Security Fixes
- Use HMAC with
SECRET_KEYfor the webhook hash, generate the webhook URL server-side,
and addGIT_REMOTE_PULL_URL_SECUREfor backward-compatible hashes, see #443 (bc77b7d by @onovy). - Prevent style attribute XSS in InfoBox, ImageFrame and Figure embeddings (8c5d311).
- Deny any possibility for malicious redirects, see #504 (15f5a86 by @deseven).
Thanks to @Fushuling for reaching out and bringing this potential security risk to our attention.
Features
- Open external links in a new tab with an icon, see #215 #507 (e18304f by @ribbal).
- Allow multiple sub-tree items to be unfolded in the page index, see #512 (df49a45 by @ribbal).
Bug Fixes
- Add a TOP focus option and unfold all folders when focus is OFF, see #506 (0bc25d8).
- Safely encode DataTable caption using
json.dumps, see #502 (8911f1a by @turfin-logic). - Lowercase crumb paths for
isdirchecks on case-sensitive filesystems (d5b1bdc). - Fix referencing pages plugin, see #498 (473ec48 by @ribbal).
New Contributors
- @ribbal made their first contribution in #498
- @turfin-logic made their first contribution in #502
Contributors
onovy, deseven, and 3 other contributors