Please note: This release dropped support for Node 14, which is end-of-life since May 2023.
You now need at least Node 16 to run HedgeDoc. We recommend to use the latest LTS release of Node.js.
This release switches to Yarn 3 for dependency management, as Yarn 1 has bugs preventing us from upgrading some dependencies.
If you install HedgeDoc manually, run bin/setup again for instructions. Other installation methods should not require
special actions.
Enhancements
Extend boolean environment variable parsing with other positive answers and case insensitivity
Allow setting of documentMaxLength via CMD_DOCUMENT_MAX_LENGTH environment variable (contributed by @jmallach)
Add dedicated healthcheck endpoint at /_health that is less resource intensive than /status
Compatibility with Node.js 18 and later
Add support for the arm64 architecture in the docker image
Add a config option to disable the /status and /metrics endpoints
Bugfixes
Fix that permission errors can break existing connections to a note, causing inconsistent note content and changes not being saved (contributed by @julianrother)
Fix speaker notes not showing up in the presentation view
Fix issues with upgrading some dependencies by upgrading to Yarn 3
Fix macOS compatibility of bin/setup script
Contributors
UwYFmLpoKtYn (translator)
Pub (translator)
SnowCode (translator)
1.9.7 2023-02-19
Bugfixes
Fix note titles with special characters producing invalid file names in user export zip file
Fix night-mode toggle not working when page is loaded with night-mode enabled
Contributors
Francesco (translator)
Gabriel Santiago Macedo (translator)
1.9.6 2022-11-06
Bugfixes
Fix migrations deleting all notes when SQLite is used
1.9.5 2022-10-30
Enhancements
Add dark mode toggle in mobile view
Replace embedding shortcode regexes with more specific ones to safeguard against XSS attacks
Bugfixes
Fix a crash when using LDAP authentication with custom search attributes (thanks to @aboettger-tuhh for reporting)
Fix a crash caused by a long note history when the MySQL database is used
Fix breaks option not being respected in the publish-view
Fix missing syntax highlighting in the markdown editor
Please note: This release dropped support for Node 12, which is end-of-life since April 2022.
You now need at least Node 14.13.1 or Node 16 to run HedgeDoc. We don’t support more recent versions of Node.
Enhancements
Remove unexpected shell call during migrations
More S3 config options: upload folder & public ACL (thanks to @lautaroalvarez)
Contributors
Al_x (translator)
Emmanuel Courreges (translator)
paranic (translator)
Quentin PAGÈS (translator)
1.9.3 2022-04-10
This release fixes a security issue. We recommend upgrading as soon as possible.
⚠️ Warning: If you deploy HedgeDoc and MariaDB with docker-compose using a checkout of our container repo, you will need to manually convert the character set
of the database to utf8mb4 when updating. See the corresponding PR for more information.
Fix error in the session handler when requesting /metrics or /status
1.9.1 2021-12-02
This release increases the minimum required Node versions to 12.20.0, 14.13.1 and 16.
In general, only the latest releases of Node 12, 14 and 16 are officially supported by us, older minor versions can be dropped at any time.
We recommend you run HedgeDoc with the latest release of Node 16.
Bugfixes
Add workaround for incorrect CSP handling in Safari
Fix crash when an unexpected response from the GitLab API is encountered
This release removes Google Analytics and Disqus domains from our default Content Security Policy, because they were repeatedly used to exploit security vulnerabilities.
If you want to continue using Google Analytics or Disqus, you can re-enable them in the config.
See the docs for details
Features
HedgeDoc now automatically retries connecting to the database up to 30 times on startup
This release introduces the csp.allowFraming config option, which controls whether embedding a HedgeDoc instance in other webpages is allowed.
We strongly recommend disabling this option to reduce the risk of XSS attacks
This release introduces the csp.allowPDFEmbed config option, which controls whether embedding PDFs inside HedgeDoc notes is allowed.
We recommend disabling this option if you don’t use the feature, to reduce the attack surface of XSS attacks
Add additional environment variables to configure the database.
This allows easier configuration in containerized environments, such as Kubernetes
Enhancements
Further improvements to the frontend build process, reducing the initial bundle size by 60%
Improve the error handling of the filesystem upload method
Improve the error message of failing migrations
Bugfixes
Fix crash when trying to read the current Git commit on startup
Fix endless loop on shutdown when HedgeDoc can’t connect to the database
Ensure that all cookies are set with the secure flag, if HedgeDoc is loaded via HTTPS
Fix session cookies being created on calls to /metrics and /status
Fix incorrect creation of S3 endpoint domain (thanks to @matejc)
Remove CDN support, fixing inconsistencies in library versions delivered to the client
Fix font display issues when having some variants of fonts used by HedgeDoc installed locally
Fix links between slides not working
Fix Vimeo integration using a deprecated API
Miscellaneous
Removed MSSQL support, as migrations from 2018 are broken with SQL Server and nobody seems to use it
Contributors
Bogdan Cuza (translator)
Heimen Stoffels (translator)
igg17 (translator)
Klorophatu (translator)
Martin (translator)
Matija (translator)
Matthieu Devillers (translator)
Mindaugas (translator)
Quentin Pagès (translator)
1.8.2 2021-05-11
This release fixes two security issues. We recommend upgrading as soon as possible.
Fix a potential XSS-vector in the handling of usernames and profile pictures
1.8.1 2021-05-06
Enhancements
Speed up yarn install in production mode (as performed by bin/setup) by marking frontend-only dependencies as dev-dependencies.
This also reduces the size of the docker container
Speed up the frontend-build by using esbuild instead of terser to minify JavaScript
Improve behavior of the ‘Quote’, ‘List’, ‘Unordered List’ and ‘Check List’ buttons in the editor to automatically
apply to the complete first and last line of the selection
Bugfixes
Correct the 1.8.0 release notes to state that CVE-2021-29475 has been fixed since HedgeDoc 1.5.0.
Fix crash on startup when useSSL or csp.upgradeInsecureRequests is enabled (thanks to @mdegat01 for reporting)
Automatically enable protocolUseSSL when useSSL is also enabled
Fix the ‘Quote’, ‘List’, ‘Unordered List’ and ‘Check List’ buttons in the editor to not duplicate content
when only parts of a line are selected (thanks to @AnomalRoil for reporting)
Fix click handler for numbered task lists (thanks to @xoriade for reporting)
1.8.0 2021-05-03
This release fixes multiple security issues. We recommend upgrading as soon as possible.
Please note: This release dropped support for Node 10, which is end-of-life since April 2021. You now need at least Node 12 to run HedgeDoc, but we recommend running the latest LTS release.
CVE-2021-21306: Underscore ReDoS in the marked library
This issue allowed an attacker to hang HedgeDoc by inserting a malicious string into a note. Thanks to Ralph Krimmel for reporting!
Database migrations are now automatically applied on application startup
The separate .sequelizerc configuration file is no longer necessary and can be safely deleted
A Prometheus-endpoint is now available at /metrics, exposing the same stats as /status
in addition to various Node.js performance figures
Add a config option to require authentication in FreeURL mode (#755 by @nidico)
Enhancements
Removed dependency on external imgur library
HTML language tags are now set up in a way that stops Google Translate from translating note contents while editing
Removed yahoo.com from the default content security policy
New translations for Bulgarian, Persian, Galician, Hebrew, Hungarian, Occitan and Brazilian Portuguese
Updated translations for Arabic, English, Esperanto, Spanish, Hindi, Japanese, Korean, Polish, Portuguese, Turkish and Traditional Chinese
Thanks to all translators!
