Hugo Versions Save

What Changed

• Fix rebuilds when running hugo -w 7203a95a6 @bep #12296
• tpl/tplimpl: Fix double-escaping in opengraph template fb51b698b @jmooring #12418
• commands: Clarify that create or install a theme are two options fe84cc218 @Habbie
• config: Setups with only one active language can never be multihost babcb339a @bep #12288
• Use Apache License without modification 6b867972e @bep #12415
• build(deps): bump github.com/tdewolff/minify/v2 from 2.20.19 to 2.20.20 fb084390c @dependabot[bot]

This release fixes a security issue reported by @ejona86 (see #12411) that could allow XSS injection from Markdown content files if one of the internal link or image render hook templates added in Hugo 0.123.0 are enabled. You typically control and trust the content files, but according to Hugo's security model, we state that "template and configuration authors (you) are trusted, but the data you send in is not."

• markup/goldmark: Fix data race in the hugocontext wrapper 509ab08c1 @bep
• tpl: Escape .Title in built-in image and link render hooks 15a4b9b33 @bep
• tpl/tplimpl: Improve embedded templates 10a8448ee @jmooring #12396
• SECURITY.md: Update link to security model 722c486a3 @ejona86
• modules: Fix potential infinite loop in module collection f40f50ead @bep #12407

What's Changed

• Only add root sections to the section pages menu 06d248910 @bep #12399
• Fix partial rebuilds for SCSS fetched with GetMatch and similar Fixes #12395 004b69439 @bep
• commands: Add gen chromastyles --lineNumbersTableStyle flag da6112fc6 @jmooring #12393
• resources/images: Fix TestColorLuminance on s390x faf9fedc3 @bep
• commands: Provide examples for chromastyles flags 11aa89319 @jmooring #12387

What's Changed

• tpl: Use erroridf for remote YouTube errors 0c188fda2 @bep #12383
• build: Fix `GLIBC_2.29' not found issue bbc6888d0 @bep #12381

Some of the notable new features in this release:

• strings.Diff template func.
• .PageInner in render hooks to get the inner page when using .RenderShortcode in a shortcode, typically used to resolve links and page resources relative to an included Page.
• Add Luminance to $image.Color, allowing for sorting by relative luminance. e197c7b29 @bep #10450

This release is built with Go 1.22.2 (#12351) which comes with a fix for security issue CVE-2023-45288. We don't see how that could be exploited in Hugo, but we do appreciate that people want a clean security report.

Bug fixes

• Fix server rebuilds when adding a content file on Linux fa60a2fbc @bep #12362
• helpers: Fix TrimShortHTML when used with AsciiDoc content 6049ba99f @jmooring #12369
• github: Fix CI build 9323376df @bep
• all: Fix duplicate words in comments bf0b14036 @grimreaper
• all: Typo fixes 17765a745 @coliff
• hugolib: Fix regression for blank summaries 26640525a @curegit
• Fix sectionPagesMenu for pages in root level 488b21d15 @bep #12306
• Fix resource bundling for overlapping page.md vs page.txt 983b8d537 @bep #12320
• Fix panic with debug.Dump with Page when running the server 38e05bd3c @bep #12309
• resources/page: Fix GoDoc comment 27414d43a @availhang

