Codimd Versions Save
CodiMD - Realtime collaborative markdown notes on all platforms.
2.5.3
3 months ago2.5.2
3 months agoThis is another recovery release that fixes the pandoc DoS issue.
Enhancements
- Build docker image using github actions #1849
Fixes
- [Security Issue] address denial of service issue in actionPandoc #1847
Thank you
These pull requests came from CodiMD community, thank you guys for being here and making CodiMD awesome ❤️
Full Changelog: https://github.com/hackmdio/codimd/compare/2.5.1...2.5.2
2.5.1
3 months agoIt's a recovery release that mainly fixes Docker image build issues and security issues.
Security Fixes
-
[Security Issue] Bump
@hackmd/pandoc.jsversion to 0.2.0 #1843 @EastSun5566
Fixes
- Replace mattermost-redux with mattermost/client #1840 @Yukaii
- Fix dependency resolving with prom-client v12 #1834 @Yukaii
Thank you
These pull requests came from CodiMD community, thank you guys for being here and making CodiMD awesome ❤️
2.5.0
4 months ago
The Formosan hare (scientific name: Lepus sinensis formosus), a species of the rabbit family, is a subspecies unique to Taiwan. It measures 30-40 centimeters in length, with a tail that's 5-6 centimeters long and ears that are 8-10 centimeters long. Smaller than the Chinese hare, it has brownish eyes. Wikipedia
Check out the complete release note. Thank you CodiMD community and all our contributors. ❤️
Security Fixes
- [Security Issue] Strip HTML tags for gist id to avoid stored XSS on showing error [Security Issue] #1691 @jackycute
- [Security Issue] Upgrade mermaid to version 8.10.2 to avoid prototype pollution #1690 @jackycute
- [Security Issue] potential XSS in vimeo embed #1792 @galaxian85
- [Security Issue] FIX: pandoc security issue #1790 by @galaxian85
- [Security Issue] fix: sanitize pdf url to prevent XSS on inline PDFs #1832 @EastSun5566
Fixes
- Avoid append zero suffix on exporting user data #1680 @jackycute
- Handle when request url has no valid referer #1679 @jackycute
- Fix S3 client config passing for image upload #1683 @jackycute
- Set a proper "lang" attribute on in https://github.com/hackmdio/codimd/pull/1481
- Fix matchInContainer false positives #1605 @tamo
- Convert "include" directives to functions #1580 @tamo
- Move HTML-related code from JS to EJS to enable more i18n #1587 @tamo
- fix: may referernce out of bound index in clearDuplicatedHistory #1706 @a60814billy
- Feat/csrf export user data #1695 @a60814billy
- sequelize.import deprecation #1724 @Yukaii
- chore: remove unused uglifyjs-webpack-plugin dep #1723 @Yukaii
- fix: should not clear guest history when guest pin note #1697 @a60814billy
- Fix: s3 api supported multiple cloud providers. fixes: https://github.com/hackmdio/codimd/issues/1761 #1762 @blademainer
- Fix: Code Fence parameter parsing #1739 @V1ncNet
- Update README.md to remove IE from supporting list #1729 @jackycute
- FIX: server crash when filename too long #1789 @galaxian85
- fix: use encoded note id to update history #1804 @bbtfr
- 🐛 [fix] modify replacement rule for disqus short-name #1750 @chenxuanzzy
- Fix history page nav #1808 @jackycute
- Fix the uploadimage form #1814 @hcyuser
- bugfix/uploadimage form #1836 @Yukaii
- Add the logout callback to prevent exception. #1813 @hcyuser
- Add the logout callback to prevent exception #1837 @Yukaii
Enhancements
- Add TeX mhchem extensions for MathJax #1684 @jackycute
- Upgrade flowchart.js to version 1.15.0 #1685 @jackycute
- Upgrade codemirror to 5.63.2 #1716 @Yukaii
- Update de.json in #1741
- Documentation - add Music section and move abc abd fretboard to this section #1715 @brunetton
- chore: bump meta-marked to 0.5.0 #1722 @Yukaii
- Typos + Better translation for "Externals" #1793 @eyssette
- feat: Migrate to gtag and support GA4 #1798 @assanges
- 【fix】reword japanese #1802 @AQ-masatoshi-yamaguchi
- upgrading pg to 8.8.0 to support new scram-sha-256 authentication #1784 @phntom
- feat: add organizations whitelist to GitHub OAuth #1710 @jakubgs
- Add oauth2 authorization #1626 @joachimmathes
- Update both Traditional and Simplified Chinese locales #1815 @PeterDaveHello
DX
- Run CI with GitHub Actions #1694 @Yukaii
- Add dev container for GitHub Codespaces and VSCode remote container #1688 @a60814billy
- Add arm64 docker image build. #1701 @YadominJinta
- fix(buildpacks): replace custom buildpack with APT buildpack #1797 @EtienneM
- Update minimum required node.js version to v12 with npm package dependencies #1799 @PeterDaveHello
- Upgrade Node.js version #1767 @inductor
- Update node.js version in .nvmrc #1816 @PeterDaveHello
- Update npm dependencies #1817 @PeterDaveHello
Thank you
Thank you guys for being here and making CodiMD awesome ❤️
2.4.2
1 year agoSecurity Fixes
- #1685 [Security Issue] Upgrade flowchart.js to version 1.15.0
- #1690 [Security Issue] Upgrade mermaid to 8.10.2
- #1691 [Security Issue] Strip HTML tags for gist id to avoid stored XSS on showing error
- #1695 [Security Issue] Add CSRF token in export API to prevent security issue
- #1716 [Security Issue] Upgrade CodeMirror to 5.63.2
Fixes
- #1605 Fix container syntax not parsed correctly
- #1679 Handle when request url has no valid referer
- #1683 Fix S3 client config passing for image upload
- #1706 Fix array access index may out of bound
- #1723 remove unused uglifyjs webpack plugin dependency
Enhancements
- #1481 Set lang attributes via user locale
- #1580 Use include function instead of directives