Various dependency updates
Bugfixes
Improve readability of diagrams & embeddings in night-mode
Use the default template for new notes in FreeURL mode
Fix frontend-crash in slide-mode if no slideOptions are present in the frontmatter
Return 404 on the /download route for non-existent notes in FreeURL mode
Properly clean up the UNIX socket on application exit
Don’t overwrite existing notes on POST-requests to /new/<alias> in FreeURL mode
We have renamed to HedgeDoc!
Many thanks to Éric Gaspar who designed our new logo!
Have a look at our new website (which also explains the reasoning behind the renaming) at https://hedgedoc.org
This is probably the last release in the 1.x series. Stay tuned for 2.0, scheduled for release next year.
Please note: This release dropped support for Node 8, which is end-of-life since January 2020. You now need at least Node 10.13 to run HedgeDoc, but we recommend running the latest LTS release.
Please note: If you use a reverse proxy and TLS, make sure it sets the X-Forwarded-Proto header correctly,
otherwise you will encounter login-issues. Our docs have example configs for common reverse proxies.
Enhancements
Our release tarballs now contain the frontend bundle. This saves users from building the frontend themselves, which was an issue on memory-constrained systems.
After the 1.6 release we will start to develop Version 2.0, which will introduce breaking changes. But we will take care of making your way to 2.0 easy.
Since Node version 8 is EOL since January 2020, 1.6 will be the last version with support for Node version 8
useCDN is now false by default. This feature is deprecated already and will be removed in 2.0.
Enhancements
Add AWS endpoint configuration options
Add ability to add an imprint using ./public/docs/imprint.md
Improve documentation in various sections
Add ability to create note based on alias in free-url-mode
Add security note describing the preferred way for responsible disclosures
Extend forbiddenNoteIds to prevent conflicts with resource directories
Add OpenGraph metadata support
Add slovak language
Add API documentation
Allow different reference-url styles
Add automatic focus username field in login modal
Add ability to limit google-auth to own domain
Upgrade revealJS to version 3.9.2
Upgrade mermaid to version 8.4.6
Update translations (zh-cn, zh-TW, en, de, id, pl, ar, ca, fr, it, sk, sv, ja, nl, pt, ru, es)
Fixes
Fix docker secrets support
Fix sequlize-cli dependency location
Fix crash in lutim integration
Fix manage_users CLI handling of non-existing user
Fix ability to serve CodiMD from different urlpath than /
Fix change from gravatar to libravatar in privacy policy example
With CodiMD 1.4.0 we’re dropping node 6 support. That version of node.js is discontinued and no longer receives any security updates. We would like to encourage you to upgrade node 8 or later. Node 8 will continue to be supported at least until its end-of-life in January 2020.
Enhancements
Use libravatar instead of Gravatar
Fix language description capitalization
Move upload button into the toolbar
Clean up Heroku configurations
Add new screenshot to README and index page
Add link to community call to README
Update languages (pl, sr, zh-CN, fr, it, ja, zh-TW, de, sv, es)
Change edit link to both view
Hide minio default ports
Add missing passport-saml configuration
Add lutim support
Update dependencies
Add documentation for keycloak
Add tests for user model
Add Mastodon link
Add config for toobusy middleware
Add vietnamese language
Fixes
Fix missing space in footer
Fix various possible security vulnerabilities in dependencies
Release Notes
1.9.8 2023-06-04
Please note: This release dropped support for Node 14, which is end-of-life since May 2023.
You now need at least Node 16 to run HedgeDoc. We recommend to use the latest LTS release of Node.js.
This release switches to Yarn 3 for dependency management, as Yarn 1 has bugs preventing us from upgrading some dependencies.
If you install HedgeDoc manually, run bin/setup again for instructions. Other installation methods should not require
special actions.
Enhancements
Extend boolean environment variable parsing with other positive answers and case insensitivity
Allow setting of documentMaxLength via CMD_DOCUMENT_MAX_LENGTH environment variable (contributed by @jmallach)
Add dedicated healthcheck endpoint at /_health that is less resource intensive than /status
Compatibility with Node.js 18 and later
Add support for the arm64 architecture in the docker image
Add a config option to disable the /status and /metrics endpoints
Bugfixes
Fix that permission errors can break existing connections to a note, causing inconsistent note content and changes not being saved (contributed by @julianrother)
Fix speaker notes not showing up in the presentation view
Fix issues with upgrading some dependencies by upgrading to Yarn 3
Fix macOS compatibility of bin/setup script
Contributors
UwYFmLpoKtYn (translator)
Pub (translator)
SnowCode (translator)
1.9.7 2023-02-19
Bugfixes
Fix note titles with special characters producing invalid file names in user export zip file
Fix night-mode toggle not working when page is loaded with night-mode enabled
Contributors
Francesco (translator)
Gabriel Santiago Macedo (translator)
1.9.6 2022-11-06
Bugfixes
Fix migrations deleting all notes when SQLite is used
1.9.5 2022-10-30
Enhancements
Add dark mode toggle in mobile view
Replace embedding shortcode regexes with more specific ones to safeguard against XSS attacks
Bugfixes
Fix a crash when using LDAP authentication with custom search attributes (thanks to @aboettger-tuhh for reporting)
Fix a crash caused by a long note history when the MySQL database is used
Fix breaks option not being respected in the publish-view
Fix missing syntax highlighting in the markdown editor
Contributors
Bateausurleau (translator)
Goncalo (translator)
Ívarr Vinter (translator)
Oein0219 (translator)
Pol Dellaiera
1.9.4 2022-07-10
Please note: This release dropped support for Node 12, which is end-of-life since April 2022.
You now need at least Node 14.13.1 or Node 16 to run HedgeDoc. We don’t support more recent versions of Node.
Enhancements
Remove unexpected shell call during migrations
More S3 config options: upload folder & public ACL (thanks to @lautaroalvarez)
Contributors
Al_x (translator)
Emmanuel Courreges (translator)
paranic (translator)
Quentin PAGÈS (translator)
1.9.3 2022-04-10
This release fixes a security issue. We recommend upgrading as soon as possible.
⚠️ Warning: If you deploy HedgeDoc and MariaDB with docker-compose using a checkout of our
container repo, you will need to manually convert the character set
of the database to utf8mb4 when updating. See the corresponding PR for more information.
Security Fixes
Fix Enumerable upload file names
Enhancements
Libravatar avatars render as ident-icons when no avatar image was uploaded to Libravatar or Gravatar
Add database connection error message to log output
Allow SAML authentication provider to be named
Suppress error message when git binary is not found
Bugfixes
Fix error that Libravatar user avatars were not shown when using OAuth2 login
Fix bin/manage_users not accepting numeric passwords (thanks to @carr0t2 for reporting)
Fix visibility of modals for screen readers
Fix GitLab snippet export (thanks to @semjongeist for reporting)
Fix missing inline authorship colors (thanks to @EBendinelli for reporting)
Contributors
ced (translator)
deluxghost (translator)
Dennis Gaida
Michael Hauer (translator)
Moritz Schlarb
Mostafa Ahangarha (translator)
Sandro
Sergio Varela (translator)
Tạ Quang Khôi (translator)
Tiago Triques (translator)
tmpod (translator)
Uchiha Kakashi
1.9.2 2021-12-03
Bugfixes
Fix error in the session handler when requesting /metrics or /status
1.9.1 2021-12-02
This release increases the minimum required Node versions to 12.20.0, 14.13.1 and 16.
