Skip to content

v0.44.1

Choose a tag to compare

View all tags
@github-actions github-actions released this 18 May 03:45
· 764 commits to main since this release
v0.44.1
ad07674
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Fixed

  • HTML and SVG documents now preview in the in-app viewer. The X-Frame-Options: DENY header added in 0.44.0 also applied to the document-download endpoint, so the file viewer's iframe was blocked from displaying uploaded HTML/SVG files (refused to display … X-Frame-Options to 'deny'). The inline document response now sends X-Frame-Options: SAMEORIGIN and Content-Security-Policy: frame-ancestors 'self', so the same-origin viewer can render them while cross-origin framing stays blocked. The existing script-src 'none' and sandboxed iframe are unchanged — uploaded HTML still cannot execute scripts, so there is no stored-XSS regression.

Downloads

Android App

Download the APK from the assets below and install on your Android device.

Docker Image

docker pull morelitea/initiative:0.44.1

Or use latest tag. View on Docker Hub.

Assets 3
Loading