Releases: hackmdio/codimd
CodiMD 2.5.4
Check out the complete release note. Thank you CodiMD community and all our contributors. ❤️
Enhancements
- Add index at revision table for improving system performance #1856
- Refactor to reuse random filename in filesystem image provider #1867
Fixes
- Fix exclusion of name attribute from iframe filterXSS allowlist #1865
- Fix typo: "opened source" -> "open sourced" #1869
Thank you
Thank you guys for being here and making CodiMD awesome ❤️
CodiMD 2.5.3
CodiMD 2.5.2
This is another recovery release that fixes the pandoc DoS issue.
Enhancements
- Build docker image using github actions #1849
Fixes
- [Security Issue] address denial of service issue in actionPandoc #1847
Thank you
These pull requests came from CodiMD community, thank you guys for being here and making CodiMD awesome ❤️
Full Changelog: 2.5.1...2.5.2
CodiMD 2.5.1
It's a recovery release that mainly fixes Docker image build issues and security issues.
Security Fixes
- [Security Issue] Bump
@hackmd/pandoc.jsversion to 0.2.0 #1843 @EastSun5566
Fixes
- Replace mattermost-redux with mattermost/client #1840 @Yukaii
- Fix dependency resolving with prom-client v12 #1834 @Yukaii
Thank you
These pull requests came from CodiMD community, thank you guys for being here and making CodiMD awesome ❤️
Contributors
Assets 2
CodiMD 2.5.0 The Formosan hare
The Formosan hare (scientific name: Lepus sinensis formosus), a species of the rabbit family, is a subspecies unique to Taiwan. It measures 30-40 centimeters in length, with a tail that's 5-6 centimeters long and ears that are 8-10 centimeters long. Smaller than the Chinese hare, it has brownish eyes.
Wikipedia
Check out the complete release note. Thank you CodiMD community and all our contributors. ❤️
Security Fixes
- [Security Issue] Strip HTML tags for gist id to avoid stored XSS on showing error [Security Issue] #1691 @jackycute
- [Security Issue] Upgrade mermaid to version 8.10.2 to avoid prototype pollution #1690 @jackycute
- [Security Issue] potential XSS in vimeo embed #1792 @galaxian85
- [Security Issue] FIX: pandoc security issue #1790 by @galaxian85
- [Security Issue] fix: sanitize pdf url to prevent XSS on inline PDFs #1832 @EastSun5566
Fixes
- Avoid append zero suffix on exporting user data #1680 @jackycute
- Handle when request url has no valid referer #1679 @jackycute
- Fix S3 client config passing for image upload #1683 @jackycute
- Set a proper "lang" attribute on in #1481
- Fix matchInContainer false positives #1605 @tamo
- Convert "include" directives to functions #1580 @tamo
- Move HTML-related code from JS to EJS to enable more i18n #1587 @tamo
- fix: may referernce out of bound index in clearDuplicatedHistory #1706 @a60814billy
- Feat/csrf export user data #1695 @a60814billy
- sequelize.import deprecation #1724 @Yukaii
- chore: remove unused uglifyjs-webpack-plugin dep #1723 @Yukaii
- fix: should not clear guest history when guest pin note #1697 @a60814billy
- Fix: s3 api supported multiple cloud providers. fixes: #1761 #1762 @blademainer
- Fix: Code Fence parameter parsing #1739 @V1ncNet
- Update README.md to remove IE from supporting list #1729 @jackycute
- FIX: server crash when filename too long #1789 @galaxian85
- fix: use encoded note id to update history #1804 @bbtfr
- 🐛 [fix] modify replacement rule for disqus short-name #1750 @chenxuanzzy
- Fix history page nav #1808 @jackycute
- Fix the uploadimage form #1814 @hcyuser
- bugfix/uploadimage form #1836 @Yukaii
- Add the logout callback to prevent exception. #1813 @hcyuser
- Add the logout callback to prevent exception #1837 @Yukaii
Enhancements
- Add TeX mhchem extensions for MathJax #1684 @jackycute
- Upgrade flowchart.js to version 1.15.0 #1685 @jackycute
- Upgrade codemirror to 5.63.2 #1716 @Yukaii
- Update de.json in #1741
- Documentation - add Music section and move abc abd fretboard to this section #1715 @brunetton
- chore: bump meta-marked to 0.5.0 #1722 @Yukaii
- Typos + Better translation for "Externals" #1793 @eyssette
- feat: Migrate to gtag and support GA4 #1798 @assanges
- 【fix】reword japanese #1802 @AQ-masatoshi-yamaguchi
- upgrading pg to 8.8.0 to support new scram-sha-256 authentication #1784 @phntom
- feat: add organizations whitelist to GitHub OAuth #1710 @jakubgs
- Add oauth2 authorization #1626 @joachimmathes
- Update both Traditional and Simplified Chinese locales #1815 @PeterDaveHello
DX
- Run CI with GitHub Actions #1694 @Yukaii
- Add dev container for GitHub Codespaces and VSCode remote container #1688 @a60814billy
- Add arm64 docker image build. #1701 @YadominJinta
- fix(buildpacks): replace custom buildpack with APT buildpack #1797 @EtienneM
- Update minimum required node.js version to v12 with npm package dependencies #1799 @PeterDaveHello
- Upgrade Node.js version #1767 @inductor
- Update node.js version in .nvmrc #1816 @PeterDaveHello
- Update npm dependencies #1817 @PeterDaveHello
Thank you
Thank you guys for being here and making CodiMD awesome ❤️
CodiMD 2.4.2
Security Fixes
- #1685 [Security Issue] Upgrade flowchart.js to version 1.15.0
