GitBucketCoreModule`.
+Next, add a XML file which updates database schema into [/src/main/resources/update/](https://github.com/gitbucket/gitbucket/tree/master/src/main/resources/update) with a filename defined in `GitBucketCoreModule`.
 
 ```xml
 <?xml version="1.0" encoding="UTF-8"?>
@@ -31,9 +31,9 @@ Next, add a XML file which updates database schema into [/src/main/resources/upd
 </changeSet>
 ```
 
-Solidbase stores the current version to `VERSIONS` table and checks it at start-up. If the stored version differs from the actual version, it executes differences between the stored version and the actual version.
+Solidbase stores the current version to `VERSIONS` table and checks it at start-up. If the stored version different from the actual version, it executes differences between the stored version and the actual version.
 
-We can add the SQL file instead of the XML file using `SqlMigration`. It try to load a SQL file from classpath as following order:
+We can add the SQL file instead of the XML file using `SqlMigration`. It tries to load a SQL file from classpath in the following order:
 
 1. Specified path (if specified)
 2. `${moduleId}_${version}_${database}.sql`
@@ -51,4 +51,4 @@ object GitBucketCoreModule extends Module("gitbucket-core",
 )
 ```
 
-See more details [README of Solidbase](https://github.com/gitbucket/solidbase).
+See more details at [README of Solidbase](https://github.com/gitbucket/solidbase).

doc/build.md

@@ -18,12 +18,12 @@ $ sbt ~jetty:start
 
 Then access `http://localhost:8080/` in your browser. The default administrator account is `root` and password is `root`.
 
-Source code modifications are detected and a reloaded happens automatically. You can modify the logging configuration by editing `src/main/resources/logback-dev.xml`.
+Source code modifications are detected and a reloading happens automatically. You can modify the logging configuration by editing `src/main/resources/logback-dev.xml`.
 
 Build war file
 --------
 
-To build war file, run the following command:
+To build a war file, run the following command:
 
 ```shell
 $ sbt package

project/build.properties

@@ -1 +1 @@
-sbt.version=1.4.6
+sbt.version=1.5.5

project/plugins.sbt

@@ -1,10 +1,11 @@
 scalacOptions ++= Seq("-unchecked", "-deprecation", "-feature")
 
-addSbtPlugin("com.geirsson"     % "sbt-scalafmt"         % "1.5.1")
-addSbtPlugin("com.typesafe.sbt" % "sbt-twirl"            % "1.5.0")
-addSbtPlugin("com.eed3si9n"     % "sbt-assembly"         % "0.15.0")
+addSbtPlugin("org.scalameta"    % "sbt-scalafmt"       % "2.4.3")
+addSbtPlugin("com.typesafe.sbt" % "sbt-twirl"          % "1.5.1")
+addSbtPlugin("com.eed3si9n"     % "sbt-assembly"       % "1.1.0")
 addSbtPlugin("org.scalatra.sbt" % "sbt-scalatra"       % "1.0.4")
-addSbtPlugin("com.jsuereth"     % "sbt-pgp"              % "1.1.2")
+addSbtPlugin("com.github.sbt"   % "sbt-pgp"            % "2.1.2")
 addSbtPlugin("com.typesafe.sbt" % "sbt-license-report" % "1.2.0")
-addSbtPlugin("net.virtual-void" % "sbt-dependency-graph" % "0.9.2")
-addSbtPlugin("org.scoverage"    % "sbt-scoverage"        % "1.6.1")
+addSbtPlugin("org.scoverage"    % "sbt-scoverage"      % "1.9.2")
+
+addDependencyTreePlugin

src/main/java/JettyLauncher.java

@@ -1,51 +1,100 @@
-import org.eclipse.jetty.server.ConnectionFactory;
-import org.eclipse.jetty.server.Connector;
+import org.eclipse.jetty.http.HttpVersion;
 import org.eclipse.jetty.server.Handler;
+import org.eclipse.jetty.server.HttpConfiguration;
 import org.eclipse.jetty.server.HttpConnectionFactory;
+import org.eclipse.jetty.server.SecureRequestCustomizer;
 import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.server.ServerConnector;
+import org.eclipse.jetty.server.SslConnectionFactory;
+import org.eclipse.jetty.server.handler.HandlerList;
+import org.eclipse.jetty.server.handler.SecuredRedirectHandler;
 import org.eclipse.jetty.server.handler.StatisticsHandler;
 import org.eclipse.jetty.server.session.DefaultSessionCache;
 import org.eclipse.jetty.server.session.FileSessionDataStore;
 import org.eclipse.jetty.server.session.SessionCache;
 import org.eclipse.jetty.server.session.SessionHandler;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
 import org.eclipse.jetty.webapp.WebAppContext;
 
 import java.io.File;
+import java.net.InetAddress;
 import java.net.URL;
-import java.net.InetSocketAddress;
 import java.security.ProtectionDomain;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+import java.util.function.Function;
+import java.util.stream.Stream;
+
+import static java.util.function.Function.identity;
+import static java.util.stream.Collectors.toSet;
 
 public class JettyLauncher {
+
+    private interface Defaults {
+
+        String CONNECTORS = "http";
+        String HOST = "0.0.0.0";
+
+        int HTTP_PORT = 8080;
+        int HTTPS_PORT = 8443;
+
+        boolean REDIRECT_HTTPS = false;
+    }
+
+    private interface Connectors {
+
+        String HTTP = "http";
+        String HTTPS = "https";
+    }
+
     public static void main(String[] args) throws Exception {
         System.setProperty("java.awt.headless", "true");
 
-        String host = null;
-        String port = null;
-        InetSocketAddress address = null;
-        String contextPath = "/";
-        String tmpDirPath="";
-        boolean forceHttps = false;
+        String connectors = getEnvironmentVariable("gitbucket.connectors");
+        String host = getEnvironmentVariable("gitbucket.host");
+        String port = getEnvironmentVariable("gitbucket.port");
+        String securePort = getEnvironmentVariable("gitbucket.securePort");
+        String keyStorePath = getEnvironmentVariable("gitbucket.keyStorePath");
+        String keyStorePassword = getEnvironmentVariable("gitbucket.keyStorePassword");
+        String keyManagerPassword = getEnvironmentVariable("gitbucket.keyManagerPassword");
+        String redirectHttps = getEnvironmentVariable("gitbucket.redirectHttps");
+        String contextPath = getEnvironmentVariable("gitbucket.prefix");
+        String tmpDirPath = getEnvironmentVariable("gitbucket.tempDir");
         boolean saveSessions = false;
 
-        host = getEnvironmentVariable("gitbucket.host");
-        port = getEnvironmentVariable("gitbucket.port");
-        contextPath = getEnvironmentVariable("gitbucket.prefix");
-        tmpDirPath = getEnvironmentVariable("gitbucket.tempDir");
-
         for(String arg: args) {
             if(arg.equals("--save_sessions")) {
                 saveSessions = true;
             }
             if(arg.startsWith("--") && arg.contains("=")) {
-                String[] dim = arg.split("=");
-                if(dim.length >= 2) {
+                String[] dim = arg.split("=", 2);
+                if(dim.length == 2) {
                     switch (dim[0]) {
+                        case "--connectors":
+                            connectors = dim[1];
+                            break;
                         case "--host":
                             host = dim[1];
                             break;
                         case "--port":
                             port = dim[1];
                             break;
+                        case "--secure_port":
+                            securePort = dim[1];
+                            break;
+                        case "--key_store_path":
+                            keyStorePath = dim[1];
+                            break;
+                        case "--key_store_password":
+                            keyStorePassword = dim[1];
+                            break;
+                        case "--key_manager_password":
+                            keyManagerPassword = dim[1];
+                            break;
+                        case "--redirect_https":
+                            redirectHttps = dim[1];
+                            break;
                         case "--prefix":
                             contextPath = dim[1];
                             break;
@@ -67,38 +116,69 @@ public class JettyLauncher {
             contextPath = "/" + contextPath;
         }
 
-        if(host != null) {
-            address = new InetSocketAddress(host, getPort(port));
-        } else {
-            address = new InetSocketAddress(getPort(port));
+        final String hostName = InetAddress.getByName(fallback(host, Defaults.HOST)).getHostName();
+
+        final Server server = new Server();
+
+        final Set<String> connectorsSet = Stream.of(fallback(connectors, Defaults.CONNECTORS)
+            .toLowerCase().split(",")).map(String::trim).collect(toSet());
+
+        final List<ServerConnector> connectorInstances = new ArrayList<>();
+
+        final HttpConfiguration httpConfig = new HttpConfiguration();
+        httpConfig.setSendServerVersion(false);
+        if (connectorsSet.contains(Connectors.HTTPS)) {
+            httpConfig.setSecurePort(fallback(securePort, Defaults.HTTPS_PORT, Integer::parseInt));
         }
 
-        Server server = new Server(address);
+        if (connectorsSet.contains(Connectors.HTTP)) {
+            final ServerConnector connector = new ServerConnector(server, new HttpConnectionFactory(httpConfig));
+            connector.setHost(hostName);
+            connector.setPort(fallback(port, Defaults.HTTP_PORT, Integer::parseInt));
 
-//        SelectChannelConnector connector = new SelectChannelConnector();
-//        if(host != null) {
-//            connector.setHost(host);
-//        }
-//        connector.setMaxIdleTime(1000 * 60 * 60);
-//        connector.setSoLingerTime(-1);
-//        connector.setPort(port);
-//        server.addConnector(connector);
+            connectorInstances.add(connector);
+        }
 
-        // Disabling Server header
-        for (Connector connector : server.getConnectors()) {
-            for (ConnectionFactory factory : connector.getConnectionFactories()) {
-                if (factory instanceof HttpConnectionFactory) {
-                    ((HttpConnectionFactory) factory).getHttpConfiguration().setSendServerVersion(false);
-                }
-            }
+        if (connectorsSet.contains(Connectors.HTTPS)) {
+            final SslContextFactory sslContextFactory = new SslContextFactory.Server();
+
+            sslContextFactory.setKeyStorePath(requireNonNull(keyStorePath,
+                "You must specify a path to an SSL keystore via the --key_store_path command line argument" +
+                    " or GITBUCKET_KEYSTOREPATH environment variable."));
+
+            sslContextFactory.setKeyStorePassword(requireNonNull(keyStorePassword,
+                "You must specify a an SSL keystore password via the --key_store_password argument" +
+                    " or GITBUCKET_KEYSTOREPASSWORD environment variable."));
+
+            sslContextFactory.setKeyManagerPassword(requireNonNull(keyManagerPassword,
+                "You must specify a key manager password via the --key_manager_password' argument" +
+                    " or GITBUCKET_KEYMANAGERPASSWORD environment variable."));
+
+            final HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
+            httpsConfig.addCustomizer(new SecureRequestCustomizer());
+
+            final ServerConnector connector = new ServerConnector(server,
+                new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
+                new HttpConnectionFactory(httpsConfig));
+
+            connector.setHost(hostName);
+            connector.setPort(fallback(securePort, Defaults.HTTPS_PORT, Integer::parseInt));
+
+            connectorInstances.add(connector);
         }
 
+        require(!connectorInstances.isEmpty(),
+            "No server connectors could be configured, please check your --connectors command line argument" +
+                " or GITBUCKET_CONNECTORS environment variable.");
+
+        server.setConnectors(connectorInstances.toArray(new ServerConnector[0]));
+
         WebAppContext context = new WebAppContext();
 
         if(saveSessions) {
             File sessDir = new File(getGitBucketHome(), "sessions");
             if(!sessDir.exists()){
-                sessDir.mkdirs();
+                mkdir(sessDir);
             }
             SessionHandler sessions = context.getSessionHandler();
             SessionCache cache = new DefaultSessionCache(sessions);
@@ -112,7 +192,7 @@ public class JettyLauncher {
         if(tmpDirPath == null || tmpDirPath.equals("")){
             tmpDir = new File(getGitBucketHome(), "tmp");
             if(!tmpDir.exists()){
-                tmpDir.mkdirs();
+                mkdir(tmpDir);
             }
         } else {
             tmpDir = new File(tmpDirPath);
@@ -136,13 +216,16 @@ public class JettyLauncher {
         context.setDescriptor(location.toExternalForm() + "/WEB-INF/web.xml");
         context.setServer(server);
         context.setWar(location.toExternalForm());
-        if (forceHttps) {
-            context.setInitParameter("org.scalatra.ForceHttps", "true");
+
+        final HandlerList handlers = new HandlerList();
+
+        if (fallback(redirectHttps, Defaults.REDIRECT_HTTPS, Boolean::parseBoolean)) {
+            handlers.addHandler(new SecuredRedirectHandler());
         }
 
-        Handler handler = addStatisticsHandler(context);
+        handlers.addHandler(addStatisticsHandler(context));
 
-        server.setHandler(handler);
+        server.setHandler(handlers);
         server.setStopAtShutdown(true);
         server.setStopTimeout(7_000);
         server.start();
@@ -170,11 +253,28 @@ public class JettyLauncher {
         }
     }
 
-    private static int getPort(String port){
-        if(port == null) {
-            return 8080;
-        } else {
-            return Integer.parseInt(port);
+    private static <T, R> T fallback(R value, T defaultValue, Function<R, T> converter) {
+        return value == null ? defaultValue : converter.apply(value);
+    }
+
+    private static <T> T fallback(T value, T defaultValue) {
+        return fallback(value, defaultValue, identity());
+    }
+
+    private static void require(boolean condition, String message) {
+        if (!condition) {
+            throw new IllegalArgumentException(message);
+        }
+    }
+
+    private static <T> T requireNonNull(T value, String message) {
+        require(value != null, message);
+        return value;
+    }
+
+    private static void mkdir(File dir) {
+        if (!dir.mkdirs()) {
+            throw new RuntimeException("Unable to create directory: " + dir);
         }
     }
 

src/main/java/gitbucket/core/util/PatchUtil.java

@@ -20,15 +20,15 @@ public class PatchUtil {
     public static String apply(String source, String patch, FileHeader fh)
             throws IOException, PatchApplyException {
         RawText rt = new RawText(source.getBytes("UTF-8"));
-        List<String> oldLines = new ArrayList<String>(rt.size());
+        List<String> oldLines = new ArrayList<>(rt.size());
         for (int i = 0; i < rt.size(); i++)
             oldLines.add(rt.getString(i));
-        List<String> newLines = new ArrayList<String>(oldLines);
+        List<String> newLines = new ArrayList<>(oldLines);
         for (HunkHeader hh : fh.getHunks()) {
             ByteArrayOutputStream out = new ByteArrayOutputStream();
             out.write(patch.getBytes("UTF-8"), hh.getStartOffset(), hh.getEndOffset() - hh.getStartOffset());
             RawText hrt = new RawText(out.toByteArray());
-            List<String> hunkLines = new ArrayList<String>(hrt.size());
+            List<String> hunkLines = new ArrayList<>(hrt.size());
             for (int i = 0; i < hrt.size(); i++)
                 hunkLines.add(hrt.getString(i));
             int pos = 0;

src/main/resources/bundle-plugins.txt

@@ -1,4 +1,4 @@
-notifications:1.9.0
-gist:4.20.0
+notifications:1.10.0
+gist:4.21.0
 emoji:4.6.0
-pages:1.9.0
+pages:1.10.0

src/main/resources/update/gitbucket-core_4.36.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<changeSet>
+  <addColumn tableName="REPOSITORY">
+    <column name="SAFE_MODE" type="boolean" nullable="false" defaultValue="true"/>
+  </addColumn>
+</changeSet>

src/main/scala/ScalatraBootstrap.scala

@@ -2,7 +2,6 @@ import java.util.EnumSet
 import javax.servlet._
 
 import gitbucket.core.controller.{ReleaseController, _}
-import gitbucket.core.plugin.PluginRegistry
 import gitbucket.core.service.SystemSettingsService
 import gitbucket.core.servlet._
 import gitbucket.core.util.Directory

src/main/scala/gitbucket/core/GitBucketCoreModule.scala

@@ -3,7 +3,6 @@ package gitbucket.core
 import java.io.FileOutputStream
 import java.nio.charset.StandardCharsets
 import java.sql.Connection
-import java.util
 import java.util.UUID
 
 import gitbucket.core.model.Activity
@@ -12,7 +11,7 @@ import gitbucket.core.util.JDBCUtil
 import io.github.gitbucket.solidbase.Solidbase
 import io.github.gitbucket.solidbase.migration.{LiquibaseMigration, Migration, SqlMigration}
 import io.github.gitbucket.solidbase.model.{Module, Version}
-import org.json4s.NoTypeHints
+import org.json4s.{Formats, NoTypeHints}
 import org.json4s.jackson.Serialization
 import org.json4s.jackson.Serialization.write
 
@@ -84,8 +83,8 @@ object GitBucketCoreModule
       new Version(
         "4.34.0",
         new Migration() {
-          override def migrate(moduleId: String, version: String, context: util.Map[String, AnyRef]): Unit = {
-            implicit val formats = Serialization.formats(NoTypeHints)
+          override def migrate(moduleId: String, version: String, context: java.util.Map[String, AnyRef]): Unit = {
+            implicit val formats: Formats = Serialization.formats(NoTypeHints)
             import JDBCUtil._
 
             val conn = context.get(Solidbase.CONNECTION).asInstanceOf[Connection]
@@ -116,4 +115,9 @@ object GitBucketCoreModule
       ),
       new Version("4.35.0", new LiquibaseMigration("update/gitbucket-core_4.35.xml")),
       new Version("4.35.1"),
+      new Version("4.35.2"),
+      new Version("4.35.3"),
+      new Version("4.36.0", new LiquibaseMigration("update/gitbucket-core_4.36.xml")),
+      new Version("4.36.1"),
+      new Version("4.36.2")
     )

src/main/scala/gitbucket/core/api/ApiBranchProtection.scala

@@ -66,7 +66,7 @@ object ApiBranchProtection {
       }
   }
 
-  implicit val enforcementLevelSerializer = new CustomSerializer[EnforcementLevel](
+  implicit val enforcementLevelSerializer: CustomSerializer[EnforcementLevel] = new CustomSerializer[EnforcementLevel](
     format =>
       (
         {

src/main/scala/gitbucket/core/api/ApiContents.scala

@@ -28,7 +28,7 @@ object ApiContents {
               "file",
               fileInfo.name,
               fileInfo.path,
-              fileInfo.commitId,
+              fileInfo.id.getName,
               Some(Base64.getEncoder.encodeToString(arr)),
               Some("base64")
             )(repositoryName)

src/main/scala/gitbucket/core/api/ApiIssue.scala

@@ -17,7 +17,8 @@ case class ApiIssue(
   state: String,
   created_at: Date,
   updated_at: Date,
-  body: String
+  body: String,
+  milestone: Option[ApiMilestone]
 )(repositoryName: RepositoryName, isPullRequest: Boolean) {
   val id = 0 // dummy id
   val assignees = List(assignee).flatten
@@ -43,7 +44,8 @@ object ApiIssue {
     repositoryName: RepositoryName,
     user: ApiUser,
     assignee: Option[ApiUser],
-    labels: List[ApiLabel]
+    labels: List[ApiLabel],
+    milestone: Option[ApiMilestone]
   ): ApiIssue =
     ApiIssue(
       number = issue.issueId,
@@ -51,6 +53,7 @@ object ApiIssue {
       user = user,
       assignee = assignee,
       labels = labels,
+      milestone = milestone,
       state = if (issue.closed) { "closed" } else { "open" },
       body = issue.content.getOrElse(""),
       created_at = issue.registeredDate,

src/main/scala/gitbucket/core/api/ApiPlugin.scala

@@ -1,6 +1,6 @@
 package gitbucket.core.api
 
-import gitbucket.core.plugin.{PluginRegistry, PluginInfo}
+import gitbucket.core.plugin.PluginInfo
 
 case class ApiPlugin(
   id: String,

src/main/scala/gitbucket/core/api/ApiWebhook.scala

@@ -1,8 +1,6 @@
 package gitbucket.core.api
 
-import gitbucket.core.model.Profile.{RepositoryWebHookEvents, RepositoryWebHooks}
 import gitbucket.core.model.{RepositoryWebHook, WebHook}
-import gitbucket.core.util.RepositoryName
 
 /**
  * https://docs.github.com/en/rest/reference/repos#webhooks

src/main/scala/gitbucket/core/controller/AccountController.scala

@@ -86,7 +86,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
 
   val newForm = mapping(
     "userName" -> trim(label("User name", text(required, maxlength(100), identifier, uniqueUserName, reservedNames))),
-    "password" -> trim(label("Password", text(required, maxlength(20)))),
+    "password" -> trim(label("Password", text(required, maxlength(40)))),
     "fullName" -> trim(label("Full Name", text(required, maxlength(100)))),
     "mailAddress" -> trim(label("Mail Address", text(required, maxlength(100), uniqueMailAddress()))),
     "extraMailAddresses" -> list(
@@ -98,7 +98,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
   )(AccountNewForm.apply)
 
   val editForm = mapping(
-    "password" -> trim(label("Password", optional(text(maxlength(20))))),
+    "password" -> trim(label("Password", optional(text(maxlength(40))))),
     "fullName" -> trim(label("Full Name", text(required, maxlength(100)))),
     "mailAddress" -> trim(label("Mail Address", text(required, maxlength(100), uniqueMailAddress("userName")))),
     "extraMailAddresses" -> list(
@@ -434,7 +434,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
 
   post("/:userName/_personalToken", personalTokenForm)(oneselfOnly { form =>
     val userName = params("userName")
-    getAccountByUserName(userName).map { x =>
+    getAccountByUserName(userName).foreach { x =>
       val (tokenId, token) = generateAccessToken(userName, form.note)
       flash.update("generatedToken", (tokenId, token))
     }
@@ -629,7 +629,9 @@ trait AccountControllerBase extends AccountManagementControllerBase {
   }
 
   get("/groups/new")(usersOnly {
-    html.creategroup(List(GroupMember("", context.loginAccount.get.userName, true)))
+    context.withLoginAccount { loginAccount =>
+      html.creategroup(List(GroupMember("", loginAccount.userName, true)))
+    }
   })
 
   post("/groups/new", newGroupForm)(usersOnly { form =>
@@ -650,16 +652,14 @@ trait AccountControllerBase extends AccountManagementControllerBase {
   })
 
   get("/:groupName/_editgroup")(managersOnly {
-    defining(params("groupName")) { groupName =>
+    val groupName = params("groupName")
     getAccountByUserName(groupName, true).map { account =>
       html.editgroup(account, getGroupMembers(groupName), flash.get("info"))
     } getOrElse NotFound()
-    }
   })
 
   get("/:groupName/_deletegroup")(managersOnly {
-    defining(params("groupName")) {
-      groupName =>
+    val groupName = params("groupName")
     // Remove from GROUP_MEMBER
     updateGroupMembers(groupName, Nil)
     // Disable group
@@ -673,14 +673,12 @@ trait AccountControllerBase extends AccountManagementControllerBase {
 //        FileUtils.deleteDirectory(getWikiRepositoryDir(groupName, repositoryName))
 //        FileUtils.deleteDirectory(getTemporaryDir(groupName, repositoryName))
 //      }
-    }
     redirect("/")
   })
 
   post("/:groupName/_editgroup", editGroupForm)(managersOnly { form =>
-    defining(
-      params("groupName"),
-      form.members
+    val groupName = params("groupName")
+    val members = form.members
       .split(",")
       .map {
         _.split(":") match {
@@ -688,8 +686,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
         }
       }
       .toList
-    ) {
-      case (groupName, members) =>
+
     getAccountByUserName(groupName, true).map { account =>
       updateGroup(groupName, form.description, form.url, false)
 
@@ -709,25 +706,35 @@ trait AccountControllerBase extends AccountManagementControllerBase {
       redirect(s"/${groupName}/_editgroup")
 
     } getOrElse NotFound()
-    }
   })
 
   /**
    * Show the new repository form.
    */
   get("/new")(usersOnly {
-    html.newrepo(getGroupsByUserName(context.loginAccount.get.userName), context.settings.isCreateRepoOptionPublic)
+    context.withLoginAccount { loginAccount =>
+      html.newrepo(getGroupsByUserName(loginAccount.userName), context.settings.isCreateRepoOptionPublic)
+    }
   })
 
   /**
    * Create new repository.
    */
   post("/new", newRepositoryForm)(usersOnly { form =>
-    if (context.settings.repositoryOperation.create || context.loginAccount.get.isAdmin) {
+    context.withLoginAccount {
+      loginAccount =>
+        if (context.settings.repositoryOperation.create || loginAccount.isAdmin) {
           LockUtil.lock(s"${form.owner}/${form.name}") {
-        if (getRepository(form.owner, form.name).isEmpty) {
+            if (getRepository(form.owner, form.name).isDefined) {
+              // redirect to the repository if repository already exists
+              redirect(s"/${form.owner}/${form.name}")
+            } else if (!canCreateRepository(form.owner, loginAccount)) {
+              // Permission error
+              Forbidden()
+            } else {
+              // create repository asynchronously
               createRepository(
-            context.loginAccount.get,
+                loginAccount,
                 form.owner,
                 form.name,
                 form.description,
@@ -735,15 +742,17 @@ trait AccountControllerBase extends AccountManagementControllerBase {
                 form.initOption,
                 form.sourceUrl
               )
-        }
-      }
               // redirect to the repository
               redirect(s"/${form.owner}/${form.name}")
+            }
+          }
         } else Forbidden()
+    }
   })
 
   get("/:owner/:repository/fork")(readableUsersOnly { repository =>
-    val loginAccount = context.loginAccount.get
+    context.withLoginAccount {
+      loginAccount =>
         if (repository.repository.options.allowFork && (context.settings.repositoryOperation.fork || loginAccount.isAdmin)) {
           val loginUserName = loginAccount.userName
           val groups = getGroupsByUserName(loginUserName)
@@ -765,18 +774,22 @@ trait AccountControllerBase extends AccountManagementControllerBase {
             case _ => redirect(s"/${loginUserName}")
           }
         } else BadRequest()
+    }
   })
 
   post("/:owner/:repository/fork", accountForm)(readableUsersOnly { (form, repository) =>
-    val loginAccount = context.loginAccount.get
+    context.withLoginAccount {
+      loginAccount =>
         if (repository.repository.options.allowFork && (context.settings.repositoryOperation.fork || loginAccount.isAdmin)) {
           val loginUserName = loginAccount.userName
           val accountName = form.accountName
 
-      if (getRepository(accountName, repository.name).isDefined ||
-          (accountName != loginUserName && !getGroupsByUserName(loginUserName).contains(accountName))) {
+          if (getRepository(accountName, repository.name).isDefined) {
             // redirect to the repository if repository already exists
             redirect(s"/${accountName}/${repository.name}")
+          } else if (!canCreateRepository(accountName, loginAccount)) {
+            // Permission error
+            Forbidden()
           } else {
             // fork repository asynchronously
             forkRepository(accountName, repository, loginUserName)
@@ -784,6 +797,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
             redirect(s"/${accountName}/${repository.name}")
           }
         } else Forbidden()
+    }
   })
 
   private def existsAccount: Constraint = new Constraint() {

src/main/scala/gitbucket/core/controller/ControllerBase.scala

@@ -28,6 +28,7 @@ import org.eclipse.jgit.revwalk.RevCommit
 import org.eclipse.jgit.treewalk._
 import org.apache.commons.io.IOUtils
 import org.slf4j.LoggerFactory
+import org.json4s.Formats
 
 /**
  * Provides generic features for controller implementations.
@@ -43,7 +44,7 @@ abstract class ControllerBase
 
   private val logger = LoggerFactory.getLogger(getClass)
 
-  implicit val jsonFormats = gitbucket.core.api.JsonFormat.jsonFormats
+  implicit val jsonFormats: Formats = gitbucket.core.api.JsonFormat.jsonFormats
 
   before("/api/v3/*") {
     contentType = formats("json")
@@ -157,11 +158,8 @@ abstract class ControllerBase
           org.scalatra.Unauthorized(
             redirect(
               "/signin?redirect=" + StringUtil.urlEncode(
-                defining(request.getQueryString) { queryString =>
-                  request.getRequestURI.substring(request.getContextPath.length) + (if (queryString != null)
-                                                                                      "?" + queryString
-                                                                                    else "")
-                }
+                request.getRequestURI
+                  .substring(request.getContextPath.length) + Option(request.getQueryString).map("?" + _).getOrElse("")
               )
             )
           )
@@ -255,7 +253,7 @@ abstract class ControllerBase
     repository: RepositoryService.RepositoryInfo
   ): Unit = {
     JGitUtil.getObjectLoaderFromId(git, objectId) { loader =>
-      contentType = FileUtil.getSafeMimeType(path)
+      contentType = FileUtil.getSafeMimeType(path, repository.repository.options.safeMode)
 
       if (loader.isLarge) {
         response.setContentLength(loader.getSize.toInt)
@@ -302,14 +300,21 @@ case class Context(
   }
   val sidebarCollapse = request.getSession.getAttribute("sidebar-collapse") != null
 