In general, only the latest releases of Node 12, 14 and 16 are officially supported by us, older minor versions can be dropped at any time.
We recommend you run HedgeDoc with the latest release of Node 16.
Bugfixes
Add workaround for incorrect CSP handling in Safari
Fix crash when an unexpected response from the GitLab API is encountered
Fix crash when using hungarian language
Contributors
AIAC (translator)
Danilo Bargen
Diem Duong (translator)
Gergely Polonkai (translator)
Nikola (translator)
ProttoyChakraborty
Sergio (translator)
Tiago Triques (translator)
Vincent Dusanek (translator)
Александр (translator)
1.9.0 2021-09-13
Security Fixes
CVE-2021-39175: XSS vector in slide mode speaker-view
This release removes Google Analytics and Disqus domains from our default Content Security Policy, because they were repeatedly used to exploit security vulnerabilities.
If you want to continue using Google Analytics or Disqus, you can re-enable them in the config.
See the docs for details
Features
HedgeDoc now automatically retries connecting to the database up to 30 times on startup
This release introduces the csp.allowFraming config option, which controls whether embedding a HedgeDoc instance in other webpages is allowed.
We strongly recommend disabling this option to reduce the risk of XSS attacks
This release introduces the csp.allowPDFEmbed config option, which controls whether embedding PDFs inside HedgeDoc notes is allowed.
We recommend disabling this option if you don’t use the feature, to reduce the attack surface of XSS attacks
Add additional environment variables to configure the database.
This allows easier configuration in containerized environments, such as Kubernetes
Enhancements
Further improvements to the frontend build process, reducing the initial bundle size by 60%
Improve the error handling of the filesystem upload method
Improve the error message of failing migrations
Bugfixes
Fix crash when trying to read the current Git commit on startup
Fix endless loop on shutdown when HedgeDoc can’t connect to the database
Ensure that all cookies are set with the secure flag, if HedgeDoc is loaded via HTTPS
Fix session cookies being created on calls to /metrics and /status
Fix incorrect creation of S3 endpoint domain (thanks to @matejc)
Remove CDN support, fixing inconsistencies in library versions delivered to the client
Fix font display issues when having some variants of fonts used by HedgeDoc installed locally
Fix links between slides not working
Fix Vimeo integration using a deprecated API
Miscellaneous
Removed MSSQL support, as migrations from 2018 are broken with SQL Server and nobody seems to use it
Contributors
Bogdan Cuza (translator)
Heimen Stoffels (translator)
igg17 (translator)
Klorophatu (translator)
Martin (translator)
Matija (translator)
Matthieu Devillers (translator)
Mindaugas (translator)
Quentin Pagès (translator)
1.8.2 2021-05-11
This release fixes two security issues. We recommend upgrading as soon as possible.
Security Fixes
CVE-2021-29503: Improper Neutralization of Script-Related HTML Tags in Notes
Fix a potential XSS-vector in the handling of usernames and profile pictures
1.8.1 2021-05-06
Enhancements
Speed up yarn install in production mode (as performed by bin/setup) by marking frontend-only dependencies as dev-dependencies.
This also reduces the size of the docker container
Speed up the frontend-build by using esbuild instead of terser to minify JavaScript
Improve behavior of the ‘Quote’, ‘List’, ‘Unordered List’ and ‘Check List’ buttons in the editor to automatically
apply to the complete first and last line of the selection
Bugfixes
Correct the 1.8.0 release notes to state that CVE-2021-29475 has been fixed since HedgeDoc 1.5.0.
Fix crash on startup when useSSL or csp.upgradeInsecureRequests is enabled (thanks to @mdegat01 for reporting)
Automatically enable protocolUseSSL when useSSL is also enabled
Fix the ‘Quote’, ‘List’, ‘Unordered List’ and ‘Check List’ buttons in the editor to not duplicate content
when only parts of a line are selected (thanks to @AnomalRoil for reporting)
Fix click handler for numbered task lists (thanks to @xoriade for reporting)
1.8.0 2021-05-03
This release fixes multiple security issues. We recommend upgrading as soon as possible.
Please note: This release dropped support for Node 10, which is end-of-life since April 2021. You now need at least Node 12 to run HedgeDoc, but we recommend running the latest LTS release.
Security Fixes
CVE-2021-29474: Relative path traversal Attack on note creation
CVE-2021-21306: Underscore ReDoS in the marked library
This issue allowed an attacker to hang HedgeDoc by inserting a malicious string into a note. Thanks to Ralph Krimmel for reporting!
We also published an advisory for CVE-2021-29475: PDF export allows arbitrary file reads,
which has already been fixed since HedgeDoc 1.5.0.
Features
Database migrations are now automatically applied on application startup
The separate .sequelizerc configuration file is no longer necessary and can be safely deleted
A Prometheus-endpoint is now available at /metrics, exposing the same stats as /status
in addition to various Node.js performance figures
Add a config option to require authentication in FreeURL mode (#755 by @nidico)
Enhancements
Removed dependency on external imgur library
HTML language tags are now set up in a way that stops Google Translate from translating note contents while editing
Removed yahoo.com from the default content security policy
New translations for Bulgarian, Persian, Galician, Hebrew, Hungarian, Occitan and Brazilian Portuguese
Updated translations for Arabic, English, Esperanto, Spanish, Hindi, Japanese, Korean, Polish, Portuguese, Turkish and Traditional Chinese
Thanks to all translators!
Various dependency updates
Bugfixes
Improve readability of diagrams & embeddings in night-mode
Use the default template for new notes in FreeURL mode
Fix frontend-crash in slide-mode if no slideOptions are present in the frontmatter
Return 404 on the /download route for non-existent notes in FreeURL mode
Properly clean up the UNIX socket on application exit
Don’t overwrite existing notes on POST-requests to /new/<alias> in FreeURL mode
Contributors
Amit Upadhyay (translator)
Atef Ben Ali (translator)
Edi Feschiyan (translator)
Gabriel Santiago Macedo (translator)
Longyklee (translator)
Nika. zhenya (translator)
Nicolas Dietrich
Nis (translator)
rogerio-ar-costa (translator)
sanami (translator)
Tom Dereszynski (translator)
상규 (translator)
uıʞǝʇuɐϽ (translator)
UwYFmLpoKtYn (translator)
1.7.2 2021-01-15
This release fixes a security issue. We recommend upgrading as soon as possible.
Security Fixes
CVE-2021-21259: Stored XSS in slide mode
An attacker can inject arbitrary JavaScript into a HedgeDoc note.
Bugfixes
Ensure the last line of the markdown editor is not covered by the status bar (thanks to @mhdrone for reporting!)
1.7.1 2020-12-27
This release fixes two security issues. We recommend upgrading as soon as possible.
Security Fixes
CVE-2020-26286: Arbitrary file upload
An unauthenticated attacker can upload arbitrary files to the upload storage backend.
CVE-2020-26287: Stored XSS in mermaid diagrams
An attacker can inject arbitrary script tags in HedgeDoc notes using mermaid diagrams.
1.7.0 2020-12-21
We have renamed to HedgeDoc!
Many thanks to Éric Gaspar who designed our new logo!
Have a look at our new website (which also explains the reasoning behind the renaming) at https://hedgedoc.org
This is probably the last release in the 1.x series. Stay tuned for 2.0, scheduled for release next year.
Please note: This release dropped support for Node 8, which is end-of-life since January 2020. You now need at least Node 10.13 to run HedgeDoc, but we recommend running the latest LTS release.