- #1587 Extract more keyword for i18n translate
- #1680 Avoid append zero suffix on exporting user data
- #1684 Add TeX mhchem extensions for MathJax
- #1701 Support arm64 docker image
- #1724 Refactor Sequelize model import mechanism due to sequelize.import is deprecated
- #1741 Better german translation
DX
- #1688 Support DevContainer for GitHub Codespaces and VSCode remote container
- #1694 Run CI with GitHub Actions
Thank you
Thank you guys for being here and making CodiMD awesome ❤️
- @a60814billy
- @BinotaLIU
- @rubstudent
- @jackycute
- @tamo
- @YadominJinta
- @Yukaii
2.4.1
2 years ago
Papilio maraho is a species of butterfly in the family Papilionidae. It is endemic to Taiwan. - Wikipedia Papilio maraho
Check out the complete release note. Thank you CodiMD community and all our contributors. ❤️
Enhancements
- Support autofix linter errors #1654 @Yukaii
- Support anonymous updates via API #1665 @glpatcern
- Support mediawiki export format in pandoc export #1624 @fujexo
- Add some help strings to Prometheus metrics #1625 @pichouk
- Allow more syntax highlight modes in editor #1577 @Yukaii
- Support TOC level customization #1532 @zergar
- Follow Google guidelines to use Google OAuth #1588 @tamo
Fixes
- Vimeo won't show up due to the jsonp callback data unable be parsed with jQuery #1652 @jackycute
- Fix slide mode stored XSS #1650 @jackycute [Security]
- Enforce PG ssl require mode on heroku #1660 @Yukaii
- Webpack exclude path should support windows path #1675 @a60814billy
- Free url can read any md in file system #1674 @a60814billy [Security]
- Use encoded noteId when calling updateHistory #1570 @Yukaii
Docs
- Add matrix badge and links to README #1629 @a-andreyev
2.3.0
3 years ago
Isoetes taiwanensis is a species of plant in the family Isoetaceae. It is endemic to Taiwan, and the only species of quillwort there. As other quillworts, it is relatively small, with erect leaves 7–24 cm (2.8–9.4 in) long. It grows submersed in shallow ponds for most of the year. IUCN considers it critically endangered because of habitat loss. - Wikipedia Isoetes taiwanensis
In this release, we focus on polishing existing features, fixing bugs and patching security issues.
We continue to expand the APIs. CodiMD now supports "Update note's content" and "delete note" RESTful APIs. Thanks for the great works from @JamesCamel :heart_eyes:
We also fix several XSS security issues, including mermaid, vega and image lightbox. We appreciate the security report from @msrkp, @Alemmi, and @nename0 .
This is the last release before the end of this year. Merry Christmas to everyone! Let's look forward and see you in the next year. :tada:
Check out the complete release note. Thank you CodiMD community and all our contributors. ❤️
Enhancements
- Fretboard improvements
- Update and delete note api
- Allow Sequelize CLI to use options set in config.json
- Allow specifying option for graphviz
- Spellcheck: add en_GB dictionary
Fixes
- Fix ui-edit and ui-both buttons in night mode
- Don't run jsonlint on .vscode jsonc files
- Fix image lightbox xss issue
- Fix mermaid xss issue
- Check upload image mime type
- Vega syntax XSS dependencies
2.2.0
3 years ago
Diploderma swinhonis, also known as the Taiwan japalure, Swinhoe's japalure, and Swinhoe's tree lizard, is a species of lizard in the family Agamidae. The species is endemic to Taiwan. - Wikipedia Diploderma swinhonis
In this release, we've added some Markdown renderer plugins, including fretboard guitar, Mindmap, and CSV. We believe the simplicity and the extensibility of markdown can bring more possibilities to you and your workflow. So let's find out more about what we can do with markdown. :100:
We also fixed a long-lasting issue: CodiMD cannot be hosted under URL subpath perfectly. Check PR #1551 for details.
Last but not least, we start standarizing CodiMD API. We drafted List my notes API in this release. Stay tuned. :person_in_lotus_position:
Here are some highlights from this release:
Check out the complete release note. Thank you CodiMD community and all our contributors. ❤️
Enhancements
- Use array for tags when available
- Replace btn-social with btn-login-method
- Set html image meta tag with YAML metadata
- List my note API
Fixes
- Update Simplified Chinese translation and fix typography
- Fix webpack urlpath font loading error
2.1.0
3 years ago
Zhangixalus prasinatus
Zhangixalus prasinatus is a species of frog in the family Rhacophoridae endemic to northern Taiwan. It is the largest tree frog in Taiwan; females can reach 7 cm (2.8 in) in snout-vent length. It is known from Taipei, Yilan, and Taoyuan. - Wikipedia Zhangixalus prasinatus
During this hard time of COVID-19, it's a pleasure to help people collaborate better with CodiMD. We hope the world will recover from this situation soon. :sunrise:
Good news, we have some goodies for CodiMD including:
Check out the complete release note. Thank you CodiMD community and all our contributors. ❤️
Fixes
- Fix GitHub's avatar URL
- Fix getStatus caused "TypeError: Converting circular structure to JSON"
Enhancements
- Replace scrypt with scrypt-kdf
- Optimize module size
- Support brace wrapped param in fence lang
- Upgrade Node.JS version to 10.20.1
- return errorForbidden when anonymous user tries to create freeUrl pad
- Exporting metrics for node.js, express, router, and codimd realtime status.
- Add state parameter for oauth2