+  def withLoginAccount(f: Account => Any): Any = {
+    loginAccount match {
+      case Some(loginAccount) => f(loginAccount)
+      case None               => Unauthorized()
+    }
+  }
+
   /**
    * Get object from cache.
    *
    * If object has not been cached with the specified key then retrieves by given action.
    * Cached object are available during a request.
    */
-  def cache[A](key: String)(action: => A): A =
-    defining(Keys.Request.Cache(key)) { cacheKey =>
+  def cache[A](key: String)(action: => A): A = {
+    val cacheKey = Keys.Request.Cache(key)
     Option(request.getAttribute(cacheKey).asInstanceOf[A]).getOrElse {
       val newObject = action
       request.setAttribute(cacheKey, newObject)

src/main/scala/gitbucket/core/controller/DashboardController.scala

@@ -1,6 +1,7 @@
 package gitbucket.core.controller
 
 import gitbucket.core.dashboard.html
+import gitbucket.core.model.Account
 import gitbucket.core.service._
 import gitbucket.core.util.{Keys, UsersAuthenticator}
 import gitbucket.core.util.Implicits._
@@ -34,45 +35,63 @@ trait DashboardControllerBase extends ControllerBase {
     with UsersAuthenticator =>
 
   get("/dashboard/repos")(usersOnly {
+    context.withLoginAccount { loginAccount =>
       val repos = getVisibleRepositories(
         context.loginAccount,
         None,
         withoutPhysicalInfo = true,
         limit = context.settings.limitVisibleRepositories
       )
-    html.repos(getGroupNames(context.loginAccount.get.userName), repos, repos)
+      html.repos(getGroupNames(loginAccount.userName), repos, repos)
+    }
   })
 
   get("/dashboard/issues")(usersOnly {
-    searchIssues("created_by")
+    context.withLoginAccount { loginAccount =>
+      searchIssues(loginAccount, "created_by")
+    }
   })
 
   get("/dashboard/issues/assigned")(usersOnly {
-    searchIssues("assigned")
+    context.withLoginAccount { loginAccount =>
+      searchIssues(loginAccount, "assigned")
+    }
   })
 
   get("/dashboard/issues/created_by")(usersOnly {
-    searchIssues("created_by")
+    context.withLoginAccount { loginAccount =>
+      searchIssues(loginAccount, "created_by")
+    }
   })
 
   get("/dashboard/issues/mentioned")(usersOnly {
-    searchIssues("mentioned")
+    context.withLoginAccount { loginAccount =>
+      searchIssues(loginAccount, "mentioned")
+    }
   })
 
   get("/dashboard/pulls")(usersOnly {
-    searchPullRequests("created_by")
+    context.withLoginAccount { loginAccount =>
+      searchPullRequests(loginAccount, "created_by")
+    }
   })
 
   get("/dashboard/pulls/created_by")(usersOnly {
-    searchPullRequests("created_by")
+    context.withLoginAccount { loginAccount =>
+      searchPullRequests(loginAccount, "created_by")
+    }
   })
 
   get("/dashboard/pulls/assigned")(usersOnly {
-    searchPullRequests("assigned")
+    context.withLoginAccount { loginAccount =>
+      searchPullRequests(loginAccount, "assigned")
+    }
   })
 
   get("/dashboard/pulls/mentioned")(usersOnly {
-    searchPullRequests("mentioned")
+    context.withLoginAccount { loginAccount =>
+      searchPullRequests(loginAccount, "mentioned")
+    }
   })
 
   private def getOrCreateCondition(key: String, filter: String, userName: String) = {
@@ -85,10 +104,10 @@ trait DashboardControllerBase extends ControllerBase {
     }
   }
 
-  private def searchIssues(filter: String) = {
+  private def searchIssues(loginAccount: Account, filter: String) = {
     import IssuesService._
 
-    val userName = context.loginAccount.get.userName
+    val userName = loginAccount.userName
     val condition = getOrCreateCondition(Keys.Session.DashboardIssues, filter, userName)
     val userRepos = getUserRepositories(userName, true).map(repo => repo.owner -> repo.name)
     val page = IssueSearchCondition.page(request)
@@ -115,11 +134,11 @@ trait DashboardControllerBase extends ControllerBase {
     )
   }
 
-  private def searchPullRequests(filter: String) = {
+  private def searchPullRequests(loginAccount: Account, filter: String) = {
     import IssuesService._
     import PullRequestService._
 
-    val userName = context.loginAccount.get.userName
+    val userName = loginAccount.userName
     val condition = getOrCreateCondition(Keys.Session.DashboardPulls, filter, userName)
     val allRepos = getAllRepositories(userName)
     val page = IssueSearchCondition.page(request)

src/main/scala/gitbucket/core/controller/FileUploadController.scala

@@ -6,7 +6,6 @@ import gitbucket.core.model.Account
 import gitbucket.core.service.{AccountService, ReleaseService, RepositoryService}
 import gitbucket.core.servlet.Database
 import gitbucket.core.util._
-import gitbucket.core.util.SyntaxSugars._
 import gitbucket.core.util.Directory._
 import gitbucket.core.util.Implicits._
 import org.eclipse.jgit.api.Git
@@ -18,6 +17,7 @@ import org.apache.commons.io.{FileUtils, IOUtils}
 
 import scala.util.Using
 import gitbucket.core.service.SystemSettingsService
+import slick.jdbc.JdbcBackend.Session
 
 /**
  * Provides Ajax based file upload functionality.
@@ -40,7 +40,7 @@ class FileUploadController
           .writeByteArrayToFile(new File(getTemporaryDir(session.getId), FileUtil.checkFilename(fileId)), file.get())
         session += Keys.Session.Upload(fileId) -> file.name
       },
-      FileUtil.isImage
+      FileUtil.isImage(_)
     )
   }
 
@@ -131,7 +131,7 @@ class FileUploadController
     } getOrElse BadRequest()
   }
 
-  post("/release/:owner/:repository/:tag") {
+  post("/release/:owner/:repository/*") {
     setMultipartConfigForLargeFile()
     session
       .get(Keys.Session.LoginAccount)
@@ -139,7 +139,7 @@ class FileUploadController
         case _: Account =>
           val owner = params("owner")
           val repository = params("repository")
-          val tag = params("tag")
+          val tag = multiParams("splat").head
           execute(
             { (file, fileId) =>
               FileUtils.writeByteArrayToFile(
@@ -178,7 +178,7 @@ class FileUploadController
   }
 
   private def onlyWikiEditable(owner: String, repository: String, loginAccount: Account)(action: => Any): Any = {
-    implicit val session = Database.getSession(request)
+    implicit val session: Session = Database.getSession(request)
     getRepository(owner, repository) match {
       case Some(x) =>
         x.repository.options.wikiOption match {
@@ -191,14 +191,13 @@ class FileUploadController
     }
   }
 
-  private def execute(f: (FileItem, String) => Unit, mimeTypeChcker: (String) => Boolean) =
+  private def execute(f: (FileItem, String) => Unit, mimeTypeChecker: (String) => Boolean) =
     fileParams.get("file") match {
-      case Some(file) if (mimeTypeChcker(file.name)) =>
-        defining(FileUtil.generateFileId) { fileId =>
+      case Some(file) if mimeTypeChecker(file.name) =>
+        val fileId = FileUtil.generateFileId
         f(file, fileId)
         contentType = "text/plain"
         Ok(fileId)
-        }
       case _ => BadRequest()
     }
 

src/main/scala/gitbucket/core/controller/IndexController.scala

@@ -8,7 +8,6 @@ import gitbucket.core.helper.xml
 import gitbucket.core.model.Account
 import gitbucket.core.service._
 import gitbucket.core.util.Implicits._
-import gitbucket.core.util.SyntaxSugars._
 import gitbucket.core.util._
 import gitbucket.core.view.helpers._
 import org.scalatra.Ok
@@ -237,13 +236,13 @@ trait IndexControllerBase extends ControllerBase {
 
   // TODO Move to RepositoryViewrController?
   get("/:owner/:repository/search")(referrersOnly { repository =>
-    defining(params.getOrElse("q", "").trim, params.getOrElse("type", "code")) {
-      case (query, target) =>
+    val query = params.getOrElse("q", "").trim
+    val target = params.getOrElse("type", "code")
     val page = try {
       val i = params.getOrElse("page", "1").toInt
       if (i <= 0) 1 else i
     } catch {
-          case e: NumberFormatException => 1
+      case _: NumberFormatException => 1
     }
 
     target.toLowerCase match {
@@ -281,7 +280,6 @@ trait IndexControllerBase extends ControllerBase {
           repository
         )
     }
-    }
   })
 
   get("/search") {

src/main/scala/gitbucket/core/controller/IssuesController.scala

@@ -1,9 +1,9 @@
 package gitbucket.core.controller
 
 import gitbucket.core.issues.html
+import gitbucket.core.model.Account
 import gitbucket.core.service.IssuesService._
 import gitbucket.core.service._
-import gitbucket.core.util.SyntaxSugars._
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util._
 import gitbucket.core.view
@@ -95,21 +95,20 @@ trait IssuesControllerBase extends ControllerBase {
   })
 
   get("/:owner/:repository/issues/:id")(referrersOnly { repository =>
-    defining(repository.owner, repository.name, params("id")) {
-      case (owner, name, issueId) =>
-        getIssue(owner, name, issueId) map {
+    val issueId = params("id")
+    getIssue(repository.owner, repository.name, issueId) map {
       issue =>
         if (issue.isPullRequest) {
           redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
         } else {
           html.issue(
             issue,
-                getComments(owner, name, issueId.toInt),
-                getIssueLabels(owner, name, issueId.toInt),
-                getAssignableUserNames(owner, name),
-                getMilestonesWithIssueCount(owner, name),
-                getPriorities(owner, name),
-                getLabels(owner, name),
+            getComments(repository.owner, repository.name, issueId.toInt),
+            getIssueLabels(repository.owner, repository.name, issueId.toInt),
+            getAssignableUserNames(repository.owner, repository.name),
+            getMilestonesWithIssueCount(repository.owner, repository.name),
+            getPriorities(repository.owner, repository.name),
+            getLabels(repository.owner, repository.name),
             isIssueEditable(repository),
             isIssueManageable(repository),
             isIssueCommentManageable(repository),
@@ -117,28 +116,26 @@ trait IssuesControllerBase extends ControllerBase {
           )
         }
     } getOrElse NotFound()
-    }
   })
 
   get("/:owner/:repository/issues/new")(readableUsersOnly { repository =>
     if (isIssueEditable(repository)) { // TODO Should this check is provided by authenticator?
-      defining(repository.owner, repository.name) {
-        case (owner, name) =>
       html.create(
-            getAssignableUserNames(owner, name),
-            getMilestones(owner, name),
-            getPriorities(owner, name),
-            getDefaultPriority(owner, name),
-            getLabels(owner, name),
+        getAssignableUserNames(repository.owner, repository.name),
+        getMilestones(repository.owner, repository.name),
+        getPriorities(repository.owner, repository.name),
+        getDefaultPriority(repository.owner, repository.name),
+        getLabels(repository.owner, repository.name),
         isIssueManageable(repository),
         getContentTemplate(repository, "ISSUE_TEMPLATE"),
         repository
       )
-      }
     } else Unauthorized()
   })
 
   post("/:owner/:repository/issues/new", issueCreateForm)(readableUsersOnly { (form, repository) =>
+    context.withLoginAccount {
+      loginAccount =>
         if (isIssueEditable(repository)) { // TODO Should this check is provided by authenticator?
           val issue = createIssue(
             repository,
@@ -148,59 +145,63 @@ trait IssuesControllerBase extends ControllerBase {
             form.milestoneId,
             form.priorityId,
             form.labelNames.toSeq.flatMap(_.split(",")),
-        context.loginAccount.get
+            loginAccount
           )
-
           redirect(s"/${issue.userName}/${issue.repositoryName}/issues/${issue.issueId}")
         } else Unauthorized()
+    }
   })
 
   ajaxPost("/:owner/:repository/issues/edit_title/:id", issueTitleEditForm)(readableUsersOnly { (title, repository) =>
-    defining(repository.owner, repository.name) {
-      case (owner, name) =>
-        getIssue(owner, name, params("id")).map {
+    context.withLoginAccount {
+      loginAccount =>
+        getIssue(repository.owner, repository.name, params("id")).map {
           issue =>
-            if (isEditableContent(owner, name, issue.openedUserName)) {
+            if (isEditableContent(repository.owner, repository.name, issue.openedUserName, loginAccount)) {
               if (issue.title != title) {
                 // update issue
-                updateIssue(owner, name, issue.issueId, title, issue.content)
+                updateIssue(repository.owner, repository.name, issue.issueId, title, issue.content)
                 // extract references and create refer comment
-                createReferComment(owner, name, issue.copy(title = title), title, context.loginAccount.get)
+                createReferComment(repository.owner, repository.name, issue.copy(title = title), title, loginAccount)
                 createComment(
-                  owner,
-                  name,
-                  context.loginAccount.get.userName,
+                  repository.owner,
+                  repository.name,
+                  loginAccount.userName,
                   issue.issueId,
                   issue.title + "\r\n" + title,
                   "change_title"
                 )
               }
-              redirect(s"/${owner}/${name}/issues/_data/${issue.issueId}")
+              redirect(s"/${repository.owner}/${repository.name}/issues/_data/${issue.issueId}")
             } else Unauthorized()
         } getOrElse NotFound()
     }
   })
 
   ajaxPost("/:owner/:repository/issues/edit/:id", issueEditForm)(readableUsersOnly { (content, repository) =>
-    defining(repository.owner, repository.name) {
-      case (owner, name) =>
-        getIssue(owner, name, params("id")).map { issue =>
-          if (isEditableContent(owner, name, issue.openedUserName)) {
+    context.withLoginAccount {
+      loginAccount =>
+        getIssue(repository.owner, repository.name, params("id")).map { issue =>
+          if (isEditableContent(repository.owner, repository.name, issue.openedUserName, loginAccount)) {
             // update issue
-            updateIssue(owner, name, issue.issueId, issue.title, content)
+            updateIssue(repository.owner, repository.name, issue.issueId, issue.title, content)
             // extract references and create refer comment
-            createReferComment(owner, name, issue, content.getOrElse(""), context.loginAccount.get)
+            createReferComment(repository.owner, repository.name, issue, content.getOrElse(""), loginAccount)
 
-            redirect(s"/${owner}/${name}/issues/_data/${issue.issueId}")
+            redirect(s"/${repository.owner}/${repository.name}/issues/_data/${issue.issueId}")
           } else Unauthorized()
         } getOrElse NotFound()
     }
   })
 
   post("/:owner/:repository/issue_comments/new", commentForm)(readableUsersOnly { (form, repository) =>
+    context.withLoginAccount {
+      loginAccount =>
         getIssue(repository.owner, repository.name, form.issueId.toString).flatMap { issue =>
           val actionOpt =
-        params.get("action").filter(_ => isEditableContent(issue.userName, issue.repositoryName, issue.openedUserName))
+            params
+              .get("action")
+              .filter(_ => isEditableContent(issue.userName, issue.repositoryName, issue.openedUserName, loginAccount))
           handleComment(issue, Some(form.content), repository, actionOpt) map {
             case (issue, id) =>
               redirect(
@@ -208,12 +209,17 @@ trait IssuesControllerBase extends ControllerBase {
               )
           }
         } getOrElse NotFound()
+    }
   })
 
   post("/:owner/:repository/issue_comments/state", issueStateForm)(readableUsersOnly { (form, repository) =>
+    context.withLoginAccount {
+      loginAccount =>
         getIssue(repository.owner, repository.name, form.issueId.toString).flatMap { issue =>
           val actionOpt =
-        params.get("action").filter(_ => isEditableContent(issue.userName, issue.repositoryName, issue.openedUserName))
+            params
+              .get("action")
+              .filter(_ => isEditableContent(issue.userName, issue.repositoryName, issue.openedUserName, loginAccount))
           handleComment(issue, form.content, repository, actionOpt) map {
             case (issue, id) =>
               redirect(
@@ -221,25 +227,25 @@ trait IssuesControllerBase extends ControllerBase {
               )
           }
         } getOrElse NotFound()
+    }
   })
 
   ajaxPost("/:owner/:repository/issue_comments/edit/:id", commentForm)(readableUsersOnly { (form, repository) =>
-    defining(repository.owner, repository.name) {
-      case (owner, name) =>
-        getComment(owner, name, params("id")).map { comment =>
-          if (isEditableContent(owner, name, comment.commentedUserName)) {
+    context.withLoginAccount {
+      loginAccount =>
+        getComment(repository.owner, repository.name, params("id")).map { comment =>
+          if (isEditableContent(repository.owner, repository.name, comment.commentedUserName, loginAccount)) {
             updateComment(comment.issueId, comment.commentId, form.content)
-            redirect(s"/${owner}/${name}/issue_comments/_data/${comment.commentId}")
+            redirect(s"/${repository.owner}/${repository.name}/issue_comments/_data/${comment.commentId}")
           } else Unauthorized()
         } getOrElse NotFound()
     }
   })
 
   ajaxPost("/:owner/:repository/issue_comments/delete/:id")(readableUsersOnly { repository =>
-    defining(repository.owner, repository.name) {
-      case (owner, name) =>
-        getComment(owner, name, params("id")).map { comment =>
-          if (isDeletableComment(owner, name, comment.commentedUserName)) {
+    context.withLoginAccount { loginAccount =>
+      getComment(repository.owner, repository.name, params("id")).map { comment =>
+        if (isDeletableComment(repository.owner, repository.name, comment.commentedUserName, loginAccount)) {
           Ok(deleteComment(repository.owner, repository.name, comment.issueId, comment.commentId))
         } else Unauthorized()
       } getOrElse NotFound()
@@ -247,9 +253,11 @@ trait IssuesControllerBase extends ControllerBase {
   })
 
   ajaxGet("/:owner/:repository/issues/_data/:id")(readableUsersOnly { repository =>
+    context.withLoginAccount {
+      loginAccount =>
         getIssue(repository.owner, repository.name, params("id")) map {
           x =>
-        if (isEditableContent(x.userName, x.repositoryName, x.openedUserName)) {
+            if (isEditableContent(x.userName, x.repositoryName, x.openedUserName, loginAccount)) {
               params.get("dataType") collect {
                 case t if t == "html" => html.editissue(x.content, x.issueId, repository)
               } getOrElse {
@@ -273,12 +281,15 @@ trait IssuesControllerBase extends ControllerBase {
               }
             } else Unauthorized()
         } getOrElse NotFound()
+    }
   })
 
   ajaxGet("/:owner/:repository/issue_comments/_data/:id")(readableUsersOnly { repository =>
+    context.withLoginAccount {
+      loginAccount =>
         getComment(repository.owner, repository.name, params("id")) map {
           x =>
-        if (isEditableContent(x.userName, x.repositoryName, x.commentedUserName)) {
+            if (isEditableContent(x.userName, x.repositoryName, x.commentedUserName, loginAccount)) {
               params.get("dataType") collect {
                 case t if t == "html" => html.editcomment(x.content, x.commentId, repository)
               } getOrElse {
@@ -301,6 +312,7 @@ trait IssuesControllerBase extends ControllerBase {
               }
             } else Unauthorized()
         } getOrElse NotFound()
+    }
   })
 
   ajaxPost("/:owner/:repository/issues/new/label")(writableUsersOnly { repository =>
@@ -310,17 +322,15 @@ trait IssuesControllerBase extends ControllerBase {
   })
 
   ajaxPost("/:owner/:repository/issues/:id/label/new")(writableUsersOnly { repository =>
-    defining(params("id").toInt) { issueId =>
+    val issueId = params("id").toInt
     registerIssueLabel(repository.owner, repository.name, issueId, params("labelId").toInt, true)
     html.labellist(getIssueLabels(repository.owner, repository.name, issueId))
-    }
   })
 
   ajaxPost("/:owner/:repository/issues/:id/label/delete")(writableUsersOnly { repository =>
-    defining(params("id").toInt) { issueId =>
+    val issueId = params("id").toInt
     deleteIssueLabel(repository.owner, repository.name, issueId, params("labelId").toInt, true)
     html.labellist(getIssueLabels(repository.owner, repository.name, issueId))
-    }
   })
 
   ajaxPost("/:owner/:repository/issues/:id/assign")(writableUsersOnly { repository =>
@@ -353,8 +363,7 @@ trait IssuesControllerBase extends ControllerBase {
   })
 
   post("/:owner/:repository/issues/batchedit/state")(writableUsersOnly { repository =>
-    defining(params.get("value")) {
-      action =>
+    val action = params.get("value")
     action match {
       case Some("open") =>
         executeBatch(repository) { issueId =>
@@ -362,17 +371,19 @@ trait IssuesControllerBase extends ControllerBase {
             handleComment(issue, None, repository, Some("reopen"))
           }
         }
+        if (params("uri").nonEmpty) {
+          redirect(params("uri"))
+        }
       case Some("close") =>
         executeBatch(repository) { issueId =>
           getIssue(repository.owner, repository.name, issueId.toString).foreach { issue =>
             handleComment(issue, None, repository, Some("close"))
           }
         }
-          case _ => BadRequest()
-        }
         if (params("uri").nonEmpty) {
           redirect(params("uri"))
         }
+      case _ => BadRequest()
     }
   })
 
@@ -390,30 +401,27 @@ trait IssuesControllerBase extends ControllerBase {
   })
 
   post("/:owner/:repository/issues/batchedit/assign")(writableUsersOnly { repository =>
-    defining(assignedUserName("value")) { value =>
+    val value = assignedUserName("value")
     executeBatch(repository) {
       updateAssignedUserName(repository.owner, repository.name, _, value, true)
     }
     if (params("uri").nonEmpty) {
       redirect(params("uri"))
     }
-    }
   })
 
   post("/:owner/:repository/issues/batchedit/milestone")(writableUsersOnly { repository =>
-    defining(milestoneId("value")) { value =>
+    val value = milestoneId("value")
     executeBatch(repository) {
       updateMilestoneId(repository.owner, repository.name, _, value, true)
     }
-    }
   })
 
   post("/:owner/:repository/issues/batchedit/priority")(writableUsersOnly { repository =>
-    defining(priorityId("value")) { value =>
+    val value = priorityId("value")
     executeBatch(repository) {
       updatePriorityId(repository.owner, repository.name, _, value, true)
     }
-    }
   })
 
   get("/:owner/:repository/_attached/:file")(referrersOnly { repository =>
@@ -464,48 +472,51 @@ trait IssuesControllerBase extends ControllerBase {
   }
 
   private def searchIssues(repository: RepositoryService.RepositoryInfo) = {
-    defining(repository.owner, repository.name) {
-      case (owner, repoName) =>
     val page = IssueSearchCondition.page(request)
     // retrieve search condition
     val condition = IssueSearchCondition(request)
     // search issues
     val issues =
-          searchIssue(condition, IssueSearchOption.Issues, (page - 1) * IssueLimit, IssueLimit, owner -> repoName)
+      searchIssue(
+        condition,
+        IssueSearchOption.Issues,
+        (page - 1) * IssueLimit,
+        IssueLimit,
+        repository.owner -> repository.name
+      )
 
     html.list(
       "issues",
       issues.map(issue => (issue, None)),
       page,
-          getAssignableUserNames(owner, repoName),
-          getMilestones(owner, repoName),
-          getPriorities(owner, repoName),
-          getLabels(owner, repoName),
-          countIssue(condition.copy(state = "open"), IssueSearchOption.Issues, owner -> repoName),
-          countIssue(condition.copy(state = "closed"), IssueSearchOption.Issues, owner -> repoName),
+      getAssignableUserNames(repository.owner, repository.name),
+      getMilestones(repository.owner, repository.name),
+      getPriorities(repository.owner, repository.name),
+      getLabels(repository.owner, repository.name),
+      countIssue(condition.copy(state = "open"), IssueSearchOption.Issues, repository.owner -> repository.name),
+      countIssue(condition.copy(state = "closed"), IssueSearchOption.Issues, repository.owner -> repository.name),
       condition,
       repository,
       isIssueEditable(repository),
       isIssueManageable(repository)
     )
   }
-  }
 
   /**
    * Tests whether an issue or a comment is editable by a logged-in user.
    */
-  private def isEditableContent(owner: String, repository: String, author: String)(
+  private def isEditableContent(owner: String, repository: String, author: String, loginAccount: Account)(
     implicit context: Context
   ): Boolean = {
-    hasDeveloperRole(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
+    hasDeveloperRole(owner, repository, context.loginAccount) || author == loginAccount.userName
   }
 
   /**
    * Tests whether an issue comment is deletable by a logged-in user.
    */
-  private def isDeletableComment(owner: String, repository: String, author: String)(
+  private def isDeletableComment(owner: String, repository: String, author: String, loginAccount: Account)(
     implicit context: Context
   ): Boolean = {
-    hasOwnerRole(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
+    hasOwnerRole(owner, repository, context.loginAccount) || author == loginAccount.userName
   }
 }

src/main/scala/gitbucket/core/controller/PreProcessController.scala

@@ -32,6 +32,7 @@ trait PreProcessControllerBase extends ControllerBase {
   get(!context.settings.allowAnonymousAccess, context.loginAccount.isEmpty) {
     if (!context.currentPath.startsWith("/assets") && !context.currentPath.startsWith("/signin") &&
         !context.currentPath.startsWith("/register") && !context.currentPath.endsWith("/info/refs") &&
+        !context.currentPath.startsWith("/plugin-assets") &&
         !PluginRegistry().getAnonymousAccessiblePaths().exists { path =>
           context.currentPath.startsWith(path)
         }) {

src/main/scala/gitbucket/core/controller/PullRequestsController.scala

@@ -8,7 +8,6 @@ import gitbucket.core.service.IssuesService._
 import gitbucket.core.service.PullRequestService._
 import gitbucket.core.service.RepositoryService.RepositoryInfo
 import gitbucket.core.service._
-import gitbucket.core.util.SyntaxSugars._
 import gitbucket.core.util.Directory._
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util._
@@ -58,7 +57,7 @@ trait PullRequestsControllerBase extends ControllerBase {
     with PrioritiesService =>
 
   val pullRequestForm = mapping(
-    "title" -> trim(label("Title", text(required, maxlength(100)))),
+    "title" -> trim(label("Title", text(required))),
     "content" -> trim(label("Content", optional(text()))),
     "targetUserName" -> trim(text(required, maxlength(100))),
     "targetBranch" -> trim(text(required, maxlength(100))),
@@ -111,24 +110,29 @@ trait PullRequestsControllerBase extends ControllerBase {
   get("/:owner/:repository/pull/:id")(referrersOnly { repository =>
     params("id").toIntOpt.flatMap {
       issueId =>
-        val owner = repository.owner
-        val name = repository.name
-        getPullRequest(owner, name, issueId) map {
+        getPullRequest(repository.owner, repository.name, issueId) map {
           case (issue, pullreq) =>
             val (commits, diffs) =
-              getRequestCompareInfo(owner, name, pullreq.commitIdFrom, owner, name, pullreq.commitIdTo)
+              getRequestCompareInfo(
+                repository.owner,
+                repository.name,
+                pullreq.commitIdFrom,
+                repository.owner,
+                repository.name,
+                pullreq.commitIdTo
+              )
 
             html.conversation(
               issue,
               pullreq,
               commits.flatten,
-              getPullRequestComments(owner, name, issue.issueId, commits.flatten),
+              getPullRequestComments(repository.owner, repository.name, issue.issueId, commits.flatten),
               diffs.size,
-              getIssueLabels(owner, name, issueId),
-              getAssignableUserNames(owner, name),
-              getMilestonesWithIssueCount(owner, name),
-              getPriorities(owner, name),
-              getLabels(owner, name),
+              getIssueLabels(repository.owner, repository.name, issueId),
+              getAssignableUserNames(repository.owner, repository.name),
+              getMilestonesWithIssueCount(repository.owner, repository.name),
+              getPriorities(repository.owner, repository.name),
+              getLabels(repository.owner, repository.name),
               isEditable(repository),
               isManageable(repository),
               hasDeveloperRole(pullreq.requestUserName, pullreq.requestRepositoryName, context.loginAccount),
@@ -162,12 +166,17 @@ trait PullRequestsControllerBase extends ControllerBase {
   get("/:owner/:repository/pull/:id/commits")(referrersOnly { repository =>
     params("id").toIntOpt.flatMap {
       issueId =>
-        val owner = repository.owner
-        val name = repository.name
-        getPullRequest(owner, name, issueId) map {
+        getPullRequest(repository.owner, repository.name, issueId) map {
           case (issue, pullreq) =>
             val (commits, diffs) =
-              getRequestCompareInfo(owner, name, pullreq.commitIdFrom, owner, name, pullreq.commitIdTo)
+              getRequestCompareInfo(
+                repository.owner,
+                repository.name,
+                pullreq.commitIdFrom,
+                repository.owner,
+                repository.name,
+                pullreq.commitIdTo
+              )
 
             val commitsWithStatus = commits.map { day =>
               day.map { commit =>
@@ -179,7 +188,7 @@ trait PullRequestsControllerBase extends ControllerBase {
               issue,
               pullreq,
               commitsWithStatus,
-              getPullRequestComments(owner, name, issue.issueId, commits.flatten),
+              getPullRequestComments(repository.owner, repository.name, issue.issueId, commits.flatten),
               diffs.size,
               isManageable(repository),
               repository
@@ -191,19 +200,24 @@ trait PullRequestsControllerBase extends ControllerBase {
   get("/:owner/:repository/pull/:id/files")(referrersOnly { repository =>
     params("id").toIntOpt.flatMap {
       issueId =>
-        val owner = repository.owner
-        val name = repository.name
-        getPullRequest(owner, name, issueId) map {
+        getPullRequest(repository.owner, repository.name, issueId) map {
           case (issue, pullreq) =>
             val (commits, diffs) =
-              getRequestCompareInfo(owner, name, pullreq.commitIdFrom, owner, name, pullreq.commitIdTo)
+              getRequestCompareInfo(
+                repository.owner,
+                repository.name,
+                pullreq.commitIdFrom,
+                repository.owner,
+                repository.name,
+                pullreq.commitIdTo
+              )
 