Please note: If you use a reverse proxy and TLS, make sure it sets the X-Forwarded-Proto header correctly,
otherwise you will encounter login-issues.
Our docs have example configs for common reverse proxies.
Enhancements
Our release tarballs now contain the frontend bundle. This saves users from building the frontend themselves, which was an issue on memory-constrained systems.
Add OIDC scopes for email & profile retrieval (#278 & #419 by @elespike & @vberger)
Allow to set a SAML client certificate (#350 by @n0emis & @em0lar)
Add YunoHost docs (#431 by @ericgaspar)
Set OAuth2 state parameter (#407 & #541 by @dalcde & @haslersn)
Various documentation improvements (by @oupala, @autra & @AdamWorley)
Add migration script for minio (#499 by @pierreozoux)
Add authorization for OAuth (#595 by @joachimmathes)
Improvements to our cookie handling
Compatibility with Node 14
Translation updates
Various dependency updates
Bugfixes
Fix compatibility with upper-case MIME-types (#509 by @pierreozoux)
Add fix for missing deletion of notes on user-deletion request
Fix relative path for fetching the style when set
Fix broken redirect on login
CSS fixes for slide mode
Do not create new notes with null as content
Fix crash when OAuth2 config parameters are missing (thanks to @vberger for reporting!)
Handle broken SequelizeMeta table on MySQL/MariaDB (thanks to @titulebolide for reporting!)
Contributors
Adam Worley
andreas koidis (translator)
Augustin Trancart
Benjamin Bett (translator)
Butterflyoffire (translator)
civic john (translator)
Daniel Lublin
David Mehren
david-sawatzke
deluxghost (translator)
Dexter Chua
Dimitri (translator)
em0lar
Éric Gaspar
Erik Michelson
Giacomo lanza (translator)
Girish Ramakrishnan
Grzegorz (translator)
haslersn
Igor Kerstges (translator)
Info (translator)
Jleeothon (translator)
Johannes Nilsso (translator)
Jolly Jumper (translator)
Jonas Zohren
Jothish (translator)
Julien lebranch (translator)
Marvin Gaube
Mdhm (translator)
Mostafa Ahangarha (translator)
Nick Hahn
Nils van Zuijlen
Nithin Prabhakaran (translator)
numéro6 (translator)
n0emis
oupala
Philip Molares
Pierre Ozoux
Quentin Pages (translator)
Renan Rodrigues
Renne (translator)
Sandro
Smaran (translator)
Sooraj Kenoth (translator)
themedleb (translator)
Tilman Vatteroth
Tomasz (translator)
Victor Berger
XoseM (translator)
Yannick Bungers
zgroska (translator)
1.6.0 2020-02-17
Announcements
After the 1.6 release we will start to develop Version 2.0, which will introduce breaking changes. But we will take care of making your way to 2.0 easy.
Since Node version 8 is EOL since January 2020, 1.6 will be the last version with support for Node version 8
useCDN is now false by default. This feature is deprecated already and will be removed in 2.0.
Enhancements
Add AWS endpoint configuration options
Add ability to add an imprint using ./public/docs/imprint.md
Improve documentation in various sections
Add ability to create note based on alias in free-url-mode
Add security note describing the preferred way for responsible disclosures
Extend forbiddenNoteIds to prevent conflicts with resource directories
Add OpenGraph metadata support
Add slovak language
Add API documentation
Allow different reference-url styles
Add automatic focus username field in login modal
Add ability to limit google-auth to own domain
Upgrade revealJS to version 3.9.2
Upgrade mermaid to version 8.4.6
Update translations (zh-cn, zh-TW, en, de, id, pl, ar, ca, fr, it, sk, sv, ja, nl, pt, ru, es)
Fixes
Fix docker secrets support
Fix sequlize-cli dependency location
Fix crash in lutim integration
Fix manage_users CLI handling of non-existing user
Fix ability to serve CodiMD from different urlpath than /
Fix change from gravatar to libravatar in privacy policy example
Fix missing browser icons in README
Refactors
Refactor note creation handling
Improve webpack documentation
Split note actions into own files
Refactor returnTo handling for auth
Removals
Legacy handling of socket.io connections
Node 8 CI jobs
Contributors
Amolith
Andrea Rossi (translator)
CasperS (translator)
Cpp.create (translator)
David Mehren
Deluxghost (translator)
em_crx (translator)
Enrico Guiraud
Epson12332 (translator)
Erik Michelson
Fajar Maulana (translator)
Fonata
foobarable
Girish Ramakrishnan
Grzegorz (translator)
hoijui
Ian Tsai
id7xyz (translator)
ike
Info (translator)
Javier Leandro (translator)
Jonas Thelemann
Jonas Zohren
kazutomo.waragai (translator)
MartinT
Mathias Merscher
Matthias Lindinger
Mdhm (translator)
Me (translator)
mondstern (translator)
Patrick (translator)
Rafael Gauna Trindade (translator)
Ramon van Biljouw (translator)
RyotaK
Sandro
Sören Wegener
Stefan Peters
Yukai Huang
1.5.0 2019-08-15 00:00
Announcements
There is a new docker image available by LinuxServer.io providing an ARM container
Disabling PDF export due to security problems
Enhancements
Add migration guide for Node version 6
Add functionality to respect Do-Not-Track header
Add Arabian translation
Fixes
Fix styling in slide preview
Fix some lint warning
Upgrade Sequelize to version 5
Add Linuxserver.io setup instructions for CodiMD
Update translations for DE, SV, ID
Add ability to upload SVGs
Add dbURLconfig as docker secret
Upgrade meta-marked - Fixes DOS capability in CodiMD (https://github.com/codimd/server/commit/ba6a24a673c24db25969de2a59b9341247f3f722)
Fix variable names in docker secrets config library
Refactors
Refactor debug logging in various places
Deprecations
useCDN will be deprecated and will disappear in favor of locally served resources. (https://community.codimd.org/t/poll-on-cdn-usage/28)
Contributors
Amolith (social media)
Aro Row (translator)
bitinerant (security)
Butterflyoffire (translator)
Claudius Coenen (ccoenen)
Erik (translator)
Fajar Maulana (translator)
id7xyz (translator)
joohoi (security)
Jonas Thelemann (dargmuesli)
Lennart Weller (lhw)
chbmb
Raccoon (a60814billy)
RS232 (translator)
Toma Tasovac (ttasovac)
1.4.0 2019-05-31 00:00
Announcements
CodiMD now has a Mastodon account
CodiMD now has a community forum
With CodiMD 1.4.0 we’re dropping node 6 support. That version of node.js is discontinued and no longer receives any security updates. We would like to encourage you to upgrade node 8 or later. Node 8 will continue to be supported at least until its end-of-life in January 2020.
