Skip to content

Releases: gohugoio/hugo

v0.125.5

01 May 17:29
@bep bep
Compare
Choose a tag to compare

What's Changed

v0.125.4

25 Apr 13:43
@bep bep
Compare
Choose a tag to compare

What Changed

v0.125.3

22 Apr 17:36
@bep bep
Compare
Choose a tag to compare

This release fixes a security issue reported by @ejona86 (see #12411) that could allow XSS injection from Markdown content files if one of the internal link or image render hook templates added in Hugo 0.123.0 are enabled. You typically control and trust the content files, but according to Hugo's security model, we state that "template and configuration authors (you) are trusted, but the data you send in is not."

v0.125.2

20 Apr 15:42
@bep bep
Compare
Choose a tag to compare

What's Changed

v0.125.1

18 Apr 08:49
@bep bep
Compare
Choose a tag to compare

What's Changed

v0.125.0

16 Apr 15:24
@bep bep
Compare
Choose a tag to compare

Some of the notable new features in this release:

  • strings.Diff template func.
  • .PageInner in render hooks to get the inner page when using .RenderShortcode in a shortcode, typically used to resolve links and page resources relative to an included Page.
  • Add Luminance to $image.Color, allowing for sorting by relative luminance. e197c7b @bep #10450

This release is built with Go 1.22.2 (#12351) which comes with a fix for security issue CVE-2023-45288. We don't see how that could be exploited in Hugo, but we do appreciate that people want a clean security report.

Bug fixes

Improvements

Dependency Updates

Documentation

v0.124.1

20 Mar 11:54
@bep bep
Compare
Choose a tag to compare

What's Changed

v0.124.0

16 Mar 16:00
@bep bep
Compare
Choose a tag to compare

The new feature in this release is a new segments configuration section and a new --renderSegments flag/config key. This release also updates to Go 1.22.1 that fixes a security issue in the template package that Hugo uses (CVE-2023-45289, see golang/go#65697). We don't see how this could be exploited in Hugo, but we appreciate that Hugo users want to have a clean security report.

Bug fixes

Improvements

Dependency Updates

  • deps: Upgrade github.com/gohugoio/hugo-goldmark-extensions/passthrough v0.1.0 => v0.2.0 ba03114 @bep
  • build(deps): bump github.com/evanw/esbuild from 0.20.1 to 0.20.2 b1f8676 @dependabot[bot]
  • build(deps): bump golang.org/x/tools from 0.18.0 to 0.19.0 b4bff61 @dependabot[bot]
  • build(deps): bump github.com/tdewolff/minify/v2 from 2.20.17 to 2.20.19 d2cebee @dependabot[bot]
  • deps: Upgrade github.com/alecthomas/chroma/v2 to v2.13.0 be914ff @myitcv #11862
  • build(deps): bump golang.org/x/mod from 0.15.0 to 0.16.0 e626750 @dependabot[bot]

Documentation

Build Setup

v0.123.8

07 Mar 13:40
@bep bep
Compare
Choose a tag to compare

v0.123.7

01 Mar 16:31
@bep bep
Compare
Choose a tag to compare

What's Changed

  • hugofs: Fix vertical mount merge issue 2b2f2b7 @bep #12175
  • Fix and add integration test for the Bootstrap SCSS module for both Dart Sass and Libsass 0d6e593 @bep #12178
  • Fix resources.GetMatch, resources.Match, and resources.ByType to they don't normalize permalinks 7023cf0 @bep #12182
  • Make sure that sitemaps gets generated even if there is a content bundle with the same path 9dfa9e7 @bep #12183
  • resources/page: Make Taxonomy.Get and Taxonomy.Count case-insensitive 3f217fd @jmooring #12177