- #1690 [Security Issue] Upgrade mermaid to 8.10.2
- #1691 [Security Issue] Strip HTML tags for gist id to avoid stored XSS on showing error
- #1695 [Security Issue] Add CSRF token in export API to prevent security issue
- #1716 [Security Issue] Upgrade CodeMirror to 5.63.2
Fixes
- #1605 Fix container syntax not parsed correctly
- #1679 Handle when request url has no valid referer
- #1683 Fix S3 client config passing for image upload
- #1706 Fix array access index may out of bound
- #1723 remove unused uglifyjs webpack plugin dependency
Enhancements
- #1481 Set lang attributes via user locale
- #1580 Use include function instead of directives
- #1587 Extract more keyword for i18n translate
- #1680 Avoid append zero suffix on exporting user data
- #1684 Add TeX mhchem extensions for MathJax
- #1701 Support arm64 docker image
- #1724 Refactor Sequelize model import mechanism due to sequelize.import is deprecated
- #1741 Better german translation
DX
- #1688 Support DevContainer for GitHub Codespaces and VSCode remote container
- #1694 Run CI with GitHub Actions
Thank you
Thank you guys for being here and making CodiMD awesome ❤️
- @a60814billy
- @BinotaLIU
- @rubstudent
- @jackycute
- @tamo
- @YadominJinta
- @Yukaii
CodiMD 2.4.1 Papilio maraho
Papilio maraho is a species of butterfly in the family Papilionidae. It is endemic to Taiwan.
- Wikipedia Papilio maraho
Check out the complete release note. Thank you CodiMD community and all our contributors. ❤️
Enhancements
- Support autofix linter errors #1654 @Yukaii
- Support anonymous updates via API #1665 @glpatcern
- Support mediawiki export format in pandoc export #1624 @fujexo
- Add some help strings to Prometheus metrics #1625 @pichouk
- Allow more syntax highlight modes in editor #1577 @Yukaii
- Support TOC level customization #1532 @zergar
- Follow Google guidelines to use Google OAuth #1588 @tamo
Fixes
- Vimeo won't show up due to the jsonp callback data unable be parsed with jQuery #1652 @jackycute
- Fix slide mode stored XSS #1650 @jackycute [Security]
- Enforce PG ssl require mode on heroku #1660 @Yukaii
- Webpack exclude path should support windows path #1675 @a60814billy
- Free url can read any md in file system #1674 @a60814billy [Security]
- Use encoded noteId when calling updateHistory #1570 @Yukaii
Docs
- Add matrix badge and links to README #1629 @a-andreyev
CodiMD 2.3.2 Isoetes taiwanensis
Fixes
- Upgrade mermaid to 8.6.4 to make the previous fix works
CodiMD 2.3.0 Isoetes taiwanensis
Isoetes taiwanensis is a species of plant in the family Isoetaceae. It is endemic to Taiwan, and the only species of quillwort there. As other quillworts, it is relatively small, with erect leaves 7–24 cm (2.8–9.4 in) long. It grows submersed in shallow ponds for most of the year. IUCN considers it critically endangered because of habitat loss.
- Wikipedia Isoetes taiwanensis
In this release, we focus on polishing existing features, fixing bugs and patching security issues.
We continue to expand the APIs. CodiMD now supports "Update note's content" and "delete note" RESTful APIs. Thanks for the great works from @JamesCamel 😍
We also fix several XSS security issues, including mermaid, vega and image lightbox. We appreciate the security report from @msrkp, @Alemmi, and @nename0
.
This is the last release before the end of this year.
Merry Christmas to everyone! Let's look forward and see you in the next year. 🎉
Check out the complete release note. Thank you CodiMD community and all our contributors. ❤️
Enhancements
- Fretboard improvements
- Update and delete note api
- Allow Sequelize CLI to use options set in config.json
- Allow specifying option for graphviz
- Spellcheck: add en_GB dictionary
Fixes
- Fix ui-edit and ui-both buttons in night mode
- Don't run jsonlint on .vscode jsonc files
- Fix image lightbox xss issue
- Fix mermaid xss issue
- Check upload image mime type
- Vega syntax XSS dependencies
CodiMD 2.2.0 Diploderma swinhonis
Diploderma swinhonis, also known as the Taiwan japalure, Swinhoe's japalure, and Swinhoe's tree lizard, is a species of lizard in the family Agamidae. The species is endemic to Taiwan.
- Wikipedia Diploderma swinhonis
In this release, we've added some Markdown renderer plugins, including fretboard guitar, Mindmap, and CSV. We believe the simplicity and the extensibility of markdown can bring more possibilities to you and your workflow. So let's find out more about what we can do with markdown. 💯
We also fixed a long-lasting issue: CodiMD cannot be hosted under URL subpath perfectly. Check PR #1551 for details.
Last but not least, we start standarizing CodiMD API. We drafted List my notes API in this release. Stay tuned. :person_in_lotus_position:
Here are some highlights from this release:
Check out the complete release note. Thank you CodiMD community and all our contributors. ❤️
Enhancements
- Use array for tags when available
- Replace btn-social with btn-login-method
- Set html image meta tag with YAML metadata
- List my note API
Fixes
- Update Simplified Chinese translation and fix typography
- Fix webpack urlpath font loading error