Enhancements
Use libravatar instead of Gravatar
Fix language description capitalization
Move upload button into the toolbar
Clean up Heroku configurations
Add new screenshot to README and index page
Add link to community call to README
Update languages (pl, sr, zh-CN, fr, it, ja, zh-TW, de, sv, es)
Change edit link to both view
Hide minio default ports
Add missing passport-saml configuration
Add lutim support
Update dependencies
Add documentation for keycloak
Add tests for user model
Add Mastodon link
Add config for toobusy middleware
Add vietnamese language
Fixes
Fix missing space in footer
Fix various possible security vulnerabilities in dependencies
Fix broken dependency js-sequence-diagrams
Fix XSS in graphviz error message rendering
Fix toolbar night mode
Fix hidden header on scroll
Fix missing pictures for OpenID
Fix statusbar hiding text in edit view
Refactors
Refactor README and documentation
Integrate the old wiki into documentation section
Refactor headers on Features page
Replace js-url with wurl
Refactor scrypt integration
Removals
Remove sass-loader
Contributors
Amolith
CasperS (translator)
Cedric.couralet (translator)
Claudius Coenen (ccoenen)
Daniel (translator)
Deluxghost (translator)
Dylan Dervaux (Dylanderv)
Emmanuel Ormancey (nopap)
Grzegorz (translator)
Henrik Hüttemann (HerHde)
Hồng (translator)
Mauricio Robayo (archemiro)
Max Wu (jackycute)
naimo
Pedro Ferreira (pferreir)
Simon Fish (boardfish)
Stéphane Guillou (stragu)
Sylke Vicious (translator)
Thor77
veracosta (translator)
Vladan (translator)
War (translator)
Zhai233 (translator)
1.3.2 2019-03-28 00:00
Announcement
CodiMD is now running in an own organization. Check out our vision for the future
Fixes
Update various links to the new repositories
Fix background color for mode switching button in night mode
1.3.1 2019-03-23 00:00
Enhancements
Add some missing translations
Add Serbian language
Fixes
Fix broken redirect for empty serverURL
Fix wrong variable type for HSTS maxAge
Fix GitLab snippets showing up without being configured
Fix Google’s API after disabling Google+
Fix broken PDF export
Contributors
atachibana (translator)
Aurélien JANVIER (translator)
Daan Sprenkels (translator)
Farizrizaldy (translator)
Luclu7
Sylke Vicious (translator)
toshi0123 & okochi-toshiki
Turakar
Vladan (translator)
1.3.0 2019-03-03 00:00
Enhancements
Run db migrations on npm start
Add documentation about integration with AD LDAP
Add rel="noopener" to all links
Add documentation about integration with Nextcloud for authentication
Update URL on frontpage to point to codimd.org
Replace Fontawesome with Forkawesome
Add OpenID support
Add print icon to slide view
Add auto-complete for language names that are highlighted in codeblocks
Improve translations for Chinese, Dutch, French, German, Italien, Korean, Polish, and Russian language
Add Download action to published document API
Add reset password feature to manage_users script
Move from own ./tmp directory to system temp directory
Add Etherpad migration guide
Move XSS library to a more native position
Use full version string to determine changes from the backend
Update winston (logging library)
Use slide preview in slide example
Improve migration handling
Update reveal.js to version 3.7.0
Replace scrypt library with its successor
Replace to-markdown with turndown (successor library)
Update socket.io
Add warning on missing base URL
Update bootstrap to version 3.4.0
Update handlebar
Fixes
Fix paths in GitLab documentation
Fix missing data: URL in CSP
Fix oAuth2 name/label field
Fix GitLab API integration
Fix auto-completed but not rendered emojis
Fix menu organization depending on enabled services
Fix some logging in the OT module
Fix some unhandled internalOAuthError exception
Fix unwanted creation of robots.txt document in “freeurl-mode”
Fix some links on index page to lead to the right sections on feature page
Fix document breaking, empty headlines
Fix wrong multiplication for HSTS header seconds
Fix wrong subdirectories in exported user data
Fix CSP for speaker notes
Fix CSP for disqus
Fix URL API usage
Fix Gist embedding
Fix upload provider error message
Fix unescaped disqus user names
Fix SAML vulnerability
Fix link to SAML guide
Fix deep dependency problem with node 6.x
Fix broken PDF export by wrong unlink call
Fix possible XSS attack in MathJax
Refactors
Refactor to use ws instead of the the no longer supported uws
Refactor frontend build system to use webpack version 4
Refactor file path configuration (views, uploads, …)
Refactor manage_users script
Refactor handling of template variables
Refactor linting to use eslint
Removals
Remove no longer working Octicons
Remove links to our old Gitter channel
Remove unused library node-uuid
Remove unneeded blueimp-md5 dependency
Remove speakerdeck due to broken implementation
Contributors
Adam.emts (translator)
Alex Garcia
Cédric Couralet (micedre)
Claudius Coenen
Daan Sprenkels
David Mehren
Erona
Felix Yan
Jonathan
Jong-kai Yang (translator)
MartB
Max Wu (jackycute)
mcnesium
Nullnine (translator)
RanoIP (translator)
SuNbiT
Sylke Vicious (translator)
Timothee (translator)
WilliButz
Xaver Maierhofer
云屿
1.2.1 2018-09-26 00:00
Enhancements
Update Italian translations
Update Japanese translations
Update markdown-pdf
Add support for unix sockets
Update “follow us” information to Community channel and translation
Add Cloudron installation method
Add guide for Mattermost authentication
Update various packages
Add Indonesian language as new translation
Fixes
Fix content types in status router
Fix some modal colors in night mode
Fix CSP to allow usage of speaker notes
Fix some wrong title attributes in the editor toolbar
Fix some confusion about the default location of images. It’s always the local filesystem now
Fix object handling in avatar generation code
Finally fix error handling of LZ-String by using self-maintained version
Fix migration handling
Fix gitlab API version
Fix some server crashes caused by PDF creation
Fix document length limit on post to /new
Fix broken youtube embedding on /features page
Refactors
Refactor generation of table of contents
Refactor “copyright”-section to be a “Powered by”
Removes
Remove unneeded inline styling
Deprecations
NodeJS version 6
Mattermost login integration (is replaced by generic oAuth2 module)
Honorable mentions
Alex Hesse (Pingu501)
Alexander Wellbrock (w4tsn)
Cédric Couralet (micedre)
Girish Ramakrishnan (gramakri)
maahl
Max Wu (jackycute)
Miranda (ahihi)
Ondřej Slabý (maxer456)
1.2.0 2018-06-28 00:00
Announcement
HackMD CE is renamed to CodiMD to prevent confusion. For details see here
Enhancements
Show full title by hovering over to table of contents entries
Add generic OAUTH2 support for authentication
Redirect unauthenticated user to login page on “forbidden” pages
Add ability to add ToS and privacy documents without code changes
Add account deletion as part of user self-management
Add download of all own notes
Add privacy policy example (no legal advice)
Increase checkbox size on slides
Add support for Azure blob storage for image uploads
Add Korean translation
Add note about official K8s chart for deployment
Add toolbar for markdown shortcuts in editor
Add ability to disable Gravatar integration
Add print icon to slide menu which leads to the print view.
Add sequelize to setup instructions
Update various packages
Fixes
Fix local writes for non-existing translations in production
Fix wrong documentation about default image upload type
Fix possible error if CodiMD is started with wrong working directory
Fix issues caused by cached/cacheeable client config
Fix issues caused by notes created via curl/API with CRLF line endings
Fix broken images for downloaded PDFs while using filesystem as imageUploadType
Fix Unicode URLs when using allowFreeURL=true
Refactors
Split auth documentation into multiple documents
Removes
Remove polyfill for useCDN=false setups
Remove unused and no longer needed symlink from translations
Honorable mentions
Adam Hoka (ahoka)
Edgar Z. Alvarenga (aivuk)
Jacob Burden (jekrb)
Pedro Ferreira (pferreir)
TC Liu (liuderchi)
1.1.1-ce 2018-05-23 12:00
Security
Fix Google Drive integration leaked clientSecret for Google integration
Update base64url package
Fixes
Fix typos in integrations
Fix high need of file descriptors during build
Fix heroku deployment by limiting node version to <10.x
Refactors
Refactor letterAvatars to be compliant with CSP
Removes
Google Drive integration
Honorable mentions
Max Wu (jackycute)
1.1.0-ce 2018-04-06 12:00
Security
Adding CSP headers
Prevent data-leak by wrong LDAP config
Generate dynamic sessionSecret if none is specified
Enhancements
Add Minio support
Allow posting content to new notes by API
Add anonymous edit function in restricted mode
Add support for more Mimetypes on S3, Minio and local filesystem uploads
Add basic CLI tooling for local user management
Add referrer policy
Add more usable HTML5 tags
Add useridField in LDAP config
Add option for ReportURI for CSP violations
Add persistance for night mode
Allow setting of sessionSecret by environment variable
Add night mode to features page
Add Riot / Matrix - Community link to help page
Fixes
Fix ToDo-toggle function
Fix LDAP provider name in front-end
Fix errors on authenticated sessions for deleted users
Fix typo in database migration
Fix possible data truncation of authorship
Minor fixes in README.md
Allow usage of ESC-key by codemirror
Fix array of emails in LDAP
Fix type errors by environment configs
Fix error message on some file API errors
Fix minor CSS issues in night mode
Refactors
Refactor contact
Refactor social media integration on main page
Refactor socket.io code to no longer use referrer
Refactor webpack config to need less dependencies in package.json
Refactor imageRouter for modularity
Refactor configs to be camel case
Removes
Remove unused tokenSecret from LDAP config
Deprecations
All non-camelcase config
Honorable mentions
Dario Ernst (Nebukadneza)
David Mehren (davidmehren)
Dustin Frisch (fooker)
Felix Schäfer (thegcat)
Literallie (xxyy)
Marc Deop (marcdeop)
Max Wu (jackycute)
Robin Naundorf (senk)
Stefan Bühler (stbuehler)
Takeaki Matsumoto (takmatsu)
Tang TsungYi (vazontang)
Zearin (Zearin)
1.0.1-ce 2018-01-19 15:00
Security
Fix Dropbox client secret leak
Enhancements
Improve version handling
It’s 2018!
Fixes
Fix image alt-tag rendering
Fix Dropbox appkey
1.0.0-ce 2018-01-18 12:00
License
Switch from MIT to AGPL
Enhancements
Improve language support
Allow themes for reveal
Add dark theme for editor and view
Add danish translation
Add simplified chinese translation
Provide new permission table
Make HSTS configurable
Make PDF export configurable
Add Mattermost auth support
Add SAML support
Fixes
Fix regex for speaker notes
Fix S3 endpoint support
Fix German translation
Fix English translation
Fix broken profile images
Fix XSS attacks
Fix history order
Fix missing boolean settings
Fix LDAP auth
Fix too long notes droping content
Fix mermaid compatiblity with new version
Fix SSL CA path parsing
Refactors
Refactor main page
Refactor status pages
Refactor config handling
Refactor auth backend
Refactor code styling
Refactor middleware to modules
0.5.1 Doppio 2017-03-23 00:20
Enhancements
Update to indicate version in status API header
Update to generate front-end constants on server startup
Update to add gitlab api scope option and auto adapt gitlab snippet feature on it
Update to add default permission config option
Update to add basics for secret management by Docker 1.13
Update webpack config to use parallel uglify plugin to speed up production build
Update realtime to use timer to avoid memory leaks on busy tick
Update to remove history cache to lower application coupling
Update to add screenshot on index page
Update index layout to add profile on navbar
Update to support allow email register option
Update to support disable anonymous view option
Update to add limited and protected permission
Update to allow displaying LDAP provider name on sign-in modal
Update to show yaml-metadata and diagram parsing error in the view
Fixes
Fix XSS vulnerability in link regex [Security Issue]
Fix todo list item class might add in wrong element
Fix pagination error in list.js over v1.5.0
Fix update doc from filesystem cause redundant authorship stringify
Fix export html to replace fallen cdn tortue.me to cdnjs
Fix rendering might result XSS attribute on self closing tag [Security Issue]
Fix out of sync when deleting on same cursor position on several clients
Fix not determine OT have pending operations properly
Fix to keep selections on save and restore info
Fix image path problem when using filesystem backend
Fix meta error not clear on before rendering
Fix duplicated headers anchor link not been updated properly
Fix checkLoginStateChanged might fall into infinite loop while calling loginStateChangeEvent
Fix to workaround text shadow for font antialias might cause cut off in Edge
Fix and refactor extracting content using metaMarked directly might lead in invalid object
Refactors
Refactor editor related code
Refactor code with JavaScript Standard Style
Refactor templates, partials and rearrange its path
Refactor front-end code with more modular concepts
Refactor front-end code using ES6 (also unify configs to config.json)
Removes
Removed UTF-8 BOM in download function
0.5.0 Ristretto 2017-01-02 02:35
Enhancements
Update year to 2017 (Happy New Year!)
Update to improve editor performance by debounce checkEditorScrollbar event
Refactor data processing to model definition
Update to remove null byte on editor changes
Update to remove null byte before saving to DB
Update to support Esperanto locale
Little improvements (typos, uppercase + accents, better case) for French locale
Update features.md publish button name and icon
Fixes
Fix authorship might losing update event because of throttling
Fix migration script of revision lacks of definition of primary key
Fix to not use diff_cleanupSemantic
Fix URL concatenation when uploading images to local filesystem
Fix js-url not import correctly
Fixed typo: anonmyous
Fix codemirror spell checker not considering abbreviation which contain apostrophe in word
Fix possible user is undefined in realtime events
Fix wrong package name reference in webpack config for bootstrap-validator
Fix email option in config not parse correctly
Fix mathjax not able to render issue
Removes
Remove LZString compression for data storage
Remove LZString compression for some socket.io event data
0.4.6 Melya 2016-12-19 17:20
Features
Add support of allow free url config option
Add support of allow anonymous config option
Add preferences to editor status bar and add allow override browser keymap option
Add support of s3 and local filesystem for image uploading
Add of support optional email register and signin
Use uWebSocket to improve websocket performance
Use CDNJS by default with https and SRI support
Use Webpack to bundle frontend code
Enhancements
Update to make TOC syntax be case-insensitive
Update to handle request with invalid uri
Update to auto generate meta description based on content in publish note and slide
Update to support haskell, go, typescript and jsx syntax highlighting in code block
Update to use workers to leverage intensive work loading
Update to support summary tag
Change use cdn config option default to be true
Update to retry when anytime the socket io disconnect
Change to raise socket io timeout, heartbeat interval and timeout to lower offline period
Update emoji parser using markdown-it-emoji instead of emojify
Optimize finishView selector performance by avoid universal selector
Config heroku deployment
Update to support Hindi, Swedish locale
Update to support wrap syntax for code block
Update to support pagination for history list
Fixes
Fix slide mode on print pdf not finish view rendering
Fix when server have heavy loading cache might not update to db properly
Fix redirection to url without trailing slashes not considering about config urlpath
Fix header id and text might affects by mathjax tags
Fix possible meta XSS in history list [Security Issue]
Fix possible XSS in yaml-metadata and turn using ejs escape syntax than external lib [Security Issue]