             html.files(
               issue,
               pullreq,
               diffs,
               commits.flatten,
-              getPullRequestComments(owner, name, issue.issueId, commits.flatten),
+              getPullRequestComments(repository.owner, repository.name, issue.issueId, commits.flatten),
               isManageable(repository),
               repository
             )
@@ -214,39 +228,35 @@ trait PullRequestsControllerBase extends ControllerBase {
   ajaxGet("/:owner/:repository/pull/:id/mergeguide")(referrersOnly { repository =>
     params("id").toIntOpt.flatMap {
       issueId =>
-        val owner = repository.owner
-        val name = repository.name
-        getPullRequest(owner, name, issueId) map {
+        getPullRequest(repository.owner, repository.name, issueId) map {
           case (issue, pullreq) =>
-            val conflictMessage = LockUtil.lock(s"${owner}/${name}") {
-              checkConflict(owner, name, pullreq.branch, issueId)
+            val conflictMessage = LockUtil.lock(s"${repository.owner}/${repository.name}") {
+              checkConflict(repository.owner, repository.name, pullreq.branch, issueId)
             }
-            val hasMergePermission = hasDeveloperRole(owner, name, context.loginAccount)
-            val branchProtection = getProtectedBranchInfo(owner, name, pullreq.branch)
+            val hasMergePermission = hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
+            val branchProtection = getProtectedBranchInfo(repository.owner, repository.name, pullreq.branch)
             val mergeStatus = PullRequestService.MergeStatus(
               conflictMessage = conflictMessage,
-              commitStatuses = getCommitStatuses(owner, name, pullreq.commitIdTo),
+              commitStatuses = getCommitStatuses(repository.owner, repository.name, pullreq.commitIdTo),
               branchProtection = branchProtection,
-              branchIsOutOfDate = JGitUtil.getShaByRef(owner, name, pullreq.branch) != Some(pullreq.commitIdFrom),
-              needStatusCheck = context.loginAccount
-                .map { u =>
+              branchIsOutOfDate = JGitUtil.getShaByRef(repository.owner, repository.name, pullreq.branch) != Some(
+                pullreq.commitIdFrom
+              ),
+              needStatusCheck = context.loginAccount.forall { u =>
                 branchProtection.needStatusCheck(u.userName)
-                }
-                .getOrElse(true),
+              },
               hasUpdatePermission = hasDeveloperRole(
                 pullreq.requestUserName,
                 pullreq.requestRepositoryName,
                 context.loginAccount
               ) &&
-                context.loginAccount
-                  .map { u =>
+                context.loginAccount.exists { u =>
                   !getProtectedBranchInfo(
                     pullreq.requestUserName,
                     pullreq.requestRepositoryName,
                     pullreq.requestBranch
                   ).needStatusCheck(u.userName)
-                  }
-                  .getOrElse(false),
+                },
               hasMergePermission = hasMergePermission,
               commitIdTo = pullreq.commitIdTo
             )
@@ -363,23 +373,22 @@ trait PullRequestsControllerBase extends ControllerBase {
   })
 
   post("/:owner/:repository/pull/:id/merge", mergeForm)(writableUsersOnly { (form, repository) =>
+    context.withLoginAccount { loginAccount =>
       params("id").toIntOpt.flatMap { issueId =>
-      val owner = repository.owner
-      val name = repository.name
-
         mergePullRequest(
           repository,
           issueId,
-        context.loginAccount.get,
+          loginAccount,
           form.message,
           form.strategy,
           form.isDraft,
           context.settings
         ) match {
-        case Right(objectId) => redirect(s"/${owner}/${name}/pull/${issueId}")
+          case Right(objectId) => redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
           case Left(message)   => Some(BadRequest(message))
         }
       } getOrElse NotFound()
+    }
   })
 
   get("/:owner/:repository/compare")(referrersOnly { forkedRepository =>
@@ -481,8 +490,7 @@ trait PullRequestsControllerBase extends ControllerBase {
               (repository.userName, repository.repositoryName, repository.defaultBranch)
             },
             commits.flatten
-              .map(commit => getCommitComments(forkedRepository.owner, forkedRepository.name, commit.id, false))
-              .flatten
+              .flatMap(commit => getCommitComments(forkedRepository.owner, forkedRepository.name, commit.id, false))
               .toList,
             originId,
             forkedId,
@@ -549,15 +557,14 @@ trait PullRequestsControllerBase extends ControllerBase {
   })
 
   post("/:owner/:repository/pulls/new", pullRequestForm)(readableUsersOnly { (form, repository) =>
-    defining(repository.owner, repository.name) {
-      case (owner, name) =>
+    context.withLoginAccount {
+      loginAccount =>
         val manageable = isManageable(repository)
-        val loginUserName = context.loginAccount.get.userName
 
         val issueId = insertIssue(
           owner = repository.owner,
           repository = repository.name,
-          loginUser = loginUserName,
+          loginUser = loginAccount.userName,
           title = form.title,
           content = form.content,
           assignedUserName = if (manageable) form.assignedUserName else None,
@@ -576,14 +583,14 @@ trait PullRequestsControllerBase extends ControllerBase {
           commitIdFrom = form.commitIdFrom,
           commitIdTo = form.commitIdTo,
           isDraft = form.isDraft,
-          loginAccount = context.loginAccount.get,
+          loginAccount = loginAccount,
           settings = context.settings
         )
 
         // insert labels
         if (manageable) {
           form.labelNames.foreach { value =>
-            val labels = getLabels(owner, name)
+            val labels = getLabels(repository.owner, repository.name)
             value.split(",").foreach { labelName =>
               labels.find(_.labelName == labelName).map { label =>
                 registerIssueLabel(repository.owner, repository.name, issueId, label.labelId)
@@ -592,7 +599,7 @@ trait PullRequestsControllerBase extends ControllerBase {
           }
         }
 
-        redirect(s"/${owner}/${name}/pull/${issueId}")
+        redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
     }
   })
 
@@ -639,9 +646,7 @@ trait PullRequestsControllerBase extends ControllerBase {
     html.proposals(proposedBranches, targetRepository, repository)
   })
 
-  private def searchPullRequests(userName: Option[String], repository: RepositoryService.RepositoryInfo) =
-    defining(repository.owner, repository.name) {
-      case (owner, repoName) =>
+  private def searchPullRequests(userName: Option[String], repository: RepositoryService.RepositoryInfo) = {
     val page = IssueSearchCondition.page(request)
     // retrieve search condition
     val condition = IssueSearchCondition(request)
@@ -651,12 +656,12 @@ trait PullRequestsControllerBase extends ControllerBase {
       IssueSearchOption.PullRequests,
       (page - 1) * PullRequestLimit,
       PullRequestLimit,
-          owner -> repoName
+      repository.owner -> repository.name
     )
     // commit status
     val status = issues.map { issue =>
       issue.commitId.flatMap { commitId =>
-            getCommitStatusWithSummary(owner, repoName, commitId)
+        getCommitStatusWithSummary(repository.owner, repository.name, commitId)
       }
     }
 
@@ -664,12 +669,12 @@ trait PullRequestsControllerBase extends ControllerBase {
       "pulls",
       issues.zip(status),
       page,
-          getAssignableUserNames(owner, repoName),
-          getMilestones(owner, repoName),
-          getPriorities(owner, repoName),
-          getLabels(owner, repoName),
-          countIssue(condition.copy(state = "open"), IssueSearchOption.PullRequests, owner -> repoName),
-          countIssue(condition.copy(state = "closed"), IssueSearchOption.PullRequests, owner -> repoName),
+      getAssignableUserNames(repository.owner, repository.name),
+      getMilestones(repository.owner, repository.name),
+      getPriorities(repository.owner, repository.name),
+      getLabels(repository.owner, repository.name),
+      countIssue(condition.copy(state = "open"), IssueSearchOption.PullRequests, repository.owner -> repository.name),
+      countIssue(condition.copy(state = "closed"), IssueSearchOption.PullRequests, repository.owner -> repository.name),
       condition,
       repository,
       isEditable(repository),

src/main/scala/gitbucket/core/controller/ReleasesController.scala

@@ -63,8 +63,8 @@ trait ReleaseControllerBase extends ControllerBase {
     )
   })
 
-  get("/:owner/:repository/releases/:tag")(referrersOnly { repository =>
-    val tagName = params("tag")
+  get("/:owner/:repository/releases/*")(referrersOnly { repository =>
+    val tagName = multiParams("splat").head
     getRelease(repository.owner, repository.name, tagName)
       .map { release =>
         html.release(
@@ -77,8 +77,8 @@ trait ReleaseControllerBase extends ControllerBase {
       .getOrElse(NotFound())
   })
 
-  get("/:owner/:repository/releases/:tag/assets/:fileId")(referrersOnly { repository =>
-    val tagName = params("tag")
+  get("/:owner/:repository/releases/*/assets/:fileId")(referrersOnly { repository =>
+    val tagName = multiParams("splat").head
     val fileId = params("fileId")
     (for {
       _ <- repository.tags.find(_.name == tagName)
@@ -93,8 +93,8 @@ trait ReleaseControllerBase extends ControllerBase {
     }).getOrElse(NotFound())
   })
 
-  get("/:owner/:repository/releases/:tag/create")(writableUsersOnly { repository =>
-    val tagName = params("tag")
+  get("/:owner/:repository/releases/*/create")(writableUsersOnly { repository =>
+    val tagName = multiParams("splat").head
     val previousTags = repository.tags.takeWhile(_.name != tagName).reverse
 
     repository.tags
@@ -105,9 +105,10 @@ trait ReleaseControllerBase extends ControllerBase {
       .getOrElse(NotFound())
   })
 
-  post("/:owner/:repository/releases/:tag/create", releaseForm)(writableUsersOnly { (form, repository) =>
-    val tagName = params("tag")
-    val loginAccount = context.loginAccount.get
+  post("/:owner/:repository/releases/*/create", releaseForm)(writableUsersOnly { (form, repository) =>
+    context.withLoginAccount {
+      loginAccount =>
+        val tagName = multiParams("splat").head
 
         // Insert into RELEASE
         createRelease(repository.owner, repository.name, form.name, form.content, tagName, loginAccount)
@@ -132,6 +133,7 @@ trait ReleaseControllerBase extends ControllerBase {
         recordActivity(releaseInfo)
 
         redirect(s"/${repository.owner}/${repository.name}/releases/${tagName}")
+    }
   })
 
   get("/:owner/:repository/changelog/*...*")(writableUsersOnly { repository =>
@@ -150,8 +152,8 @@ trait ReleaseControllerBase extends ControllerBase {
     commitLog
   })
 
-  get("/:owner/:repository/releases/:tag/edit")(writableUsersOnly { repository =>
-    val tagName = params("tag")
+  get("/:owner/:repository/releases/*/edit")(writableUsersOnly { repository =>
+    val tagName = multiParams("splat").head
     val previousTags = repository.tags.takeWhile(_.name != tagName).reverse
 
     (for {
@@ -168,13 +170,14 @@ trait ReleaseControllerBase extends ControllerBase {
     }).getOrElse(NotFound())
   })
 
-  post("/:owner/:repository/releases/:tag/edit", releaseForm)(writableUsersOnly {
-    (form, repository) =>
-      val tagName = params("tag")
-      val loginAccount = context.loginAccount.get
+  post("/:owner/:repository/releases/*/edit", releaseForm)(writableUsersOnly { (form, repository) =>
+    context.withLoginAccount {
+      loginAccount =>
+        val tagName = multiParams("splat").head
 
         getRelease(repository.owner, repository.name, tagName)
-        .map { release =>
+          .map {
+            release =>
               // Update RELEASE
               updateRelease(repository.owner, repository.name, tagName, form.name, form.content)
 
@@ -210,10 +213,11 @@ trait ReleaseControllerBase extends ControllerBase {
               redirect(s"/${release.userName}/${release.repositoryName}/releases/${tagName}")
           }
           .getOrElse(NotFound())
+    }
   })
 
-  post("/:owner/:repository/releases/:tag/delete")(writableUsersOnly { repository =>
-    val tagName = params("tag")
+  post("/:owner/:repository/releases/*/delete")(writableUsersOnly { repository =>
+    val tagName = multiParams("splat").head
     getRelease(repository.owner, repository.name, tagName).foreach { release =>
       FileUtils.deleteDirectory(
         new File(getReleaseFilesDir(repository.owner, repository.name), FileUtil.checkFilename(release.tag))
@@ -224,7 +228,6 @@ trait ReleaseControllerBase extends ControllerBase {
   })
 
   private def fetchReleases(repository: RepositoryService.RepositoryInfo, page: Int) = {
-
     import gitbucket.core.service.ReleaseService._
 
     val (offset, limit) = ((page - 1) * ReleaseLimit, ReleaseLimit)

src/main/scala/gitbucket/core/controller/RepositorySettingsController.scala

@@ -1,6 +1,6 @@
 package gitbucket.core.controller
 
-import java.time.{LocalDateTime, ZoneId, ZoneOffset}
+import java.time.{LocalDateTime, ZoneOffset}
 import java.util.Date
 
 import gitbucket.core.settings.html
@@ -57,7 +57,8 @@ trait RepositorySettingsControllerBase extends ControllerBase {
     externalWikiUrl: Option[String],
     allowFork: Boolean,
     mergeOptions: Seq[String],
-    defaultMergeOption: String
+    defaultMergeOption: String,
+    safeMode: Boolean
   )
 
   val optionsForm = mapping(
@@ -69,7 +70,8 @@ trait RepositorySettingsControllerBase extends ControllerBase {
     "externalWikiUrl" -> trim(label("External Wiki URL", optional(text(maxlength(200))))),
     "allowFork" -> trim(label("Allow Forking", boolean())),
     "mergeOptions" -> mergeOptions,
-    "defaultMergeOption" -> trim(label("Default merge strategy", text(required)))
+    "defaultMergeOption" -> trim(label("Default merge strategy", text(required))),
+    "safeMode" -> trim(label("XSS protection", boolean()))
   )(OptionsForm.apply).verifying { form =>
     if (!form.mergeOptions.contains(form.defaultMergeOption)) {
       Seq("defaultMergeOption" -> s"This merge strategy isn't enabled.")
@@ -150,7 +152,8 @@ trait RepositorySettingsControllerBase extends ControllerBase {
       form.externalWikiUrl,
       form.allowFork,
       form.mergeOptions,
-      form.defaultMergeOption
+      form.defaultMergeOption,
+      form.safeMode
     )
     flash.update("info", "Repository settings has been updated.")
     redirect(s"/${repository.owner}/${repository.name}/settings/options")
@@ -342,7 +345,7 @@ trait RepositorySettingsControllerBase extends ControllerBase {
                 .map(
                   res =>
                     Map(
-                      "status" -> res.getStatusLine(),
+                      "status" -> res.getStatusLine.getStatusCode,
                       "body" -> EntityUtils.toString(res.getEntity()),
                       "headers" -> _headers(res.getAllHeaders())
                   )
@@ -385,7 +388,9 @@ trait RepositorySettingsControllerBase extends ControllerBase {
    * Rename repository.
    */
   post("/:owner/:repository/settings/rename", renameForm)(ownerOnly { (form, repository) =>
-    if (context.settings.repositoryOperation.rename || context.loginAccount.get.isAdmin) {
+    context.withLoginAccount {
+      loginAccount =>
+        if (context.settings.repositoryOperation.rename || loginAccount.isAdmin) {
           if (repository.name != form.repositoryName) {
             // Update database and move git repository
             renameRepository(repository.owner, repository.name, repository.owner, form.repositoryName)
@@ -393,20 +398,23 @@ trait RepositorySettingsControllerBase extends ControllerBase {
             val renameInfo = RenameRepositoryInfo(
               repository.owner,
               form.repositoryName,
-          context.loginAccount.get.userName,
+              loginAccount.userName,
               repository.name
             )
             recordActivity(renameInfo)
           }
           redirect(s"/${repository.owner}/${form.repositoryName}")
         } else Forbidden()
+    }
   })
 
   /**
    * Transfer repository ownership.
    */
   post("/:owner/:repository/settings/transfer", transferForm)(ownerOnly { (form, repository) =>
-    if (context.settings.repositoryOperation.transfer || context.loginAccount.get.isAdmin) {
+    context.withLoginAccount {
+      loginAccount =>
+        if (context.settings.repositoryOperation.transfer || loginAccount.isAdmin) {
           // Change repository owner
           if (repository.owner != form.newOwner) {
             // Update database and move git repository
@@ -415,24 +423,27 @@ trait RepositorySettingsControllerBase extends ControllerBase {
             val renameInfo = RenameRepositoryInfo(
               form.newOwner,
               repository.name,
-          context.loginAccount.get.userName,
+              loginAccount.userName,
               repository.owner
             )
             recordActivity(renameInfo)
           }
           redirect(s"/${form.newOwner}/${repository.name}")
         } else Forbidden()
+    }
   })
 
   /**
    * Delete the repository.
    */
   post("/:owner/:repository/settings/delete")(ownerOnly { repository =>
-    if (context.settings.repositoryOperation.delete || context.loginAccount.get.isAdmin) {
+    context.withLoginAccount { loginAccount =>
+      if (context.settings.repositoryOperation.delete || loginAccount.isAdmin) {
         // Delete the repository and related files
         deleteRepository(repository.repository)
         redirect(s"/${repository.owner}")
       } else Forbidden()
+    }
   })
 
   /**

src/main/scala/gitbucket/core/controller/RepositoryViewerController.scala

@@ -1,7 +1,6 @@
 package gitbucket.core.controller
 
 import java.io.{File, FileInputStream, FileOutputStream}
-
 import scala.util.Using
 import javax.servlet.http.{HttpServletRequest, HttpServletResponse}
 import gitbucket.core.repo.html
@@ -11,12 +10,11 @@ import gitbucket.core.service._
 import gitbucket.core.service.RepositoryCommitFileService.CommitFile
 import gitbucket.core.util._
 import gitbucket.core.util.StringUtil._
-import gitbucket.core.util.SyntaxSugars._
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util.Directory._
-import gitbucket.core.model.Account
+import gitbucket.core.model.{Account, WebHook}
 import gitbucket.core.service.RepositoryService.RepositoryInfo
-import gitbucket.core.util.JGitUtil.CommitInfo
+import gitbucket.core.service.WebHookService.{WebHookCreatePayload, WebHookPushPayload}
 import gitbucket.core.view
 import gitbucket.core.view.helpers
 import org.apache.commons.compress.archivers.{ArchiveEntry, ArchiveOutputStream}
@@ -221,10 +219,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
       gitbucket.core.repo.html.creating(owner, repository)
     } else {
       params.get("go-get") match {
-        case Some("1") =>
-          defining(request.paths) { paths =>
-            getRepository(owner, repository).map(gitbucket.core.html.goget(_)) getOrElse NotFound()
-          }
+        case Some("1") => getRepository(owner, repository).map(gitbucket.core.html.goget(_)) getOrElse NotFound()
         case _         => referrersOnly(fileList(_))
       }
     }
@@ -271,23 +266,9 @@ trait RepositoryViewerControllerBase extends ControllerBase {
               branchName,
               repository,
               logs
-                .map {
-                  commit =>
+                .map { commit =>
                   (
-                      CommitInfo(
-                        id = commit.id,
-                        shortMessage = commit.shortMessage,
-                        fullMessage = commit.fullMessage,
-                        parents = commit.parents,
-                        authorTime = commit.authorTime,
-                        authorName = commit.authorName,
-                        authorEmailAddress = commit.authorEmailAddress,
-                        commitTime = commit.commitTime,
-                        committerName = commit.committerName,
-                        committerEmailAddress = commit.committerEmailAddress,
-                        commitSign = commit.commitSign,
-                        verified = commit.commitSign.flatMap(GpgUtil.verifySign)
-                      ),
+                    commit.copy(verified = commit.commitSign.flatMap(GpgUtil.verifySign)),
                     JGitUtil.getTagsOnCommit(git, commit.id),
                     getCommitStatusWithSummary(repository.owner, repository.name, commit.id)
                   )
@@ -306,9 +287,11 @@ trait RepositoryViewerControllerBase extends ControllerBase {
   })
 
   get("/:owner/:repository/new/*")(writableUsersOnly { repository =>
+    context.withLoginAccount {
+      loginAccount =>
         val (branch, path) = repository.splitPath(multiParams("splat").head)
         val protectedBranch = getProtectedBranchInfo(repository.owner, repository.name, branch)
-      .needStatusCheck(context.loginAccount.get.userName)
+          .needStatusCheck(loginAccount.userName)
 
         Using.resource(Git.open(getRepositoryDir(repository.owner, repository.name))) { git =>
           val revCommit = JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(branch))
@@ -323,12 +306,15 @@ trait RepositoryViewerControllerBase extends ControllerBase {
             commit = revCommit.getName
           )
         }
+    }
   })
 
   get("/:owner/:repository/upload/*")(writableUsersOnly { repository =>
+    context.withLoginAccount {
+      loginAccount =>
         val (branch, path) = repository.splitPath(multiParams("splat").head)
         val protectedBranch = getProtectedBranchInfo(repository.owner, repository.name, branch)
-      .needStatusCheck(context.loginAccount.get.userName)
+          .needStatusCheck(loginAccount.userName)
         Using.resource(Git.open(getRepositoryDir(repository.owner, repository.name))) { git =>
           val revCommit = JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(branch))
           html.upload(
@@ -339,41 +325,61 @@ trait RepositoryViewerControllerBase extends ControllerBase {
             revCommit.name
           )
         }
+    }
   })
 
   post("/:owner/:repository/upload", uploadForm)(writableUsersOnly { (form, repository) =>
-    val files = form.uploadFiles.split("\n").map { line =>
+    context.withLoginAccount {
+      loginAccount =>
+        val files = form.uploadFiles
+          .split("\n")
+          .map { line =>
             val i = line.indexOf(':')
             CommitFile(line.substring(0, i).trim, line.substring(i + 1).trim)
           }
+          .toSeq
 
         val newFiles = files.map { file =>
           file.copy(name = if (form.path.length == 0) file.name else s"${form.path}/${file.name}")
         }
 
         if (form.newBranch) {
-      val newBranchName = createNewBranchForPullRequest(repository, form.branch)
-      val objectId = _commit(newBranchName)
+          val newBranchName = createNewBranchForPullRequest(repository, form.branch, loginAccount)
+          val objectId = _commit(newBranchName, newFiles, loginAccount)
           val issueId =
-        createIssueAndPullRequest(repository, form.branch, newBranchName, form.commit, objectId.name, form.message)
+            createIssueAndPullRequest(
+              repository,
+              form.branch,
+              newBranchName,
+              form.commit,
+              objectId.name,
+              form.message,
+              loginAccount
+            )
           redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
         } else {
-      _commit(form.branch)
+          _commit(form.branch, newFiles, loginAccount)
           if (form.path.length == 0) {
             redirect(s"/${repository.owner}/${repository.name}/tree/${form.branch}")
           } else {
             redirect(s"/${repository.owner}/${repository.name}/tree/${form.branch}/${form.path}")
           }
         }
+    }
 
-    def _commit(branchName: String): ObjectId = {
+    def _commit(
+      branchName: String,
+      //files: Seq[CommitFile],
+      newFiles: Seq[CommitFile],
+      loginAccount: Account
+    ): ObjectId = {
       commitFiles(
         repository = repository,
         branch = branchName,
-        path = form.path,
-        files = files.toIndexedSeq,
+        //path = form.path,
+        //files = files.toIndexedSeq,
         message = form.message.getOrElse("Add files via upload"),
-        loginAccount = context.loginAccount.get,
+        loginAccount = loginAccount,
         settings = context.settings
       ) {
         case (git, headTip, builder, inserter) =>
@@ -396,15 +402,18 @@ trait RepositoryViewerControllerBase extends ControllerBase {
   })
 
   get("/:owner/:repository/edit/*")(writableUsersOnly { repository =>
+    context.withLoginAccount {
+      loginAccount =>
         val (branch, path) = repository.splitPath(multiParams("splat").head)
         val protectedBranch = getProtectedBranchInfo(repository.owner, repository.name, branch)
-      .needStatusCheck(context.loginAccount.get.userName)
+          .needStatusCheck(loginAccount.userName)
 
         Using.resource(Git.open(getRepositoryDir(repository.owner, repository.name))) {
           git =>
             val revCommit = JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(branch))
 
-        getPathObjectId(git, path, revCommit).map {
+            getPathObjectId(git, path, revCommit)
+              .map {
                 objectId =>
                   val paths = path.split("/")
                   val info = EditorConfigUtil.getEditorConfigInfo(git, branch, path)
@@ -414,7 +423,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
                     repository = repository,
                     pathList = paths.take(paths.size - 1).toList,
                     fileName = Some(paths.last),
-              content = JGitUtil.getContentInfo(git, path, objectId),
+                    content = JGitUtil.getContentInfo(git, path, objectId, repository.repository.options.safeMode),
                     protectedBranch = protectedBranch,
                     commit = revCommit.getName,
                     newLineMode = info.newLineMode,
@@ -423,6 +432,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
                   )
               } getOrElse NotFound()
         }
+    }
   })
 
   get("/:owner/:repository/remove/*")(writableUsersOnly { repository =>
@@ -438,7 +448,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
             repository = repository,
             pathList = paths.take(paths.size - 1).toList,
             fileName = paths.last,
-            content = JGitUtil.getContentInfo(git, path, objectId),
+            content = JGitUtil.getContentInfo(git, path, objectId, repository.repository.options.safeMode),
             commit = revCommit.getName
           )
         } getOrElse NotFound()
@@ -446,21 +456,32 @@ trait RepositoryViewerControllerBase extends ControllerBase {
   })
 
   post("/:owner/:repository/create", editorForm)(writableUsersOnly { (form, repository) =>
+    context.withLoginAccount {
+      loginAccount =>
         if (form.newBranch) {
-      val newBranchName = createNewBranchForPullRequest(repository, form.branch)
-      val objectId = _commit(newBranchName)
+          val newBranchName = createNewBranchForPullRequest(repository, form.branch, loginAccount)
+          val objectId = _commit(newBranchName, loginAccount)
           val issueId =
-        createIssueAndPullRequest(repository, form.branch, newBranchName, form.commit, objectId.name, form.message)
+            createIssueAndPullRequest(
+              repository,
+              form.branch,
+              newBranchName,
+              form.commit,
+              objectId.name,
+              form.message,
+              loginAccount
+            )
           redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
         } else {
-      _commit(form.branch)
+          _commit(form.branch, loginAccount)
           redirect(
             s"/${repository.owner}/${repository.name}/blob/${form.branch}/${if (form.path.length == 0) urlEncode(form.newFileName)
             else s"${form.path}/${urlEncode(form.newFileName)}"}"
           )
         }
+    }
 
-    def _commit(branchName: String): ObjectId = {
+    def _commit(branchName: String, loginAccount: Account): ObjectId = {
       commitFile(
         repository = repository,
         branch = branchName,
@@ -471,28 +492,39 @@ trait RepositoryViewerControllerBase extends ControllerBase {
         charset = form.charset,
         message = form.message.getOrElse(s"Create ${form.newFileName}"),
         commit = form.commit,
-        loginAccount = context.loginAccount.get,
+        loginAccount = loginAccount,
         settings = context.settings
-      )
+      )._1
     }
   })
 
   post("/:owner/:repository/update", editorForm)(writableUsersOnly { (form, repository) =>
+    context.withLoginAccount {
+      loginAccount =>
         if (form.newBranch) {
-      val newBranchName = createNewBranchForPullRequest(repository, form.branch)
-      val objectId = _commit(newBranchName)
+          val newBranchName = createNewBranchForPullRequest(repository, form.branch, loginAccount)
+          val objectId = _commit(newBranchName, loginAccount)
           val issueId =
-        createIssueAndPullRequest(repository, form.branch, newBranchName, form.commit, objectId.name, form.message)
+            createIssueAndPullRequest(
+              repository,
+              form.branch,
+              newBranchName,
+              form.commit,
+              objectId.name,
+              form.message,
+              loginAccount
+            )
           redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
         } else {
-      _commit(form.branch)
+          _commit(form.branch, loginAccount)
           redirect(
             s"/${repository.owner}/${repository.name}/blob/${urlEncode(form.branch)}/${if (form.path.length == 0) urlEncode(form.newFileName)
             else s"${form.path}/${urlEncode(form.newFileName)}"}"
           )
         }
+    }
 
-    def _commit(branchName: String): ObjectId = {
+    def _commit(branchName: String, loginAccount: Account): ObjectId = {
       commitFile(
         repository = repository,
         branch = branchName,
@@ -507,28 +539,39 @@ trait RepositoryViewerControllerBase extends ControllerBase {
           form.message.getOrElse(s"Rename ${form.oldFileName.get} to ${form.newFileName}")
         },
         commit = form.commit,
-        loginAccount = context.loginAccount.get,
+        loginAccount = loginAccount,
         settings = context.settings
-      )
+      )._1
     }
   })
 
   post("/:owner/:repository/remove", deleteForm)(writableUsersOnly { (form, repository) =>
+    context.withLoginAccount {
+      loginAccount =>
         if (form.newBranch) {
-      val newBranchName = createNewBranchForPullRequest(repository, form.branch)
-      val objectId = _commit(newBranchName)
+          val newBranchName = createNewBranchForPullRequest(repository, form.branch, loginAccount)
+          val objectId = _commit(newBranchName, loginAccount)
           val issueId =
-        createIssueAndPullRequest(repository, form.branch, newBranchName, form.commit, objectId.name, form.message)
+            createIssueAndPullRequest(
+              repository,
+              form.branch,
+              newBranchName,
+              form.commit,
+              objectId.name,
+              form.message,
+              loginAccount
+            )
           redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
         } else {
-      _commit(form.branch)
+          _commit(form.branch, loginAccount)
           redirect(
             s"/${repository.owner}/${repository.name}/tree/${form.branch}${if (form.path.length == 0) ""
             else "/" + form.path}"
           )
         }
+    }
 
-    def _commit(branchName: String): ObjectId = {
+    def _commit(branchName: String, loginAccount: Account): ObjectId = {
       commitFile(
         repository = repository,
         branch = branchName,
@@ -539,26 +582,46 @@ trait RepositoryViewerControllerBase extends ControllerBase {
         charset = "",
         message = form.message.getOrElse(s"Delete ${form.fileName}"),
         commit = form.commit,
-        loginAccount = context.loginAccount.get,
+        loginAccount = loginAccount,
         settings = context.settings
-      )
+      )._1
     }
   })
 
-  private def getNewBranchName(repository: RepositoryInfo): String = {
+  private def getNewBranchName(repository: RepositoryInfo, loginAccount: Account): String = {
     var i = 1
-    val branchNamePrefix = cutTail(context.loginAccount.get.userName.replaceAll("[^a-zA-Z0-9-_]", "-"), 25)
+    val branchNamePrefix = cutTail(loginAccount.userName.replaceAll("[^a-zA-Z0-9-_]", "-"), 25)
     while (repository.branchList.exists(p => p.contains(s"$branchNamePrefix-patch-$i"))) {
       i += 1
     }
     s"$branchNamePrefix-patch-$i"
   }
 
-  private def createNewBranchForPullRequest(repository: RepositoryInfo, baseBranchName: String): String = {
-    val newBranchName = getNewBranchName(repository)
+  private def createNewBranchForPullRequest(
+    repository: RepositoryInfo,
+    baseBranchName: String,
+    loginAccount: Account
+  ): String = {
+    val newBranchName = getNewBranchName(repository, loginAccount)
     Using.resource(Git.open(getRepositoryDir(repository.owner, repository.name))) { git =>
       JGitUtil.createBranch(git, baseBranchName, newBranchName)
     }
+    // Call webhook
+    val settings = loadSystemSettings()
+    callWebHookOf(repository.owner, repository.name, WebHook.Create, settings) {
+      for {
+        sender <- Some(loginAccount)
+        owner <- getAccountByUserName(repository.owner)
+      } yield {
+        WebHookCreatePayload(
+          sender,
+          repository,
+          owner,
+          ref = newBranchName,
+          refType = "branch"
+        )
+      }
+    }
     newBranchName
   }
 
@@ -568,12 +631,13 @@ trait RepositoryViewerControllerBase extends ControllerBase {
     requestBranch: String,
     commitIdFrom: String,
     commitIdTo: String,
-    commitMessage: Option[String]
+    commitMessage: Option[String],
+    loginAccount: Account
   ): Int = {
     val issueId = insertIssue(
       owner = repository.owner,
       repository = repository.name,
-      loginUser = context.loginAccount.get.userName,
+      loginUser = loginAccount.userName,
       title = requestBranch,
       content = commitMessage,
       assignedUserName = None,
@@ -591,7 +655,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
       commitIdFrom = commitIdFrom,
       commitIdTo = commitIdTo,
       isDraft = false,
-      loginAccount = context.loginAccount.get,
+      loginAccount = loginAccount,
       settings = context.settings
     )
     issueId
@@ -621,7 +685,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
         getPathObjectId(git, path, revCommit).map {
           objectId =>
             if (raw) {
-              // Download (This route is left for backword compatibility)
+              // Download (This route is left for backward compatibility)
               responseRawFile(git, objectId, path, repository)
             } else {
               val info = EditorConfigUtil.getEditorConfigInfo(git, id, path)
@@ -629,7 +693,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
                 branch = id,
                 repository = repository,
                 pathList = path.split("/").toList,
-                content = JGitUtil.getContentInfo(git, path, objectId),
+                content = JGitUtil.getContentInfo(git, path, objectId, repository.repository.options.safeMode),
                 latestCommit = new JGitUtil.CommitInfo(JGitUtil.getLastModifiedCommit(git, revCommit, path)),
                 hasWritePermission = hasDeveloperRole(repository.owner, repository.name, context.loginAccount),
                 isBlame = request.paths(2) == "blame",
@@ -704,8 +768,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
     try {
       Using.resource(Git.open(getRepositoryDir(repository.owner, repository.name))) {
         git =>
-          defining(JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(id))) {
-            revCommit =>
+          val revCommit = JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(id))
           val diffs = JGitUtil.getDiffs(git, None, id, true, false)
           val oldCommitId = JGitUtil.getParentCommitId(git, id)
 
@@ -724,7 +787,6 @@ trait RepositoryViewerControllerBase extends ControllerBase {
             flash.get("error")
           )
       }
-      }
     } catch {
       case e: MissingObjectException => NotFound()
     }
@@ -756,11 +818,12 @@ trait RepositoryViewerControllerBase extends ControllerBase {
   })
 
   post("/:owner/:repository/commit/:id/comment/new", commentForm)(readableUsersOnly { (form, repository) =>
+    context.withLoginAccount { loginAccount =>
       val id = params("id")
       createCommitComment(
         repository,
         id,
-      context.loginAccount.get,
+        loginAccount,
         form.content,
         form.fileName,
         form.oldLineNumber,
@@ -770,6 +833,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
       )
 
       redirect(s"/${repository.owner}/${repository.name}/commit/${id}")
+    }
   })
 
   ajaxGet("/:owner/:repository/commit/:id/comment/_form")(readableUsersOnly { repository =>
@@ -791,11 +855,13 @@ trait RepositoryViewerControllerBase extends ControllerBase {
   })
 
   ajaxPost("/:owner/:repository/commit/:id/comment/_data/new", commentForm)(readableUsersOnly { (form, repository) =>
+    context.withLoginAccount {
+      loginAccount =>
         val id = params("id")
         val commentId = createCommitComment(
           repository,
           id,
-      context.loginAccount.get,
+          loginAccount,
           form.content,
           form.fileName,
           form.oldLineNumber,
@@ -807,12 +873,15 @@ trait RepositoryViewerControllerBase extends ControllerBase {
         val comment = getCommitComment(repository.owner, repository.name, commentId.toString).get
         helper.html
           .commitcomment(comment, hasDeveloperRole(repository.owner, repository.name, context.loginAccount), repository)
+    }
   })
 
   ajaxGet("/:owner/:repository/commit_comments/_data/:id")(readableUsersOnly { repository =>
+    context.withLoginAccount {
+      loginAccount =>
         getCommitComment(repository.owner, repository.name, params("id")) map {
           x =>
-        if (isEditable(x.userName, x.repositoryName, x.commentedUserName)) {
+            if (isEditable(x.userName, x.repositoryName, x.commentedUserName, loginAccount)) {
               params.get("dataType") collect {
                 case t if t == "html" => html.editcomment(x.content, x.commentId, repository)
               } getOrElse {
@@ -835,25 +904,25 @@ trait RepositoryViewerControllerBase extends ControllerBase {
               }
             } else Unauthorized()
         } getOrElse NotFound()
+    }
   })
 
   ajaxPost("/:owner/:repository/commit_comments/edit/:id", commentForm)(readableUsersOnly { (form, repository) =>
-    defining(repository.owner, repository.name) {
-      case (owner, name) =>
-        getCommitComment(owner, name, params("id")).map { comment =>
-          if (isEditable(owner, name, comment.commentedUserName)) {
+    context.withLoginAccount {
+      loginAccount =>
+        getCommitComment(repository.owner, repository.name, params("id")).map { comment =>
+          if (isEditable(repository.owner, repository.name, comment.commentedUserName, loginAccount)) {
             updateCommitComment(comment.commentId, form.content)
-            redirect(s"/${owner}/${name}/commit_comments/_data/${comment.commentId}")
+            redirect(s"/${repository.owner}/${repository.name}/commit_comments/_data/${comment.commentId}")
           } else Unauthorized()
         } getOrElse NotFound()
     }
   })
 
   ajaxPost("/:owner/:repository/commit_comments/delete/:id")(readableUsersOnly { repository =>
-    defining(repository.owner, repository.name) {
-      case (owner, name) =>
-        getCommitComment(owner, name, params("id")).map { comment =>
-          if (isEditable(owner, name, comment.commentedUserName)) {
+    context.withLoginAccount { loginAccount =>
+      getCommitComment(repository.owner, repository.name, params("id")).map { comment =>
+        if (isEditable(repository.owner, repository.name, comment.commentedUserName, loginAccount)) {
           Ok(deleteCommitComment(comment.commentId))
         } else Unauthorized()
       } getOrElse NotFound()
@@ -924,11 +993,47 @@ trait RepositoryViewerControllerBase extends ControllerBase {
   post("/:owner/:repository/branches")(writableUsersOnly { repository =>
     val newBranchName = params.getOrElse("new", halt(400))
     val fromBranchName = params.getOrElse("from", halt(400))
-    Using.resource(Git.open(getRepositoryDir(repository.owner, repository.name))) { git =>
-      JGitUtil.createBranch(git, fromBranchName, newBranchName)
-    } match {
+    Using.resource(Git.open(getRepositoryDir(repository.owner, repository.name))) {
+      git =>
+        JGitUtil.createBranch(git, fromBranchName, newBranchName) match {
           case Right(message) =>
             flash.update("info", message)
+            val settings = loadSystemSettings()
+            val newCommitId = git.getRepository.resolve(s"refs/heads/${newBranchName}")
+            val oldCommitId = ObjectId.fromString("0" * 40)
+            // call push webhook
+            callWebHookOf(repository.owner, repository.name, WebHook.Push, settings) {
+              for {
+                pusherAccount <- context.loginAccount
+                ownerAccount <- getAccountByUserName(repository.owner)
+              } yield {
+                WebHookPushPayload(
+                  git,
+                  pusherAccount,
+                  newBranchName,
+                  repository,
+                  List(),
+                  ownerAccount,
+                  newId = newCommitId,
+                  oldId = oldCommitId
+                )
+              }
+            }
+            // call create webhook
+            callWebHookOf(repository.owner, repository.name, WebHook.Create, settings) {
+              for {
+                sender <- context.loginAccount
+                owner <- getAccountByUserName(repository.owner)
+              } yield {
+                WebHookCreatePayload(
+                  sender,
+                  repository,
+                  owner,
+                  ref = newBranchName,
+                  refType = "branch"
+                )
+              }
+            }
             redirect(
               s"/${repository.owner}/${repository.name}/tree/${StringUtil.urlEncode(newBranchName).replace("%2F", "/")}"
             )
@@ -936,22 +1041,26 @@ trait RepositoryViewerControllerBase extends ControllerBase {
             flash.update("error", message)
             redirect(s"/${repository.owner}/${repository.name}/tree/${fromBranchName}")
         }
+    }
   })
 
   /**
    * Deletes branch.
    */
   get("/:owner/:repository/delete/*")(writableUsersOnly { repository =>
+    context.withLoginAccount {
+      loginAccount =>
         val branchName = multiParams("splat").head
-    val userName = context.loginAccount.get.userName
         if (repository.repository.defaultBranch != branchName) {
           Using.resource(Git.open(getRepositoryDir(repository.owner, repository.name))) { git =>
             git.branchDelete().setForce(true).setBranchNames(branchName).call()
-        val deleteBranchInfo = DeleteBranchInfo(repository.owner, repository.name, userName, branchName)
+            val deleteBranchInfo =
+              DeleteBranchInfo(repository.owner, repository.name, loginAccount.userName, branchName)
             recordActivity(deleteBranchInfo)
           }
         }
         redirect(s"/${repository.owner}/${repository.name}/branches")
+    }
   })
 
   /**
@@ -1037,7 +1146,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
         // get specified commit
         JGitUtil.getDefaultBranch(git, repository, revstr).map {
           case (objectId, revision) =>
-            defining(JGitUtil.getRevCommitFromId(git, objectId)) { revCommit =>
+            val revCommit = JGitUtil.getRevCommitFromId(git, objectId)
             val lastModifiedCommit =
               if (path == ".") revCommit else JGitUtil.getLastModifiedCommit(git, revCommit, path)
             val commitCount = JGitUtil.getCommitCount(git, lastModifiedCommit.getName)
@@ -1084,7 +1193,6 @@ trait RepositoryViewerControllerBase extends ControllerBase {
               flash.get("info"),
               flash.get("error")
             )
-            }
         } getOrElse NotFound()
       }
     }
@@ -1115,10 +1223,12 @@ trait RepositoryViewerControllerBase extends ControllerBase {
           }
           if (treeWalk != null) {
             while (treeWalk.next()) {
+              if (treeWalk.getFileMode != FileMode.GITLINK) {
                 val entryPath =
                   if (path.isEmpty) baseName + "/" + treeWalk.getPathString
                   else path.split("/").last + treeWalk.getPathString.substring(path.length)
                 val mode = treeWalk.getFileMode.getBits
+
                 JGitUtil.openFile(git, repository, commit.getTree, treeWalk.getPathString) { in =>
                   val tempFile = File.createTempFile("gitbucket", ".archive")
                   val size = Using.resource(new FileOutputStream(tempFile)) { out =>
@@ -1149,6 +1259,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
           }
         }
       }
+    }
 
     val suffix =
       path.split("/").lastOption.collect { case x if x.length > 0 => "-" + x.replace('/', '_') }.getOrElse("")
@@ -1204,8 +1315,9 @@ trait RepositoryViewerControllerBase extends ControllerBase {
     }
   }
 
-  private def isEditable(owner: String, repository: String, author: String)(implicit context: Context): Boolean =
-    hasDeveloperRole(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
+  private def isEditable(owner: String, repository: String, author: String, loginAccount: Account): Boolean = {
+    hasDeveloperRole(owner, repository, Some(loginAccount)) || author == loginAccount.userName
+  }
 
   private def conflict: Constraint = new Constraint() {
     override def validate(name: String, value: String, messages: Messages): Option[String] = {

src/main/scala/gitbucket/core/controller/SystemSettingsController.scala

@@ -9,7 +9,6 @@ import gitbucket.core.service.{AccountService, RepositoryService}
 import gitbucket.core.ssh.SshServer
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util.StringUtil._
-import gitbucket.core.util.SyntaxSugars._
 import gitbucket.core.util.{AdminAuthenticator, Mailer}
 import org.apache.commons.io.IOUtils
 import org.apache.commons.mail.EmailException
@@ -187,7 +186,7 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
 
   val newUserForm = mapping(
     "userName" -> trim(label("Username", text(required, maxlength(100), identifier, uniqueUserName, reservedNames))),
-    "password" -> trim(label("Password", text(required, maxlength(20)))),
+    "password" -> trim(label("Password", text(required, maxlength(40)))),
     "fullName" -> trim(label("Full Name", text(required, maxlength(100)))),
     "mailAddress" -> trim(label("Mail Address", text(required, maxlength(100), uniqueMailAddress()))),
     "extraMailAddresses" -> list(
@@ -201,7 +200,7 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
 
   val editUserForm = mapping(
     "userName" -> trim(label("Username", text(required, maxlength(100), identifier))),
-    "password" -> trim(label("Password", optional(text(maxlength(20))))),
+    "password" -> trim(label("Password", optional(text(maxlength(40))))),
     "fullName" -> trim(label("Full Name", text(required, maxlength(100)))),
     "mailAddress" -> trim(label("Mail Address", text(required, maxlength(100), uniqueMailAddress("userName")))),
     "extraMailAddresses" -> list(
@@ -362,8 +361,8 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
   })
 
   get("/admin/users")(adminOnly {
-    val includeRemoved = params.get("includeRemoved").map(_.toBoolean).getOrElse(false)
-    val includeGroups = params.get("includeGroups").map(_.toBoolean).getOrElse(false)
+    val includeRemoved = params.get("includeRemoved").exists(_.toBoolean)
+    val includeGroups = params.get("includeGroups").exists(_.toBoolean)
     val users = getAllUsers(includeRemoved, includeGroups)
     val members = users.collect {
       case account if (account.isGroupAccount) =>
@@ -463,15 +462,13 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
   })
 
   get("/admin/users/:groupName/_editgroup")(adminOnly {
-    defining(params("groupName")) { groupName =>
+    val groupName = params("groupName")
     html.usergroup(getAccountByUserName(groupName, true), getGroupMembers(groupName))
-    }
   })
 
   post("/admin/users/:groupName/_editgroup", editGroupForm)(adminOnly { form =>
-    defining(
-      params("groupName"),
-      form.members
+    val groupName = params("groupName")
+    val members = form.members
       .split(",")
       .map {
         _.split(":") match {
@@ -479,8 +476,7 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
         }
       }
       .toList
-    ) {
-      case (groupName, members) =>
+
     getAccountByUserName(groupName, true).map {
       account =>
         updateGroup(groupName, form.description, form.url, form.isRemoved)
@@ -511,7 +507,6 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
         redirect("/admin/users")
 
     } getOrElse NotFound()
-    }
   })
 
   get("/admin/data")(adminOnly {
@@ -559,12 +554,11 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
   protected def disableByNotYourself(paramName: String): Constraint =
     new Constraint() {
       override def validate(name: String, value: String, messages: Messages): Option[String] = {
-        params.get(paramName).flatMap { userName =>
-          if (userName == context.loginAccount.get.userName && params.get("removed") == Some("true"))
-            Some("You can't disable your account yourself")
-          else
-            None
-        }
+        for {
+          userName <- params.get(paramName)
+          loginAccount <- context.loginAccount
+          if userName == loginAccount.userName && params.get("removed") == Some("true")
+        } yield "You can't disable your account yourself"
       }
     }
 

src/main/scala/gitbucket/core/controller/WikiController.scala

@@ -136,11 +136,13 @@ trait WikiControllerBase extends ControllerBase {
   })
 
   get("/:owner/:repository/wiki/:page/_revert/:commitId")(readableUsersOnly { repository =>
+    context.withLoginAccount {
+      loginAccount =>
         if (isEditable(repository)) {
           val pageName = StringUtil.urlDecode(params("page"))
           val Array(from, to) = params("commitId").split("\\.\\.\\.")
 
-      if (revertWikiPage(repository.owner, repository.name, from, to, context.loginAccount.get, Some(pageName))) {
+          if (revertWikiPage(repository.owner, repository.name, from, to, loginAccount, Some(pageName))) {
             redirect(s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(pageName)}")
           } else {
             flash.update("info", "This patch was not able to be reversed.")
@@ -149,19 +151,23 @@ trait WikiControllerBase extends ControllerBase {
             )
           }
         } else Unauthorized()
+    }
   })
 
   get("/:owner/:repository/wiki/_revert/:commitId")(readableUsersOnly { repository =>
+    context.withLoginAccount {
+      loginAccount =>
         if (isEditable(repository)) {
           val Array(from, to) = params("commitId").split("\\.\\.\\.")
 
-      if (revertWikiPage(repository.owner, repository.name, from, to, context.loginAccount.get, None)) {
+          if (revertWikiPage(repository.owner, repository.name, from, to, loginAccount, None)) {
             redirect(s"/${repository.owner}/${repository.name}/wiki")
           } else {
             flash.update("info", "This patch was not able to be reversed.")
             redirect(s"/${repository.owner}/${repository.name}/wiki/_compare/${from}...${to}")
           }
         } else Unauthorized()
+    }
   })
 
   get("/:owner/:repository/wiki/:page/_edit")(readableUsersOnly { repository =>
@@ -172,9 +178,9 @@ trait WikiControllerBase extends ControllerBase {
   })
 
   post("/:owner/:repository/wiki/_edit", editForm)(readableUsersOnly { (form, repository) =>
-    if (isEditable(repository)) {
-      defining(context.loginAccount.get) {
+    context.withLoginAccount {
       loginAccount =>
+        if (isEditable(repository)) {
           saveWikiPage(
             repository.owner,
             repository.name,
@@ -201,8 +207,8 @@ trait WikiControllerBase extends ControllerBase {
           } else {
             redirect(s"/${repository.owner}/${repository.name}/wiki")
           }
-      }
         } else Unauthorized()
+    }
   })
 
   get("/:owner/:repository/wiki/_new")(readableUsersOnly { repository =>
@@ -212,9 +218,9 @@ trait WikiControllerBase extends ControllerBase {
   })
 
   post("/:owner/:repository/wiki/_new", newForm)(readableUsersOnly { (form, repository) =>
-    if (isEditable(repository)) {
-      defining(context.loginAccount.get) {
+    context.withLoginAccount {
       loginAccount =>
+        if (isEditable(repository)) {
           saveWikiPage(
             repository.owner,
             repository.name,
@@ -242,15 +248,23 @@ trait WikiControllerBase extends ControllerBase {
           } else {
             redirect(s"/${repository.owner}/${repository.name}/wiki")
           }
-      }
         } else Unauthorized()
+    }
   })
 
   get("/:owner/:repository/wiki/:page/_delete")(readableUsersOnly { repository =>
+    context.withLoginAccount {
+      loginAccount =>
         if (isEditable(repository)) {
           val pageName = StringUtil.urlDecode(params("page"))
-
-      defining(context.loginAccount.get) { loginAccount =>
+          deleteWikiPage(
+            repository.owner,
+            repository.name,
+            pageName,
+            loginAccount.fullName,
+            loginAccount.mailAddress,
+            s"Destroyed ${pageName}"
+          )
           val deleteWikiInfo = DeleteWikiInfo(
             repository.owner,
             repository.name,
@@ -261,8 +275,8 @@ trait WikiControllerBase extends ControllerBase {
           updateLastActivityDate(repository.owner, repository.name)
 
           redirect(s"/${repository.owner}/${repository.name}/wiki")
-      }
         } else Unauthorized()
+    }
   })
 
   get("/:owner/:repository/wiki/_pages")(referrersOnly { repository =>

src/main/scala/gitbucket/core/controller/api/ApiIssueCommentControllerBase.scala

@@ -4,7 +4,7 @@ import gitbucket.core.controller.{Context, ControllerBase}
 import gitbucket.core.service._
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util.{ReadableUsersAuthenticator, ReferrerAuthenticator, RepositoryName}
-import org.scalatra.{ActionResult, NoContent}
+import org.scalatra.ActionResult
 
 trait ApiIssueCommentControllerBase extends ControllerBase {
   self: AccountService

src/main/scala/gitbucket/core/controller/api/ApiIssueControllerBase.scala

@@ -5,7 +5,7 @@ import gitbucket.core.model.{Account, Issue}
 import gitbucket.core.service.{AccountService, IssueCreationService, IssuesService, MilestonesService}
 import gitbucket.core.service.IssuesService.IssueSearchCondition
 import gitbucket.core.service.PullRequestService.PullRequestLimit
-import gitbucket.core.util.{ReadableUsersAuthenticator, ReferrerAuthenticator, RepositoryName, UsersAuthenticator}
+import gitbucket.core.util.{ReadableUsersAuthenticator, ReferrerAuthenticator, RepositoryName}
 import gitbucket.core.util.Implicits._
 
 trait ApiIssueControllerBase extends ControllerBase {
@@ -47,7 +47,8 @@ trait ApiIssueControllerBase extends ControllerBase {
           user = ApiUser(issueUser),
           assignee = assignedUser.map(ApiUser(_)),
           labels = getIssueLabels(repository.owner, repository.name, issue.issueId)
-            .map(ApiLabel(_, RepositoryName(repository)))
+            .map(ApiLabel(_, RepositoryName(repository))),
+          issue.milestoneId.flatMap { getApiMilestone(repository, _) }
         )
     })
   })
@@ -69,7 +70,8 @@ trait ApiIssueControllerBase extends ControllerBase {
           RepositoryName(repository),
           ApiUser(openedUser),
           issue.assignedUserName.flatMap(users.get(_)).map(ApiUser(_)),
-          getIssueLabels(repository.owner, repository.name, issue.issueId).map(ApiLabel(_, RepositoryName(repository)))
+          getIssueLabels(repository.owner, repository.name, issue.issueId).map(ApiLabel(_, RepositoryName(repository))),
+          issue.milestoneId.flatMap { getApiMilestone(repository, _) }
         )
       )
     }) getOrElse NotFound()
@@ -103,7 +105,8 @@ trait ApiIssueControllerBase extends ControllerBase {
             ApiUser(loginAccount),
             issue.assignedUserName.flatMap(getAccountByUserName(_)).map(ApiUser(_)),
             getIssueLabels(repository.owner, repository.name, issue.issueId)
-              .map(ApiLabel(_, RepositoryName(repository)))
+              .map(ApiLabel(_, RepositoryName(repository))),
+            issue.milestoneId.flatMap { getApiMilestone(repository, _) }
           )
         )
       }) getOrElse NotFound()

src/main/scala/gitbucket/core/controller/api/ApiIssueLabelControllerBase.scala

@@ -121,7 +121,7 @@ trait ApiIssueLabelControllerBase extends ControllerBase {
    */
   post("/api/v3/repos/:owner/:repository/issues/:id/labels")(writableUsersOnly { repository =>
     JsonFormat(for {
-      data <- extractFromJsonBody[Seq[String]];
+      data <- extractFromJsonBody[Seq[String]]
       issueId <- params("id").toIntOpt
     } yield {
       data.map { labelName =>
@@ -160,7 +160,7 @@ trait ApiIssueLabelControllerBase extends ControllerBase {
    */
   put("/api/v3/repos/:owner/:repository/issues/:id/labels")(writableUsersOnly { repository =>
     JsonFormat(for {
-      data <- extractFromJsonBody[Seq[String]];
+      data <- extractFromJsonBody[Seq[String]]
       issueId <- params("id").toIntOpt
     } yield {
       deleteAllIssueLabels(repository.owner, repository.name, issueId, true)

src/main/scala/gitbucket/core/controller/api/ApiIssueMilestoneControllerBase.scala

@@ -102,17 +102,4 @@ trait ApiIssueMilestoneControllerBase extends ControllerBase {
     NoContent()
   })
 
-  private def getApiMilestone(repository: RepositoryInfo, milestoneId: Int): Option[ApiMilestone] = {
-    getMilestonesWithIssueCount(repository.owner, repository.name)
-      .find(p => p._1.milestoneId == milestoneId)
-      .map(
-        milestoneWithIssue =>
-          ApiMilestone(
-            repository.repository,
-            milestoneWithIssue._1,
-            milestoneWithIssue._2,
-            milestoneWithIssue._3
-        )
-      )
-  }
 }

src/main/scala/gitbucket/core/controller/api/ApiOrganizationControllerBase.scala

@@ -1,5 +1,5 @@
 package gitbucket.core.controller.api
-import gitbucket.core.api.{ApiGroup, CreateAGroup, ApiRepository, ApiUser, JsonFormat}
+import gitbucket.core.api.{ApiGroup, CreateAGroup, JsonFormat}
 import gitbucket.core.controller.ControllerBase
 import gitbucket.core.service.{AccountService, RepositoryService}
 import gitbucket.core.util.Implicits._

src/main/scala/gitbucket/core/controller/api/ApiReleaseControllerBase.scala

@@ -1,5 +1,5 @@
 package gitbucket.core.controller.api
-import java.io.{ByteArrayInputStream, File}
+import java.io.File
 
 import gitbucket.core.api._
 import gitbucket.core.controller.ControllerBase
@@ -7,9 +7,8 @@ import gitbucket.core.service.{AccountService, ReleaseService}
 import gitbucket.core.util.Directory.getReleaseFilesDir
 import gitbucket.core.util.{FileUtil, ReferrerAuthenticator, RepositoryName, WritableUsersAuthenticator}
 import gitbucket.core.util.Implicits._
-import gitbucket.core.util.SyntaxSugars.defining
 import org.apache.commons.io.FileUtils
-import org.scalatra.{Created, NoContent}
+import org.scalatra.NoContent
 
 trait ApiReleaseControllerBase extends ControllerBase {
   self: AccountService with ReleaseService with ReferrerAuthenticator with WritableUsersAuthenticator =>
@@ -87,7 +86,7 @@ trait ApiReleaseControllerBase extends ControllerBase {
   /**
    * vi. Edit a release
    * https://developer.github.com/v3/repos/releases/#edit-a-release
-   * Incompatiblity info: GitHub API requires :release_id, but GitBucket API requires :tag_name
+   * Incompatibility info: GitHub API requires :release_id, but GitBucket API requires :tag_name
    */
   patch("/api/v3/repos/:owner/:repository/releases/:tag")(writableUsersOnly { repository =>
     (for {
@@ -104,7 +103,7 @@ trait ApiReleaseControllerBase extends ControllerBase {
   /**
    * vii. Delete a release
    * https://developer.github.com/v3/repos/releases/#delete-a-release
-   * Incompatiblity info: GitHub API requires :release_id, but GitBucket API requires :tag_name
+   * Incompatibility info: GitHub API requires :release_id, but GitBucket API requires :tag_name
    */
   delete("/api/v3/repos/:owner/:repository/releases/:tag")(writableUsersOnly { repository =>
     val tag = params("tag")
@@ -120,13 +119,13 @@ trait ApiReleaseControllerBase extends ControllerBase {
    * ix. Upload a release asset
    * https://developer.github.com/v3/repos/releases/#upload-a-release-asset
    */
-  post("/api/v3/repos/:owner/:repository/releases/:tag/assets")(writableUsersOnly { repository =>
+  post("/api/v3/repos/:owner/:repository/releases/:tag/assets")(writableUsersOnly {
+    repository =>
       val name = params("name")
       val tag = params("tag")
       getRelease(repository.owner, repository.name, tag)
-      .map {
-        release =>
-          defining(FileUtil.generateFileId) { fileId =>
+        .map { release =>
+          val fileId = FileUtil.generateFileId
           val buf = new Array[Byte](request.inputStream.available())
           request.inputStream.read(buf)
           FileUtils.writeByteArrayToFile(
@@ -153,7 +152,6 @@ trait ApiReleaseControllerBase extends ControllerBase {
               ApiError("Unknown error")
             }
         }
-      }
         .getOrElse(NotFound())
   })
 

src/main/scala/gitbucket/core/controller/api/ApiRepositoryCommitControllerBase.scala

@@ -40,7 +40,7 @@ trait ApiRepositoryCommitControllerBase extends ControllerBase {
                   diffs = JGitUtil.getDiffs(git, commitInfo.parents.headOption, commitInfo.id, false, true),
                   author = getAccount(commitInfo.authorName, commitInfo.authorEmailAddress),
                   committer = getAccount(commitInfo.committerName, commitInfo.committerEmailAddress),
-                  commentCount = getCommitComment(repository.owner, repository.name, commitInfo.id.toString).size
+                  commentCount = getCommitComment(repository.owner, repository.name, commitInfo.id).size
                 )
             })
         }

src/main/scala/gitbucket/core/controller/api/ApiRepositoryContentsControllerBase.scala

@@ -1,10 +1,9 @@
 package gitbucket.core.controller.api
-import gitbucket.core.api.{ApiContents, ApiError, CreateAFile, JsonFormat}
+import gitbucket.core.api.{ApiCommit, ApiContents, ApiError, CreateAFile, JsonFormat}
 import gitbucket.core.controller.ControllerBase
-import gitbucket.core.plugin.PluginRegistry
 import gitbucket.core.service.{RepositoryCommitFileService, RepositoryService}
 import gitbucket.core.util.Directory.getRepositoryDir
-import gitbucket.core.util.JGitUtil.{FileInfo, getContentFromId, getFileList}
+import gitbucket.core.util.JGitUtil.{CommitInfo, FileInfo, getContentFromId, getFileList, getSummaryMessage}
 import gitbucket.core.util._
 import gitbucket.core.view.helpers.{isRenderable, renderMarkup}
 import gitbucket.core.util.Implicits._
@@ -36,7 +35,7 @@ trait ApiRepositoryContentsControllerBase extends ControllerBase {
 
   /**
    * ii. Get contents
-   * https://developer.github.com/v3/repos/contents/#get-contents
+   * https://docs.github.com/en/rest/reference/repos#get-repository-content
    */
   get("/api/v3/repos/:owner/:repository/contents")(referrersOnly { repository =>
     getContents(repository, ".", params.getOrElse("ref", repository.repository.defaultBranch))
@@ -44,47 +43,50 @@ trait ApiRepositoryContentsControllerBase extends ControllerBase {
 
   /**
    * ii. Get contents
-   * https://developer.github.com/v3/repos/contents/#get-contents
+   * https://docs.github.com/en/rest/reference/repos#get-repository-content
    */
   get("/api/v3/repos/:owner/:repository/contents/*")(referrersOnly { repository =>
     getContents(repository, multiParams("splat").head, params.getOrElse("ref", repository.repository.defaultBranch))
   })
 
+  private def getFileInfo(git: Git, revision: String, pathStr: String): Option[FileInfo] = {
+    val revCommit = JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(revision))
+    getPathObjectId(git, pathStr, revCommit).map { objectId =>
+      FileInfo(
+        id = objectId,
+        isDirectory = false,
+        name = pathStr.split("/").last,
+        path = pathStr.split("/").dropRight(1).mkString("/"),
+        message = getSummaryMessage(revCommit.getFullMessage, revCommit.getShortMessage),
+        commitId = revCommit.getName,
+        time = revCommit.getAuthorIdent.getWhen,
+        author = revCommit.getAuthorIdent.getName,
+        mailAddress = revCommit.getAuthorIdent.getEmailAddress,
+        linkUrl = None
+      )
+    }
+  }
+
   private def getContents(
     repository: RepositoryService.RepositoryInfo,
     path: String,
     refStr: String,
     ignoreCase: Boolean = false
   ) = {
-    def getFileInfo(git: Git, revision: String, pathStr: String, ignoreCase: Boolean): Option[FileInfo] = {
-      val (dirName, fileName) = pathStr.lastIndexOf('/') match {
-        case -1 =>
-          (".", pathStr)
-        case n =>
-          (pathStr.take(n), pathStr.drop(n + 1))
-      }
-      if (ignoreCase) {
-        getFileList(git, revision, dirName, maxFiles = context.settings.repositoryViewer.maxFiles)
-          .find(_.name.toLowerCase.equals(fileName.toLowerCase))
-      } else {
-        getFileList(git, revision, dirName, maxFiles = context.settings.repositoryViewer.maxFiles)
-          .find(_.name.equals(fileName))
-      }
-    }
-
     Using.resource(Git.open(getRepositoryDir(params("owner"), params("repository")))) { git =>
       val fileList = getFileList(git, refStr, path, maxFiles = context.settings.repositoryViewer.maxFiles)
       if (fileList.isEmpty) { // file or NotFound
-        getFileInfo(git, refStr, path, ignoreCase)
-          .flatMap { f =>
+        val revCommit = JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(refStr))
+        getPathObjectId(git, path, revCommit)
+          .flatMap { objectId =>
             val largeFile = params.get("large_file").exists(s => s.equals("true"))
-            val content = getContentFromId(git, f.id, largeFile)
+            val content = getContentFromId(git, objectId, largeFile)
             request.getHeader("Accept") match {
               case "application/vnd.github.v3.raw" => {
                 contentType = "application/vnd.github.v3.raw"
                 content
               }
-              case "application/vnd.github.v3.html" if isRenderable(f.name) => {
+              case "application/vnd.github.v3.html" if isRenderable(path) => {
                 contentType = "application/vnd.github.v3.html"
                 content.map { c =>
                   List(
@@ -115,11 +117,12 @@ trait ApiRepositoryContentsControllerBase extends ControllerBase {
                 }
               }
               case _ =>
-                Some(JsonFormat(ApiContents(f, RepositoryName(repository), content)))
+                getFileInfo(git, refStr, path).map { f =>
+                  JsonFormat(ApiContents(f, RepositoryName(repository), content))
+                }
             }
           }
           .getOrElse(NotFound())
-
       } else { // directory
         JsonFormat(fileList.map { f =>
           ApiContents(f, RepositoryName(repository), None)
@@ -127,15 +130,16 @@ trait ApiRepositoryContentsControllerBase extends ControllerBase {
       }
     }
   }
-  /*
+
+  /**
    * iii. Create a file or iv. Update a file
-   * https://developer.github.com/v3/repos/contents/#create-a-file
-   * https://developer.github.com/v3/repos/contents/#update-a-file
+   * https://docs.github.com/en/rest/reference/repos#create-or-update-file-contents
    * if sha is presented, update a file else create a file.
    * requested #2112
    */
-
   put("/api/v3/repos/:owner/:repository/contents/*")(writableUsersOnly { repository =>
+    context.withLoginAccount {
+      loginAccount =>
         JsonFormat(for {
           data <- extractFromJsonBody[CreateAFile]
         } yield {
@@ -146,10 +150,16 @@ trait ApiRepositoryContentsControllerBase extends ControllerBase {
           }
           val paths = multiParams("splat").head.split("/")
           val path = paths.take(paths.size - 1).toList.mkString("/")
-      if (data.sha.isDefined && data.sha.get != commit) {
-        ApiError("The blob SHA is not matched.", Some("https://developer.github.com/v3/repos/contents/#update-a-file"))
-      } else {
-        val objectId = commitFile(
+          Using.resource(Git.open(getRepositoryDir(params("owner"), params("repository")))) {
+            git =>
+              getFileInfo(git, commit, path) match {
+                case Some(f) if !data.sha.contains(f.id.getName) =>
+                  ApiError(
+                    "The blob SHA is not matched.",
+                    Some("https://docs.github.com/en/rest/reference/repos#create-or-update-file-contents")
+                  )
+                case _ =>
+                  val (commitId, blobId) = commitFile(
                     repository,
                     branch,
                     path,
@@ -158,25 +168,48 @@ trait ApiRepositoryContentsControllerBase extends ControllerBase {
                     StringUtil.base64Decode(data.content),
                     data.message,
                     commit,
-          context.loginAccount.get,
-          data.committer.map(_.name).getOrElse(context.loginAccount.get.fullName),
-          data.committer.map(_.email).getOrElse(context.loginAccount.get.mailAddress),
+                    loginAccount,
+                    data.committer.map(_.name).getOrElse(loginAccount.fullName),
+                    data.committer.map(_.email).getOrElse(loginAccount.mailAddress),
                     context.settings
                   )
-        ApiContents("file", paths.last, path, objectId.name, None, None)(RepositoryName(repository))
+
+                  blobId match {
+                    case None =>
+                      ApiError("Failed to commit a file.", None)
+                    case Some(blobId) =>
+                      Map(
+                        "content" -> ApiContents(
+                          "file",
+                          paths.last,
+                          path,
+                          blobId.name,
+                          Some(data.content),
+                          Some("base64")
+                        )(RepositoryName(repository)),
+                        "commit" -> ApiCommit(
+                          git,
+                          RepositoryName(repository),
+                          new CommitInfo(JGitUtil.getRevCommitFromId(git, commitId))
+                        )
+                      )
+                  }
+              }
           }
         })
+    }
   })
 
   /*
    * v. Delete a file
-   * https://developer.github.com/v3/repos/contents/#delete-a-file
+   * https://docs.github.com/en/rest/reference/repos#delete-a-file
    * should be implemented
    */
 
   /*
- * vi. Get archive link
- * https://developer.github.com/v3/repos/contents/#get-archive-link
+ * vi. Download a repository archive (tar/zip)
+ * https://docs.github.com/en/rest/reference/repos#download-a-repository-archive-tar
+ * https://docs.github.com/en/rest/reference/repos#download-a-repository-archive-zip
  */
 
 }

src/main/scala/gitbucket/core/controller/api/ApiRepositoryControllerBase.scala

@@ -8,6 +8,7 @@ import gitbucket.core.util._
 import gitbucket.core.util.Implicits._
 import gitbucket.core.model.Profile.profile.blockingApi._
 import org.eclipse.jgit.api.Git
+import org.scalatra.Forbidden
 
 import scala.concurrent.Await
 import scala.concurrent.duration.Duration
@@ -26,7 +27,7 @@ trait ApiRepositoryControllerBase extends ControllerBase {
 
   /**
    * i. List your repositories
-   * https://developer.github.com/v3/repos/#list-your-repositories
+   * https://docs.github.com/en/rest/reference/repos#list-repositories-for-the-authenticated-user
    */
   get("/api/v3/user/repos")(usersOnly {
     JsonFormat(getVisibleRepositories(context.loginAccount, Option(context.loginAccount.get.userName)).map { r =>
@@ -36,7 +37,7 @@ trait ApiRepositoryControllerBase extends ControllerBase {
 
   /**
    * ii. List user repositories
-   * https://developer.github.com/v3/repos/#list-user-repositories
+   * https://docs.github.com/en/rest/reference/repos#list-repositories-for-a-user
    */
   get("/api/v3/users/:userName/repos") {
     JsonFormat(getVisibleRepositories(context.loginAccount, Some(params("userName"))).map { r =>
@@ -46,7 +47,7 @@ trait ApiRepositoryControllerBase extends ControllerBase {
 
   /**
    * iii. List organization repositories
-   * https://developer.github.com/v3/repos/#list-organization-repositories
+   * https://docs.github.com/en/rest/reference/repos#list-organization-repositories
    */
   get("/api/v3/orgs/:orgName/repos") {
     JsonFormat(getVisibleRepositories(context.loginAccount, Some(params("orgName"))).map { r =>
@@ -56,7 +57,7 @@ trait ApiRepositoryControllerBase extends ControllerBase {
 
   /**
    * iv. List all public repositories
-   * https://developer.github.com/v3/repos/#list-public-repositories
+   * https://docs.github.com/en/rest/reference/repos#list-public-repositories
    */
   get("/api/v3/repositories") {
     JsonFormat(getPublicRepositories().map { r =>
@@ -66,13 +67,12 @@ trait ApiRepositoryControllerBase extends ControllerBase {
 
   /*
    * v. Create
-   * https://developer.github.com/v3/repos/#create
    * Implemented with two methods (user/orgs)
    */
 
   /**
    * Create user repository
-   * https://developer.github.com/v3/repos/#create
+   * https://docs.github.com/en/rest/reference/repos#create-a-repository-for-the-authenticated-user
    */
   post("/api/v3/user/repos")(usersOnly {
     val owner = context.loginAccount.get.userName
@@ -80,7 +80,12 @@ trait ApiRepositoryControllerBase extends ControllerBase {
       data <- extractFromJsonBody[CreateARepository] if data.isValid
     } yield {
       LockUtil.lock(s"${owner}/${data.name}") {
-        if (getRepository(owner, data.name).isEmpty) {
+        if (getRepository(owner, data.name).isDefined) {
+          ApiError(
+            "A repository with this name already exists on this account",
+            Some("https://developer.github.com/v3/repos/#create")
+          )
+        } else {
           val f = createRepository(
             context.loginAccount.get,
             owner,
@@ -95,11 +100,6 @@ trait ApiRepositoryControllerBase extends ControllerBase {
             getRepository(owner, data.name)(session).get
           }
           JsonFormat(ApiRepository(repository, ApiUser(getAccountByUserName(owner).get)))
-        } else {
-          ApiError(
-            "A repository with this name already exists on this account",
-            Some("https://developer.github.com/v3/repos/#create")
-          )
         }
       }
     }) getOrElse NotFound()
@@ -107,15 +107,22 @@ trait ApiRepositoryControllerBase extends ControllerBase {
 
   /**
    * Create group repository
-   * https://developer.github.com/v3/repos/#create
+   * https://docs.github.com/en/rest/reference/repos#create-an-organization-repository
    */
-  post("/api/v3/orgs/:org/repos")(managersOnly {
+  post("/api/v3/orgs/:org/repos")(usersOnly {
     val groupName = params("org")
     (for {
       data <- extractFromJsonBody[CreateARepository] if data.isValid
     } yield {
       LockUtil.lock(s"${groupName}/${data.name}") {
-        if (getRepository(groupName, data.name).isEmpty) {
+        if (getRepository(groupName, data.name).isDefined) {
+          ApiError(
+            "A repository with this name already exists for this group",
+            Some("https://developer.github.com/v3/repos/#create")
+          )
+        } else if (!canCreateRepository(groupName, context.loginAccount.get)) {
+          Forbidden()
+        } else {
           val f = createRepository(
             context.loginAccount.get,
             groupName,
@@ -129,11 +136,6 @@ trait ApiRepositoryControllerBase extends ControllerBase {
             getRepository(groupName, data.name).get
           }
           JsonFormat(ApiRepository(repository, ApiUser(getAccountByUserName(groupName).get)))
-        } else {
-          ApiError(
-            "A repository with this name already exists for this group",
-            Some("https://developer.github.com/v3/repos/#create")
-          )
         }
       }
     }) getOrElse NotFound()
@@ -141,7 +143,7 @@ trait ApiRepositoryControllerBase extends ControllerBase {
 
   /*
    * vi. Get
-   * https://developer.github.com/v3/repos/#get
+   * https://docs.github.com/en/rest/reference/repos#get-a-repository
    */
   get("/api/v3/repos/:owner/:repository")(referrersOnly { repository =>
     JsonFormat(ApiRepository(repository, ApiUser(getAccountByUserName(repository.owner).get)))
@@ -149,32 +151,32 @@ trait ApiRepositoryControllerBase extends ControllerBase {
 
   /*
    * vii. Edit
-   * https://developer.github.com/v3/repos/#edit
+   * https://docs.github.com/en/rest/reference/repos#update-a-repository
    */
 
   /*
    * viii. List all topics for a repository
-   * https://developer.github.com/v3/repos/#list-all-topics-for-a-repository
+   * https://docs.github.com/en/rest/reference/repos#get-all-repository-topics
    */
 
   /*
    * ix. Replace all topics for a repository
-   * https://developer.github.com/v3/repos/#replace-all-topics-for-a-repository
+   * https://docs.github.com/en/rest/reference/repos#replace-all-repository-topics
    */
 
   /*
    * x. List contributors
-   * https://developer.github.com/v3/repos/#list-contributors
+   * https://docs.github.com/en/rest/reference/repos#list-repository-contributors
    */
 
   /*
    * xi. List languages
-   * https://developer.github.com/v3/repos/#list-languages
+   * https://docs.github.com/en/rest/reference/repos#list-repository-languages
    */
 
   /*
    * xii. List teams
-   * https://developer.github.com/v3/repos/#list-teams
+   * https://docs.github.com/en/rest/reference/repos#list-repository-teams
    */
 
   /*
@@ -189,12 +191,12 @@ trait ApiRepositoryControllerBase extends ControllerBase {
 
   /*
    * xiv. Delete a repository
-   * https://developer.github.com/v3/repos/#delete-a-repository
+   * https://docs.github.com/en/rest/reference/repos#delete-a-repository
    */
 
   /*
    * xv. Transfer a repository
-   * https://developer.github.com/v3/repos/#transfer-a-repository
+   * https://docs.github.com/en/rest/reference/repos#transfer-a-repository
    */
 
   /**

src/main/scala/gitbucket/core/controller/api/ApiUserControllerBase.scala

@@ -104,7 +104,7 @@ trait ApiUserControllerBase extends ControllerBase {
    */
   delete("/api/v3/users/:userName/suspended")(adminOnly {
     val userName = params("userName")
-    getAccountByUserName(userName) match {
+    getAccountByUserName(userName, true) match {
       case Some(targetAccount) =>
         updateAccount(targetAccount.copy(isRemoved = false))
         NoContent()

src/main/scala/gitbucket/core/model/AccountWebHook.scala

@@ -3,7 +3,7 @@ package gitbucket.core.model
 trait AccountWebHookComponent extends TemplateComponent { self: Profile =>
   import profile.api._
 
-  private implicit val whContentTypeColumnType =
+  private implicit val whContentTypeColumnType: BaseColumnType[WebHookContentType] =
     MappedColumnType.base[WebHookContentType, String](whct => whct.code, code => WebHookContentType.valueOf(code))
 
   lazy val AccountWebHooks = TableQuery[AccountWebHooks]

src/main/scala/gitbucket/core/model/AccountWebHookEvent.scala

@@ -1,8 +1,6 @@
 package gitbucket.core.model
 
-trait AccountWebHookEventComponent extends TemplateComponent {
-  self: Profile =>
-
+trait AccountWebHookEventComponent extends TemplateComponent { self: Profile =>
   import profile.api._
   import gitbucket.core.model.Profile.AccountWebHooks
 

src/main/scala/gitbucket/core/model/CommitStatus.scala

@@ -4,7 +4,8 @@ trait CommitStatusComponent extends TemplateComponent { self: Profile =>
   import profile.api._
   import self._
 
-  implicit val commitStateColumnType = MappedColumnType.base[CommitState, String](b => b.name, i => CommitState(i))
+  implicit val commitStateColumnType: BaseColumnType[CommitState] =
+    MappedColumnType.base[CommitState, String](b => b.name, i => CommitState(i))
 
   lazy val CommitStatuses = TableQuery[CommitStatuses]
   class CommitStatuses(tag: Tag) extends Table[CommitStatus](tag, "COMMIT_STATUS") with CommitTemplate {
@@ -77,7 +78,7 @@ object CommitState {
 
   val values: Vector[CommitState] = Vector(PENDING, SUCCESS, ERROR, FAILURE)
 
-  private val map: Map[String, CommitState] = values.map(enum => enum.name -> enum).toMap
+  private val map: Map[String, CommitState] = values.map(e => e.name -> e).toMap
 
   def apply(name: String): CommitState = map(name)
 

src/main/scala/gitbucket/core/model/Profile.scala

@@ -10,7 +10,8 @@ trait Profile {
   /**
    * java.util.Date Mapped Column Types
    */
-  implicit val dateColumnType = MappedColumnType.base[java.util.Date, java.sql.Timestamp](
+  implicit val dateColumnType: BaseColumnType[java.util.Date] =
+    MappedColumnType.base[java.util.Date, java.sql.Timestamp](
       d => new java.sql.Timestamp(d.getTime),
       t => new java.util.Date(t.getTime)
     )
@@ -18,7 +19,8 @@ trait Profile {
   /**
    * WebHookBase.Event Column Types
    */
-  implicit val eventColumnType = MappedColumnType.base[WebHook.Event, String](_.name, WebHook.Event.valueOf(_))
+  implicit val eventColumnType: BaseColumnType[WebHook.Event] =
+    MappedColumnType.base[WebHook.Event, String](_.name, WebHook.Event.valueOf(_))
 
   /**
    * Extends Column to add conditional condition

src/main/scala/gitbucket/core/model/ReleaseAsset.scala

@@ -2,9 +2,7 @@ package gitbucket.core.model
 
 import java.util.Date
 
-trait ReleaseAssetComponent extends TemplateComponent {
-  self: Profile =>
-
+trait ReleaseAssetComponent extends TemplateComponent { self: Profile =>
   import profile.api._
   import self._
 

src/main/scala/gitbucket/core/model/ReleaseTag.scala

@@ -1,8 +1,6 @@
 package gitbucket.core.model
 
-trait ReleaseTagComponent extends TemplateComponent {
-  self: Profile =>
-
+trait ReleaseTagComponent extends TemplateComponent { self: Profile =>
   import profile.api._
   import self._
 

src/main/scala/gitbucket/core/model/Repository.scala

@@ -24,6 +24,7 @@ trait RepositoryComponent extends TemplateComponent { self: Profile =>
     val allowFork = column[Boolean]("ALLOW_FORK")
     val mergeOptions = column[String]("MERGE_OPTIONS")
     val defaultMergeOption = column[String]("DEFAULT_MERGE_OPTION")
+    val safeMode = column[Boolean]("SAFE_MODE")
 
     def * =
       (
@@ -41,7 +42,16 @@ trait RepositoryComponent extends TemplateComponent { self: Profile =>
           parentUserName.?,
           parentRepositoryName.?
         ),
-        (issuesOption, externalIssuesUrl.?, wikiOption, externalWikiUrl.?, allowFork, mergeOptions, defaultMergeOption)
+        (
+          issuesOption,
+          externalIssuesUrl.?,
+          wikiOption,
+          externalWikiUrl.?,
+          allowFork,
+          mergeOptions,
+          defaultMergeOption,
+          safeMode
+        )
       ).shaped.<>(
         {
           case (repository, options) =>
@@ -112,5 +122,6 @@ case class RepositoryOptions(
   externalWikiUrl: Option[String],
   allowFork: Boolean,
   mergeOptions: String,
-  defaultMergeOption: String
+  defaultMergeOption: String,
+  safeMode: Boolean
 )

src/main/scala/gitbucket/core/model/RepositoryWebHook.scala

@@ -3,7 +3,7 @@ package gitbucket.core.model
 trait RepositoryWebHookComponent extends TemplateComponent { self: Profile =>
   import profile.api._
 
-  implicit val whContentTypeColumnType =
+  implicit val whContentTypeColumnType: BaseColumnType[WebHookContentType] =
     MappedColumnType.base[WebHookContentType, String](whct => whct.code, code => WebHookContentType.valueOf(code))
 
   lazy val RepositoryWebHooks = TableQuery[RepositoryWebHooks]

src/main/scala/gitbucket/core/model/WebHook.scala

@@ -8,7 +8,7 @@ object WebHookContentType {
 
   val values: Vector[WebHookContentType] = Vector(JSON, FORM)
 
-  private val map: Map[String, WebHookContentType] = values.map(enum => enum.code -> enum).toMap
+  private val map: Map[String, WebHookContentType] = values.map(e => e.code -> e).toMap
 
   def apply(code: String): WebHookContentType = map(code)
 

src/main/scala/gitbucket/core/service/AccessTokenService.scala

@@ -21,13 +21,13 @@ trait AccessTokenService {
    * @return (TokenId, Token)
    */
   def generateAccessToken(userName: String, note: String)(implicit s: Session): (Int, String) = {
-    var token: String = null
-    var hash: String = null
+    var token: String = makeAccessTokenString
+    var hash: String = tokenToHash(token)
 
-    do {
+    while (AccessTokens.filter(_.tokenHash === hash.bind).exists.run) {
       token = makeAccessTokenString
       hash = tokenToHash(token)
-    } while (AccessTokens.filter(_.tokenHash === hash.bind).exists.run)
+    }
 
     val newToken = AccessToken(userName = userName, note = note, tokenHash = hash)
     val tokenId = (AccessTokens returning AccessTokens.map(_.accessTokenId)) insert newToken

src/main/scala/gitbucket/core/service/AccountService.scala

@@ -47,7 +47,7 @@ trait AccountService {
           case _ => None
         }
       case account if (!account.isGroupAccount && account.password == sha1(password)) => Some(account)
-    } getOrElse None
+    }.flatten
   }
 
   /**

src/main/scala/gitbucket/core/service/ActivityService.scala

@@ -1,8 +1,6 @@
 package gitbucket.core.service
 
 import gitbucket.core.model.Activity
-import gitbucket.core.util.JGitUtil
-import gitbucket.core.model.Profile._
 import gitbucket.core.util.Directory._
 import org.json4s._
 import org.json4s.jackson.Serialization
@@ -11,10 +9,8 @@ import org.json4s.jackson.Serialization.{read, write}
 import scala.util.Using
 import java.io.FileOutputStream
 import java.nio.charset.StandardCharsets
-import java.util.UUID
 
 import gitbucket.core.controller.Context
-import gitbucket.core.model.activity.BaseActivityInfo
 import org.apache.commons.io.input.ReversedLinesFileReader
 
 import scala.collection.mutable.ListBuffer
@@ -22,7 +18,7 @@ import scala.collection.mutable.ListBuffer
 trait ActivityService {
   self: RequestCache =>
 
