CodiMD 2.6.1

Enhancements

• Migrate RevealMarkdown to ES module imports to modernize presentation code and fix related rendering issues. #1941
• Update dependencies and improve Markmap integration to harden against XSS and keep third‑party libs up to date. #1934

Fixes

• Prevent exporting empty notes in the user archive export. #1942
• Fix broken Travis badge in docs. #1940

Thank you

These pull requests came from CodiMD community, thank you guys for being here and making CodiMD awesome ❤️

• @bravesasha
• @Yukaii

CodiMD 2.6.0

Check out the complete release note. Thank you CodiMD community and all our contributors. ❤️

Enhancements

• Add PDF URL validation and content type check #1896
• Add state parameter to OAuth strategies for enhanced security #1902
• Update GitHub Actions to use latest versions #1895
• Update ESLint configuration for ES6 support #1900
• Add preference to disable table editor shortcuts and migrate preferences to localStorage #1901
• Upgrade mermaid to latest version #1894
• Add baseURL configuration option to S3 modules #1876
• Improve contrast on certain elements #1899
• Bump codemirror version to 5.65.8 #1908
• Configure MiniCssExtractPlugin for production environment in webpack #1897
• Refactor plugin paths and move custom reveal plugin #1898
• Update dependencies for abcjs and mermaid.js #1914
• Update image to allow development on MBP ARM chips #1913
• Update docker-compose.yml with build instructions for codimd service #1917

Fixes

• Fix login email should be case insensitive #1911
• Fix lost schema of S3 URL #1893

Thank you

These pull requests came from CodiMD community, thank you guys for being here and making CodiMD awesome ❤️

• @DubMythlit
• @fukumoto-ts
• @Matt-V50
• @Nowaker
• @stanley2058
• @WakuwakuP
• @Yukaii

CodiMD 2.5.4

Check out the complete release note. Thank you CodiMD community and all our contributors. ❤️

Enhancements

• Add index at revision table for improving system performance #1856
• Refactor to reuse random filename in filesystem image provider #1867

Fixes

• Fix exclusion of name attribute from iframe filterXSS allowlist #1865
• Fix typo: "opened source" -> "open sourced" #1869

Thank you

Thank you guys for being here and making CodiMD awesome ❤️

• @biswabaibhab007
• @yamashush
• @Yukaii
• @denandz
• @jackfromeast
• @ishmeals

CodiMD 2.5.3

It's a minor fix release that bumps the version number in package.json

Enhancements

• Add codeium-chrome extension support #1851
• Add check-release GitHub action workflow that prevents us from forgetting to update the package.json during releases again #1852

CodiMD 2.5.2

This is another recovery release that fixes the pandoc DoS issue.

Enhancements

• Build docker image using github actions #1849

Fixes

• [Security Issue] address denial of service issue in actionPandoc #1847

Thank you

These pull requests came from CodiMD community, thank you guys for being here and making CodiMD awesome ❤️

• @y0d3n
• @Yukaii

Full Changelog: 2.5.1...2.5.2

CodiMD 2.5.1

It's a recovery release that mainly fixes Docker image build issues and security issues.

Security Fixes

• [Security Issue] Bump @hackmd/pandoc.js version to 0.2.0 #1843 @EastSun5566

Fixes

• Replace mattermost-redux with mattermost/client #1840 @Yukaii
• Fix dependency resolving with prom-client v12 #1834 @Yukaii

Thank you

These pull requests came from CodiMD community, thank you guys for being here and making CodiMD awesome ❤️

• @EastSun5566
• @Yukaii

CodiMD 2.5.0 The Formosan hare

The Formosan hare (scientific name: Lepus sinensis formosus), a species of the rabbit family, is a subspecies unique to Taiwan. It measures 30-40 centimeters in length, with a tail that's 5-6 centimeters long and ears that are 8-10 centimeters long. Smaller than the Chinese hare, it has brownish eyes.
Wikipedia

Check out the complete release note. Thank you CodiMD community and all our contributors. ❤️

Security Fixes

• [Security Issue] Strip HTML tags for gist id to avoid stored XSS on showing error [Security Issue] #1691 @jackycute
• [Security Issue] Upgrade mermaid to version 8.10.2 to avoid prototype pollution #1690 @jackycute
• [Security Issue] potential XSS in vimeo embed #1792 @galaxian85
• [Security Issue] FIX: pandoc security issue #1790 by @galaxian85
• [Security Issue] fix: sanitize pdf url to prevent XSS on inline PDFs #1832 @EastSun5566

Fixes

• Avoid append zero suffix on exporting user data #1680 @jackycute
• Handle when request url has no valid referer #1679 @jackycute
• Fix S3 client config passing for image upload #1683 @jackycute
• Set a proper "lang" attribute on in #1481
• Fix matchInContainer false positives #1605 @tamo
• Convert "include" directives to functions #1580 @tamo
• Move HTML-related code from JS to EJS to enable more i18n #1587 @tamo
• fix: may referernce out of bound index in clearDuplicatedHistory #1706 @a60814billy
• Feat/csrf export user data #1695 @a60814billy
• sequelize.import deprecation #1724 @Yukaii
• chore: remove unused uglifyjs-webpack-plugin dep #1723 @Yukaii
• fix: should not clear guest history when guest pin note #1697 @a60814billy
• Fix: s3 api supported multiple cloud providers. fixes: #1761 #1762 @blademainer
• Fix: Code Fence parameter parsing #1739 @V1ncNet
• Update README.md to remove IE from supporting list #1729 @jackycute
• FIX: server crash when filename too long #1789 @galaxian85
• fix: use encoded note id to update history #1804 @bbtfr
• 🐛 [fix] modify replacement rule for disqus short-name #1750 @chenxuanzzy
• Fix history page nav #1808 @jackycute
• Fix the uploadimage form #1814 @hcyuser
• bugfix/uploadimage form #1836 @Yukaii
• Add the logout callback to prevent exception. #1813 @hcyuser
• Add the logout callback to prevent exception #1837 @Yukaii

Enhancements

• Add TeX mhchem extensions for MathJax #1684 @jackycute
• Upgrade flowchart.js to version 1.15.0 #1685 @jackycute
• Upgrade codemirror to 5.63.2 #1716 @Yukaii
• Update de.json in #1741
• Documentation - add Music section and move abc abd fretboard to this section #1715 @brunetton
• chore: bump meta-marked to 0.5.0 #1722 @Yukaii
• Typos + Better translation for "Externals" #1793 @eyssette
• feat: Migrate to gtag and support GA4 #1798 @assanges
• 【fix】reword japanese #1802 @AQ-masatoshi-yamaguchi
• upgrading pg to 8.8.0 to support new scram-sha-256 authentication #1784 @phntom
• feat: add organizations whitelist to GitHub OAuth #1710 @jakubgs
• Add oauth2 authorization #1626 @joachimmathes
• Update both Traditional and Simplified Chinese locales #1815 @PeterDaveHello

DX

• Run CI with GitHub Actions #1694 @Yukaii
• Add dev container for GitHub Codespaces and VSCode remote container #1688 @a60814billy
• Add arm64 docker image build. #1701 @YadominJinta
• fix(buildpacks): replace custom buildpack with APT buildpack #1797 @EtienneM
• Update minimum required node.js version to v12 with npm package dependencies #1799 @PeterDaveHello
• Upgrade Node.js version #1767 @inductor
• Update node.js version in .nvmrc #1816 @PeterDaveHello
• Update npm dependencies #1817 @PeterDaveHello

Thank you

Thank you guys for being here and making CodiMD awesome ❤️

• @jackycute
• @galaxian85
• @EastSun5566
• @tamo
• @a60814billy
• @Yukaii
• @blademainer
• @V1ncNet
• @bbtfr
• @chenxuanzzy
• @brunetton
• @eyssette
• @assanges
• @AQ-masatoshi-yamaguchi
• @phntom
• @jakubgs
• @joachimmathes
• @PeterDaveHello
• @YadominJinta
• @EtienneM
• @inductor
• @hcyuser

CodiMD 2.4.2

Security Fixes

• #1685 [Security Issue] Upgrade flowchart.js to version 1.15.0
• #1690 [Security Issue] Upgrade mermaid to 8.10.2
• #1691 [Security Issue] Strip HTML tags for gist id to avoid stored XSS on showing error
• #1695 [Security Issue] Add CSRF token in export API to prevent security issue
• #1716 [Security Issue] Upgrade CodeMirror to 5.63.2

Fixes

• #1605 Fix container syntax not parsed correctly
• #1679 Handle when request url has no valid referer
• #1683 Fix S3 client config passing for image upload
• #1706 Fix array access index may out of bound
• #1723 remove unused uglifyjs webpack plugin dependency

Enhancements

• #1481 Set lang attributes via user locale
• #1580 Use include function instead of directives
• #1587 Extract more keyword for i18n translate
• #1680 Avoid append zero suffix on exporting user data
• #1684 Add TeX mhchem extensions for MathJax
• #1701 Support arm64 docker image
• #1724 Refactor Sequelize model import mechanism due to sequelize.import is deprecated
• #1741 Better german translation

DX

• #1688 Support DevContainer for GitHub Codespaces and VSCode remote container
• #1694 Run CI with GitHub Actions

Thank you

Thank you guys for being here and making CodiMD awesome ❤️

• @a60814billy
• @BinotaLIU
• @RUBStudent
• @jackycute
• @tamo
• @YadominJinta
• @Yukaii

CodiMD 2.4.1 Papilio maraho

Papilio maraho is a species of butterfly in the family Papilionidae. It is endemic to Taiwan.
- Wikipedia Papilio maraho

Check out the complete release note. Thank you CodiMD community and all our contributors. ❤️

Enhancements

• Support autofix linter errors #1654 @Yukaii
• Support anonymous updates via API #1665 @glpatcern
• Support mediawiki export format in pandoc export #1624 @fujexo
• Add some help strings to Prometheus metrics #1625 @pichouk
• Allow more syntax highlight modes in editor #1577 @Yukaii
• Support TOC level customization #1532 @zergar
• Follow Google guidelines to use Google OAuth #1588 @tamo

Fixes

• Vimeo won't show up due to the jsonp callback data unable be parsed with jQuery #1652 @jackycute
• Fix slide mode stored XSS #1650 @jackycute [Security]
• Enforce PG ssl require mode on heroku #1660 @Yukaii
• Webpack exclude path should support windows path #1675 @a60814billy
• Free url can read any md in file system #1674 @a60814billy [Security]
• Use encoded noteId when calling updateHistory #1570 @Yukaii

Docs

• Add matrix badge and links to README #1629 @a-andreyev

CodiMD 2.3.2 Isoetes taiwanensis

Fixes

• Upgrade mermaid to 8.6.4 to make the previous fix works