v0.104.0 #10547
eliandoran
announced in
Releases
v0.104.0
#10547
Replies: 3 comments 1 reply
-
|
Although I was following the development closely (reading through the commits, installing a nightly build every day), I'm totally surprised by the huge number of changes. Thanks a million for all the hard work you put into this precious tool! |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Nice! I'll update .. now! |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Great work! |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Note
If you enjoyed this release, consider showing a token of appreciation by:
This release is the largest in Trilium's history, built around two big themes: security and interoperability. The attack surface has been dramatically reduced across the desktop app, the server, and shared notes — with 16 dedicated security fixes and a few deliberate breaking changes (backend scripting and the SQL console are now disabled by default), so please review the Breaking changes section before upgrading.
Getting notes in and out of Trilium is also much easier: new importers for OneNote, Notion, Google Keep, Anytype and Obsidian join a faster, more memory-efficient import/export pipeline and Spreadsheet now has XLSX and CSV import & export.
On top of that come a redesigned setup and login experience, better AI integration (including being able to use your Claude Code subscription), richer text editing (multi-state TODO lists, collapsible blocks, link previews), dashboard collections, and a huge wave of polish — roughly 86 bugfixes and 68 smaller improvements touching nearly every corner of the app. The sections below have the full details.
💡 Key highlights
1. Use a better buffering system so that the memory consumption never increases proportionally to the number of notes exported.
2. Display the progress of import/export.
3. Use a native mechanism on desktop so that the files being imported are not copied in memory.
4. Server now uses the disk to store imported files, reducing memory pressure.
5. Improved compression time by skipping already compressed files.
6. Improved import performance.
🚨 Breaking changes
config.inichange for server or desktop settings).config.ini.🐞 Bugfixes
This release lands roughly 86 bugfixes, with a strong focus on data integrity: several issues that could overwrite note content, corrupt the database during ZIP import, or leave sync in an inconsistent state have been resolved. The remainder is steady polish across the text editor, spreadsheets, Markdown import/export, canvas notes, sharing, authentication and mobile.
All 86 bugfixes
share*labels are not filtered out during safe import.✨ Improvements
Beyond the headline features, 68 smaller improvements round off nearly every corner of the app. Several are worth calling out: pinned tabs and a reworked tab bar, a right sidebar toggle handle with peek mode, and options that now open in a modal by default instead of a new tab — changes you'll notice within minutes of upgrading. Media notes get a proper treatment too, with a new gallery-style image viewer (zoom, keyboard navigation) and an overhauled media player (previous/next, play modes, Media Session API integration), while Include note now renders collections, web views and saved searches interactively, and canvas notes can embed other notes and store images as attachments.
Markdown continues to become a first-class citizen: you can now convert text notes to Markdown and back, with snippets, code-block language autocompletion and cleaner "Copy as Markdown" output. The settings screens follow the setup redesign — the keyboard shortcuts section was rebuilt around a key recorder with conflict detection, and multi-factor authentication moved into Password & auth with QR generation and TOTP validation. The rest is steady polish: the LLM assistant became noticeably smarter and smoother; spreadsheets, the backend log and the import/export dialogs all received meaningful upgrades; and the desktop app gained conveniences like tray hiding and start-on-login.
All 68 improvements
Slow 200 GET /api/backend-log with 19200316 bytes took 75ms.Text notes no longer have frontend and backend-specific versions of JavaScript
htmlToMarkdown,markdownToHtml) by @misch334 & @eliandorandata-list-idfrom list items.🌍 Internationalization
📖 Documentation
startNote,currentNote,originEntity).colorattribute.🛠️ Technical updates
🔒️ Security fixes
Security is a central theme of this release: 16 fixes systematically shrink Trilium's attack surface. Content is now sanitized on every path (HTML, SVG, collections, shared notes), injection vectors (SQL, path traversal, SSRF) have been hardened, sessions and cookies tightened, and the Electron desktop app locked down with strict permission, navigation and session-isolation policies. These fixes go hand in hand with the deliberate breaking changes above — together they make the default configuration significantly safer.
All 16 security fixes
require()in backend scripts is now allow/block-listedeval()#shareTemplateis ignored when backend scripting is disabled (EJS can run JS) — shared pages fall back to the default theme.#shareRawis now flaggedisDangerousin attribute UI; raw HTML shares are still intentionally served unrestricted (opt-in).<webview>attach vettingpersist:webviewinstead of sharing the renderer session, so embedded sites can never see Trilium cookies or resolve thetrilium-app://scheme.clipboard-sanitized-write,fullscreen,notifications(user scripts usenew Notification()); guests getfullscreenonly.window.open/target=_blank URLs are validated beforeshell.openExternaltrilium-app://dispatchBeta Was this translation helpful? Give feedback.
All reactions