-  private implicit val formats = Serialization.formats(NoTypeHints)
+  private implicit val formats: Formats = Serialization.formats(NoTypeHints)
 
   private def writeLog(activity: Activity): Unit = {
     Using.resource(new FileOutputStream(ActivityLog, true)) { out =>
@@ -43,9 +39,7 @@ trait ActivityService {
             if (isPublic == false) {
               list += activity
             } else {
-              if (!getRepositoryInfoFromCache(activity.userName, activity.repositoryName)
-                    .map(_.isPrivate)
-                    .getOrElse(true)) {
+              if (!getRepositoryInfoFromCache(activity.userName, activity.repositoryName).forall(_.isPrivate)) {
                 list += activity
               }
             }
@@ -65,9 +59,7 @@ trait ActivityService {
         var json: String = null
         while (list.length < 50 && { json = reader.readLine(); json } != null) {
           val activity = read[Activity](json)
-          if (!getRepositoryInfoFromCache(activity.userName, activity.repositoryName)
-                .map(_.isPrivate)
-                .getOrElse(true)) {
+          if (!getRepositoryInfoFromCache(activity.userName, activity.repositoryName).forall(_.isPrivate)) {
             list += activity
           }
         }
@@ -87,9 +79,7 @@ trait ActivityService {
           val activity = read[Activity](json)
           if (owners.contains(activity.userName)) {
             list += activity
-          } else if (!getRepositoryInfoFromCache(activity.userName, activity.repositoryName)
-                       .map(_.isPrivate)
-                       .getOrElse(true)) {
+          } else if (!getRepositoryInfoFromCache(activity.userName, activity.repositoryName).forall(_.isPrivate)) {
             list += activity
           }
         }

src/main/scala/gitbucket/core/service/HandleCommentService.scala

@@ -13,7 +13,6 @@ import gitbucket.core.model.activity.{
 }
 import gitbucket.core.plugin.{IssueHook, PluginRegistry}
 import gitbucket.core.service.RepositoryService.RepositoryInfo
-import gitbucket.core.util.SyntaxSugars._
 import gitbucket.core.util.Implicits._
 
 trait HandleCommentService {
@@ -34,8 +33,8 @@ trait HandleCommentService {
     actionOpt: Option[String]
   )(implicit context: Context, s: Session) = {
     context.loginAccount.flatMap { loginAccount =>
-      defining(repository.owner, repository.name) {
-        case (owner, name) =>
+      val owner = repository.owner
+      val name = repository.name
       val userName = loginAccount.userName
 
       actionOpt.collect {
@@ -134,7 +133,6 @@ trait HandleCommentService {
       commentId.map(issue -> _)
     }
   }
-  }
 
   def deleteCommentByApi(repoInfo: RepositoryInfo, comment: IssueComment, issue: Issue)(
     implicit context: Context,
@@ -161,8 +159,8 @@ trait HandleCommentService {
     content: Option[String]
   )(implicit context: Context, s: Session): Option[(Issue, Int)] = {
     context.loginAccount.flatMap { loginAccount =>
-      defining(repository.owner, repository.name) {
-        case (owner, name) =>
+      val owner = repository.owner
+      val name = repository.name
       val userName = loginAccount.userName
       content match {
         case Some(content) =>
@@ -191,4 +189,3 @@ trait HandleCommentService {
     }
   }
 }
-}

src/main/scala/gitbucket/core/service/IssuesService.scala

@@ -5,17 +5,7 @@ import gitbucket.core.util.StringUtil._
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util.SyntaxSugars._
 import gitbucket.core.controller.Context
-import gitbucket.core.model.{
-  Account,
-  CommitState,
-  Issue,
-  IssueComment,
-  IssueLabel,
-  Label,
-  PullRequest,
-  Repository,
-  Role
-}
+import gitbucket.core.model.{Account, Issue, IssueComment, IssueLabel, Label, PullRequest, Repository, Role}
 import gitbucket.core.model.Profile._
 import gitbucket.core.model.Profile.profile._
 import gitbucket.core.model.Profile.profile.blockingApi._
@@ -346,13 +336,16 @@ trait IssuesService {
     implicit s: Session
   ) =
     Issues filter { t1 =>
-      (if (repos.size == 1) {
+      (if (repos.sizeIs == 1) {
          t1.byRepository(repos.head._1, repos.head._2)
        } else {
          ((t1.userName ++ "/" ++ t1.repositoryName) inSetBind (repos.map { case (owner, repo) => s"$owner/$repo" }))
        }) &&
-      (t1.closed === (condition.state == "closed").bind)
-        .&&(t1.milestoneId.? isEmpty, condition.milestone == Some(None))
+      (condition.state match {
+        case "open"   => t1.closed === false
+        case "closed" => t1.closed === true
+        case _        => t1.closed === true || t1.closed === false
+      }).&&(t1.milestoneId.? isEmpty, condition.milestone == Some(None))
         .&&(t1.priorityId.? isEmpty, condition.priority == Some(None))
         .&&(t1.assignedUserName.? isEmpty, condition.assigned == Some(None))
         .&&(t1.openedUserName === condition.author.get.bind, condition.author.isDefined) &&
@@ -778,14 +771,35 @@ trait IssuesService {
   def createReferComment(owner: String, repository: String, fromIssue: Issue, message: String, loginAccount: Account)(
     implicit s: Session
   ): Unit = {
-    extractIssueId(message).foreach { issueId =>
-      val content = s"${fromIssue.issueId}:${fromIssue.title}"
-      if (getIssue(owner, repository, issueId).isDefined) {
+    extractGlobalIssueId(message).foreach {
+      case (_referredOwner, _referredRepository, referredIssueId) =>
+        val referredOwner = _referredOwner.getOrElse(owner)
+        val referredRepository = _referredRepository.getOrElse(repository)
+        getRepository(referredOwner, referredRepository).foreach { repo =>
+          if (isReadable(repo.repository, Option(loginAccount))) {
+            getIssue(referredOwner, referredRepository, referredIssueId.get).foreach { _ =>
+              val (content, action) = if (owner == referredOwner && repository == referredRepository) {
+                (s"${fromIssue.issueId}:${fromIssue.title}", "refer")
+              } else {
+                (s"${fromIssue.issueId}:${owner}:${repository}:${fromIssue.title}", "refer_global")
+              }
+              referredIssueId.foreach(
+                x =>
                   // Not add if refer comment already exist.
-        if (!getComments(owner, repository, issueId.toInt).exists { x =>
-              x.action == "refer" && x.content == content
+                  if (!getComments(referredOwner, referredRepository, x.toInt).exists { x =>
+                        (x.action == "refer" || x.action == "refer_global") && x.content == content
                       }) {
-          createComment(owner, repository, loginAccount.userName, issueId.toInt, content, "refer")
+                    createComment(
+                      referredOwner,
+                      referredRepository,
+                      loginAccount.userName,
+                      x.toInt,
+                      content,
+                      action
+                    )
+                }
+              )
+            }
           }
         }
     }
@@ -928,7 +942,7 @@ object IssuesService {
           case x      => Some(x)
         },
         param(request, "mentioned"),
-        param(request, "state", Seq("open", "closed")).getOrElse("open"),
+        param(request, "state", Seq("open", "closed", "all")).getOrElse("open"),
         param(request, "sort", Seq("created", "comments", "updated", "priority")).getOrElse("created"),
         param(request, "direction", Seq("asc", "desc")).getOrElse("desc"),
         param(request, "visibility"),
@@ -949,7 +963,7 @@ object IssuesService {
           case x      => Some(x)
         },
         param(request, "mentioned"),
-        param(request, "state", Seq("open", "closed")).getOrElse("open"),
+        param(request, "state", Seq("open", "closed", "all")).getOrElse("open"),
         param(request, "sort", Seq("created", "comments", "updated", "priority")).getOrElse("created"),
         param(request, "direction", Seq("asc", "desc")).getOrElse("desc"),
         param(request, "visibility"),

src/main/scala/gitbucket/core/service/MergeService.scala

@@ -72,7 +72,7 @@ trait MergeService {
   )(implicit s: Session, c: JsonFormat.Context): ObjectId = {
     val beforeCommitId = git.getRepository.resolve(s"refs/heads/${branch}")
     val afterCommitId = new MergeCacheInfo(git, repository.owner, repository.name, branch, issueId, getReceiveHooks())
-      .merge(message, new PersonIdent(loginAccount.fullName, loginAccount.mailAddress))
+      .merge(message, new PersonIdent(loginAccount.fullName, loginAccount.mailAddress), loginAccount.userName)
     callWebHook(git, repository, branch, beforeCommitId, afterCommitId, loginAccount, settings)
     afterCommitId
   }
@@ -90,7 +90,7 @@ trait MergeService {
     val beforeCommitId = git.getRepository.resolve(s"refs/heads/${branch}")
     val afterCommitId =
       new MergeCacheInfo(git, repository.owner, repository.name, branch, issueId, getReceiveHooks())
-        .rebase(new PersonIdent(loginAccount.fullName, loginAccount.mailAddress), commits)
+        .rebase(new PersonIdent(loginAccount.fullName, loginAccount.mailAddress), loginAccount.userName, commits)
     callWebHook(git, repository, branch, beforeCommitId, afterCommitId, loginAccount, settings)
     afterCommitId
   }
@@ -108,7 +108,7 @@ trait MergeService {
     val beforeCommitId = git.getRepository.resolve(s"refs/heads/${branch}")
     val afterCommitId =
       new MergeCacheInfo(git, repository.owner, repository.name, branch, issueId, getReceiveHooks())
-        .squash(message, new PersonIdent(loginAccount.fullName, loginAccount.mailAddress))
+        .squash(message, new PersonIdent(loginAccount.fullName, loginAccount.mailAddress), loginAccount.userName)
     callWebHook(git, repository, branch, beforeCommitId, afterCommitId, loginAccount, settings)
     afterCommitId
   }
@@ -648,7 +648,7 @@ object MergeService {
     }
 
     // update branch from cache
-    def merge(message: String, committer: PersonIdent)(implicit s: Session): ObjectId = {
+    def merge(message: String, committer: PersonIdent, pusher: String)(implicit s: Session): ObjectId = {
       if (checkConflict().isDefined) {
         throw new RuntimeException("This pull request can't merge automatically.")
       }
@@ -665,7 +665,7 @@ object MergeService {
 
       // call pre-commit hooks
       val error = receiveHooks.flatMap { hook =>
-        hook.preReceive(userName, repositoryName, receivePack, receiveCommand, committer.getName, true)
+        hook.preReceive(userName, repositoryName, receivePack, receiveCommand, pusher, true)
       }.headOption
 
       error.foreach { error =>
@@ -683,7 +683,7 @@ object MergeService {
       objectId
     }
 
-    def rebase(committer: PersonIdent, commits: Seq[RevCommit])(implicit s: Session): ObjectId = {
+    def rebase(committer: PersonIdent, pusher: String, commits: Seq[RevCommit])(implicit s: Session): ObjectId = {
       if (checkConflict().isDefined) {
         throw new RuntimeException("This pull request can't merge automatically.")
       }
@@ -719,7 +719,7 @@ object MergeService {
 
       // call pre-commit hooks
       val error = receiveHooks.flatMap { hook =>
-        hook.preReceive(userName, repositoryName, receivePack, receiveCommand, committer.getName, true)
+        hook.preReceive(userName, repositoryName, receivePack, receiveCommand, pusher, true)
       }.headOption
 
       error.foreach { error =>
@@ -738,7 +738,7 @@ object MergeService {
       objectId
     }
 
-    def squash(message: String, committer: PersonIdent)(implicit s: Session): ObjectId = {
+    def squash(message: String, committer: PersonIdent, pusher: String)(implicit s: Session): ObjectId = {
       if (checkConflict().isDefined) {
         throw new RuntimeException("This pull request can't merge automatically.")
       }
@@ -769,7 +769,7 @@ object MergeService {
 
       // call pre-commit hooks
       val error = receiveHooks.flatMap { hook =>
-        hook.preReceive(userName, repositoryName, receivePack, receiveCommand, committer.getName, true)
+        hook.preReceive(userName, repositoryName, receivePack, receiveCommand, pusher, true)
       }.headOption
 
       error.foreach { error =>

src/main/scala/gitbucket/core/service/MilestonesService.scala

@@ -1,9 +1,11 @@
 package gitbucket.core.service
 
+import gitbucket.core.api.ApiMilestone
 import gitbucket.core.model.Milestone
 import gitbucket.core.model.Profile._
 import gitbucket.core.model.Profile.profile.blockingApi._
 import gitbucket.core.model.Profile.dateColumnType
+import gitbucket.core.service.RepositoryService.RepositoryInfo
 
 trait MilestonesService {
 
@@ -73,4 +75,17 @@ trait MilestonesService {
       .sortBy(t => (t.dueDate.asc, t.closedDate.desc, t.milestoneId.desc))
       .list
 
+  def getApiMilestone(repository: RepositoryInfo, milestoneId: Int)(implicit s: Session): Option[ApiMilestone] = {
+    getMilestonesWithIssueCount(repository.owner, repository.name)
+      .find(p => p._1.milestoneId == milestoneId)
+      .map(
+        milestoneWithIssue =>
+          ApiMilestone(
+            repository.repository,
+            milestoneWithIssue._1,
+            milestoneWithIssue._2,
+            milestoneWithIssue._3
+        )
+      )
+  }
 }

src/main/scala/gitbucket/core/service/OpenIDConnectService.scala

@@ -101,7 +101,10 @@ trait OpenIDConnectService {
     redirectURI: URI
   ): Option[AuthenticationSuccessResponse] =
     try {
-      AuthenticationResponseParser.parse(redirectURI, params.asJava) match {
+      AuthenticationResponseParser.parse(
+        redirectURI,
+        params.map { case (key, value) => (key, List(value).asJava) }.asJava
+      ) match {
         case response: AuthenticationSuccessResponse =>
           if (response.getState == state) {
             Some(response)

src/main/scala/gitbucket/core/service/PrioritiesService.scala

@@ -3,7 +3,6 @@ package gitbucket.core.service
 import gitbucket.core.model.Priority
 import gitbucket.core.model.Profile._
 import gitbucket.core.model.Profile.profile.blockingApi._
-import gitbucket.core.util.StringUtil
 
 trait PrioritiesService {
 

src/main/scala/gitbucket/core/service/ProtectedBranchService.scala

@@ -71,7 +71,7 @@ object ProtectedBranchService {
       pusher: String,
       mergePullRequest: Boolean
     )(implicit session: Session): Option[String] = {
-      if (mergePullRequest == true) {
+      if (mergePullRequest) {
         None
       } else {
         checkBranchProtection(owner, repository, receivePack, command, pusher)
@@ -153,8 +153,8 @@ object ProtectedBranchService {
             Some("Cannot force-push to a protected branch")
           case ReceiveCommand.Type.UPDATE | ReceiveCommand.Type.UPDATE_NONFASTFORWARD if needStatusCheck(pusher) =>
             unSuccessedContexts(command.getNewId.name) match {
-              case s if s.size == 1 => Some(s"""Required status check "${s.toSeq(0)}" is expected""")
-              case s if s.size >= 1 => Some(s"${s.size} of ${contexts.size} required status checks are expected")
+              case s if s.sizeIs == 1 => Some(s"""Required status check "${s.toSeq(0)}" is expected""")
+              case s if s.sizeIs >= 1 => Some(s"${s.size} of ${contexts.size} required status checks are expected")
               case _                  => None
             }
           case ReceiveCommand.Type.DELETE =>

src/main/scala/gitbucket/core/service/PullRequestService.scala

@@ -1,9 +1,10 @@
 package gitbucket.core.service
 
+import com.github.difflib.DiffUtils
+import com.github.difflib.patch.DeltaType
 import gitbucket.core.model.{CommitComments => _, Session => _, _}
 import gitbucket.core.model.Profile._
 import gitbucket.core.model.Profile.profile.blockingApi._
-import difflib.{Delta, DiffUtils}
 import gitbucket.core.service.RepositoryService.RepositoryInfo
 import gitbucket.core.api.JsonFormat
 import gitbucket.core.controller.Context
@@ -243,7 +244,7 @@ trait PullRequestService {
     owner: String,
     repository: String,
     branch: String,
-    loginAccount: Account,
+    pusherAccount: Account,
     action: String,
     settings: SystemSettings
   )(
@@ -295,7 +296,7 @@ trait PullRequestService {
           action,
           getRepository(owner, repository).get,
           pullreq.requestBranch,
-          loginAccount,
+          pusherAccount,
           settings
         )
       }
@@ -441,16 +442,17 @@ trait PullRequestService {
                   case Left(oldLine) => updateCommitCommentPosition(commentId, newCommitId, Some(oldLine), None)
                   case Right(newLine) =>
                     var counter = newLine
-                    patch.getDeltas.asScala.filter(_.getOriginal.getPosition < newLine).foreach { delta =>
+                    patch.getDeltas.asScala.filter(_.getSource.getPosition < newLine).foreach { delta =>
                       delta.getType match {
-                        case Delta.TYPE.CHANGE =>
-                          if (delta.getOriginal.getPosition <= newLine - 1 && newLine <= delta.getOriginal.getPosition + delta.getRevised.getLines.size) {
+                        case DeltaType.CHANGE =>
+                          if (delta.getSource.getPosition <= newLine - 1 && newLine <= delta.getSource.getPosition + delta.getTarget.getLines.size) {
                             counter = -1
                           } else {
-                            counter = counter + (delta.getRevised.getLines.size - delta.getOriginal.getLines.size)
+                            counter = counter + (delta.getTarget.getLines.size - delta.getSource.getLines.size)
                           }
-                        case Delta.TYPE.INSERT => counter = counter + delta.getRevised.getLines.size
-                        case Delta.TYPE.DELETE => counter = counter - delta.getOriginal.getLines.size
+                        case DeltaType.INSERT => counter = counter + delta.getTarget.getLines.size
+                        case DeltaType.DELETE => counter = counter - delta.getSource.getLines.size
+                        case DeltaType.EQUAL  => // Do nothing
                       }
                     }
                     if (counter >= 0) {
@@ -507,10 +509,11 @@ trait PullRequestService {
   def getPullRequestComments(userName: String, repositoryName: String, issueId: Int, commits: Seq[CommitInfo])(
     implicit s: Session
   ): Seq[Comment] = {
-    (commits
-      .map(commit => getCommitComments(userName, repositoryName, commit.id, true))
-      .flatten ++ getComments(userName, repositoryName, issueId))
-      .groupBy {
+    (commits.flatMap(commit => getCommitComments(userName, repositoryName, commit.id, true)) ++ getComments(
+      userName,
+      repositoryName,
+      issueId
+    )).groupBy {
         case x: IssueComment                        => (Some(x.commentId), None, None, None)
         case x: CommitComment if x.fileName.isEmpty => (Some(x.commentId), None, None, None)
         case x: CommitComment                       => (None, x.fileName, x.originalOldLine, x.originalNewLine)

src/main/scala/gitbucket/core/service/RepositoryCommitFileService.scala

@@ -23,23 +23,29 @@ trait RepositoryCommitFileService {
     with PullRequestService
     with WebHookPullRequestService
     with RepositoryService =>
-  import RepositoryCommitFileService._
 
+  /**
+   * Create multiple files by callback function.
+   * Returns commitId.
+   */
   def commitFiles(
     repository: RepositoryService.RepositoryInfo,
-    files: Seq[CommitFile],
     branch: String,
-    path: String,
     message: String,
     loginAccount: Account,
     settings: SystemSettings
   )(
     f: (Git, ObjectId, DirCacheBuilder, ObjectInserter) => Unit
-  )(implicit s: Session, c: JsonFormat.Context) = {
-    // prepend path to the filename
-    _commitFile(repository, branch, message, loginAccount, loginAccount.fullName, loginAccount.mailAddress, settings)(f)
+  )(implicit s: Session, c: JsonFormat.Context): ObjectId = {
+    _createFiles(repository, branch, message, loginAccount, loginAccount.fullName, loginAccount.mailAddress, settings)(
+      f
+    )._1
   }
 
+  /**
+   * Create a file from string content.
+   * Returns commitId + blobId.
+   */
   def commitFile(
     repository: RepositoryService.RepositoryInfo,
     branch: String,
@@ -52,7 +58,7 @@ trait RepositoryCommitFileService {
     commit: String,
     loginAccount: Account,
     settings: SystemSettings
-  )(implicit s: Session, c: JsonFormat.Context): ObjectId = {
+  )(implicit s: Session, c: JsonFormat.Context): (ObjectId, Option[ObjectId]) = {
     commitFile(
       repository,
       branch,
@@ -69,6 +75,10 @@ trait RepositoryCommitFileService {
     )
   }
 
+  /**
+   * Create a file from byte array content.
+   * Returns commitId + blobId.
+   */
   def commitFile(
     repository: RepositoryService.RepositoryInfo,
     branch: String,
@@ -78,11 +88,11 @@ trait RepositoryCommitFileService {
     content: Array[Byte],
     message: String,
     commit: String,
-    loginAccount: Account,
-    fullName: String,
-    mailAddress: String,
+    pusherAccount: Account,
+    committerName: String,
+    committerMailAddress: String,
     settings: SystemSettings
-  )(implicit s: Session, c: JsonFormat.Context): ObjectId = {
+  )(implicit s: Session, c: JsonFormat.Context): (ObjectId, Option[ObjectId]) = {
 
     val newPath = newFileName.map { newFileName =>
       if (path.length == 0) newFileName else s"${path}/${newFileName}"
@@ -91,7 +101,7 @@ trait RepositoryCommitFileService {
       if (path.length == 0) oldFileName else s"${path}/${oldFileName}"
     }
 
-    _commitFile(repository, branch, message, loginAccount, fullName, mailAddress, settings) {
+    _createFiles(repository, branch, message, pusherAccount, committerName, committerMailAddress, settings) {
       case (git, headTip, builder, inserter) =>
         if (headTip.getName == commit) {
           val permission = JGitUtil
@@ -105,28 +115,33 @@ trait RepositoryCommitFileService {
             }
             .flatten
             .headOption
-
-          newPath.foreach { newPath =>
-            builder.add(JGitUtil.createDirCacheEntry(newPath, permission.map { bits =>
+            .map { bits =>
               FileMode.fromBits(bits)
-            } getOrElse FileMode.REGULAR_FILE, inserter.insert(Constants.OBJ_BLOB, content)))
+            }
+            .getOrElse(FileMode.REGULAR_FILE)
+
+          val objectId = newPath.map { newPath =>
+            val objectId = inserter.insert(Constants.OBJ_BLOB, content)
+            builder.add(JGitUtil.createDirCacheEntry(newPath, permission, objectId))
+            objectId
           }
           builder.finish()
-        }
+          objectId
+        } else None
     }
   }
 
-  private def _commitFile(
+  private def _createFiles[R](
     repository: RepositoryService.RepositoryInfo,
     branch: String,
     message: String,
-    loginAccount: Account,
+    pusherAccount: Account,
     committerName: String,
     committerMailAddress: String,
     settings: SystemSettings
   )(
-    f: (Git, ObjectId, DirCacheBuilder, ObjectInserter) => Unit
-  )(implicit s: Session, c: JsonFormat.Context): ObjectId = {
+    f: (Git, ObjectId, DirCacheBuilder, ObjectInserter) => R
+  )(implicit s: Session, c: JsonFormat.Context): (ObjectId, R) = {
 
     LockUtil.lock(s"${repository.owner}/${repository.name}") {
       Using.resource(Git.open(getRepositoryDir(repository.owner, repository.name))) { git =>
@@ -135,7 +150,7 @@ trait RepositoryCommitFileService {
         val headName = s"refs/heads/${branch}"
         val headTip = git.getRepository.resolve(headName)
 
-        f(git, headTip, builder, inserter)
+        val result = f(git, headTip, builder, inserter)
 
         val commitId = JGitUtil.createNewCommit(
           git,
@@ -156,7 +171,7 @@ trait RepositoryCommitFileService {
 
         // call pre-commit hook
         val error = PluginRegistry().getReceiveHooks.flatMap { hook =>
-          hook.preReceive(repository.owner, repository.name, receivePack, receiveCommand, committerName, false)
+          hook.preReceive(repository.owner, repository.name, receivePack, receiveCommand, pusherAccount.userName, false)
         }.headOption
 
         error match {
@@ -177,12 +192,12 @@ trait RepositoryCommitFileService {
             refUpdate.update()
 
             // update pull request
-            updatePullRequests(repository.owner, repository.name, branch, loginAccount, "synchronize", settings)
+            updatePullRequests(repository.owner, repository.name, branch, pusherAccount, "synchronize", settings)
 
             // record activity
             updateLastActivityDate(repository.owner, repository.name)
             val commitInfo = new CommitInfo(JGitUtil.getRevCommitFromId(git, commitId))
-            val pushInfo = PushInfo(repository.owner, repository.name, loginAccount.userName, branch, List(commitInfo))
+            val pushInfo = PushInfo(repository.owner, repository.name, pusherAccount.userName, branch, List(commitInfo))
             recordActivity(pushInfo)
 
             // create issue comment by commit message
@@ -192,17 +207,17 @@ trait RepositoryCommitFileService {
             if (branch == repository.repository.defaultBranch) {
               closeIssuesFromMessage(message, committerName, repository.owner, repository.name).foreach { issueId =>
                 getIssue(repository.owner, repository.name, issueId.toString).foreach { issue =>
-                  callIssuesWebHook("closed", repository, issue, loginAccount, settings)
+                  callIssuesWebHook("closed", repository, issue, pusherAccount, settings)
                   val closeIssueInfo = CloseIssueInfo(
                     repository.owner,
                     repository.name,
-                    loginAccount.userName,
+                    pusherAccount.userName,
                     issue.issueId,
                     issue.title
                   )
                   recordActivity(closeIssueInfo)
                   PluginRegistry().getIssueHooks
-                    .foreach(_.closedByCommitComment(issue, repository, message, loginAccount))
+                    .foreach(_.closedByCommitComment(issue, repository, message, pusherAccount))
                 }
               }
             }
@@ -217,7 +232,7 @@ trait RepositoryCommitFileService {
               getAccountByUserName(repository.owner).map { ownerAccount =>
                 WebHookPushPayload(
                   git,
-                  loginAccount,
+                  pusherAccount,
                   headName,
                   repository,
                   List(commit),
@@ -228,7 +243,7 @@ trait RepositoryCommitFileService {
               }
             }
         }
-        commitId
+        (commitId, result)
       }
     }
   }

src/main/scala/gitbucket/core/service/RepositoryCreationService.scala

@@ -25,7 +25,7 @@ object RepositoryCreationService {
   private val Creating = new ConcurrentHashMap[String, Option[String]]()
 
   def isCreating(owner: String, repository: String): Boolean = {
-    Option(Creating.get(s"${owner}/${repository}")).map(_.isEmpty).getOrElse(false)
+    Option(Creating.get(s"${owner}/${repository}")).exists(_.isEmpty)
   }
 
   def startCreation(owner: String, repository: String): Unit = {
@@ -40,7 +40,7 @@ object RepositoryCreationService {
   }
 
   def getCreationError(owner: String, repository: String): Option[String] = {
-    Option(Creating.remove(s"${owner}/${repository}")).getOrElse(None)
+    Option(Creating.remove(s"${owner}/${repository}")).flatten
   }
 
 }
@@ -53,6 +53,11 @@ trait RepositoryCreationService {
     with ActivityService
     with PrioritiesService =>
 
+  def canCreateRepository(repositoryOwner: String, loginAccount: Account)(implicit session: Session): Boolean = {
+    repositoryOwner == loginAccount.userName || getGroupsByUserName(loginAccount.userName)
+      .contains(repositoryOwner) || loginAccount.isAdmin
+  }
+
   def createRepository(
     loginAccount: Account,
     owner: String,
@@ -76,7 +81,7 @@ trait RepositoryCreationService {
     RepositoryCreationService.startCreation(owner, name)
     try {
       Database() withTransaction { implicit session =>
-        val ownerAccount = getAccountByUserName(owner).get
+        //val ownerAccount = getAccountByUserName(owner).get
         val loginUserName = loginAccount.userName
 
         val copyRepositoryDir = if (initOption == "COPY") {

src/main/scala/gitbucket/core/service/RepositoryService.scala

@@ -2,7 +2,6 @@ package gitbucket.core.service
 
 import gitbucket.core.controller.Context
 import gitbucket.core.util._
-import gitbucket.core.util.SyntaxSugars._
 import gitbucket.core.model.{CommitComments => _, Session => _, _}
 import gitbucket.core.model.Profile._
 import gitbucket.core.model.Profile.profile.blockingApi._
@@ -12,7 +11,7 @@ import gitbucket.core.util.Directory.{getRepositoryDir, getRepositoryFilesDir, g
 import gitbucket.core.util.JGitUtil.FileInfo
 import org.apache.commons.io.FileUtils
 import org.eclipse.jgit.api.Git
-import org.eclipse.jgit.lib.{Repository => _, _}
+import org.eclipse.jgit.lib.{Repository => _}
 import scala.util.Using
 
 trait RepositoryService {
@@ -61,7 +60,8 @@ trait RepositoryService {
           externalWikiUrl = None,
           allowFork = true,
           mergeOptions = "merge-commit,squash,rebase",
-          defaultMergeOption = "merge-commit"
+          defaultMergeOption = "merge-commit",
+          safeMode = true
         )
       )
 
@@ -202,22 +202,19 @@ trait RepositoryService {
           )
 
           // Move git repository
-          defining(getRepositoryDir(oldUserName, oldRepositoryName)) { dir =>
-            if (dir.isDirectory) {
-              FileUtils.moveDirectory(dir, getRepositoryDir(newUserName, newRepositoryName))
-            }
+          val repoDir = getRepositoryDir(oldUserName, oldRepositoryName)
+          if (repoDir.isDirectory) {
+            FileUtils.moveDirectory(repoDir, getRepositoryDir(newUserName, newRepositoryName))
           }
           // Move wiki repository
-          defining(getWikiRepositoryDir(oldUserName, oldRepositoryName)) { dir =>
-            if (dir.isDirectory) {
-              FileUtils.moveDirectory(dir, getWikiRepositoryDir(newUserName, newRepositoryName))
-            }
+          val wikiDir = getWikiRepositoryDir(oldUserName, oldRepositoryName)
+          if (wikiDir.isDirectory) {
+            FileUtils.moveDirectory(wikiDir, getWikiRepositoryDir(newUserName, newRepositoryName))
           }
           // Move files directory
-          defining(getRepositoryFilesDir(oldUserName, oldRepositoryName)) { dir =>
-            if (dir.isDirectory) {
-              FileUtils.moveDirectory(dir, getRepositoryFilesDir(newUserName, newRepositoryName))
-            }
+          val filesDir = getRepositoryFilesDir(oldUserName, oldRepositoryName)
+          if (filesDir.isDirectory) {
+            FileUtils.moveDirectory(filesDir, getRepositoryFilesDir(newUserName, newRepositoryName))
           }
           // Delete parent directory
           FileUtil.deleteDirectoryIfEmpty(getRepositoryFilesDir(oldUserName, oldRepositoryName))
@@ -237,10 +234,11 @@ trait RepositoryService {
     LockUtil.lock(s"${repository.userName}/${repository.repositoryName}") {
       deleteRepositoryOnModel(repository.userName, repository.repositoryName)
 