Improvements

• Add Luminance to Color e197c7b29 @bep #10450
• Pass .RenderShortcodes' Page to render hooks as .PageInner df11327ba @bep #12356
• github: Add a "free space" step on Ubuntu 8e50ccfae @bep
• helpers: Add BenchmarkTrimShortHTML bfc3122f8 @bep
• github: Update actions 00ae8e8c7 @bep
• github: Format GitHub actions files e423e5627 @bep
• hugolib: Display server address after each rebuild 09eb82282 @jmooring #12359
• resources/page: Add taxonomies Page method a6e843917 @jmooring #12316
• commands: Adjust completions 38f68cd16 @bep
• completion: Improve existing argument completions, add many more a67650b6f @scop
• Upgrade to Go 1.22.2 2a060b37a @bep #12351
• babel: Run go fmt 92de8625c @bep
• babel: Close file before removing 7907935a4 @testwill
• bump golang.org/x/mod from 0.16.0 to 0.17.0 02d5ec14f @dependabot[bot]
• resources/page: Escape hash sign in permalinks 4500b0e42 @sorenisanerd #4926 #8232 #12342
• tpl/strings: Improve type checking 7bf1abfc5 @jmooring
• tpl/tplimpl: Improve youtube shortcode 8a0ea12d8 @jmooring #3694 #9213 #10520 #10575 #10576
• errors: Return error from cast.ToStringE() consistently 6f07e5976 @seiyab
• tpl/tplimpl: Improve embedded opengraph template 2da4ec573 @jmooring #8296 #8698 #8991 #9818 #9866 #10647
• tpl/strings: Create strings.Diff template function 6624979e1 @jmooring #12330
• tpl/tplimpl: Optionally exclude content from sitemap 6738a3e79 @jmooring #653 #12282
• tpl/tplimpl: Remove trailing slash from void elements 2f7df4b92 @jmooring #11867
• tpl/tplimpl: Update RSS template f0a26cf58 @jmooring #3918 #11692
• tpl/tplimpl: Update schema template 74ce5dc84 @jmooring #7570
• resources: Use different cache key when copying resources 54a8f0ce2 @jmooring #10412 #12310
• tpl/tplimpl: Update Google Analytics template and config ebfca61ac @jmooring #11802 #10093
• hugolib: Conditionally suppress .Site.Author deprecation notice e1917740a @jmooring #12297

Dependency Updates

• build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.0 to 2.2.1 fe63de3a8 @dependabot[bot]
• build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0 a18e2bcb9 @dependabot[bot]
• build(deps): bump golang.org/x/tools from 0.19.0 to 0.20.0 97df6be59 @dependabot[bot]
• build(deps): bump golang.org/x/net from 0.23.0 to 0.24.0 e9b8bec43 @dependabot[bot]
• build(deps): bump github.com/getkin/kin-openapi from 0.123.0 to 0.124.0 888cc1e61 @dependabot[bot]
• build(deps): bump github.com/pelletier/go-toml/v2 from 2.1.1 to 2.2.0 060cce0a9 @dependabot[bot]
• build(deps): bump github.com/yuin/goldmark from 1.7.0 to 1.7.1 5608ba1f7 @dependabot[bot]
• build(deps): bump github.com/aws/aws-sdk-go-v2/service/cloudfront 2fedca6c8 @dependabot[bot]
• build(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 07873b74b @dependabot[bot]

Documentation

• docs: Regen docshelper df9f2fb61 @bep
• hugolib: Add an asciidoc rebuild test case 74e912956 @bep #12375
• markup/asciidocext: Add Level to Heading struct c837f36ab @jmooring #12291

What's Changed

• Fix potential deadlock in Translations 758a876f9 @bep #12129
• Fix rebuild when changing mixed case named templates 19937a20a @bep #12165
• testing: Set usesFMA as true for riscv64 too c1ea22a23 @anthonyfok
• Fix regression for outputs defined in front matter for term pages 0750a9ec9 @bep #12275

The new feature in this release is a new segments configuration section and a new --renderSegments flag/config key. This release also updates to Go 1.22.1 that fixes a security issue in the template package that Hugo uses (CVE-2023-45289, see https://github.com/golang/go/issues/65697). We don't see how this could be exploited in Hugo, but we appreciate that Hugo users want to have a clean security report.

