html/template: errors returned from MarshalJSON are not correctly escaped #65697
Comments
rolandshoemaker
added
Security
NeedsFix
|
Change https://go.dev/cl/564196 mentions this issue: |
|
@gopherbot please open backport issues, this is a PUBLIC track security issue. |
|
Backport issue(s) opened: #65968 (for 1.21), #65969 (for 1.22). Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases. |
|
Change https://go.dev/cl/567515 mentions this issue: |
|
Change https://go.dev/cl/567535 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Feb 28, 2024
…rshalJSON errors Escape "</script" and "<!--" in errors returned from MarshalJSON errors when attempting to marshal types in script blocks. This prevents any user controlled content from prematurely terminating the script block. Updates #65697 Fixes #65968 Change-Id: Icf0e26c54ea7d9c1deed0bff11b6506c99ddef1b Reviewed-on: https://go-review.googlesource.com/c/go/+/564196 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com> (cherry picked from commit ccbc725) Reviewed-on: https://go-review.googlesource.com/c/go/+/567515 Reviewed-by: Carlos Amedee <carlos@golang.org>
gopherbot
pushed a commit
that referenced
this issue
Feb 28, 2024
…rshalJSON errors Escape "</script" and "<!--" in errors returned from MarshalJSON errors when attempting to marshal types in script blocks. This prevents any user controlled content from prematurely terminating the script block. Updates #65697 Fixes #65969 Change-Id: Icf0e26c54ea7d9c1deed0bff11b6506c99ddef1b Reviewed-on: https://go-review.googlesource.com/c/go/+/564196 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com> (cherry picked from commit ccbc725) Reviewed-on: https://go-review.googlesource.com/c/go/+/567535 Reviewed-by: Carlos Amedee <carlos@golang.org>
bradfitz
pushed a commit
to tailscale/go
that referenced
this issue
Mar 5, 2024
…rshalJSON errors Escape "</script" and "<!--" in errors returned from MarshalJSON errors when attempting to marshal types in script blocks. This prevents any user controlled content from prematurely terminating the script block. Updates golang#65697 Fixes golang#65969 Change-Id: Icf0e26c54ea7d9c1deed0bff11b6506c99ddef1b Reviewed-on: https://go-review.googlesource.com/c/go/+/564196 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com> (cherry picked from commit ccbc725) Reviewed-on: https://go-review.googlesource.com/c/go/+/567535 Reviewed-by: Carlos Amedee <carlos@golang.org>
romaindoumenc
pushed a commit
to TroutSoftware/go
that referenced
this issue
Mar 6, 2024
…rshalJSON errors Escape "</script" and "<!--" in errors returned from MarshalJSON errors when attempting to marshal types in script blocks. This prevents any user controlled content from prematurely terminating the script block. Updates golang#65697 Fixes golang#65969 Change-Id: Icf0e26c54ea7d9c1deed0bff11b6506c99ddef1b Reviewed-on: https://go-review.googlesource.com/c/go/+/564196 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com> (cherry picked from commit ccbc725) Reviewed-on: https://go-review.googlesource.com/c/go/+/567535 Reviewed-by: Carlos Amedee <carlos@golang.org>
|
This issue is https://pkg.go.dev/vuln/GO-2024-2610 |
|
IS there a plan to backport this issue to go 1.20? |
|
No, 1.20 isn't a supported release anymore. |
mraerino
pushed a commit
to ffddorf/website-ext
that referenced
this issue
Apr 1, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [hugo](https://togithub.com/gohugoio/hugo) | minor | `0.105.0` -> `0.124.1` | --- ### Release Notes <details> <summary>gohugoio/hugo (hugo)</summary> ### [`v0.124.1`](https://togithub.com/gohugoio/hugo/releases/tag/v0.124.1) [Compare Source](https://togithub.com/gohugoio/hugo/compare/v0.124.0...v0.124.1) #### What's Changed - Fix potential deadlock in Translations [`758a876`](https://togithub.com/gohugoio/hugo/commit/758a876f9) [@​bep](https://togithub.com/bep) [#​12129](https://togithub.com/gohugoio/hugo/issues/12129) - Fix rebuild when changing mixed case named templates [`19937a2`](https://togithub.com/gohugoio/hugo/commit/19937a20a) [@​bep](https://togithub.com/bep) [#​12165](https://togithub.com/gohugoio/hugo/issues/12165) - testing: Set usesFMA as true for riscv64 too [`c1ea22a`](https://togithub.com/gohugoio/hugo/commit/c1ea22a23) [@​anthonyfok](https://togithub.com/anthonyfok) - Fix regression for outputs defined in front matter for term pages [`0750a9e`](https://togithub.com/gohugoio/hugo/commit/0750a9ec9) [@​bep](https://togithub.com/bep) [#​12275](https://togithub.com/gohugoio/hugo/issues/12275) ### [`v0.124.0`](https://togithub.com/gohugoio/hugo/releases/tag/v0.124.0) [Compare Source](https://togithub.com/gohugoio/hugo/compare/v0.123.8...v0.124.0) The new feature in this release is a new [segments](https://gohugo.io/getting-started/configuration/#configure-segments) configuration section and a new `--renderSegments` flag/config key. This release also updates to Go 1.22.1 that fixes a security issue in the template package that Hugo uses (CVE-2023-45289, see [https://github.com/golang/go/issues/65697](https://togithub.com/golang/go/issues/65697)). We don't see how this could be exploited in Hugo, but we appreciate that Hugo users want to have a clean security report. #### Bug fixes - Fix .Parent when there are overlapping regular pages inbetween [`f1d7559`](https://togithub.com/gohugoio/hugo/commit/f1d755965) [@​bep](https://togithub.com/bep) [#​12263](https://togithub.com/gohugoio/hugo/issues/12263) - hugolib: Fix sitemap index with monolingual site [`3935faa`](https://togithub.com/gohugoio/hugo/commit/3935faa41) [@​jmooring](https://togithub.com/jmooring) [#​12266](https://togithub.com/gohugoio/hugo/issues/12266) - all: Typo fixes [`78178d0`](https://togithub.com/gohugoio/hugo/commit/78178d0c2) [@​coliff](https://togithub.com/coliff) - Fix translationKey handling for term pages [`68d92ef`](https://togithub.com/gohugoio/hugo/commit/68d92ef9d) [@​bep](https://togithub.com/bep) [#​12261](https://togithub.com/gohugoio/hugo/issues/12261) - Fix intersect and similar for term entry page collections [`b40f3c7`](https://togithub.com/gohugoio/hugo/commit/b40f3c7df) [@​bep](https://togithub.com/bep) [#​12254](https://togithub.com/gohugoio/hugo/issues/12254) - Fix server rebuilds when adding sub sections especially on Windows [`07b2e53`](https://togithub.com/gohugoio/hugo/commit/07b2e535b) [@​bep](https://togithub.com/bep) [#​12230](https://togithub.com/gohugoio/hugo/issues/12230) - Fix panic when changing archetype files when servere is running [`9ca1de0`](https://togithub.com/gohugoio/hugo/commit/9ca1de09d) [@​bep](https://togithub.com/bep) [#​12195](https://togithub.com/gohugoio/hugo/issues/12195) - Fix front matter date location when value gets inherited from other dates [`9668759`](https://togithub.com/gohugoio/hugo/commit/9668759ad) [@​bep](https://togithub.com/bep) [#​12236](https://togithub.com/gohugoio/hugo/issues/12236) - Fix Name for nested resourced fetched in resources.ByName and similar [`9e9b1f1`](https://togithub.com/gohugoio/hugo/commit/9e9b1f110) [@​bep](https://togithub.com/bep) [#​12214](https://togithub.com/gohugoio/hugo/issues/12214) #### Improvements - Add segments config + --renderSegments flag [`1f1c62e`](https://togithub.com/gohugoio/hugo/commit/1f1c62e6c) [@​bep](https://togithub.com/bep) [#​10106](https://togithub.com/gohugoio/hugo/issues/10106) - hugolib: Remove Site.HomeAbsURL [`558f74f`](https://togithub.com/gohugoio/hugo/commit/558f74f00) [@​bep](https://togithub.com/bep) - hugolib: Deprecate site methods Author, Authors, and Social [`d4d49e0`](https://togithub.com/gohugoio/hugo/commit/d4d49e0f0) [@​jmooring](https://togithub.com/jmooring) [#​12228](https://togithub.com/gohugoio/hugo/issues/12228) - Upgrade to Go 1.22.1 [`57206e7`](https://togithub.com/gohugoio/hugo/commit/57206e727) [@​bep](https://togithub.com/bep) [#​12250](https://togithub.com/gohugoio/hugo/issues/12250) - tpl/tplimpl: Modify figure shortcode to look for page resource [`48a0fea`](https://togithub.com/gohugoio/hugo/commit/48a0fea87) [@​jmooring](https://togithub.com/jmooring) [#​12244](https://togithub.com/gohugoio/hugo/issues/12244) [#​12245](https://togithub.com/gohugoio/hugo/issues/12245) - common/hugo: Rename IsMultiHost and IsMultiLingual [`dc6a292`](https://togithub.com/gohugoio/hugo/commit/dc6a29213) [@​jmooring](https://togithub.com/jmooring) [#​12232](https://togithub.com/gohugoio/hugo/issues/12232) - hugolib: Deprecate .Site.MultiLingual in favor of hugo.IsMultiLingual [`4f92f94`](https://togithub.com/gohugoio/hugo/commit/4f92f949e) [@​jmooring](https://togithub.com/jmooring) [#​12224](https://togithub.com/gohugoio/hugo/issues/12224) - tpl/tplimpl: Remove deprecated method from sitemapindex.xml [`f038a51`](https://togithub.com/gohugoio/hugo/commit/f038a51b3) [@​jmooring](https://togithub.com/jmooring) #### Dependency Updates - deps: Upgrade github.com/gohugoio/hugo-goldmark-extensions/passthrough v0.1.0 => v0.2.0 [`ba03114`](https://togithub.com/gohugoio/hugo/commit/ba03114aa) [@​bep](https://togithub.com/bep) - build(deps): bump github.com/evanw/esbuild from 0.20.1 to 0.20.2 [`b1f8676`](https://togithub.com/gohugoio/hugo/commit/b1f867634) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump golang.org/x/tools from 0.18.0 to 0.19.0 [`b4bff61`](https://togithub.com/gohugoio/hugo/commit/b4bff6190) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/tdewolff/minify/v2 from 2.20.17 to 2.20.19 [`d2cebee`](https://togithub.com/gohugoio/hugo/commit/d2cebee27) [@​dependabot](https://togithub.com/dependabot)\[bot] - deps: Upgrade github.com/alecthomas/chroma/v2 to v2.13.0 [`be914ff`](https://togithub.com/gohugoio/hugo/commit/be914ff34) [@​myitcv](https://togithub.com/myitcv) [#​11862](https://togithub.com/gohugoio/hugo/issues/11862) - build(deps): bump golang.org/x/mod from 0.15.0 to 0.16.0 [`e626750`](https://togithub.com/gohugoio/hugo/commit/e62675002) [@​dependabot](https://togithub.com/dependabot)\[bot] #### Documentation - docs: Regen CLI docs [`76ef3f4`](https://togithub.com/gohugoio/hugo/commit/76ef3f42f) [@​bep](https://togithub.com/bep) - docs: Regen docshelper [`0ccb6cd`](https://togithub.com/gohugoio/hugo/commit/0ccb6cdc0) [@​bep](https://togithub.com/bep) #### Build Setup - snap: Transition to from core20 to core22 [`d24ffdd`](https://togithub.com/gohugoio/hugo/commit/d24ffdde5) [@​jmooring](https://togithub.com/jmooring) [#​12219](https://togithub.com/gohugoio/hugo/issues/12219) ### [`v0.123.8`](https://togithub.com/gohugoio/hugo/releases/tag/v0.123.8) [Compare Source](https://togithub.com/gohugoio/hugo/compare/v0.123.7...v0.123.8) - docs: Fix hyphens and grammar in synopsis of command 'hugo server' [`ada3fce`](https://togithub.com/gohugoio/hugo/commit/ada3fceea) [@​deining](https://togithub.com/deining) - Fix resource name in resources.ByType [`a4b1747`](https://togithub.com/gohugoio/hugo/commit/a4b17470a) [@​bep](https://togithub.com/bep) [#​12190](https://togithub.com/gohugoio/hugo/issues/12190) - Fix global resource isn't published when using an uncommon code construct [`4d5e173`](https://togithub.com/gohugoio/hugo/commit/4d5e173cf) [@​bep](https://togithub.com/bep) [#​12190](https://togithub.com/gohugoio/hugo/issues/12190) - Fix section page resource not published if resource filename partially matches content file name [`4271b6b`](https://togithub.com/gohugoio/hugo/commit/4271b6be0) [@​bep](https://togithub.com/bep) [#​12198](https://togithub.com/gohugoio/hugo/issues/12198) - Fix taxonomy kind template lookup issue [`0567a3e`](https://togithub.com/gohugoio/hugo/commit/0567a3e6f) [@​bep](https://togithub.com/bep) [#​12193](https://togithub.com/gohugoio/hugo/issues/12193) - markup/goldmark: TOC: render strikethrough, emojis [`134e7d1`](https://togithub.com/gohugoio/hugo/commit/134e7d1d3) [@​lyind](https://togithub.com/lyind) [#​7169](https://togithub.com/gohugoio/hugo/issues/7169) [#​11783](https://togithub.com/gohugoio/hugo/issues/11783) [#​12022](https://togithub.com/gohugoio/hugo/issues/12022) - Add hugo.IsMultiHost [`1f48b71`](https://togithub.com/gohugoio/hugo/commit/1f48b717c) [@​razonyang](https://togithub.com/razonyang) - resources/images: Retain newlines with text overlays [`05e23bd`](https://togithub.com/gohugoio/hugo/commit/05e23bd55) [@​jmooring](https://togithub.com/jmooring) [#​12206](https://togithub.com/gohugoio/hugo/issues/12206) - Don't auto-create empty sections for nested taxonomies [`7afac3f`](https://togithub.com/gohugoio/hugo/commit/7afac3f1a) [@​bep](https://togithub.com/bep) [#​12188](https://togithub.com/gohugoio/hugo/issues/12188) - tpl/tplimpl: Honor markdown attributes in embedded image render hook [`632ad74`](https://togithub.com/gohugoio/hugo/commit/632ad74fc) [@​jmooring](https://togithub.com/jmooring) [#​12203](https://togithub.com/gohugoio/hugo/issues/12203) ### [`v0.123.7`](https://togithub.com/gohugoio/hugo/releases/tag/v0.123.7) [Compare Source](https://togithub.com/gohugoio/hugo/compare/v0.123.6...v0.123.7) #### What's Changed - hugofs: Fix vertical mount merge issue [`2b2f2b7`](https://togithub.com/gohugoio/hugo/commit/2b2f2b75e) [@​bep](https://togithub.com/bep) [#​12175](https://togithub.com/gohugoio/hugo/issues/12175) - Fix and add integration test for the Bootstrap SCSS module for both Dart Sass and Libsass [`0d6e593`](https://togithub.com/gohugoio/hugo/commit/0d6e593ff) [@​bep](https://togithub.com/bep) [#​12178](https://togithub.com/gohugoio/hugo/issues/12178) - Fix resources.GetMatch, resources.Match, and resources.ByType to they don't normalize permalinks [`7023cf0`](https://togithub.com/gohugoio/hugo/commit/7023cf0f0) [@​bep](https://togithub.com/bep) [#​12182](https://togithub.com/gohugoio/hugo/issues/12182) - Make sure that sitemaps gets generated even if there is a content bundle with the same path [`9dfa9e7`](https://togithub.com/gohugoio/hugo/commit/9dfa9e70e) [@​bep](https://togithub.com/bep) [#​12183](https://togithub.com/gohugoio/hugo/issues/12183) - resources/page: Make Taxonomy.Get and Taxonomy.Count case-insensitive [`3f217fd`](https://togithub.com/gohugoio/hugo/commit/3f217fd66) [@​jmooring](https://togithub.com/jmooring) [#​12177](https://togithub.com/gohugoio/hugo/issues/12177) ### [`v0.123.6`](https://togithub.com/gohugoio/hugo/releases/tag/v0.123.6) [Compare Source](https://togithub.com/gohugoio/hugo/compare/v0.123.5...v0.123.6) #### What's Changed - Fix panic when cascading headless from site config to section that does not have an \_index.md file [`fce8d82`](https://togithub.com/gohugoio/hugo/commit/fce8d82b7) [@​bep](https://togithub.com/bep) [#​12172](https://togithub.com/gohugoio/hugo/issues/12172) - Fix assets vs data issue [`4a502f7`](https://togithub.com/gohugoio/hugo/commit/4a502f7eb) [@​bep](https://togithub.com/bep) [#​12133](https://togithub.com/gohugoio/hugo/issues/12133) - Fix draft for non-default content when content in default language does not exist [`be1dbba`](https://togithub.com/gohugoio/hugo/commit/be1dbba0f) [@​bep](https://togithub.com/bep) [#​12132](https://togithub.com/gohugoio/hugo/issues/12132) ### [`v0.123.5`](https://togithub.com/gohugoio/hugo/releases/tag/v0.123.5) [Compare Source](https://togithub.com/gohugoio/hugo/compare/v0.123.4...v0.123.5) #### What's Changed - Fix .Page.Pages with similary named sections [`6a8b25e`](https://togithub.com/gohugoio/hugo/commit/6a8b25e29) [@​bep](https://togithub.com/bep) [#​12169](https://togithub.com/gohugoio/hugo/issues/12169) - Fix single mount rename panic [`a322282`](https://togithub.com/gohugoio/hugo/commit/a322282e7) [@​bep](https://togithub.com/bep) [#​12141](https://togithub.com/gohugoio/hugo/issues/12141) - Fix multihost processed image not copied to non-default content languages [`6bc0d74`](https://togithub.com/gohugoio/hugo/commit/6bc0d745a) [@​bep](https://togithub.com/bep) [#​12163](https://togithub.com/gohugoio/hugo/issues/12163) - build(deps): bump github.com/bep/overlayfs from 0.9.1 to 0.9.2 [`2186903`](https://togithub.com/gohugoio/hugo/commit/218690328) [@​dependabot](https://togithub.com/dependabot)\[bot] ### [`v0.123.4`](https://togithub.com/gohugoio/hugo/releases/tag/v0.123.4) [Compare Source](https://togithub.com/gohugoio/hugo/compare/v0.123.3...v0.123.4) - Fix cascade-pattern-with-extension for cascade in site config [`1736ef7`](https://togithub.com/gohugoio/hugo/commit/1736ef745) [@​bep](https://togithub.com/bep) [#​12151](https://togithub.com/gohugoio/hugo/issues/12151) - Fix term template lookup when its backed by a content file [`f27e578`](https://togithub.com/gohugoio/hugo/commit/f27e57871) [@​bep](https://togithub.com/bep) [#​12146](https://togithub.com/gohugoio/hugo/issues/12146) - Fix panic for disableKinds page for content resources [`049dd1d`](https://togithub.com/gohugoio/hugo/commit/049dd1d7e) [@​bep](https://togithub.com/bep) [#​12144](https://togithub.com/gohugoio/hugo/issues/12144) - tocss: Fix the import resolving from absolute to relative assets paths [`189b723`](https://togithub.com/gohugoio/hugo/commit/189b72331) [@​bep](https://togithub.com/bep) [#​12137](https://togithub.com/gohugoio/hugo/issues/12137) - config/allconfig: Fix typo [`80e6934`](https://togithub.com/gohugoio/hugo/commit/80e69344d) [@​jmooring](https://togithub.com/jmooring) [#​12134](https://togithub.com/gohugoio/hugo/issues/12134) - resource: Revert the normalization of Resource.Name [`d310595`](https://togithub.com/gohugoio/hugo/commit/d310595a2) [@​bep](https://togithub.com/bep) [#​12142](https://togithub.com/gohugoio/hugo/issues/12142) - build(deps): bump github.com/spf13/fsync from 0.10.0 to 0.10.1 [`d4be164`](https://togithub.com/gohugoio/hugo/commit/d4be1643a) [@​dependabot](https://togithub.com/dependabot)\[bot] ### [`v0.123.3`](https://togithub.com/gohugoio/hugo/releases/tag/v0.123.3) [Compare Source](https://togithub.com/gohugoio/hugo/compare/v0.123.2...v0.123.3) #### Bug fixes - hugolib: Fix a .Page.GetPage from bundle case [`f521336`](https://togithub.com/gohugoio/hugo/commit/f521336c8) [@​bep](https://togithub.com/bep) [#​12120](https://togithub.com/gohugoio/hugo/issues/12120) - cache/dynacache: Reset ticker in case one cache eviction takes some time [`03b88c6`](https://togithub.com/gohugoio/hugo/commit/03b88c6dd) [@​bep](https://togithub.com/bep) [#​12129](https://togithub.com/gohugoio/hugo/issues/12129) - Speed up GetPage [`bf14d0c`](https://togithub.com/gohugoio/hugo/commit/bf14d0cb2) [@​bep](https://togithub.com/bep) - resources: Skip the image golden tests when running locally [`c4fe45f`](https://togithub.com/gohugoio/hugo/commit/c4fe45ff4) [@​bep](https://togithub.com/bep) [#​12119](https://togithub.com/gohugoio/hugo/issues/12119) - js: Support JSX and JSXImportSourceOptions [`554aa58`](https://togithub.com/gohugoio/hugo/commit/554aa58db) [@​baltpeter](https://togithub.com/baltpeter) [#​12118](https://togithub.com/gohugoio/hugo/issues/12118) - hugolib: Add capitalizeListTitles config option [`36bf3cb`](https://togithub.com/gohugoio/hugo/commit/36bf3cb98) [@​jmooring](https://togithub.com/jmooring) [#​9793](https://togithub.com/gohugoio/hugo/issues/9793) [#​12115](https://togithub.com/gohugoio/hugo/issues/12115) ### [`v0.123.2`](https://togithub.com/gohugoio/hugo/releases/tag/v0.123.2) [Compare Source](https://togithub.com/gohugoio/hugo/compare/v0.123.1...v0.123.2) #### What's Changed - Fix it so not all bundled resources are removed when one translation is drafted [`db3bb62`](https://togithub.com/gohugoio/hugo/commit/db3bb623d) [@​bep](https://togithub.com/bep) [#​12105](https://togithub.com/gohugoio/hugo/issues/12105) - commands/mod: Ignore invalid module path [`f5fd7ec`](https://togithub.com/gohugoio/hugo/commit/f5fd7ec8c) [@​razonyang](https://togithub.com/razonyang) - Fix regression on handling of overlapping file mounts [`16406d9`](https://togithub.com/gohugoio/hugo/commit/16406d9d7) [@​bep](https://togithub.com/bep) [#​12103](https://togithub.com/gohugoio/hugo/issues/12103) - Sitemap should not use list.xml [`e757849`](https://togithub.com/gohugoio/hugo/commit/e75784930) [@​bep](https://togithub.com/bep) [#​12101](https://togithub.com/gohugoio/hugo/issues/12101) - Fix rebuild when adding a bundle with space in name [`b8ab5c9`](https://togithub.com/gohugoio/hugo/commit/b8ab5c9be) [@​bep](https://togithub.com/bep) [#​12092](https://togithub.com/gohugoio/hugo/issues/12092) - Fix relative import issue in libsass/dart sass [`cf7023c`](https://togithub.com/gohugoio/hugo/commit/cf7023cb9) [@​bep](https://togithub.com/bep) [#​12094](https://togithub.com/gohugoio/hugo/issues/12094) - Fix relref regression with trailing slash [`fd0185a`](https://togithub.com/gohugoio/hugo/commit/fd0185a84) [@​bep](https://togithub.com/bep) [#​12096](https://togithub.com/gohugoio/hugo/issues/12096) ### [`v0.123.1`](https://togithub.com/gohugoio/hugo/releases/tag/v0.123.1) [Compare Source](https://togithub.com/gohugoio/hugo/compare/v0.123.0...v0.123.1) - Fix server rebuilding of pages without default content language [`eceeb19`](https://togithub.com/gohugoio/hugo/commit/eceeb1975) [@​bep](https://togithub.com/bep) [#​12082](https://togithub.com/gohugoio/hugo/issues/12082) - Fix dart sass import regression [`621194a`](https://togithub.com/gohugoio/hugo/commit/621194a31) [@​bep](https://togithub.com/bep) [#​12072](https://togithub.com/gohugoio/hugo/issues/12072) - Fix robots.txt using the built-in template regression [`a118cb4`](https://togithub.com/gohugoio/hugo/commit/a118cb413) [@​bep](https://togithub.com/bep) [#​12071](https://togithub.com/gohugoio/hugo/issues/12071) - tpl/tplimpl: Resolve fragments in link render hook [`c9f7ebf`](https://togithub.com/gohugoio/hugo/commit/c9f7ebf00) [@​jmooring](https://togithub.com/jmooring) [#​12084](https://togithub.com/gohugoio/hugo/issues/12084) - Fall back to original name in Resources.GetMatch/Match [`48eec2a`](https://togithub.com/gohugoio/hugo/commit/48eec2a4e) [@​bep](https://togithub.com/bep) [#​12076](https://togithub.com/gohugoio/hugo/issues/12076) ### [`v0.123.0`](https://togithub.com/gohugoio/hugo/releases/tag/v0.123.0) [Compare Source](https://togithub.com/gohugoio/hugo/compare/v0.122.0...v0.123.0) The work title for the `v0.123.0` release has been "the million pages release", introducing a new memory limit that allows for a streaming build, shifting large objects out of memory when not in use. This release is also a rewrite of the Hugo core, fixing lots of long-lived