-      FileUtils.deleteDirectory(getRepositoryDir(repository.userName, repository.repositoryName))
-      FileUtils.deleteDirectory(getWikiRepositoryDir(repository.userName, repository.repositoryName))
-      FileUtils.deleteDirectory(getTemporaryDir(repository.userName, repository.repositoryName))
-      FileUtils.deleteDirectory(getRepositoryFilesDir(repository.userName, repository.repositoryName))
+      FileUtil.deleteRecursively(getRepositoryDir(repository.userName, repository.repositoryName))
+
+      FileUtil.deleteRecursively(getWikiRepositoryDir(repository.userName, repository.repositoryName))
+      FileUtil.deleteRecursively(getTemporaryDir(repository.userName, repository.repositoryName))
+      FileUtil.deleteRecursively(getRepositoryFilesDir(repository.userName, repository.repositoryName))
 
       // Call hooks
       PluginRegistry().getRepositoryHooks.foreach(_.deleted(repository.userName, repository.repositoryName))
@@ -463,7 +461,7 @@ trait RepositoryService {
           .filter { case (t1, t2) => t2.removed === false.bind }
           .map { case (t1, t2) => t1 }
       // for Normal Users
-      case Some(x) if (!x.isAdmin || limit) =>
+      case Some(x) =>
         Repositories
           .join(Accounts)
           .on(_.userName === _.userName)
@@ -553,7 +551,8 @@ trait RepositoryService {
     externalWikiUrl: Option[String],
     allowFork: Boolean,
     mergeOptions: Seq[String],
-    defaultMergeOption: String
+    defaultMergeOption: String,
+    safeMode: Boolean
   )(implicit s: Session): Unit = {
 
     Repositories
@@ -569,6 +568,7 @@ trait RepositoryService {
           r.allowFork,
           r.mergeOptions,
           r.defaultMergeOption,
+          r.safeMode,
           r.updatedDate
         )
       }
@@ -582,6 +582,7 @@ trait RepositoryService {
         allowFork,
         mergeOptions.mkString(","),
         defaultMergeOption,
+        safeMode,
         currentDate
       )
   }
@@ -765,7 +766,8 @@ trait RepositoryService {
           JGitUtil.getContentFromId(git, file.id, true).collect {
             case bytes if FileUtil.isText(bytes) => StringUtil.convertFromByteArray(bytes)
           }
-        } getOrElse None
+        }
+        .flatten
     } getOrElse ""
   }
 }
@@ -819,11 +821,13 @@ object RepositoryService {
     def sshUrl(implicit context: Context): Option[String] = RepositoryService.sshUrl(owner, name)
 
     def splitPath(path: String): (String, String) = {
-      val id = branchList.collectFirst {
-        case branch if (path == branch || path.startsWith(branch + "/")) => branch
-      } orElse tags.collectFirst {
-        case tag if (path == tag.name || path.startsWith(tag.name + "/")) => tag.name
-      } getOrElse path.split("/")(0)
+      val names = (branchList ++ tags.map(_.name)).sortBy(_.length).reverse
+
+      val id = names.collectFirst {
+        case name if (path == name || path.startsWith(name + "/")) => name
+      } getOrElse {
+        path.split("/")(0)
+      }
 
       (id, path.substring(id.length).stripPrefix("/"))
     }

src/main/scala/gitbucket/core/service/SystemSettingsService.scala

@@ -7,7 +7,6 @@ import com.nimbusds.oauth2.sdk.id.{ClientID, Issuer}
 import gitbucket.core.service.SystemSettingsService._
 import gitbucket.core.util.ConfigUtil._
 import gitbucket.core.util.Directory._
-import gitbucket.core.util.SyntaxSugars._
 import scala.util.Using
 
 trait SystemSettingsService {
@@ -15,7 +14,7 @@ trait SystemSettingsService {
   def baseUrl(implicit request: HttpServletRequest): String = loadSystemSettings().baseUrl(request)
 
   def saveSystemSettings(settings: SystemSettings): Unit = {
-    defining(new java.util.Properties()) { props =>
+    val props = new java.util.Properties()
     settings.baseUrl.foreach(x => props.setProperty(BaseURL, x.replaceFirst("/\\Z", "")))
     settings.information.foreach(x => props.setProperty(Information, x))
     props.setProperty(AllowAccountRegistration, settings.allowAccountRegistration.toString)
@@ -73,7 +72,7 @@ trait SystemSettingsService {
         }
       }
     }
-      props.setProperty(SkinName, settings.skinName.toString)
+    props.setProperty(SkinName, settings.skinName)
     settings.userDefinedCss.foreach(x => props.setProperty(UserDefinedCss, x))
     props.setProperty(ShowMailAddress, settings.showMailAddress.toString)
     props.setProperty(WebHookBlockPrivateAddress, settings.webHook.blockPrivateAddress.toString)
@@ -88,10 +87,9 @@ trait SystemSettingsService {
       props.store(out, null)
     }
   }
-  }
 
   def loadSystemSettings(): SystemSettings = {
-    defining(new java.util.Properties()) { props =>
+    val props = new java.util.Properties()
     if (GitBucketConf.exists) {
       Using.resource(new java.io.FileInputStream(GitBucketConf)) { in =>
         props.load(in)
@@ -184,7 +182,6 @@ trait SystemSettingsService {
       )
     )
   }
-  }
 
 }
 
@@ -368,7 +365,7 @@ object SystemSettingsService {
 
   private def getValue[A: ClassTag](props: java.util.Properties, key: String, default: A): A = {
     getConfigValue(key).getOrElse {
-      defining(props.getProperty(key)) { value =>
+      val value = props.getProperty(key)
       if (value == null || value.isEmpty) {
         default
       } else {
@@ -376,7 +373,6 @@ object SystemSettingsService {
       }
     }
   }
-  }
 
   private def getSeqValue[A: ClassTag](props: java.util.Properties, key: String, default: A): Seq[A] = {
     getValue[String](props, key, "").split("\n").toIndexedSeq.map { value =>
@@ -390,7 +386,7 @@ object SystemSettingsService {
 
   private def getOptionValue[A: ClassTag](props: java.util.Properties, key: String, default: Option[A]): Option[A] = {
     getConfigValue(key).orElse {
-      defining(props.getProperty(key)) { value =>
+      val value = props.getProperty(key)
       if (value == null || value.isEmpty) {
         default
       } else {
@@ -398,6 +394,5 @@ object SystemSettingsService {
       }
     }
   }
-  }
 
 }

src/main/scala/gitbucket/core/service/WebHookService.scala

@@ -3,7 +3,6 @@ package gitbucket.core.service
 import fr.brouillard.oss.security.xhub.XHub
 import fr.brouillard.oss.security.xhub.XHub.{XHubConverter, XHubDigest}
 import gitbucket.core.api._
-import gitbucket.core.controller.Context
 import gitbucket.core.model.{
   Account,
   AccountWebHook,
@@ -21,7 +20,6 @@ import gitbucket.core.model.Profile._
 import gitbucket.core.model.Profile.profile.blockingApi._
 import org.apache.http.client.utils.URLEncodedUtils
 import gitbucket.core.util.JGitUtil.CommitInfo
-import gitbucket.core.util.Implicits._
 import gitbucket.core.util.{HttpClientUtil, RepositoryName, StringUtil}
 import gitbucket.core.service.RepositoryService.RepositoryInfo
 import org.apache.http.NameValuePair
@@ -37,6 +35,7 @@ import org.apache.http.HttpRequest
 import org.apache.http.HttpResponse
 import gitbucket.core.model.WebHookContentType
 import gitbucket.core.service.SystemSettingsService.SystemSettings
+import gitbucket.core.view.helpers.getApiMilestone
 import org.apache.http.client.entity.EntityBuilder
 import org.apache.http.entity.ContentType
 
@@ -128,7 +127,7 @@ trait WebHookService {
       ctype = ctype,
       token = token
     )
-    events.map { event: WebHook.Event =>
+    events.map { (event: WebHook.Event) =>
       RepositoryWebHookEvents insert RepositoryWebHookEvent(owner, repository, url, event)
     }
   }
@@ -146,7 +145,7 @@ trait WebHookService {
       .map(w => (w.ctype, w.token))
       .update((ctype, token))
     RepositoryWebHookEvents.filter(_.byRepositoryWebHook(owner, repository, url)).delete
-    events.map { event: WebHook.Event =>
+    events.map { (event: WebHook.Event) =>
       RepositoryWebHookEvents insert RepositoryWebHookEvent(owner, repository, url, event)
     }
   }
@@ -165,7 +164,7 @@ trait WebHookService {
       .map(w => (w.url, w.ctype, w.token))
       .update((url, ctype, token))
     RepositoryWebHookEvents.filter(_.byRepositoryWebHook(owner, repository, url)).delete
-    events.map { event: WebHook.Event =>
+    events.map { (event: WebHook.Event) =>
       RepositoryWebHookEvents insert RepositoryWebHookEvent(owner, repository, url, event)
     }
   }
@@ -230,7 +229,7 @@ trait WebHookService {
     token: Option[String]
   )(implicit s: Session): Unit = {
     AccountWebHooks insert AccountWebHook(owner, url, ctype, token)
-    events.map { event: WebHook.Event =>
+    events.map { (event: WebHook.Event) =>
       AccountWebHookEvents insert AccountWebHookEvent(owner, url, event)
     }
   }
@@ -244,7 +243,7 @@ trait WebHookService {
   )(implicit s: Session): Unit = {
     AccountWebHooks.filter(_.byPrimaryKey(owner, url)).map(w => (w.ctype, w.token)).update((ctype, token))
     AccountWebHookEvents.filter(_.byAccountWebHook(owner, url)).delete
-    events.map { event: WebHook.Event =>
+    events.map { (event: WebHook.Event) =>
       AccountWebHookEvents insert AccountWebHookEvent(owner, url, event)
     }
   }
@@ -396,7 +395,8 @@ trait WebHookPullRequestService extends WebHookService {
             ApiUser(issueUser),
             issue.assignedUserName.flatMap(users.get(_)).map(ApiUser(_)),
             getIssueLabels(repository.owner, repository.name, issue.issueId)
-              .map(ApiLabel(_, RepositoryName(repository)))
+              .map(ApiLabel(_, RepositoryName(repository))),
+            getApiMilestone(repository, issue.milestoneId getOrElse (0))
           ),
           sender = ApiUser(sender)
         )
@@ -578,6 +578,7 @@ trait WebHookIssueCommentService extends WebHookPullRequestService {
         commenter <- users.get(issueComment.commentedUserName)
         assignedUser = issue.assignedUserName.flatMap(users.get(_))
         labels = getIssueLabels(repository.owner, repository.name, issue.issueId)
+        milestone = getApiMilestone(repository, issue.milestoneId getOrElse (0))
       } yield {
         WebHookIssueCommentPayload(
           issue = issue,
@@ -588,7 +589,8 @@ trait WebHookIssueCommentService extends WebHookPullRequestService {
           repositoryUser = repoOwner,
           assignedUser = assignedUser,
           sender = sender,
-          labels = labels
+          labels = labels,
+          milestone = milestone
         )
       }
     }
@@ -762,7 +764,8 @@ object WebHookService {
       repositoryUser: Account,
       assignedUser: Option[Account],
       sender: Account,
-      labels: List[Label]
+      labels: List[Label],
+      milestone: Option[ApiMilestone]
     ): WebHookIssueCommentPayload =
       WebHookIssueCommentPayload(
         action = "created",
@@ -772,7 +775,8 @@ object WebHookService {
           RepositoryName(repository),
           ApiUser(issueUser),
           assignedUser.map(ApiUser(_)),
-          labels.map(ApiLabel(_, RepositoryName(repository)))
+          labels.map(ApiLabel(_, RepositoryName(repository))),
+          milestone
         ),
         comment =
           ApiComment(comment, RepositoryName(repository), issue.issueId, ApiUser(commentUser), issue.isPullRequest),

src/main/scala/gitbucket/core/service/WikiService.scala

@@ -5,7 +5,6 @@ import gitbucket.core.controller.Context
 import gitbucket.core.model.Account
 import gitbucket.core.service.RepositoryService.RepositoryInfo
 import gitbucket.core.util._
-import gitbucket.core.util.SyntaxSugars._
 import org.eclipse.jgit.api.Git
 import org.eclipse.jgit.treewalk.CanonicalTreeParser
 import org.eclipse.jgit.lib._
@@ -54,7 +53,7 @@ trait WikiService {
 
   def createWikiRepository(loginAccount: Account, owner: String, repository: String): Unit =
     LockUtil.lock(s"${owner}/${repository}/wiki") {
-      defining(Directory.getWikiRepositoryDir(owner, repository)) { dir =>
+      val dir = Directory.getWikiRepositoryDir(owner, repository)
       if (!dir.exists) {
         JGitUtil.initRepository(dir)
         saveWikiPage(
@@ -69,7 +68,6 @@ trait WikiService {
         )
       }
     }
-    }
 
   /**
    * Returns the wiki page.
@@ -77,13 +75,15 @@ trait WikiService {
   def getWikiPage(owner: String, repository: String, pageName: String): Option[WikiPageInfo] = {
     Using.resource(Git.open(Directory.getWikiRepositoryDir(owner, repository))) { git =>
       if (!JGitUtil.isEmpty(git)) {
-        JGitUtil.getFileList(git, "master", ".").find(_.name == pageName + ".md").map { file =>
+        val fileName = pageName + ".md"
+        JGitUtil.getLatestCommitFromPath(git, fileName, "master").map { latestCommit =>
+          val content = JGitUtil.getContentFromPath(git, latestCommit.getTree, fileName, true)
           WikiPageInfo(
-            file.name,
-            StringUtil.convertFromByteArray(git.getRepository.open(file.id).getBytes),
-            file.author,
-            file.time,
-            file.commitId
+            fileName,
+            StringUtil.convertFromByteArray(content.getOrElse(Array.empty)),
+            latestCommit.getAuthorIdent.getName,
+            latestCommit.getAuthorIdent.getWhen,
+            latestCommit.getName
           )
         }
       } else None
@@ -147,7 +147,7 @@ trait WikiService {
           if (!p.getErrors.isEmpty) {
             throw new PatchFormatException(p.getErrors())
           }
-          val revertInfo = (p.getFiles.asScala.map { fh =>
+          val revertInfo = p.getFiles.asScala.flatMap { fh =>
             fh.getChangeType match {
               case DiffEntry.ChangeType.MODIFY => {
                 val source =
@@ -176,7 +176,7 @@ trait WikiService {
               }
               case _ => Nil
             }
-          }).flatten
+          }
 
           if (revertInfo.nonEmpty) {
             val builder = DirCache.newInCore.builder()
@@ -257,8 +257,7 @@ trait WikiService {
               created = false
               updated = JGitUtil
                 .getContentFromId(git, tree.getEntryObjectId, true)
-                .map(new String(_, "UTF-8") != content)
-                .getOrElse(false)
+                .exists(new String(_, "UTF-8") != content)
             }
           }
         }

src/main/scala/gitbucket/core/servlet/ApiAuthenticationFilter.scala

@@ -19,8 +19,9 @@ class ApiAuthenticationFilter extends Filter with AccessTokenService with Accoun
   override def destroy(): Unit = {}
 
   override def doFilter(req: ServletRequest, res: ServletResponse, chain: FilterChain): Unit = {
-    implicit val request = req.asInstanceOf[HttpServletRequest]
-    implicit val session = req.getAttribute(Keys.Request.DBSession).asInstanceOf[slick.jdbc.JdbcBackend#Session]
+    implicit val request: HttpServletRequest = req.asInstanceOf[HttpServletRequest]
+    implicit val session: slick.jdbc.JdbcBackend#Session =
+      req.getAttribute(Keys.Request.DBSession).asInstanceOf[slick.jdbc.JdbcBackend#Session]
     val response = res.asInstanceOf[HttpServletResponse]
     Option(request.getHeader("Authorization"))
       .map {

src/main/scala/gitbucket/core/servlet/GitAuthenticationFilter.scala

@@ -139,7 +139,7 @@ class GitAuthenticationFilter extends Filter with RepositoryService with Account
       case _ =>
         () =>
           {
-            logger.debug(s"Not enough path arguments: ${request.paths}")
+            logger.debug(s"Not enough path arguments: ${request.paths.mkString(", ")}")
             response.sendError(HttpServletResponse.SC_NOT_FOUND)
           }
     }

src/main/scala/gitbucket/core/servlet/GitLfsTransferServlet.scala

@@ -6,6 +6,7 @@ import javax.servlet.http.{HttpServlet, HttpServletRequest, HttpServletResponse}
 
 import gitbucket.core.util.{FileUtil, StringUtil}
 import org.apache.commons.io.{FileUtils, IOUtils}
+import org.json4s.Formats
 import org.json4s.jackson.Serialization._
 import org.apache.http.HttpStatus
 
@@ -17,7 +18,7 @@ import scala.util.Using
  */
 class GitLfsTransferServlet extends HttpServlet {
 
-  private implicit val jsonFormats = gitbucket.core.api.JsonFormat.jsonFormats
+  private implicit val jsonFormats: Formats = gitbucket.core.api.JsonFormat.jsonFormats
   private val LongObjectIdLength = 32
   private val LongObjectIdStringLength = LongObjectIdLength * 2
 

src/main/scala/gitbucket/core/servlet/GitRepositoryServlet.scala

@@ -6,12 +6,12 @@ import java.util.Date
 
 import scala.util.Using
 import gitbucket.core.api
+import gitbucket.core.api.JsonFormat.Context
 import gitbucket.core.model.WebHook
 import gitbucket.core.plugin.{GitRepositoryRouting, PluginRegistry}
 import gitbucket.core.service.IssuesService.IssueSearchCondition
 import gitbucket.core.service.WebHookService._
 import gitbucket.core.service._
-import gitbucket.core.util.SyntaxSugars._
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util._
 import gitbucket.core.model.Profile.profile.blockingApi._
@@ -42,6 +42,7 @@ import javax.servlet.ServletConfig
 import javax.servlet.http.{HttpServletRequest, HttpServletResponse}
 import org.eclipse.jgit.diff.DiffEntry.ChangeType
 import org.eclipse.jgit.internal.storage.file.FileRepository
+import org.json4s.Formats
 import org.json4s.jackson.Serialization._
 
 /**
@@ -53,7 +54,7 @@ import org.json4s.jackson.Serialization._
 class GitRepositoryServlet extends GitServlet with SystemSettingsService {
 
   private val logger = LoggerFactory.getLogger(classOf[GitRepositoryServlet])
-  private implicit val jsonFormats = gitbucket.core.api.JsonFormat.jsonFormats
+  private implicit val jsonFormats: Formats = gitbucket.core.api.JsonFormat.jsonFormats
 
   override def init(config: ServletConfig): Unit = {
     setReceivePackFactory(new GitBucketReceivePackFactory())
@@ -200,7 +201,7 @@ class GitBucketReceivePackFactory extends ReceivePackFactory[HttpServletRequest]
       logger.debug("requestURI: " + request.getRequestURI)
       logger.debug("pusher:" + pusher)
 
-      defining(request.paths) { paths =>
+      val paths = request.paths
       val owner = paths(1)
       val repository = paths(2).stripSuffix(".git")
 
@@ -213,22 +214,17 @@ class GitBucketReceivePackFactory extends ReceivePackFactory[HttpServletRequest]
       }
 
       if (!repository.endsWith(".wiki")) {
-          defining(request) { implicit r =>
         val hook = new CommitLogHook(owner, repository, pusher, baseUrl, sshUrl)
         receivePack.setPreReceiveHook(hook)
         receivePack.setPostReceiveHook(hook)
       }
-        }
 
       if (repository.endsWith(".wiki")) {
-          defining(request) { implicit r =>
         receivePack.setPostReceiveHook(
           new WikiCommitHook(owner, repository.stripSuffix(".wiki"), pusher, baseUrl, sshUrl)
         )
       }
     }
-      }
-    }
 
     receivePack
   }
@@ -293,7 +289,7 @@ class CommitLogHook(owner: String, repository: String, pusher: String, baseUrl:
           val pushedIds = scala.collection.mutable.Set[String]()
           commands.asScala.foreach { command =>
             logger.debug(s"commandType: ${command.getType}, refName: ${command.getRefName}")
-            implicit val apiContext = api.JsonFormat.Context(baseUrl, sshUrl)
+            implicit val apiContext: Context = api.JsonFormat.Context(baseUrl, sshUrl)
             val refName = command.getRefName.split("/")
             val branchName = refName.drop(2).mkString("/")
             val commits = if (refName(1) == "tags") {
@@ -351,9 +347,9 @@ class CommitLogHook(owner: String, repository: String, pusher: String, baseUrl:
             // set PR as merged
             val pulls = getPullRequestsByBranch(owner, repository, branchName, Some(false))
             pulls.foreach { pull =>
-              if (commits.find { c =>
+              if (commits.exists { c =>
                     c.id == pull.commitIdTo
-                  }.isDefined) {
+                  }) {
                 markMergeAndClosePullRequest(pusher, owner, repository, pull)
                 getAccountByUserName(pusher).foreach { pusherAccount =>
                   callPullRequestWebHook("closed", repositoryInfo, pull.issueId, pusherAccount, settings)
@@ -469,7 +465,7 @@ class WikiCommitHook(owner: String, repository: String, pusher: String, baseUrl:
     Database() withTransaction { implicit session =>
       try {
         commands.asScala.headOption.foreach { command =>
-          implicit val apiContext = api.JsonFormat.Context(baseUrl, sshUrl)
+          implicit val apiContext: Context = api.JsonFormat.Context(baseUrl, sshUrl)
           val refName = command.getRefName.split("/")
           val commitIds = if (refName(1) == "tags") {
             None

src/main/scala/gitbucket/core/servlet/InitializeListener.scala

@@ -2,7 +2,6 @@ package gitbucket.core.servlet
 
 import java.io.{File, FileOutputStream}
 
-import com.typesafe.config.ConfigFactory
 import gitbucket.core.GitBucketCoreModule
 import gitbucket.core.plugin.PluginRegistry
 import gitbucket.core.service.SystemSettingsService

src/main/scala/gitbucket/core/servlet/PluginControllerFilter.scala

@@ -1,7 +1,6 @@
 package gitbucket.core.servlet
 
 import javax.servlet._
-import javax.servlet.http.HttpServletRequest
 
 import gitbucket.core.controller.ControllerBase
 import gitbucket.core.plugin.PluginRegistry

src/main/scala/gitbucket/core/ssh/GitCommand.scala

@@ -4,7 +4,7 @@ import gitbucket.core.model.Profile.profile.blockingApi._
 import gitbucket.core.plugin.{GitRepositoryRouting, PluginRegistry}
 import gitbucket.core.service.{AccountService, DeployKeyService, RepositoryService, SystemSettingsService}
 import gitbucket.core.servlet.{CommitLogHook, Database}
-import gitbucket.core.util.{SyntaxSugars, Directory}
+import gitbucket.core.util.Directory
 import org.apache.sshd.server.{Environment, ExitCallback, SessionAware}
 import org.apache.sshd.server.command.{Command, CommandFactory}
 import org.apache.sshd.server.session.ServerSession
@@ -144,11 +144,9 @@ class DefaultGitUploadPack(owner: String, repoName: String)
 
   override protected def runTask(authType: AuthType): Unit = {
     val execute = Database() withSession { implicit session =>
-      getRepository(owner, repoName.replaceFirst("\\.wiki\\Z", ""))
-        .map { repositoryInfo =>
+      getRepository(owner, repoName.replaceFirst("\\.wiki\\Z", "")).exists { repositoryInfo =>
         !repositoryInfo.repository.isPrivate || isReadableUser(authType, repositoryInfo)
       }
-        .getOrElse(false)
     }
 
     if (execute) {
@@ -169,11 +167,9 @@ class DefaultGitReceivePack(owner: String, repoName: String, baseUrl: String, ss
 
   override protected def runTask(authType: AuthType): Unit = {
     val execute = Database() withSession { implicit session =>
-      getRepository(owner, repoName.replaceFirst("\\.wiki\\Z", ""))
-        .map { repositoryInfo =>
+      getRepository(owner, repoName.replaceFirst("\\.wiki\\Z", "")).exists { repositoryInfo =>
         isWritableUser(authType, repositoryInfo)
       }
-        .getOrElse(false)
     }
 
     if (execute) {

src/main/scala/gitbucket/core/ssh/SshServerListener.scala

@@ -1,6 +1,5 @@
 package gitbucket.core.ssh
 
-import java.io.File
 import java.util.concurrent.atomic.AtomicBoolean
 import javax.servlet.{ServletContextEvent, ServletContextListener}
 

src/main/scala/gitbucket/core/util/Authenticator.scala

@@ -5,7 +5,6 @@ import gitbucket.core.service.{AccountService, RepositoryService}
 import gitbucket.core.model.Role
 import RepositoryService.RepositoryInfo
 import Implicits._
-import SyntaxSugars._
 
 /**
  * Allows only oneself and administrators.
@@ -39,7 +38,7 @@ trait OwnerAuthenticator { self: ControllerBase with RepositoryService with Acco
         case Some(x) if (repository.owner == x.userName) => action(repository)
         // TODO Repository management is allowed for only group managers?
         case Some(x) if (getGroupMembers(repository.owner).exists { m =>
-              m.userName == x.userName && m.isManager == true
+              m.userName == x.userName && m.isManager
             }) =>
           action(repository)
         case Some(x) if (getCollaboratorUserNames(userName, repoName, Seq(Role.ADMIN)).contains(x.userName)) =>
@@ -113,13 +112,10 @@ trait ReadableUsersAuthenticator { self: ControllerBase with RepositoryService w
     val userName = params("owner")
     val repoName = params("repository")
     getRepository(userName, repoName).map { repository =>
-      context.loginAccount match {
-        case Some(x) if (x.isAdmin)                                                          => action(repository)
-        case Some(x) if (!repository.repository.isPrivate)                                   => action(repository)
-        case Some(x) if (userName == x.userName)                                             => action(repository)
-        case Some(x) if (getGroupMembers(repository.owner).exists(_.userName == x.userName)) => action(repository)
-        case Some(x) if (getCollaboratorUserNames(userName, repoName).contains(x.userName))  => action(repository)
-        case _                                                                               => Unauthorized()
+      if (isReadable(repository.repository, context.loginAccount) || !repository.repository.isPrivate) {
+        action(repository)
+      } else {
+        Unauthorized()
       }
     } getOrElse NotFound()
   }

src/main/scala/gitbucket/core/util/ConfigUtil.scala

@@ -1,7 +1,5 @@
 package gitbucket.core.util
 
-import gitbucket.core.util.SyntaxSugars.defining
-
 import scala.reflect.ClassTag
 
 object ConfigUtil {
@@ -30,8 +28,8 @@ object ConfigUtil {
     }
   }
 
-  def convertType[A: ClassTag](value: String): A =
-    defining(implicitly[ClassTag[A]].runtimeClass) { c =>
+  def convertType[A: ClassTag](value: String): A = {
+    val c = implicitly[ClassTag[A]].runtimeClass
     if (c == classOf[Boolean]) value.toBoolean
     else if (c == classOf[Long]) value.toLong
     else if (c == classOf[Int]) value.toInt

src/main/scala/gitbucket/core/util/EditorConfigUtil.scala

@@ -28,7 +28,7 @@ object EditorConfigUtil {
     }
 
     private def getRevTree: RevTree = {
-      Using.resource(repo.newObjectReader()) { reader: ObjectReader =>
+      Using.resource(repo.newObjectReader()) { (reader: ObjectReader) =>
         val revWalk = new RevWalk(reader)
         val id = repo.resolve(revStr)
         val commit = revWalk.parseCommit(id)
@@ -37,7 +37,7 @@ object EditorConfigUtil {
     }
 
     override def exists(): Boolean = {
-      Using.resource(repo.newObjectReader()) { reader: ObjectReader =>
+      Using.resource(repo.newObjectReader()) { (reader: ObjectReader) =>
         try {
           val treeWalk = Option(TreeWalk.forPath(reader, removeInitialSlash(path), getRevTree))
           treeWalk.isDefined
@@ -52,7 +52,7 @@ object EditorConfigUtil {
     }
 
     override def getParent: ResourcePath = {
-      Option(path.getParentPath).map { new JGitResourcePath(repo, revStr, _) }.getOrElse(null)
+      Option(path.getParentPath).map { new JGitResourcePath(repo, revStr, _) }.orNull
     }
 
     override def openRandomReader(): Resource.RandomReader = {
@@ -60,7 +60,7 @@ object EditorConfigUtil {
     }
 
     override def openReader(): Reader = {
-      Using.resource(repo.newObjectReader) { reader: ObjectReader =>
+      Using.resource(repo.newObjectReader) { (reader: ObjectReader) =>
         val treeWalk = TreeWalk.forPath(reader, removeInitialSlash(path), getRevTree)
         new InputStreamReader(reader.open(treeWalk.getObjectId(0)).openStream, StandardCharsets.UTF_8)
       }
@@ -70,7 +70,7 @@ object EditorConfigUtil {
   private class JGitResourcePath(repo: Repository, revStr: String, path: Ec4jPath) extends ResourcePath {
 
     override def getParent: ResourcePath = {
-      Option(path.getParentPath).map { new JGitResourcePath(repo, revStr, _) }.getOrElse(null)
+      Option(path.getParentPath).map { new JGitResourcePath(repo, revStr, _) }.orNull
     }
 
     override def getPath: Ec4jPath = {

src/main/scala/gitbucket/core/util/FileUtil.scala

@@ -3,13 +3,12 @@ package gitbucket.core.util
 import org.apache.commons.io.FileUtils
 import org.apache.tika.Tika
 import java.io.File
-import SyntaxSugars._
 import scala.util.Random
 
 object FileUtil {
 
-  def getMimeType(name: String): String =
-    defining(new Tika()) { tika =>
+  def getMimeType(name: String): String = {
+    val tika = new Tika()
     tika.detect(name) match {
       case null     => "application/octet-stream"
       case mimeType => mimeType
@@ -17,22 +16,26 @@ object FileUtil {
   }
 
   def getMimeType(name: String, bytes: Array[Byte]): String = {
-    defining(getMimeType(name)) { mimeType =>
+    val mimeType = getMimeType(name)
     if (mimeType == "application/octet-stream" && isText(bytes)) {
       "text/plain"
     } else {
       mimeType
     }
   }
-  }
 