Bug fixes

• Fix .Parent when there are overlapping regular pages inbetween f1d755965 @bep #12263
• hugolib: Fix sitemap index with monolingual site 3935faa41 @jmooring #12266
• all: Typo fixes 78178d0c2 @coliff
• Fix translationKey handling for term pages 68d92ef9d @bep #12261
• Fix intersect and similar for term entry page collections b40f3c7df @bep #12254
• Fix server rebuilds when adding sub sections especially on Windows 07b2e535b @bep #12230
• Fix panic when changing archetype files when servere is running 9ca1de09d @bep #12195
• Fix front matter date location when value gets inherited from other dates 9668759ad @bep #12236
• Fix Name for nested resourced fetched in resources.ByName and similar 9e9b1f110 @bep #12214

Improvements

• Add segments config + --renderSegments flag 1f1c62e6c @bep #10106
• hugolib: Remove Site.HomeAbsURL 558f74f00 @bep
• hugolib: Deprecate site methods Author, Authors, and Social d4d49e0f0 @jmooring #12228
• Upgrade to Go 1.22.1 57206e727 @bep #12250
• tpl/tplimpl: Modify figure shortcode to look for page resource 48a0fea87 @jmooring #12244 #12245
• common/hugo: Rename IsMultiHost and IsMultiLingual dc6a29213 @jmooring #12232
• hugolib: Deprecate .Site.MultiLingual in favor of hugo.IsMultiLingual 4f92f949e @jmooring #12224
• tpl/tplimpl: Remove deprecated method from sitemapindex.xml f038a51b3 @jmooring

Dependency Updates

• deps: Upgrade github.com/gohugoio/hugo-goldmark-extensions/passthrough v0.1.0 => v0.2.0 ba03114aa @bep
• build(deps): bump github.com/evanw/esbuild from 0.20.1 to 0.20.2 b1f867634 @dependabot[bot]
• build(deps): bump golang.org/x/tools from 0.18.0 to 0.19.0 b4bff6190 @dependabot[bot]
• build(deps): bump github.com/tdewolff/minify/v2 from 2.20.17 to 2.20.19 d2cebee27 @dependabot[bot]
• deps: Upgrade github.com/alecthomas/chroma/v2 to v2.13.0 be914ff34 @myitcv #11862
• build(deps): bump golang.org/x/mod from 0.15.0 to 0.16.0 e62675002 @dependabot[bot]

Documentation

• docs: Regen CLI docs 76ef3f42f @bep
• docs: Regen docshelper 0ccb6cdc0 @bep

Build Setup

• snap: Transition to from core20 to core22 d24ffdde5 @jmooring #12219

• docs: Fix hyphens and grammar in synopsis of command 'hugo server' ada3fceea @deining
• Fix resource name in resources.ByType a4b17470a @bep #12190
• Fix global resource isn't published when using an uncommon code construct 4d5e173cf @bep #12190
• Fix section page resource not published if resource filename partially matches content file name 4271b6be0 @bep #12198
• Fix taxonomy kind template lookup issue 0567a3e6f @bep #12193
• markup/goldmark: TOC: render strikethrough, emojis 134e7d1d3 @lyind #7169 #11783 #12022
• Add hugo.IsMultiHost 1f48b717c @razonyang
• resources/images: Retain newlines with text overlays 05e23bd55 @jmooring #12206
• Don't auto-create empty sections for nested taxonomies 7afac3f1a @bep #12188
• tpl/tplimpl: Honor markdown attributes in embedded image render hook 632ad74fc @jmooring #12203

What's Changed

• hugofs: Fix vertical mount merge issue 2b2f2b75e @bep #12175
• Fix and add integration test for the Bootstrap SCSS module for both Dart Sass and Libsass 0d6e593ff @bep #12178
• Fix resources.GetMatch, resources.Match, and resources.ByType to they don't normalize permalinks 7023cf0f0 @bep #12182
• Make sure that sitemaps gets generated even if there is a content bundle with the same path 9dfa9e70e @bep #12183
• resources/page: Make Taxonomy.Get and Taxonomy.Count case-insensitive 3f217fd66 @jmooring #12177

What's Changed

• Fix panic when cascading headless from site config to section that does not have an _index.md file fce8d82b7 @bep #12172
• Fix assets vs data issue 4a502f7eb @bep #12133
• Fix draft for non-default content when content in default language does not exist be1dbba0f @bep #12132