Fix to allow data attribute of section tag in slide
Fix slide might able to add unsafe attribute on section tag which cause XSS [Security Issue]
Fix slide might trigger script when processing markdown which cause XSS [Security Issue]
Fix published note won’t scroll to hash on load
Fix mathjax with blockquote might have race condition
Fix server reconnect might not resend pending operations
Fix slide export pdf styles not applied issue
Fix possible unclose HTML and leaked html tags when fail to parse diagrams
Fix typos in the slide-example.md
Fix socket io doc event should setDoc when revision mismatch and no outstanding operation
Fix markdown styles conflicting bootstrap on p and ul under alert area
Fix finishView mermaid might select and replace whole markdown-body issue
Fix code block which in deeper level will not be parsed issue
Fix code block highlighting html not escaped when no languages specified
Fix client socket on delete event might not delete corresponding history record correctly
Fix to handle name or color is undefined error
Fix history item event not bind properly on pagination change
Fix history time should save in UNIX timestamp to avoid time offset issue
Removes
Drop bower the package manager
Remove auto linkify image
0.4.5 latte 2016-10-11 01:22
Features
Add more environment variables for server configuration
Add setup script for getting started
Add support of deleting note
Add support of shortcut keys which can add and remove symbol surround text
Add support of shortcut keys for changing mode
Add support of i18n (English, Chinese, French, German, Japanese, Spanish, Portuguese, Greek, Italian, Turkish, Russian, Dutch, Croatian, Polish, Ukrainian)
Add support of note info API
Add support of disqus via yaml-metadata
Enhancements
Optimize png images by using zopflipng
Update CodeMirror to 5.19.0 and rename jade to pug
Update to add cache to history and improve its performance
Update default indent to use spaces instead of tabs
Improve syntax highlighting performance
Update to make client handle syncing error better, use delay to avoid wrong document revision
Update to allow CORS as API on revision actions
Update to support showing owner on the infobar
Update to prevent duplicate client push in queue to lower down server loading
Reduce update view debounce time to make preview refresh quicker
Update help modal cheatsheet font styles to make it more clear on spaces
Update to add revision saving policy
Update to support tiddlywiki and mediawiki syntax highlighting in editor
Update to support save mode to url and vise versa
Update edit and publish icon and change toggle icon for UX
Improve authorship markers update performance
Update slide mode to show extra info and support url actions
Change the last change user saving strategy
Update to support data uri in src attribute of image tag
Improve index layout and UX with UI adjustments
Update XSS policy to allow iframe and link with custom protocol
Update markdown styles to follow github latest layout styles
Update slide mode, now respect all meta settings and update default styles
Update to make ToC menu always accessible without scrolling
Update to make doc only update while filesystem content not match db content
Fixes
Fix README and features document format and grammar issues
Fix some potential memory leaks bugs
Fix history storage might not fallback correctly
Fix to make mathjax expression display in editor correctly (not italic)
Fix note title might have unstriped html tags
Fix client reconnect should resend last operation
Fix a bug when setting both maxAge and expires may cause user can’t signin
Fix text complete extra tags for blockquote and referrals
Fix bug that when window close will make ajax fail and cause cookies set to wrong state
Fix markdown render might fall into regex infinite loop
Fix syntax error caused by element contain special characters
Fix reference error caused by some scripts loading order
Fix ToC id naming to avoid possible overlap with user ToC
Fix header nav bar rwd detect element should use div tag or it might glitch the layout
Fix textcomplete of extra tags for blockquote not match space character in the between
Fix text-shadow for text antialiased might cause IE or Edge text cutoff
Removes
Cancel updating history on page unload
0.4.4 mocha 2016-08-02 17:10
Features
Add support of showing authorship in editor
Add support of saving authorship
Add support of saving authors
Add support of slide preview in both mode
Add support of all extra syntax in slide mode
Enhancements
Update realtime check and refresh event, compress data to minimize network transfer delay
Update to keep showing second level TOC if there is only one first level TOC
Update to add expand and collapse toggle for TOC
Update to make help modal and text complete hint using consistent reminder text
Update to support slideOptions in the yaml metadata for customize slides
Update to support redirect back to previous url after signin
Update to avoid duplicated rendering slides and reduce DOM wrap
Update CodeMirror to version 5.17.1
Update to make random color more discrete
Update user icon styles to make avatar more obvious
Update Bootstrap to 3.3.7 and jQuery to 3.1.0 with related patches
Update spell checker to ignore non-english or numeric alphabets
Update to auto rolling session for auto extending cookies expiration
Update some menu items and UIs
Update to reduce realtime timeout and heartbeat interval to handle stale clients quicker
Update to force note, publish note, publish slide redirect to their expected url
Update to change server pre-rendering engine to markdown-it
Fixes
Workaround vim mode might overwrite copy keyMap on Windows
Fix TOC might not update after changeMode
Workaround slide mode gets glitch and blurry text on Firefox 47+
Fix idle.js not change isAway property on onAway and onAwayBack events
Fix http body request entity too large issue
Fix google-diff-match-patch encodeURI exception issue
Fix yaml metadata title should pass to generateWebTitle
Fix spellcheck settings from cookies might not a boolean in string type
Fix cookies might not in boolean type cause page refresh loop
Fix the signin and logout redirect url might be empty
Fix realtime might not clear or remove invalid sockets in queue
Fix slide not refresh layout on ajax item loaded
Fix retryOnDisconnect not clean up after reconnected
Fix some potential memory leaks
0.4.3 espresso 2016-06-28 02:04
Features
Add support of spellcheck
Add support of light editor theme
Add support of embed pdf
Add support of exporting raw html
Add revision modal with UIs and support marking patch diff texts
Add support of saving note revision
Enhancements
Update to extend login info cookies to 365 days to reduce reductant page refresh
Update to support new metadata: title, description, tags and google-analytics
Prevent crawling editing note to enhance privacy
Update to remove all data lines attributes to gain better update performance
Update refresh modal to show more detail informations
Update to make cursor tag default as hover mode to prevent tag overlay other lines
Update highlight.js to version 9.4.0 and use bower dependency
Improve history performance
Fixes
Fix history filter tags and search keyword might not apply after refresh
Fix part class in list item might infect buildMap process
Fix pdf tmp path is missing a folder slash before timestamp
Fix realtime connection get stock when lots of client try to connect at same moment
Fix locked or private permission should block any operation if owner is null
Add back missing support of image size syntax in 0.4.2
Fix update permission might cause duplicate view rendering
Fix on paste long document to editor might cause scroll not syncing
Workaround CodeMirror won’t draw selections outside of the viewport
Fix to make socket keep retry after disconnect on server maintenance
Removes
Remove metadata spellcheck support
Remove robot meta on note edit page and html template
0.4.2 cappuccino 2016-04-22 10:43
Features
Support sync scrolling to edit area
Support import and export with GitLab snippet
Support GitLab signin
Add cheatsheet and help modal
Enhancements
Upgrade CodeMirror to version 5.15.3
Support maintenance mode and gracefully exit process on signal
Update to update doc in db when doc in filesystem have newer modified time
Update to replace animation acceleration library from gsap to velocity
Support image syntax with size
Update textcomplete rules to support more conditions
Update to use bigger user profile image
Support showing signin button only when needed
Fixes
Fix other clients’ cursor might disappear or move out of bound
Fix to handle user profile image not exists
Fix potential toolbar layout glitch
Fix imgur uploads should always use https to avoid mix-content warning
Fix to change fullscreen key to avoid OS key conflicts
Fix and change ESC key in Vim mode
0.4.1 2016-04-22 10:43
Enhancements
Support when client domain not provided will use window.location variable
Support when domain not provided will use relative path
Support DOMAIN and URL_PATH environment variables
0.4.0 first-year 2016-04-20 14:30
Features
Support docs
Support Ionicons and Octicons
Support mermaid diagram
Support import and export with Gist
Support import and export with Google Drive
Support more options in YAML metadata
Support change keymap and indentation size/type
Enhancements
Change header anchor styles
Refactor server code and configs
Support experimental spell checking
Upgrade CodeMirror to 5.13.5
Update to emit info and disconnect clients if updater get errors
Support to indicate if the note status is created or updated
Support more DB types
Server now use ORM for DBs
Support static file cache
Support more ssl settings
Improve server stablilty
Improve server performance
Support Ionicons
Support container syntax and styles
Improve input performance
Change markdown engine from remarkable to markdown-it
Server now support set sub url path
Support textcomplete in multiple editing
Update to filter XSS on rendering
Update to make sync scroll lerp on last line
Update to make continue list in todo list default as unchecked
Support auto indent whole line in list or blockquote
Fixes
Fix status bar might be inserted before loaded
Fix mobile layout and focus issues
Fix editor layout and styles might not handle correctly
Fix all diagram rendering method and styles to avoid partial update gets wrong
Fix to ignore process image which already wrapped by link node
Fix when cut or patse scroll map might get wrong
Fix to handle more socket error and info status
Fix textcomplete not matching properly
Fix and refactor cursor tag and cursor menu
Fix Japanese, Chinese font styles
Fix minor bugs of UI and seletor syntaxes
0.3.4 techstars 2016-01-19 00:22
Features
Beta Support slide mode
Beta Support export to PDF
Support TOC syntax
Support embed slideshare and speakerdeck
Support Graphviz charts
Support YAML metadata
Support private permission
Enhancements
Support pin note in history
Support IE9 and above
Support specify and continue line number in code block
Changed all embed layout to 100% width
Added auto detect default mode
Support show last change note user
Upgrade CodeMirror to 5.10.1 with some manual patches
Improved server performance
Support autocomplete for code block languages of charts
Fixes
Fixed some server connection issues
Fixed several issues cause scrollMap incorrect
Fixed cursor animation should not apply on scroll
Fixed a possible bug in partial update
Fixed internal href should not link out
Fixed dropbox saver url not correct
Fixed mathjax might not parse properly
Fixed sequence diagram might render multiple times
0.3.3 moon-festival 2015-09-27 14:00
Features
Added status bar below editor
Added resizable grid in both mode
Added title reminder if have unread changes
Support todo list change in the view mode
Support export to HTML
Changed to a new theme, One Dark(modified version)
Enhancements
Support extra tags in todo list
Changed overall font styles
Optimized build sync scroll map, gain lots better performance
Support and improved print styles
Support to use CDN
Image and link will href to new tab ors window
Support auto scroll to corresponding position when change mode from view to edit
Minor UI/UX tweaks
Fixes
Change DB schema to support long title
Change editable permission icon to avoid misunderstanding
Fixed some issues in OT and reconnection
Fixed cursor menu and cursor tag are not calculate doc height properly
Fixed scroll top might not animate
Fixed scroll top not save and restore properly
Fixed history might not delete or clear properly
Fixed server might not clean client properly
0.3.2 typhoon 2015-07-11 12:30
Features
Support operational transformation
Support show other user selections
Support show user profile image if available
Enhancements
Updated editor to 5.4.0
Change UI share to publish to avoid misleading
Added random color in blockquote tag
Optimized image renderer, avoid duplicated rendering
Optimized building syncscroll map, make it faster
Optimized SEO on publish and edit note
0.3.1 clearsky 2015-06-30 16:00
Features
Added auto table of content
Added basic permission control
Added view count in share note
Enhancements
Toolbar now will hide in single view
History time now will auto update
Smooth scroll on anchor changed
Updated video style
Fixes
Note might not clear when all users disconnect
Blockquote tag not parsed properly
History style not correct
0.3.0 sunrise 2015-06-15 24:00
Enhancements
Used short url in share notes
Added upload image button on toolbar
Share notes are now SEO and mobile friendly
Updated code block style
Newline now will cause line breaks
Image now will link out
Used otk to avoid race condition
Used hash to avoid data inconsistency
Optimized server realtime script
Fixes
Composition input might lost or duplicated when other input involved
Note title might not save properly
Todo list not render properly
0.2.9 wildfire 2015-05-30 14:00
Features
Support text auto complete
Support cursor tag and random last name
Support online user list
Support show user info in blockquote
Enhancements
Added more code highlighting support
Added more continue list support
Adjust menu and history filter UI for better UX
Adjust sync scoll animte to gain performance
Change compression method of dynamic data
Optimized render script
Fixes
Access history fallback might get wrong
Sync scroll not accurate
Sync scroll reach bottom range too much
Detect login state change not accurate
Detect editor focus not accurate
Server not handle some editor events
0.2.8 flame 2015-05-15 12:00
Features
Support drag-n-drop(exclude firefox) and paste image inline
Support tags filter in history
Support sublime-like shortcut keys
Enhancements
Adjust index description
Adjust toolbar ui and view font
Remove scroll sync delay and gain accuracy
Fixes
Partial update in the front and the end might not render properly
Server not handle some editor events
0.2.7 fuel 2015-05-03 12:00
Features
Support facebook, twitter, github, dropbox login
Support own history
Enhancements
Adjust history ui
Upgrade realtime package
Upgrade editor package, now support composition input better
Fixes
Partial update might not render properly
Cursor focus might not at correct position
0.2.6 zippo 2015-04-24 16:00
Features
Support sync scroll
Support partial update
Enhancements
Added feedback ui
Adjust animations and delays
Adjust editor viewportMargin for performance
Adjust emit refresh event occasion
Added editor fallback fonts
Index page auto focus at history if valid
Fixes
Server might not disconnect client properly
Resume connection might restore wrong info
0.2.5 lightning 2015-04-14 21:10
Features
Support import from dropbox and clipboard
Support more code highlighting
Support mathjax, sequence diagram and flow chart
Enhancements
Adjust toolbar and layout style
Adjust mobile layout style
Adjust history layout style
Server using heartbeat to gain accuracy of online users
Fixes
Virtual keyboard might broken the navbar
Adjust editor viewportMargin for preloading content
0.2.4 flint 2015-04-10 12:40
Features
Support save to dropbox
Show other users’ cursor with light color
Enhancements
Adjust toolbar layout style for future
Fixes
Title might not render properly
Code border style might not show properly
Server might not connect concurrent client properly
0.2.3 light 2015-04-06 20:30
Features
Support youtube, vimeo
Support gist
Added quick link in pretty
Added font-smoothing style
Enhancements
Change the rendering engine to remarkable
Adjust view, todo list layout style for UX
Added responsive layout check
Auto reload if client version mismatch
Keep history stack after reconnect if nothing changed
Added features page
Fixes
Closetags auto input might not have proper origin
Autofocus on editor only if it’s on desktop
Prevent using real script and iframe tags
Sorting in history by time not percise
0.2.2 fire 2015-03-27 21:10
Features
Support smartLists, smartypants
Support line number on code block
Support tags and search or sort history
Enhancements
Added delay on socket change
Updated markdown-body width to match github style
Socket changes now won’t add to editor’s history
Reduce redundant server events
Fixes
Toolbar links might get wrong
Wrong action redirections
0.2.1 spark 2015-03-17 13:40
Features
Support github-like todo-list
Support emoji
Enhancements
Added more effects on transition
Reduced rendering delay
Auto close and match brackets
Auto close and match tags
Added code fold and fold gutters
Added continue listing of markdown
0.2.0 launch-day 2015-03-14 20:20
Features
Markdown editor
Preview html
Realtime collaborate
Cross-platformed
Recently used history