-  def getSafeMimeType(name: String): String = {
-    getMimeType(name)
+  def getSafeMimeType(name: String, safeMode: Boolean = true): String = {
+    val mimeType = getMimeType(name)
       .replace("text/html", "text/plain")
-      .replace("image/svg+xml", "text/plain; charset=UTF-8")
+
+    if (safeMode) {
+      mimeType.replace("image/svg+xml", "text/plain; charset=UTF-8")
+    } else {
+      mimeType
+    }
   }
 
-  def isImage(name: String): Boolean = getSafeMimeType(name).startsWith("image/")
+  def isImage(name: String, safeMode: Boolean = true): Boolean = getSafeMimeType(name, safeMode).startsWith("image/")
 
   def isLarge(size: Long): Boolean = (size > 1024 * 1000)
 
@@ -92,4 +95,14 @@ object FileUtil {
     name
   }
 
+  /**
+   * Delete given folder recursively.
+   */
+  def deleteRecursively(f: File): Boolean = {
+    if (f.isDirectory) f.listFiles match {
+      case files: Array[File] => files.foreach(deleteRecursively)
+      case null               =>
+    }
+    f.delete()
+  }
 }

src/main/scala/gitbucket/core/util/HttpClientUtil.scala

@@ -1,6 +1,6 @@
 package gitbucket.core.util
 
-import java.net.{InetAddress, URL}
+import java.net.InetAddress
 
 import gitbucket.core.service.SystemSettingsService
 import org.apache.commons.net.util.SubnetUtils

src/main/scala/gitbucket/core/util/JDBCUtil.scala

@@ -83,7 +83,9 @@ object JDBCUtil {
               }
               if (c == ';' && !stringLiteral) {
                 val sql = new String(out.toByteArray, "UTF-8")
+                if (sql != null && !sql.isEmpty()) {
                   conn.update(sql.trim)
+                }
                 out = new ByteArrayOutputStream()
               } else {
                 out.write(c)
@@ -225,7 +227,7 @@ object JDBCUtil {
         if (noPreds.isEmpty) {
           if (hasPreds.isEmpty) done else sys.error(hasPreds.toString)
         } else {
-          val found = noPreds.map { _._1 }
+          val found = noPreds.keys
           tsort(hasPreds.map { case (k, v) => (k, v -- found) }, done ++ found)
         }
       }

src/main/scala/gitbucket/core/util/JGitUtil.scala

@@ -6,7 +6,6 @@ import gitbucket.core.service.RepositoryService
 import org.eclipse.jgit.api.Git
 import Directory._
 import StringUtil._
-import SyntaxSugars._
 
 import scala.annotation.tailrec
 import scala.jdk.CollectionConverters._
@@ -38,9 +37,8 @@ object JGitUtil {
 
   private val logger = LoggerFactory.getLogger(JGitUtil.getClass)
 
-  implicit val objectDatabaseReleasable = new Releasable[ObjectDatabase] {
-    override def release(resource: ObjectDatabase): Unit = resource.close()
-  }
+  implicit val objectDatabaseReleasable: Releasable[ObjectDatabase] =
+    _.close()
 
   /**
    * The repository data.
@@ -183,7 +181,8 @@ object JGitUtil {
 
     val summary = getSummaryMessage(fullMessage, shortMessage)
 
-    val description = defining(fullMessage.trim.indexOf('\n')) { i =>
+    val description = {
+      val i = fullMessage.trim.indexOf('\n')
       if (i >= 0) {
         Some(fullMessage.trim.substring(i).trim)
       } else None
@@ -383,7 +382,7 @@ object JGitUtil {
     path: String = ".",
     baseUrl: Option[String] = None,
     commitCount: Int = 0,
-    maxFiles: Int = 100
+    maxFiles: Int = 5
   ): List[FileInfo] = {
     Using.resource(new RevWalk(git.getRepository)) { revWalk =>
       val objectId = git.getRepository.resolve(revision)
@@ -513,13 +512,11 @@ object JGitUtil {
   /**
    * Returns the first line of the commit message.
    */
-  private def getSummaryMessage(fullMessage: String, shortMessage: String): String = {
-    defining(fullMessage.trim.indexOf('\n')) { i =>
-      defining(if (i >= 0) fullMessage.trim.substring(0, i).trim else fullMessage) { firstLine =>
+  def getSummaryMessage(fullMessage: String, shortMessage: String): String = {
+    val i = fullMessage.trim.indexOf('\n')
+    val firstLine = if (i >= 0) fullMessage.trim.substring(0, i).trim else fullMessage
     if (firstLine.length > shortMessage.length) shortMessage else firstLine
   }
-    }
-  }
 
   /**
    * get all file list by revision. only file.
@@ -592,7 +589,7 @@ object JGitUtil {
       }
 
     Using.resource(new RevWalk(git.getRepository)) { revWalk =>
-      defining(git.getRepository.resolve(revision)) { objectId =>
+      val objectId = git.getRepository.resolve(revision)
       if (objectId == null) {
         Left(s"${revision} can't be resolved.")
       } else {
@@ -604,7 +601,6 @@ object JGitUtil {
       }
     }
   }
-  }
 
   def getCommitLogs(git: Git, begin: String, includesLastCommit: Boolean = false)(
     endCondition: RevCommit => Boolean
@@ -662,9 +658,13 @@ object JGitUtil {
    */
   def getLatestCommitFromPaths(git: Git, paths: List[String], revision: String): Map[String, RevCommit] = {
     val start = getRevCommitFromId(git, git.getRepository.resolve(revision))
-    paths.map { path =>
+    paths.flatMap { path =>
       val commit = git.log.add(start).addPath(path).setMaxCount(1).call.iterator.next
-      (path, commit)
+      if (commit == null) {
+        None
+      } else {
+        Some((path, commit))
+      }
     }.toMap
   }
 
@@ -675,11 +675,10 @@ object JGitUtil {
     df.setDiffComparator(RawTextComparator.DEFAULT)
     df.setDetectRenames(true)
     getDiffEntries(git, from, to)
-      .map { entry =>
+      .foreach { entry =>
         df.format(entry)
-        new String(out.toByteArray, "UTF-8")
       }
-      .mkString("\n")
+    new String(out.toByteArray, "UTF-8")
   }
 
   private def getDiffEntries(git: Git, from: Option[String], to: String): Seq[DiffEntry] = {
@@ -804,7 +803,7 @@ object JGitUtil {
    */
   def getBranchesOfCommit(git: Git, commitId: String): List[String] =
     Using.resource(new RevWalk(git.getRepository)) { revWalk =>
-      defining(revWalk.parseCommit(git.getRepository.resolve(commitId + "^0"))) { commit =>
+      val commit = revWalk.parseCommit(git.getRepository.resolve(commitId + "^0"))
       git.getRepository.getRefDatabase
         .getRefsByPrefix(Constants.R_HEADS)
         .asScala
@@ -820,7 +819,6 @@ object JGitUtil {
         .toList
         .sorted
     }
-    }
 
   /**
    * Returns the list of tags which pointed on the specified commit.
@@ -847,7 +845,7 @@ object JGitUtil {
    */
   def getTagsOfCommit(git: Git, commitId: String): List[String] =
     Using.resource(new RevWalk(git.getRepository)) { revWalk =>
-      defining(revWalk.parseCommit(git.getRepository.resolve(commitId + "^0"))) { commit =>
+      val commit = revWalk.parseCommit(git.getRepository.resolve(commitId + "^0"))
       git.getRepository.getRefDatabase
         .getRefsByPrefix(Constants.R_TAGS)
         .asScala
@@ -864,7 +862,6 @@ object JGitUtil {
         .sorted
         .reverse
     }
-    }
 
   def initRepository(dir: java.io.File): Unit =
     Using.resource(new RepositoryBuilder().setGitDir(dir).setBare.build) { repository =>
@@ -879,8 +876,8 @@ object JGitUtil {
 
   def isEmpty(git: Git): Boolean = git.getRepository.resolve(Constants.HEAD) == null
 
-  private def setReceivePack(repository: org.eclipse.jgit.lib.Repository): Unit =
-    defining(repository.getConfig) { config =>
+  private def setReceivePack(repository: org.eclipse.jgit.lib.Repository): Unit = {
+    val config = repository.getConfig
     config.setBoolean("http", null, "receivepack", true)
     config.save
   }
@@ -912,10 +909,10 @@ object JGitUtil {
       }
       Right("Tag added.")
     } catch {
-      case e: ConcurrentRefUpdateException => Left("Sorry, some error occurs.")
-      case e: InvalidTagNameException      => Left("Sorry, that name is invalid.")
-      case e: NoHeadException              => Left("Sorry, this repo doesn't have HEAD reference")
-      case e: GitAPIException              => Left("Sorry, some Git operation error occurs.")
+      case _: ConcurrentRefUpdateException => Left("Sorry, some error occurs.")
+      case _: InvalidTagNameException      => Left("Sorry, that name is invalid.")
+      case _: NoHeadException              => Left("Sorry, this repo doesn't have HEAD reference")
+      case _: GitAPIException              => Left("Sorry, some Git operation error occurs.")
     }
   }
 
@@ -924,7 +921,7 @@ object JGitUtil {
       git.branchCreate().setStartPoint(fromBranch).setName(newBranch).call()
       Right("Branch created.")
     } catch {
-      case e: RefAlreadyExistsException => Left("Sorry, that branch already exists.")
+      case _: RefAlreadyExistsException => Left("Sorry, that branch already exists.")
       // JGitInternalException occurs when new branch name is 'a' and the branch whose name is 'a/*' exists.
       case _: InvalidRefNameException | _: JGitInternalException => Left("Sorry, that name is invalid.")
     }
@@ -1052,13 +1049,13 @@ object JGitUtil {
     !loader.isLarge && new String(loader.getBytes(), "UTF-8").startsWith("version https://git-lfs.github.com/spec/v1")
   }
 
-  def getContentInfo(git: Git, path: String, objectId: ObjectId): ContentInfo = {
+  def getContentInfo(git: Git, path: String, objectId: ObjectId, safeMode: Boolean): ContentInfo = {
     // Viewer
     Using.resource(git.getRepository.getObjectDatabase) { db =>
       val loader = db.open(objectId)
       val isLfs = isLfsPointer(loader)
       val large = FileUtil.isLarge(loader.getSize)
-      val viewer = if (FileUtil.isImage(path)) "image" else if (large) "large" else "other"
+      val viewer = if (FileUtil.isImage(path, safeMode)) "image" else if (large) "large" else "other"
       val bytes = if (viewer == "other") JGitUtil.getContentFromId(git, objectId, false) else None
       val size = Some(getContentSize(loader))
 
@@ -1101,7 +1098,7 @@ object JGitUtil {
         }
       }
     } catch {
-      case e: MissingObjectException => None
+      case _: MissingObjectException => None
     }
 
   /**
@@ -1118,7 +1115,7 @@ object JGitUtil {
         Some(f(db.open(id)))
       }
     } catch {
-      case e: MissingObjectException => None
+      case _: MissingObjectException => None
     }
 
   /**
@@ -1162,8 +1159,8 @@ object JGitUtil {
     requestUserName: String,
     requestRepositoryName: String,
     requestBranch: String
-  ): String =
-    defining(getAllCommitIds(oldGit)) { existIds =>
+  ): String = {
+    val existIds = getAllCommitIds(oldGit)
     getCommitLogs(newGit, requestBranch, true) { commit =>
       existIds.contains(commit.name) && getBranchesOfCommit(oldGit, commit.getName).contains(branch)
     }.head.id
@@ -1264,7 +1261,7 @@ object JGitUtil {
         val blame = blamer.call()
         var blameMap = Map[String, JGitUtil.BlameInfo]()
         var idLine = List[(String, Int)]()
-        0.to(blame.getResultContents().size() - 1).map { i =>
+        0.until(blame.getResultContents().size()).foreach { i =>
           val c = blame.getSourceCommit(i)
           if (!blameMap.contains(c.name)) {
             blameMap += c.name -> JGitUtil.BlameInfo(

src/main/scala/gitbucket/core/util/LDAPUtil.scala

@@ -1,7 +1,6 @@
 package gitbucket.core.util
 
 import gitbucket.core.model.Account
-import SyntaxSugars._
 import gitbucket.core.service.SystemSettingsService
 import gitbucket.core.service.SystemSettingsService.Ldap
 import com.novell.ldap._
@@ -246,16 +245,14 @@ object LDAPUtil {
     userNameAttribute: String,
     userName: String,
     mailAttribute: String
-  ): Option[String] =
-    defining(
-      conn.search(
+  ): Option[String] = {
+    val results = conn.search(
       userDN,
       LDAPConnection.SCOPE_BASE,
       userNameAttribute + "=" + userName,
       Array[String](mailAttribute),
       false
     )
-    ) { results =>
     if (results.hasMore) {
       Option(results.next.getAttribute(mailAttribute)).map(_.getStringValue)
     } else None
@@ -267,16 +264,14 @@ object LDAPUtil {
     userNameAttribute: String,
     userName: String,
     nameAttribute: String
-  ): Option[String] =
-    defining(
-      conn.search(
+  ): Option[String] = {
+    val results = conn.search(
       userDN,
       LDAPConnection.SCOPE_BASE,
       userNameAttribute + "=" + userName,
       Array[String](nameAttribute),
       false
     )
-    ) { results =>
     if (results.hasMore) {
       Option(results.next.getAttribute(nameAttribute)).map(_.getStringValue)
     } else None

src/main/scala/gitbucket/core/util/LockUtil.scala

@@ -2,7 +2,6 @@ package gitbucket.core.util
 
 import java.util.concurrent.ConcurrentHashMap
 import java.util.concurrent.locks.{ReentrantLock, Lock}
-import SyntaxSugars._
 
 object LockUtil {
 
@@ -24,7 +23,8 @@ object LockUtil {
   /**
    * Synchronizes a given function which modifies the working copy of the wiki repository.
    */
-  def lock[T](key: String)(f: => T): T = defining(getLockObject(key)) { lock =>
+  def lock[T](key: String)(f: => T): T = {
+    val lock = getLockObject(key)
     try {
       lock.lock()
       f

src/main/scala/gitbucket/core/util/Mailer.scala

@@ -41,7 +41,7 @@ class Mailer(settings: SystemSettings) {
     htmlMsg: Option[String] = None,
     loginAccount: Option[Account] = None
   ): Option[HtmlEmail] = {
-    if (settings.notification == true) {
+    if (settings.notification) {
       settings.smtp.map { smtp =>
         val email = new HtmlEmail
         email.setHostName(smtp.host)
@@ -51,7 +51,7 @@ class Mailer(settings: SystemSettings) {
         }
         smtp.ssl.foreach { ssl =>
           email.setSSLOnConnect(ssl)
-          if (ssl == true) {
+          if (ssl) {
             email.setSslSmtpPort(smtp.port.get.toString)
           }
         }

src/main/scala/gitbucket/core/util/StringUtil.scala

@@ -5,7 +5,6 @@ import java.security.SecureRandom
 import java.util.{Base64, UUID}
 
 import org.mozilla.universalchardet.UniversalDetector
-import SyntaxSugars._
 import javax.crypto.SecretKeyFactory
 import javax.crypto.spec.PBEKeySpec
 import org.apache.commons.io.input.BOMInputStream
@@ -45,8 +44,8 @@ object StringUtil {
     s"""$$pbkdf2-sha256$$${iter}$$${base64Encode(salt)}$$${base64Encode(s.getEncoded)}"""
   }
 
-  def sha1(value: String): String =
-    defining(java.security.MessageDigest.getInstance("SHA-1")) { md =>
+  def sha1(value: String): String = {
+    val md = java.security.MessageDigest.getInstance("SHA-1")
     md.update(value.getBytes)
     md.digest.map(b => "%02x".format(b)).mkString
   }
@@ -89,8 +88,8 @@ object StringUtil {
   def convertFromByteArray(content: Array[Byte]): String =
     IOUtils.toString(new BOMInputStream(new java.io.ByteArrayInputStream(content)), detectEncoding(content))
 
-  def detectEncoding(content: Array[Byte]): String =
-    defining(new UniversalDetector(null)) { detector =>
+  def detectEncoding(content: Array[Byte]): String = {
+    val detector = new UniversalDetector(null)
     detector.handleData(content, 0, content.length)
     detector.dataEnd()
     detector.getDetectedCharset match {
@@ -144,6 +143,19 @@ object StringUtil {
       .toSeq
       .distinct
 
+  /**
+   * Extract issue id like ```owner/repository#issueId``` from the given message.
+   *
+   *@param message the message which may contains issue id
+   * @return the iterator of issue id
+   */
+  def extractGlobalIssueId(message: String): List[(Option[String], Option[String], Option[String])] =
+    "\\s?([\\w-\\.]+)?\\/?([\\w\\-\\.]+)?#(\\d+)\\s?".r
+      .findAllIn(message)
+      .matchData
+      .map(i => (Option(i.group(1)), Option(i.group(2)), Option(i.group(3))))
+      .toList
+
   /**
    * Extract close issue id like ```close #issueId ``` from the given message.
    *
@@ -172,8 +184,7 @@ object StringUtil {
     def removeUserName(baseUrl: String): String = baseUrl.replaceFirst("(https?://).+@", "$1")
 
     gitRepositoryUrl match {
-      case GitBucketUrlPattern(base, user, repository)
-          if baseUrl.map(removeUserName(base).startsWith).getOrElse(false) =>
+      case GitBucketUrlPattern(base, user, repository) if baseUrl.exists(removeUserName(base).startsWith) =>
         s"${removeUserName(base)}/$user/$repository"
       case GitHubUrlPattern(_, user, repository)    => s"https://github.com/$user/$repository"
       case BitBucketUrlPattern(_, user, repository) => s"https://bitbucket.org/$user/$repository"

src/main/scala/gitbucket/core/util/SyntaxSugars.scala

@@ -1,56 +1,14 @@
 package gitbucket.core.util
 
-import org.eclipse.jgit.api.Git
-import scala.util.control.Exception._
-import scala.language.reflectiveCalls
-
 /**
  * Provides control facilities.
  */
 object SyntaxSugars {
 
+  @deprecated("Use scala.util.Try instead", "4.36.0")
   def defining[A, B](value: A)(f: A => B): B = f(value)
 
-  @deprecated("Use scala.util.Using.resource instead", "4.32.0")
-  def using[A <: { def close(): Unit }, B](resource: A)(f: A => B): B =
-    try f(resource)
-    finally {
-      if (resource != null) {
-        ignoring(classOf[Throwable]) {
-          resource.close()
-        }
-      }
-    }
-
-  @deprecated("Use scala.util.Using.resources instead", "4.32.0")
-  def using[A <: { def close(): Unit }, B <: { def close(): Unit }, C](resource1: A, resource2: B)(f: (A, B) => C): C =
-    try f(resource1, resource2)
-    finally {
-      if (resource1 != null) {
-        ignoring(classOf[Throwable]) {
-          resource1.close()
-        }
-      }
-      if (resource2 != null) {
-        ignoring(classOf[Throwable]) {
-          resource2.close()
-        }
-      }
-    }
-
-  @deprecated("Use scala.util.Using.resource instead", "4.32.0")
-  def using[T](git: Git)(f: Git => T): T =
-    try f(git)
-    finally git.getRepository.close()
-
-  @deprecated("Use scala.util.Using.resources instead", "4.32.0")
-  def using[T](git1: Git, git2: Git)(f: (Git, Git) => T): T =
-    try f(git1, git2)
-    finally {
-      git1.getRepository.close()
-      git2.getRepository.close()
-    }
-
+  @deprecated("Use scala.util.Try instead", "4.36.0")
   def ignore[T](f: => Unit): Unit =
     try {
       f

src/main/scala/gitbucket/core/util/TextAvatarUtil.scala

@@ -3,7 +3,7 @@ package gitbucket.core.util
 import java.io.ByteArrayOutputStream
 import java.awt.image.BufferedImage
 import javax.imageio.ImageIO
-import java.awt.{Color, Font, Graphics2D, RenderingHints}
+import java.awt.{Color, Font, RenderingHints}
 import java.awt.font.{FontRenderContext, TextLayout}
 import java.awt.geom.AffineTransform
 

src/main/scala/gitbucket/core/view/AvatarImageProvider.scala

@@ -45,11 +45,14 @@ trait AvatarImageProvider { self: RequestCache =>
 
     if (tooltip) {
       Html(
-        s"""<img src="${src}" class="${if (size > 20) { "avatar" } else { "avatar-mini" }}" style="width: ${size}px; height: ${size}px;" data-toggle="tooltip" title="${userName}" alt="@${userName}" />"""
+        s"""<img src="${src}" class="${if (size > 20) { "avatar" } else { "avatar-mini" }}" style="width: ${size}px; height: ${size}px;"
+           |     alt="@${StringUtil.escapeHtml(userName)}"
+           |     data-toggle="tooltip" title="${StringUtil.escapeHtml(userName)}" />""".stripMargin
       )
     } else {
       Html(
-        s"""<img src="${src}" class="${if (size > 20) { "avatar" } else { "avatar-mini" }}" style="width: ${size}px; height: ${size}px;" alt="@${userName}" />"""
+        s"""<img src="${src}" class="${if (size > 20) { "avatar" } else { "avatar-mini" }}" style="width: ${size}px; height: ${size}px;"
+           |     alt="@${StringUtil.escapeHtml(userName)}" />""".stripMargin
       )
     }
   }

src/main/scala/gitbucket/core/view/LinkConverter.scala

@@ -10,21 +10,33 @@ trait LinkConverter { self: RequestCache =>
   /**
    * Creates a link to the issue or the pull request from the issue id.
    */
-  protected def createIssueLink(repository: RepositoryService.RepositoryInfo, issueId: Int, title: String)(
+  protected def createIssueLink(owner: String, repository: String, issueId: Int, title: String)(
     implicit context: Context
   ): String = {
-    val userName = repository.repository.userName
-    val repositoryName = repository.repository.repositoryName
-
-    getIssueFromCache(userName, repositoryName, issueId.toString) match {
+    getIssueFromCache(owner, repository, issueId.toString) match {
       case Some(issue) =>
-        s"""<a href="${context.path}/${userName}/${repositoryName}/${if (issue.isPullRequest) "pull" else "issues"}/${issueId}"><strong>${StringUtil
+        s"""<a href="${context.path}/${owner}/${repository}/${if (issue.isPullRequest) "pull" else "issues"}/${issueId}"><strong>${StringUtil
           .escapeHtml(title)}</strong> #${issueId}</a>"""
       case None =>
         s"Unknown #${issueId}"
     }
   }
 
+  /**
+   * Creates a global link to the issue or the pull request from the issue id.
+   */
+  protected def createGlobalIssueLink(owner: String, repository: String, issueId: Int, title: String)(
+    implicit context: Context
+  ): String = {
+    getIssueFromCache(owner, repository, issueId.toString) match {
+      case Some(issue) =>
+        s"""<a href="${context.path}/${owner}/${repository}/${if (issue.isPullRequest) "pull" else "issues"}/${issueId}"><strong>${StringUtil
+          .escapeHtml(title)}</strong> ${owner}/${repository}#${issueId}</a>"""
+      case None =>
+        s"Unknown ${owner}/${repository}#${issueId}"
+    }
+  }
+
   /**
    * Converts issue id, username and commit id to link in the given text.
    */

src/main/scala/gitbucket/core/view/helpers.scala

@@ -10,6 +10,8 @@ import gitbucket.core.plugin.{PluginRegistry, RenderRequest}
 import gitbucket.core.service.RepositoryService.RepositoryInfo
 import gitbucket.core.service.{RepositoryService, RequestCache}
 import gitbucket.core.util.{FileUtil, JGitUtil, StringUtil}
+import org.apache.commons.codec.digest.DigestUtils
+import org.json4s.Formats
 import play.twirl.api.{Html, HtmlFormat}
 
 /**
@@ -158,10 +160,19 @@ object helpers extends AvatarImageProvider with LinkConverter with RequestCache
   /**
    * Creates a link to the issue or the pull request from the issue id.
    */
-  def issueLink(repository: RepositoryService.RepositoryInfo, issueId: Int, title: String)(
+  def issueLink(owner: String, repository: String, issueId: Int, title: String)(
     implicit context: Context
   ): Html = {
-    Html(createIssueLink(repository, issueId, title))
+    Html(createIssueLink(owner, repository, issueId, title))
+  }
+
+  /**
+   * Creates a global link to the issue or the pull request from the issue id.
+   */
+  def issueGlobalLink(owner: String, repository: String, issueId: Int, title: String)(
+    implicit context: Context
+  ): Html = {
+    Html(createGlobalIssueLink(owner, repository, issueId, title))
   }
 
   /**
@@ -325,7 +336,7 @@ object helpers extends AvatarImageProvider with LinkConverter with RequestCache
   )(implicit context: Context): Html = {
 
     val avatarHtml = avatar(userName, size, tooltip, mailAddress)
-    val contentHtml = if (label == true) Html(avatarHtml.body + " " + userName) else avatarHtml
+    val contentHtml = if (label) Html(avatarHtml.body + " " + userName) else avatarHtml
 
     userWithContent(userName, mailAddress)(contentHtml)
   }
@@ -386,7 +397,7 @@ object helpers extends AvatarImageProvider with LinkConverter with RequestCache
    * Render a given object as the JSON string.
    */
   def json(obj: AnyRef): String = {
-    implicit val formats = org.json4s.DefaultFormats
+    implicit val formats: Formats = org.json4s.DefaultFormats
     org.json4s.jackson.Serialization.write(obj)
   }
 
@@ -435,14 +446,14 @@ object helpers extends AvatarImageProvider with LinkConverter with RequestCache
               }
               result.append(c)
             }
-            case '>' if tag == true => {
+            case '>' if tag => {
               tag = false
               result.append(c)
             }
             case _ if tag == false => {
               text.append(c)
             }
-            case _ if tag == true => {
+            case _ if tag => {
               result.append(c)
             }
           }
@@ -471,7 +482,7 @@ object helpers extends AvatarImageProvider with LinkConverter with RequestCache
   def diff(jsonString: String): Html = {
     import org.json4s._
     import org.json4s.jackson.JsonMethods._
-    implicit val formats = DefaultFormats
+    implicit val formats: Formats = DefaultFormats
 
     val diff = parse(jsonString).extract[Seq[CommentDiffLine]]
 
@@ -506,4 +517,6 @@ object helpers extends AvatarImageProvider with LinkConverter with RequestCache
     s"$baseUrl${if (baseUrl.contains("?")) "&" else "?"}$queryString"
   }
 
+  def md5(value: String): String = DigestUtils.md5Hex(value)
+
 }

src/main/twirl/gitbucket/core/account/application.scala.html

@@ -1,18 +1,18 @@
 @(account: gitbucket.core.model.Account,
   personalTokens: List[gitbucket.core.model.AccessToken],
-  gneratedToken: Option[(gitbucket.core.model.AccessToken, String)])(implicit context: gitbucket.core.controller.Context)
+  generatedToken: Option[(gitbucket.core.model.AccessToken, String)])(implicit context: gitbucket.core.controller.Context)
 @gitbucket.core.html.main("Applications"){
   @gitbucket.core.account.html.menu("application", context.loginAccount.get.userName, false){
     <div class="panel panel-default">
       <div class="panel-heading strong">Personal access tokens</div>
       <div class="panel-body">
-        @if(personalTokens.isEmpty && gneratedToken.isEmpty){
+        @if(personalTokens.isEmpty && generatedToken.isEmpty){
           No tokens.
         } else {
           Tokens you have generated which can be used to access the GitBucket API.
           <hr style="margin-top: 10px;">
         }
-        @gneratedToken.map { case (token, tokenString) =>
+        @generatedToken.map { case (token, tokenString) =>
           <div class="alert alert-info">
             Make sure to copy your new personal access token now. You won't be able to see it again!
           </div>

src/main/twirl/gitbucket/core/account/edit.scala.html

@@ -72,7 +72,8 @@ $(function(){
   addExtraMailAddress();
   $('#extraMailAddresses').on('change', '.extraMailAddress', checkExtraMailAddress);
   $('#save').click(function(){
-    if($('#password').val() != ''){
+    let pwval = $('#password').val();
+    if(typeof(pwval) != 'undefined' && pwval != ''){
       return confirm('Are you sure you want to change password?');
     } else {
       return true;

src/main/twirl/gitbucket/core/helper/activities.scala.html

@@ -58,6 +58,7 @@
               </div>
           }
         }
+        case "delete_wiki" => simpleActivity(activity)
       })
     </div>
   }