bugs and adding some other exciting improvements (see below). There are some [breaking changes](https://togithub.com/gohugoio/hugo/issues/11455) that have been announced for a long time. Most sites will not be affected by this, but we recommend that you test your site with the new Hugo version before you set it up to build to production. Many people have contributed to this release, but a special shoutout goes to [@​bep](https://togithub.com/bep) and [@​jmooring](https://togithub.com/jmooring), but also to [@​TiGR](https://togithub.com/TiGR) and [@​McShelby](https://togithub.com/McShelby) for their help testing and reporting bugs. A list of notable new features: - You can now set a upper memory limit (default 25% of system memory) via the OS environment variable `HUGO_MEMORYLIMIT` (in gigabytes) allowing for much larger data/page sets and/or running on lower specced PCs. This is backed by a partitioned LRU cache used throughout Hugo. A cache that gets dynamically resized in low memory situations, allowing [Go's Garbage Collector](https://tip.golang.org/doc/gc-guide) to free the memory. Note that for regular sized Hugo sites, the performance should be about the same as before. - New dependency tracker for partial server rebuilds. This quickly calculates the delta given a changed resource (e.g. a content file, template, JS file etc.) and supports transitive relations. - A new document store. Previously, a little simplified, we split the document store (where we store pages and resources) in a tree per language. This worked pretty well, but the structure made some operations harder than they needed to be. We have now restructured it into one Radix tree for all languages. Internally the language is considered to be a dimension of that tree, and the tree can be viewed in all dimensions concurrently. This makes some operations re. language simpler (e.g. finding translations is just a slice range), but the idea is that it should also be relatively inexpensive to add more dimensions if needed (e.g. [role](https://togithub.com/gohugoio/hugo/issues/5139)). With this we also introduce a new [logical page Path](https://gohugo.io/methods/page/path/) which we will used going forward to support other content data sources. - Add warnidf template function, see [docs](https://gohugo.io/functions/fmt/warnidf/) - Add the `[params]` concept to front matter, see [docs](https://gohugo.io/content-management/front-matter/#params) - Add images.Dither filter, see [docs](https://gohugo.io/functions/images/dither/) #### Bug fixes - Fix handling of build options for term pages [`5ada27b`](https://togithub.com/gohugoio/hugo/commit/5ada27bf6) [@​bep](https://togithub.com/bep) [#​12058](https://togithub.com/gohugoio/hugo/issues/12058) - Fix sample logic when adding content files in server [`afe5b6d`](https://togithub.com/gohugoio/hugo/commit/afe5b6d7d) [@​bep](https://togithub.com/bep) [#​12054](https://togithub.com/gohugoio/hugo/issues/12054) - all: Fix typos and some URLs [`168d375`](https://togithub.com/gohugoio/hugo/commit/168d37578) [@​coliff](https://togithub.com/coliff) - Fix handling of draft term pages [`fc6aabe`](https://togithub.com/gohugoio/hugo/commit/fc6aabe93) [@​bep](https://togithub.com/bep) [#​12055](https://togithub.com/gohugoio/hugo/issues/12055) - commands: Fix --clock with the list command [`4835f9e`](https://togithub.com/gohugoio/hugo/commit/4835f9e89) [@​bep](https://togithub.com/bep) [#​11888](https://togithub.com/gohugoio/hugo/issues/11888) - Fix server panic on i18n file change [`9679443`](https://togithub.com/gohugoio/hugo/commit/9679443c1) [@​bep](https://togithub.com/bep) [#​12048](https://togithub.com/gohugoio/hugo/issues/12048) - Fix rebuild regression on non-default content language edits [`68f67c9`](https://togithub.com/gohugoio/hugo/commit/68f67c9ae) [@​bep](https://togithub.com/bep) [#​12043](https://togithub.com/gohugoio/hugo/issues/12043) - Fix i18n rebuild regression [`f1491c9`](https://togithub.com/gohugoio/hugo/commit/f1491c900) [@​bep](https://togithub.com/bep) [#​12039](https://togithub.com/gohugoio/hugo/issues/12039) - Fix rebuild with resources.Concat [`639073e`](https://togithub.com/gohugoio/hugo/commit/639073e4f) [@​bep](https://togithub.com/bep) [#​12017](https://togithub.com/gohugoio/hugo/issues/12017) - all: Fix typos [`0672b5c`](https://togithub.com/gohugoio/hugo/commit/0672b5c76) [@​coliff](https://togithub.com/coliff) - resources/page: Fix typo [`e309f82`](https://togithub.com/gohugoio/hugo/commit/e309f82ef) [@​rosano](https://togithub.com/rosano) - Fix taxonomy term with backing file regression [`caba6ba`](https://togithub.com/gohugoio/hugo/commit/caba6ba6e) [@​bep](https://togithub.com/bep) [#​12020](https://togithub.com/gohugoio/hugo/issues/12020) - Fix rebuild of changed bundled content files [`a65622a`](https://togithub.com/gohugoio/hugo/commit/a65622a13) [@​bep](https://togithub.com/bep) [#​12000](https://togithub.com/gohugoio/hugo/issues/12000) - Fix site.Taxonomies for taxonomies with space in name [`146aedd`](https://togithub.com/gohugoio/hugo/commit/146aedd7a) [@​bep](https://togithub.com/bep) [#​12001](https://togithub.com/gohugoio/hugo/issues/12001) - Misc resource fixes/improvements [`2873324`](https://togithub.com/gohugoio/hugo/commit/287332489) [@​bep](https://togithub.com/bep) [#​11974](https://togithub.com/gohugoio/hugo/issues/11974) - Fix disabled languages regression [`4174a78`](https://togithub.com/gohugoio/hugo/commit/4174a7866) [@​bep](https://togithub.com/bep) [#​11959](https://togithub.com/gohugoio/hugo/issues/11959) - tpl/data: Fix GetCSV deprecation message [`5dd06b4`](https://togithub.com/gohugoio/hugo/commit/5dd06b413) [@​jmooring](https://togithub.com/jmooring) - Fix failing test on Windows [`d8f0e30`](https://togithub.com/gohugoio/hugo/commit/d8f0e3071) [@​bep](https://togithub.com/bep) - deploy: Fix CloudFront invalidation with AWS SDK2 [`d8c2734`](https://togithub.com/gohugoio/hugo/commit/d8c273417) [@​bep](https://togithub.com/bep) - Fix build error [`34d63c8`](https://togithub.com/gohugoio/hugo/commit/34d63c8d1) [@​bep](https://togithub.com/bep) - Fix recent regression .Resources.Get for resources with spaces in filename [`80595bb`](https://togithub.com/gohugoio/hugo/commit/80595bbe3) [@​bep](https://togithub.com/bep) [#​11944](https://togithub.com/gohugoio/hugo/issues/11944) - hugofs/glob: Fix dropped test error [`ec22bb3`](https://togithub.com/gohugoio/hugo/commit/ec22bb31a) [@​alrs](https://togithub.com/alrs) #### Improvements - Handle rebuilds when resources passed to transform.Unmarshal etc. changes [`5dbc29d`](https://togithub.com/gohugoio/hugo/commit/5dbc29dc6) [@​bep](https://togithub.com/bep) [#​12065](https://togithub.com/gohugoio/hugo/issues/12065) - Don't use the same value in .Data.Term.Title as in .Title [`5bdda0b`](https://togithub.com/gohugoio/hugo/commit/5bdda0bdb) [@​bep](https://togithub.com/bep) [#​12041](https://togithub.com/gohugoio/hugo/issues/12041) - Let standard library handle charset parameter to MIME types [`43ea2cd`](https://togithub.com/gohugoio/hugo/commit/43ea2cd66) [@​datosh](https://togithub.com/datosh) [#​10734](https://togithub.com/gohugoio/hugo/issues/10734) - Add images.Dither filter [`21d9057`](https://togithub.com/gohugoio/hugo/commit/21d9057db) [@​jmooring](https://togithub.com/jmooring) [#​8598](https://togithub.com/gohugoio/hugo/issues/8598) - markup/goldmark: Improve TOC tests [`f4575e5`](https://togithub.com/gohugoio/hugo/commit/f4575e5f2) [@​jmooring](https://togithub.com/jmooring) - Move the duplicate page/resource filter [`0851c17`](https://togithub.com/gohugoio/hugo/commit/0851c175a) [@​bep](https://togithub.com/bep) [#​12013](https://togithub.com/gohugoio/hugo/issues/12013) - Upgrade to Go 1.22 [`9571246`](https://togithub.com/gohugoio/hugo/commit/9571246bc) [@​bep](https://togithub.com/bep) [#​12010](https://togithub.com/gohugoio/hugo/issues/12010) - Avoid impporting deploy from config when nodeploy tag is set [`0257eb5`](https://togithub.com/gohugoio/hugo/commit/0257eb50a) [@​bep](https://togithub.com/bep) [#​12009](https://togithub.com/gohugoio/hugo/issues/12009) - commands: Remove unused memstats flag [`bd0200d`](https://togithub.com/gohugoio/hugo/commit/bd0200da6) [@​bep](https://togithub.com/bep) - source: Remove unused Filesystem struct [`a80c302`](https://togithub.com/gohugoio/hugo/commit/a80c3021b) [@​bep](https://togithub.com/bep) - Filter dot files etc. in i18n [`9df7b29`](https://togithub.com/gohugoio/hugo/commit/9df7b295b) [@​bep](https://togithub.com/bep) [#​11993](https://togithub.com/gohugoio/hugo/issues/11993) - commands: Revert the recent changes that allowed profiling on server rebuilds [`c37bf19`](https://togithub.com/gohugoio/hugo/commit/c37bf19c8) [@​bep](https://togithub.com/bep) - Handle resource changes when the resources is already evicted from cache [`609d798`](https://togithub.com/gohugoio/hugo/commit/609d798e3) [@​bep](https://togithub.com/bep) [#​11988](https://togithub.com/gohugoio/hugo/issues/11988) [#​11973](https://togithub.com/gohugoio/hugo/issues/11973) [#​11988](https://togithub.com/gohugoio/hugo/issues/11988) - all: Rename Unmormalized => Unnormalized [`53f2043`](https://togithub.com/gohugoio/hugo/commit/53f204310) [@​bep](https://togithub.com/bep) - hugolib: Formally deprecate .Page.NextPage .Page.PrevPage [`7f82461`](https://togithub.com/gohugoio/hugo/commit/7f8246140) [@​jmooring](https://togithub.com/jmooring) - hugio: Rename strigReadSeeker => stringReadSeeker [`b72f909`](https://togithub.com/gohugoio/hugo/commit/b72f90972) [@​bep](https://togithub.com/bep) - resources/page: Formally deprecate .Site.LastChange [`3a665dd`](https://togithub.com/gohugoio/hugo/commit/3a665ddbf) [@​jmooring](https://togithub.com/jmooring) - Preserve file/dir name case when loading data [`46575ba`](https://togithub.com/gohugoio/hugo/commit/46575baa0) [@​bep](https://togithub.com/bep) [#​11979](https://togithub.com/gohugoio/hugo/issues/11979) - Detect now invalid path patterns in cascade [`058f230`](https://togithub.com/gohugoio/hugo/commit/058f230a1) [@​bep](https://togithub.com/bep) [#​11977](https://togithub.com/gohugoio/hugo/issues/11977) - Handle build vs \_build in front matter [`a66480f`](https://togithub.com/gohugoio/hugo/commit/a66480f70) [@​bep](https://togithub.com/bep) [#​11970](https://togithub.com/gohugoio/hugo/issues/11970) - resources: Optimize reading resource Content when it's already a string [`e33a632`](https://togithub.com/gohugoio/hugo/commit/e33a63255) [@​bep](https://togithub.com/bep) - tpl/tplimpl: Update embedded instagram, twitter, and vimeo shortcodes [`d0788b9`](https://togithub.com/gohugoio/hugo/commit/d0788b96a) [@​jmooring](https://togithub.com/jmooring) [#​11971](https://togithub.com/gohugoio/hugo/issues/11971) - Add some more context to error [`034fbef`](https://togithub.com/gohugoio/hugo/commit/034fbef50) [@​bep](https://togithub.com/bep) [#​11970](https://togithub.com/gohugoio/hugo/issues/11970) - Improve nilpointer error message [`8d42a79`](https://togithub.com/gohugoio/hugo/commit/8d42a7942) [@​bep](https://togithub.com/bep) - hugolib: Adjust a test case [`f5ec75d`](https://togithub.com/gohugoio/hugo/commit/f5ec75db3) [@​bep](https://togithub.com/bep) - hugolib: Revert deprecation of .Page.Lang [`6cb3bda`](https://togithub.com/gohugoio/hugo/commit/6cb3bda3d) [@​jmooring](https://togithub.com/jmooring) - all: Deprecate .Page.Lang and .Page.File.Lang [`963cecc`](https://togithub.com/gohugoio/hugo/commit/963cecc12) [@​jmooring](https://togithub.com/jmooring) - config/security: Add SYSTEMDRIVE to OsEnv allowlist [`b6def61`](https://togithub.com/gohugoio/hugo/commit/b6def6172) [@​jmooring](https://togithub.com/jmooring) - hugolib: Add some more details to the "paginator not supported" error [`1891d5e`](https://togithub.com/gohugoio/hugo/commit/1891d5e6b) [@​bep](https://togithub.com/bep) [#​11949](https://togithub.com/gohugoio/hugo/issues/11949) - Run go mod tidy [`156f08d`](https://togithub.com/gohugoio/hugo/commit/156f08de3) [@​bep](https://togithub.com/bep) - Upgrade to deploy to use AWS SDK V2 [`a1c6498`](https://togithub.com/gohugoio/hugo/commit/a1c64989d) [@​frankywahl](https://togithub.com/frankywahl) - Improve error message when attempting to paginate from a single page template [`6c3b6ba`](https://togithub.com/gohugoio/hugo/commit/6c3b6ba3e) [@​bep](https://togithub.com/bep) [#​11953](https://togithub.com/gohugoio/hugo/issues/11953) - Filter out duplicate content resource files [`bd66d30`](https://togithub.com/gohugoio/hugo/commit/bd66d3029) [@​bep](https://togithub.com/bep) [#​11946](https://togithub.com/gohugoio/hugo/issues/11946) - output: Prevent setting Name directly in new output formats [`309d61b`](https://togithub.com/gohugoio/hugo/commit/309d61b22) [@​bep](https://togithub.com/bep) [#​11947](https://togithub.com/gohugoio/hugo/issues/11947) - Create default link and image render hooks [`5b7cb25`](https://togithub.com/gohugoio/hugo/commit/5b7cb258e) [@​bep](https://togithub.com/bep) [#​11933](https://togithub.com/gohugoio/hugo/issues/11933) - Emit a warning that can be turned off when overwriting built-in .Params values [`afee781`](https://togithub.com/gohugoio/hugo/commit/afee781f0) [@​bep](https://togithub.com/bep) [#​11941](https://togithub.com/gohugoio/hugo/issues/11941) - Add warnidf template function [`4e84f57`](https://togithub.com/gohugoio/hugo/commit/4e84f57ef) [@​bep](https://togithub.com/bep) [#​9189](https://togithub.com/gohugoio/hugo/issues/9189) - Add path, kind and lang to content front matter [`f31a6db`](https://togithub.com/gohugoio/hugo/commit/f31a6db79) [@​bep](https://togithub.com/bep) [#​11544](https://togithub.com/gohugoio/hugo/issues/11544) - all: Run gofumpt -l -w . [`a795acb`](https://togithub.com/gohugoio/hugo/commit/a795acbcd) [@​bep](https://togithub.com/bep) - testing: Simplify some integration tests [`982d951`](https://togithub.com/gohugoio/hugo/commit/982d9513e) [@​bep](https://togithub.com/bep) - Add the \[params] concept to front matter [`6dedb4e`](https://togithub.com/gohugoio/hugo/commit/6dedb4efc) [@​bep](https://togithub.com/bep) [#​11055](https://togithub.com/gohugoio/hugo/issues/11055) - tpl/data: Deprecate data.GetJSON and data.GetCSV [`292626e`](https://togithub.com/gohugoio/hugo/commit/292626e67) [@​bep](https://togithub.com/bep) - modules: Print required Hugo version for incompatible modules [`60d954c`](https://togithub.com/gohugoio/hugo/commit/60d954c78) [@​razonyang](https://togithub.com/razonyang) - hugolib: Remove unused test image [`63e0a92`](https://togithub.com/gohugoio/hugo/commit/63e0a9289) [@​bep](https://togithub.com/bep) - navigation: Improve menu cache [`ce7daa6`](https://togithub.com/gohugoio/hugo/commit/ce7daa615) [@​Kandulanaveennaidu](https://togithub.com/Kandulanaveennaidu) - testing: Rename integration_test.go to PACKAGE_integration_test.go [`2a03294`](https://togithub.com/gohugoio/hugo/commit/2a0329423) [@​bep](https://togithub.com/bep) - Port some integration tests to new test setup [`50dc327`](https://togithub.com/gohugoio/hugo/commit/50dc327d1) [@​bep](https://togithub.com/bep) - all: Rework page store, add a dynacache, improve partial rebuilds, and some general spring cleaning [`7285e74`](https://togithub.com/gohugoio/hugo/commit/7285e7409) [@​bep](https://togithub.com/bep) [#​11455](https://togithub.com/gohugoio/hugo/issues/11455) [#​11455](https://togithub.com/gohugoio/hugo/issues/11455) [#​11549](https://togithub.com/gohugoio/hugo/issues/11549) [#​10169](https://togithub.com/gohugoio/hugo/issues/10169) [#​10364](https://togithub.com/gohugoio/hugo/issues/10364) [#​10482](https://togithub.com/gohugoio/hugo/issues/10482) [#​10630](https://togithub.com/gohugoio/hugo/issues/10630) [#​10656](https://togithub.com/gohugoio/hugo/issues/10656) [#​10694](https://togithub.com/gohugoio/hugo/issues/10694) [#​10918](https://togithub.com/gohugoio/hugo/issues/10918) [#​11262](https://togithub.com/gohugoio/hugo/issues/11262) [#​11439](https://togithub.com/gohugoio/hugo/issues/11439) [#​11453](https://togithub.com/gohugoio/hugo/issues/11453) [#​11457](https://togithub.com/gohugoio/hugo/issues/11457) [#​11466](https://togithub.com/gohugoio/hugo/issues/11466) [#​11540](https://togithub.com/gohugoio/hugo/issues/11540) [#​11551](https://togithub.com/gohugoio/hugo/issues/11551) [#​11556](https://togithub.com/gohugoio/hugo/issues/11556) [#​11654](https://togithub.com/gohugoio/hugo/issues/11654) [#​11661](https://togithub.com/gohugoio/hugo/issues/11661) [#​11663](https://togithub.com/gohugoio/hugo/issues/11663) [#​11664](https://togithub.com/gohugoio/hugo/issues/11664) [#​11669](https://togithub.com/gohugoio/hugo/issues/11669) [#​11671](https://togithub.com/gohugoio/hugo/issues/11671) [#​11807](https://togithub.com/gohugoio/hugo/issues/11807) [#​11808](https://togithub.com/gohugoio/hugo/issues/11808) [#​11809](https://togithub.com/gohugoio/hugo/issues/11809) [#​11815](https://togithub.com/gohugoio/hugo/issues/11815) [#​11840](https://togithub.com/gohugoio/hugo/issues/11840) [#​11853](https://togithub.com/gohugoio/hugo/issues/11853) [#​11860](https://togithub.com/gohugoio/hugo/issues/11860) [#​11883](https://togithub.com/gohugoio/hugo/issues/11883) [#​11904](https://togithub.com/gohugoio/hugo/issues/11904) [#​7388](https://togithub.com/gohugoio/hugo/issues/7388) [#​7425](https://togithub.com/gohugoio/hugo/issues/7425) [#​7436](https://togithub.com/gohugoio/hugo/issues/7436) [#​7544](https://togithub.com/gohugoio/hugo/issues/7544) [#​7882](https://togithub.com/gohugoio/hugo/issues/7882) [#​7960](https://togithub.com/gohugoio/hugo/issues/7960) [#​8255](https://togithub.com/gohugoio/hugo/issues/8255) [#​8307](https://togithub.com/gohugoio/hugo/issues/8307) [#​8863](https://togithub.com/gohugoio/hugo/issues/8863) [#​8927](https://togithub.com/gohugoio/hugo/issues/8927) [#​9192](https://togithub.com/gohugoio/hugo/issues/9192) [#​9324](https://togithub.com/gohugoio/hugo/issues/9324) #### Dependency Updates - build(deps): bump github.com/tdewolff/minify/v2 from 2.20.16 to 2.20.17 [`f54ba6f`](https://togithub.com/gohugoio/hugo/commit/f54ba6f9e) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/evanw/esbuild from 0.20.0 to 0.20.1 [`4019b17`](https://togithub.com/gohugoio/hugo/commit/4019b177e) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump golang.org/x/tools from 0.17.0 to 0.18.0 [`4a53fd5`](https://togithub.com/gohugoio/hugo/commit/4a53fd56b) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump golang.org/x/net from 0.20.0 to 0.21.0 [`2d1681d`](https://togithub.com/gohugoio/hugo/commit/2d1681d91) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump golang.org/x/mod from 0.14.0 to 0.15.0 [`301bafa`](https://togithub.com/gohugoio/hugo/commit/301bafabe) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/yuin/goldmark from 1.6.0 to 1.7.0 [`58d7f83`](https://togithub.com/gohugoio/hugo/commit/58d7f8339) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/getkin/kin-openapi from 0.122.0 to 0.123.0 [`54ad51e`](https://togithub.com/gohugoio/hugo/commit/54ad51e8a) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/tdewolff/minify/v2 from 2.20.13 to 2.20.16 [`bd1bcc0`](https://togithub.com/gohugoio/hugo/commit/bd1bcc0f9) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/evanw/esbuild from 0.19.12 to 0.20.0 [`b332f24`](https://togithub.com/gohugoio/hugo/commit/b332f243f) [@​dependabot](https://togithub.com/dependabot)\[bot] - deps: Update gocloud.dev/aws [`d8e1e82`](https://togithub.com/gohugoio/hugo/commit/d8e1e8218) [@​bep](https://togithub.com/bep) - build(deps): bump github.com/aws/aws-sdk-go from 1.48.6 to 1.50.7 [`4d98b0e`](https://togithub.com/gohugoio/hugo/commit/4d98b0ed6) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump golang.org/x/image from 0.14.0 to 0.15.0 [`15b9976`](https://togithub.com/gohugoio/hugo/commit/15b9976b7) [@​dependabot](https://togithub.com/dependabot)\[bot] #### Documentation - docs: Regen docshelper [`60b176c`](https://togithub.com/gohugoio/hugo/commit/60b176cb5) [@​bep](https://togithub.com/bep) - docs: Regen CLI docs [`068ccde`](https://togithub.com/gohugoio/hugo/commit/068ccde4c) [@​bep](https://togithub.com/bep) - docs: Regenerate docshelper [`7cb447a`](https://togithub.com/gohugoio/hugo/commit/7cb447ab8) [@​bep](https://togithub.com/bep) - docs: Make null booleans falsy in the docs helper [`5161544`](https://togithub.com/gohugoio/hugo/commit/51615440b) [@​bep](https://togithub.com/bep) - docs: Regen docs helper [`7caa5b3`](https://togithub.com/gohugoio/hugo/commit/7caa5b3e5) [@​bep](https://togithub.com/bep) - docs: Prepare for new sub tree [`fc7de71`](https://togithub.com/gohugoio/hugo/commit/fc7de7136) [@​bep](https://togithub.com/bep) [#​11925](https://togithub.com/gohugoio/hugo/issues/11925) #### Build Setup - markup/goldmark: Update TOC test [`6f59d96`](https://togithub.com/gohugoio/hugo/commit/6f59d96bb) [@​jmooring](https://togithub.com/jmooring) ### [`v0.122.0`](https://togithub.com/gohugoio/hugo/releases/tag/v0.122.0) [Compare Source](https://togithub.com/gohugoio/hugo/compare/v0.121.2...v0.122.0) The big new thing in Hugo 0.122.0 is [ LaTeX or TeX typsetting](https://gohugo.io/content-management/mathematics/) directly from Markdown using standard syntax. Thanks to [@​j2kun](https://togithub.com/j2kun) and [@​jmooring](https://togithub.com/jmooring) for making this happen. #### Bug fixes - tpl/tplimpl: Fix incorrect lastBuildDate [`87bf2b9`](https://togithub.com/gohugoio/hugo/commit/87bf2b968) [@​tastapod](https://togithub.com/tastapod) [#​11600](https://togithub.com/gohugoio/hugo/issues/11600) - tpl: fix incorrect lastBuildDate [`f281ef8`](https://togithub.com/gohugoio/hugo/commit/f281ef8a4) [@​tastapod](https://togithub.com/tastapod) [#​11600](https://togithub.com/gohugoio/hugo/issues/11600) #### Improvements - markup/goldmark: Support passthrough extension [`d0d2c67`](https://togithub.com/gohugoio/hugo/commit/d0d2c6795) [@​j2kun](https://togithub.com/j2kun) [#​10894](https://togithub.com/gohugoio/hugo/issues/10894) - parser/metadecoders: Accumulate org keywords into arrays [`46f6187`](https://togithub.com/gohugoio/hugo/commit/46f618756) [@​augustfengd](https://togithub.com/augustfengd) [#​11743](https://togithub.com/gohugoio/hugo/issues/11743) - Upgrade to Go 1.21.6 [`a541e3b`](https://togithub.com/gohugoio/hugo/commit/a541e3b4d) [@​bep](https://togithub.com/bep) [#​11892](https://togithub.com/gohugoio/hugo/issues/11892) - parser/metadecoders: Add CSV lazyQuotes option to transform.Unmarshal [`912c657`](https://togithub.com/gohugoio/hugo/commit/912c6576b) [@​jmooring](https://togithub.com/jmooring) [#​11884](https://togithub.com/gohugoio/hugo/issues/11884) #### Dependency Updates - build(deps): bump golang.org/x/tools from 0.16.0 to 0.17.0 [`e0021f4`](https://togithub.com/gohugoio/hugo/commit/e0021f496) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/rogpeppe/go-internal from 1.11.0 to 1.12.0 [`d25902c`](https://togithub.com/gohugoio/hugo/commit/d25902c0d) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/pelletier/go-toml/v2 from 2.1.0 to 2.1.1 [`2dd6083`](https://togithub.com/gohugoio/hugo/commit/2dd608378) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/evanw/esbuild from 0.19.8 to 0.19.12 [`45f52be`](https://togithub.com/gohugoio/hugo/commit/45f52be7f) [@​dependabot](https://togithub.com/dependabot)\[bot] - deps: Update github.com/tdewolff/minify/v2 v2.20.9 => v2.20.13 [`8915343`](https://togithub.com/gohugoio/hugo/commit/891534307) [@​jtatum](https://togithub.com/jtatum) #### Documentation - docs: Regen docshelper [`50042ee`](https://togithub.com/gohugoio/hugo/commit/50042ee1f) [@​bep](https://togithub.com/bep) - README: Update minimum Go version to 1.20 [`911bc60`](https://togithub.com/gohugoio/hugo/commit/911bc60a7) [@​jmooring](https://togithub.com/jmooring) ### [`v0.121.2`](https://togithub.com/gohugoio/hugo/releases/tag/v0.121.2) [Compare Source](https://togithub.com/gohugoio/hugo/compare/v0.121.1...v0.121.2) The main motivation behind this release is a security fix in the upstream [golang.org/x/crypto](https://togithub.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d) library. We don't see how that CVE could be exploited via Hugo, but we do appreciate that many want to have a clean security report. There's also some new features in this release: - [AutoOrient image filter](https://gohugo.io/functions/images/autoorient/) - [math.Rand](https://gohugo.io/functions/math/rand/) #### What's Changed - build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 [`1ccd314`](https://togithub.com/gohugoio/hugo/commit/1ccd3147a) [@​dependabot](https://togithub.com/dependabot)\[bot] - tpl/math: Add math.Rand template function [`e40b9fb`](https://togithub.com/gohugoio/hugo/commit/e40b9fbbc) [@​jmooring](https://togithub.com/jmooring) [#​11833](https://togithub.com/gohugoio/hugo/issues/11833) - resources/images: Create AutoOrient image filter [`648d00c`](https://togithub.com/gohugoio/hugo/commit/648d00c7d) [@​jmooring](https://togithub.com/jmooring) [#​11717](https://togithub.com/gohugoio/hugo/issues/11717) - all: Remove unused code [`8adba64`](https://togithub.com/gohugoio/hugo/commit/8adba648c) [@​bep](https://togithub.com/bep) ### [`v0.121.1`](https://togithub.com/gohugoio/hugo/releases/tag/v0.121.1) [Compare Source](https://togithub.com/gohugoio/hugo/compare/v0.121.0...v0.121.1) The only change in this release is that the release binaries are compiled with [Go 1.21.5](https://togithub.com/golang/go/issues?q=milestone%3AGo1.21.5+label%3ACherryPickApproved) which contains some [security fixes](https://groups.google.com/g/golang-announce/c/iLGK3x6yuNo) that are relevant for Hugo. - Upgrade to Go 1.21.5 [`eb9f1eb`](https://togithub.com/gohugoio/hugo/commit/eb9f1eb65) [@​bep](https://togithub.com/bep) [#​11786](https://togithub.com/gohugoio/hugo/issues/11786) ### [`v0.121.0`](https://togithub.com/gohugoio/hugo/releases/tag/v0.121.0) [Compare Source](https://togithub.com/gohugoio/hugo/compare/v0.120.4...v0.121.0) There are some minor new features in this release, but it's mostly a release with bug fixes and dependency updates. One notable dependency update is [libweb v1.3.2](https://togithub.com/webmproject/libwebp/releases/tag/v1.3.2) which comes with a security fix for the Webp *decoder* (chromium: [#​1479274](https://togithub.com/gohugoio/hugo/issues/1479274), CVE-2023-4863). Hugo only uses the encoder (we use Go's native Webp decoder) so we're not affected by this, but we have been contacted by some corporate Hugo users who's eager to have a clean security report. #### Notes - [kin-openapi v0.122.0](https://togithub.com/getkin/kin-openapi#v01220) has some minor breaking API changes which, from Hugo's side of it, can be adapted by using the new `.Map` accessors if you get an error. #### Bug fixes and enhancements - github: Fix CI build on Windows [`6d4b012`](https://togithub.com/gohugoio/hugo/commit/6d4b01241) [@​bep](https://togithub.com/bep) - Fix handling of dropped error in test [`26a8ec2`](https://togithub.com/gohugoio/hugo/commit/26a8ec207) [@​alrs](https://togithub.com/alrs) - resources/resource: Fix GroupByParamDate with raw TOML dates [`dd6cd62`](https://togithub.com/gohugoio/hugo/commit/dd6cd6268) [@​jmooring](https://togithub.com/jmooring) [#​11563](https://togithub.com/gohugoio/hugo/issues/11563) - helpers: Fix TrimShortHTML used by markdownify and RenderString [`0bde693`](https://togithub.com/gohugoio/hugo/commit/0bde6931a) [@​jmooring](https://togithub.com/jmooring) [#​11698](https://togithub.com/gohugoio/hugo/issues/11698) - Pull in the latest code from Go's template packages ([#​11771](https://togithub.com/gohugoio/hugo/issues/11771)) [`9f978d3`](https://togithub.com/gohugoio/hugo/commit/9f978d387) [@​bep](https://togithub.com/bep) [#​10707](https://togithub.com/gohugoio/hugo/issues/10707) [#​11507](https://togithub.com/gohugoio/hugo/issues/11507) - tpl: Allow using page resources on the images page parameter for `opengraph`, `schema` and `twitter_cards` templates [`14d85ec`](https://togithub.com/gohugoio/hugo/commit/14d85ec13) [@​razonyang](https://togithub.com/razonyang) - hugolib: Apply titleCaseStyle to automatic section pages [`171836c`](https://togithub.com/gohugoio/hugo/commit/171836cdf) [@​jmooring](https://togithub.com/jmooring) [#​11547](https://togithub.com/gohugoio/hugo/issues/11547) - tpl/urls: Retain query and fragment with absURL and absLangURL [`9ea7103`](https://togithub.com/gohugoio/hugo/commit/9ea7103db) [@​jmooring](https://togithub.com/jmooring) [#​11772](https://togithub.com/gohugoio/hugo/issues/11772) - markup: Add Level to Heading struct [`3fc42da`](https://togithub.com/gohugoio/hugo/commit/3fc42da3d) [@​jmooring](https://togithub.com/jmooring) [#​10776](https://togithub.com/gohugoio/hugo/issues/10776) - tpl/fmt: Print suppression help with erroridf [`d24da17`](https://togithub.com/gohugoio/hugo/commit/d24da1712) [@​jmooring](https://togithub.com/jmooring) [#​11506](https://togithub.com/gohugoio/hugo/issues/11506) - tpl/transform: Display Chroma highlighting errors [`4583b41`](https://togithub.com/gohugoio/hugo/commit/4583b4130) [@​jmooring](https://togithub.com/jmooring) [#​9642](https://togithub.com/gohugoio/hugo/issues/9642) - common/para: Skip flaky test on CI [`e2a624d`](https://togithub.com/gohugoio/hugo/commit/e2a624dd6) [@​bep](https://togithub.com/bep) - watcher: Skip flaky test for now [`30a18e8`](https://togithub.com/gohugoio/hugo/commit/30a18e882) [@​bep](https://togithub.com/bep) - tpl/transform: Add transform.XMLEscape template function [`b4c5df4`](https://togithub.com/gohugoio/hugo/commit/b4c5df42f) [@​jmooring](https://togithub.com/jmooring) [#​3268](https://togithub.com/gohugoio/hugo/issues/3268) - tpl/tplimpl: Remove superfluous type attr on script elements [`8d32ca2`](https://togithub.com/gohugoio/hugo/commit/8d32ca223) [@​jmooring](https://togithub.com/jmooring) [#​6379](https://togithub.com/gohugoio/hugo/issues/6379) - common/para: Skip flaky tests on Windows [`27620da`](https://togithub.com/gohugoio/hugo/commit/27620daa2) [@​bep](https://togithub.com/bep) - navigation: Unexport menu entry methods [`80d2fdb`](https://togithub.com/gohugoio/hugo/commit/80d2fdbaa) [@​jmooring](https://togithub.com/jmooring) [#​11670](https://togithub.com/gohugoio/hugo/issues/11670) - markup/goldmark: Sync image render hook code with Goldmark [`805cc17`](https://togithub.com/gohugoio/hugo/commit/805cc1773) [@​jmooring](https://togithub.com/jmooring) [#​11681](https://togithub.com/gohugoio/hugo/issues/11681) #### Dependency Updates - build(deps): bump github.com/alecthomas/chroma/v2 from 2.11.1 to 2.12.0 [`558f325`](https://togithub.com/gohugoio/hugo/commit/558f3258a) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/tdewolff/minify/v2 from 2.20.8 to 2.20.9 [`507f4e3`](https://togithub.com/gohugoio/hugo/commit/507f4e356) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/spf13/cast from 1.5.1 to 1.6.0 [`a7e721e`](https://togithub.com/gohugoio/hugo/commit/a7e721e02) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/getkin/kin-openapi from 0.121.0 to 0.122.0 [`2627b91`](https://togithub.com/gohugoio/hugo/commit/2627b91d3) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump golang.org/x/image from 0.13.0 to 0.14.0 [`e536d46`](https://togithub.com/gohugoio/hugo/commit/e536d461a) [@​dependabot](https://togithub.com/dependabot)\[bot] - deps: Update github.com/tdewolff/minify/v2 v2.20.7 => v2.20.8 [`bfc325f`](https://togithub.com/gohugoio/hugo/commit/bfc325f56) [@​jmooring](https://togithub.com/jmooring) [#​5748](https://togithub.com/gohugoio/hugo/issues/5748) - build(deps): bump github.com/spf13/afero from 1.10.0 to 1.11.0 [`36a60f6`](https://togithub.com/gohugoio/hugo/commit/36a60f65d) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/evanw/esbuild from 0.19.7 to 0.19.8 [`de2fcc5`](https://togithub.com/gohugoio/hugo/commit/de2fcc5e1) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump google.golang.org/api from 0.151.0 to 0.152.0 [`9ca889b`](https://togithub.com/gohugoio/hugo/commit/9ca889ba4) [@​dependabot](https://togithub.com/dependabot)\[bot] - deps: Upgrade to libwebp 1.3.2 [`4fb40ee`](https://togithub.com/gohugoio/hugo/commit/4fb40ee87) [@​bep](https://togithub.com/bep) [#​11746](https://togithub.com/gohugoio/hugo/issues/11746) - build(deps): bump github.com/aws/aws-sdk-go from 1.48.4 to 1.48.6 [`bc93a36`](https://togithub.com/gohugoio/hugo/commit/bc93a3613) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump golang.org/x/tools from 0.15.0 to 0.16.0 [`3e5bc6f`](https://togithub.com/gohugoio/hugo/commit/3e5bc6f3b) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/getkin/kin-openapi from 0.120.0 to 0.121.0 [`7c47036`](https://togithub.com/gohugoio/hugo/commit/7c47036f1) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/bep/logg from 0.3.0 to 0.4.0 [`4d07e1f`](https://togithub.com/gohugoio/hugo/commit/4d07e1fe8) [@​dependabot](https://togithub.com/dependabot)\[bot] - deps: Upgrade to github.com/bep/simplecobra v0.4.0 [`1c41232`](https://togithub.com/gohugoio/hugo/commit/1c41232e6) [@​bep](https://togithub.com/bep) - build(deps): bump github.com/aws/aws-sdk-go from 1.48.2 to 1.48.4 [`f11ca0f`](https://togithub.com/gohugoio/hugo/commit/f11ca0fad) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump golang.org/x/tools from 0.14.0 to 0.15.0 [`d7a2f3f`](https://togithub.com/gohugoio/hugo/commit/d7a2f3f98) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/gorilla/websocket from 1.5.0 to 1.5.1 [`ef12d16`](https://togithub.com/gohugoio/hugo/commit/ef12d169c) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/fatih/color from 1.15.0 to 1.16.0 [`a62bbfa`](https://togithub.com/gohugoio/hugo/commit/a62bbfa9e) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump golang.org/x/net from 0.17.0 to 0.18.0 [`5887230`](https://togithub.com/gohugoio/hugo/commit/5887230b7) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/evanw/esbuild from 0.19.5 to 0.19.7 [`a4a66b8`](https://togithub.com/gohugoio/hugo/commit/a4a66b821) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/alecthomas/chroma/v2 from 2.10.0 to 2.11.1 [`813390b`](https://togithub.com/gohugoio/hugo/commit/813390b5a) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/tdewolff/minify/v2 from 2.20.5 to 2.20.7 [`d528bbd`](https://togithub.com/gohugoio/hugo/commit/d528bbd6d) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump google.golang.org/api from 0.138.0 to 0.151.0 [`af7f6c8`](https://togithub.com/gohugoio/hugo/commit/af7f6c8b3) [@​dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/aws/aws-sdk-go from 1.45.14 to 1.48.2 ([#​11724](https://togithub.com/gohugoio/hugo/issues/11724)) [`e70849e`](https://togithub.com/gohugoio/hugo/commit/e70849ea7) [@​dependabot](https://togithub.com/dependabot)\[bot] [#​11723](https://togithub.com/gohugoio/hugo/issues/11723) #### Documentation - docs: Regen docshelper [`255e0a9`](https://togithub.com/gohugoio/hugo/commit/255e0a971) [@​bep](https://togithub.com/bep) - docs: Adjust last merge from docs repository [`6580cd3`](https://togithub.com/gohugoio/hugo/commit/6580cd30a) [@​jmooring](https://togithub.com/jmooring) - docs: Regen docs helper [`7617de8`](https://togithub.com/gohugoio/hugo/commit/7617de86c) [@​bep](https://togithub.com/bep) ### [`v0.120.4`](https://togithub.com/gohugoio/hugo/releases/tag/v0.120.4) [Compare Source](https://togithub.com/gohugoio/hugo/compare/v0.120.3...v0.120.4) The only change in this release is that the release binaries are compiled with Go 1.21.4 which comes with a security fix for Windows that may be relevant for Hugo. See: - https://github.com/golang/go/issues?q=milestone%3AGo1.21.4+label%3ACherryPickApproved - Especially [golang/go#63715](https://togithub.com/golang/go/issues/63715) #### What's Changed - Upgrade to go 1.21.4 [`9315a2d`](https://togithub.com/gohugoio/hugo/commit/9315a2d2c) [@​bep](https://togithub.com/bep) [#​11685](https://togithub.com/gohugoio/hugo/issues/11685) ### [`v0.120.3`](https://togithub.com/gohugoio/hugo/releases/tag/v0.120.3) [Compare Source](https://togithub.com/gohugoio/hugo/compare/v0.120.2. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/ffddorf/website-ext). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yNjkuMiIsInVwZGF0ZWRJblZlciI6IjM3LjI2OS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If a type passed to the template action has a JSON marshaller, and that MarshalJSON method fails, the returned error is inserted into the template inside of a comment. In order to avoid cases where that error contains user content, which may itself contain a closing comment token (
*/), we do a find/replace for comment tokens and replace them with* /.This doesn't take into account the confusing handling of closing script, and comment tags (
</scriptand<!--respectively), which may also be present in user content. We can fix this by treating these tags the same way we do elsewhere in the script context, by taking the HTML specification recommendation and replacing them with\x3C/scriptand\x3C!--in the same way we are currently handling closing comment tokens.e.g. https://go.dev/play/p/gjCDVopt-zc
Thanks to RyotaK (@Ry0taK) for reporting this issue.
The text was updated successfully, but these errors were encountered: