Releases · umputun/remark42

02 Jun 00:36

umputun

v1.16.1

a210447

Version 1.16.1 Latest

Latest

Improvements

rename auth.messsages.ts to auth.messages.ts #2079 @paskal
close backtick in smtp.login_auth default cell #2075 @paskal
bump remark42 image tag to v1.16.0 in kubernetes manual e8b9d70

Bug Fixes

fetch latest site version client-side instead of embedding at build time #2072 @paskal
no_footer scrollbar regression introduced in v1.16.0 #2076 @paskal
parameter docs + --help text inconsistencies audit #2077 @paskal

Contributors

paskal

Assets 11

22 May 18:29

umputun

v1.16.0

556e0a7

Version 1.16.0

New Features

custom oauth2 provider #2006 @alexma233
make Microsoft Entra ID tenant configurable #1999 @paskal

Improvements

build release artifacts with GoReleaser #2070 @umputun
use testing/synctest to eliminate wall-clock sleeps #2048 @paskal
use time.UTC in test fixtures to be timezone-agnostic #2047 @paskal
modernise Go code with go fix #2027 @paskal
add node dependency caching #2020 @paskal
document loading placeholder support in remark42 div #2009 @paskal
offer github private vulnerability reporting in security policy f3a7dea
bump go modules in backend and example #2065 @paskal
update Go modules #2042 @paskal

Bug Fixes

reject non-image content-types in image proxy and /picture/ to prevent stored XSS #2067 @paskal
reject decompression-bomb dimensions before raster decode #2064 @paskal
close OAuth open-redirect by wiring AllowedRedirectHosts #2049 @paskal
require explicit ?site= in matchSiteID middleware #2046 @paskal
reject path traversal in /picture/{user}/{id} #2045 @paskal
apply ssrf-safe transport to TitleExtractor + restore gosec G70x rules #2044 @paskal
IPv6 address truncation and image proxy SSRF vulnerabilities #2016 @umputun
preserve orig verbatim in edit textarea #2041 @paskal
Fix Firefox dark mode white background on comment iframe #2023 @amdevz
Fix frontend not respecting ADMIN_EDIT config #2001 @paskal
Fix email encoding, image cleanup CPU spin, and demo template paths #2000 @paskal
Fix site rebuild on release #1993 @paskal
fix type check failure in @remark42/api package ab9e667

Other

Migrate remaining BEM components to CSS Modules (final batch) #2015 @paskal
Migrate batch 1 components from BEM to CSS Modules #2014 @paskal
Migrate 4 BEM components to CSS Modules #2013 @paskal
Clean up deprecated CSS and fix silent CSS bugs in frontend #2012 @paskal
Document EDIT_TIME=0 disables comment editing and image cleanup #2010 @paskal
Add X-Content-Type-Options and Referrer-Policy security headers #2008 @paskal
Drop GitHub token permissions on deploy jobs #2007 @paskal
Sync example dependencies after go-modules-updates bump #2005 @app/copilot-swe-agent
Document email template variables and plain-text email setup #2003 @paskal
Clear user placeholder content when comments iframe loads #2002 @paskal
Fix typo in Spanish localization for sort-by #2043 @aroman-arvo
Probe /auth/status from frontend to avoid 401 on /user a4c5e17
Update backend base image to buildgo-v1.17.0 in Dockerfile cdad560
dependency bumps (dependabot): #2053 #2052 #2050 #2034 #2032 #2030 #2028 #1997 #1995 #1994 #1984

Contributors

umputun, paskal, and 3 other contributors

Assets 11

24 Dec 08:43

umputun

v1.15.0

307e69e

Version 1.15.0

What's Changed

New Features

Discord OAuth support by @mgkbadola in #1824
Add pagination to GET /api/v1/find endpoint by @paskal in #1699
Implement function to prune string keeping HTML closing tags by @aliksend in #1870

Bug Fixes

Fix login persistence with AUTH_SEND_JWT_HEADER enabled by @paskal in #1929
Fix deleteme feature by @FredrikAppelros in #1923
Fix WriteHeader + RenderJSON causing wrong Content-Type header by @paskal in #1980
Toolbar buttons are stuck to the main comment form by @ur300 in #1948
Straightforward fix for importing anonymous comments from commento by @aliksend in #1869
Fix typo (rootDissapear should be rootDisappear) by @up9cloud in #1934
Fixed typo by @talentedunicorn in #1936

New Translations

Add Persian (fa) locale by @dnyall in #1831
Add Macedonian translation by @diosfera in #1953
Romanian language added by @notmalicik in #1962
Update German (de.json) by @codiflow in #1875

UI Improvements

Update Google and X (Twitter) logos to latest brand versions by @gatezh in #1969

Documentation

Add system requirements section to installation guide by @paskal in #1914
Add install instructions for setting up Remark42 as a systemd service by @paskal in #1918
Improve backup instructions by @schnerring in #1947
Update Telegram configuration with group notification details by @paskal in #1937
Docs update describing available variables for webhook templating by @cubismod in #1878
Add display name format to EMAIL_FROM examples by @paskal in #1973
Update docker-compose.yml with example for local reverse proxy by @paskal in #1853
Modify the example to avoid misunderstanding by @km0e in #1960

Infrastructure

Migrate Docker images from Docker Hub to GitHub Container Registry by @paskal in #1907
Migrate Docker builds to native GitHub ARM64 runners by @paskal in #1976
Improve GitHub Actions workflows security and performance by @paskal in #1977
Update to go-pkgz/auth/v2 and golang-jwt/jwt/v5 by @paskal in #1758
Migrate golangci-lint to v2 and update Go version by @umputun in #1965
Multiple improvements to CI by @paskal in #1846

Dependencies

Bump golang.org/x/crypto from 0.37.0 to 0.45.0 by @dependabot in #1967
Bump golang.org/x/net from 0.33.0 to 0.36.0 by @dependabot in #1912
Bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 by @dependabot in #1916
Update go-pkgz, system modules by @paskal in #1930
Update go dependencies by @paskal in #1972
Get rid of github.com/go-chi/render use by @paskal in #1919

Internal

Remove redundant frame ancestors log from middleware by @paskal in #1974
Improve tests by @paskal in #1871
Update pnpm from v7 to v8 by @paskal in #1845

New Contributors

@dnyall made their first contribution in #1831
@mgkbadola made their first contribution in #1824
@aliksend made their first contribution in #1869
@cubismod made their first contribution in #1878
@up9cloud made their first contribution in #1934
@talentedunicorn made their first contribution in #1936
@diosfera made their first contribution in #1953
@schnerring made their first contribution in #1947
@notmalicik made their first contribution in #1962
@km0e made their first contribution in #1960
@FredrikAppelros made their first contribution in #1923

Full Changelog: v1.14.0...v1.15.0

Contributors

umputun, paskal, and 15 other contributors

Assets 9

27 Oct 17:28

umputun

v1.14.0

c1048e9

Version 1.14.0

What's Changed

Add Content-Security-Policy and Permissions-Policy headers by @paskal in #1805
add RTL support by @adueck in #1799
fix: Apple login integration by @tomy0000000 in #1806
Fix problem with logout button by @paskal in #1815
Fix restrictions for anonymous usernames by @paskal in #1809
Add missing AUTH_APPLE_KID env variable cleanup by @paskal in #1826
Detect proper avatar type to return instead of returning image/* by @paskal in #1817
Switch playwright (e2e) to latest stable version by @paskal in #1802
Update go modules by @paskal in #1801
Move gcc installation before backend files addition by @paskal in #1814
Bump path-to-regexp from 6.2.1 to 6.3.0 in /site by @dependabot in #1811
docs: fix frontend paths in translation guide by @rusxg in #1807
Bump micromatch from 4.0.5 to 4.0.8 in /site by @dependabot in #1808
Fix CSP img-src directive to allow everything without proxy by @paskal in #1825
Update docker-compose command to docker compose by @paskal in #1827
Clarify ALLOWED_HOSTS description and usage by @paskal in #1829
Deprecate Twitter OAuth and remove from feature list by @paskal in #1828
fix: missing comma in example frontend configuration by @wtchangdm in #1830

New Contributors

@adueck made their first contribution in #1799
@rusxg made their first contribution in #1807
@wtchangdm made their first contribution in #1830

Full Changelog: v1.13.1...v1.14.0

Contributors

paskal, wtchangdm, and 4 other contributors

Assets 9

20 Jul 16:12

umputun

v1.13.1

95966f6

Version 1.13.1

What's Changed

Add content type check for images endpoint by @umputun in #1796
Add escaping of comment text in webhook default JSON template by @paskal in #1792
Complete and update Spanish translations by @EdwardNavarro in #1773
Update .golangci.yml by @iamtankist in #1774
SubscribeByEmailForm: Ensure onInput and onClick props are typed corr… by @delphij in #1777
Update docker images, clarify comments by @paskal in #1778
docs: Add email from examples by @tomy0000000 in #1787
Fix golangci-lint reported unused parameters in example module by @paskal in #1793
Bump ws from 8.16.0 to 8.17.1 in /site by @dependabot in #1786
Bump braces from 3.0.2 to 3.0.3 in /site by @dependabot in #1780
Bump ejs from 3.1.9 to 3.1.10 in /site by @dependabot in #1764
Bump pug from 3.0.2 to 3.0.3 in /site by @dependabot in #1795

New Contributors

@EdwardNavarro made their first contribution in #1773
@iamtankist made their first contribution in #1774
@delphij made their first contribution in #1777
@tomy0000000 made their first contribution in #1787

Full Changelog: v1.13.0...v1.13.1

Contributors

umputun, paskal, and 5 other contributors

Assets 2

12 May 19:56

umputun

v1.13.0

661f042

Version 1.13.0

What's Changed

Update vi.json by @saosangmo in #1671
Update Telegram notifications instructions by @paskal in #1672
Extract error message from API response for preview. by @sharief007 in #1674
Reproduce report of CWE-918 from #1677 by @paskal in #1679
Clarify titles for frontend and backend configuration doc by @paskal in #1678
Remove all HTML tags from comment title and username by @paskal in #1680
Limit TitleExtractor to allow only Remark42 whitelisted domains by @paskal in #1681
Fix wrapped errors checks by @paskal in #1682
fix types on error message extraction by @akellbl4 in #1689
fix styles around admin controls by @akellbl4 in #1690
fix: unused var by @akellbl4 in #1691
update links styles by @akellbl4 in #1687
Bump luxon from 2.3.0 to 2.5.2 in /site by @dependabot in #1577
Allow title extraction only from full match of AllowedHosts by @paskal in #1695
Simplify BoltDB.Info code by @paskal in #1693
Combine multiple post info in DataStore.Info instead of returning first by @paskal in #1694
Fix Commento top-level comments import by @paskal in #1701
Fix Commento import URL by @paskal in #1703
Allow disabling fancy comment text formatting by @paskal in #1700
Add MIN_COMMENT_SIZE parameter by @paskal in #1708
TLS InsecureSkipVerify option by @vladimirdulov in #1712
fix: Add missing Korean and Japanese translations for updated English text by @NavyStack in #1723
Update docker images and github CI actions by @paskal in #1725
Update go modules, update go-pkgz/auth to latest commit by @paskal in #1726
Comment content styles by @akellbl4 in #1704
Cleanup images from deleted comments by @paskal in #1702
Fix lack of error on file site export, improve lack of ADMIN_PASSWD error message by @paskal in #1734
Don't load kitten picture from third party site by @paskal in #1736
Fix problems reported by golangci-lint by @paskal in #1740
Update Go modules by @paskal in #1741
Update to lcw v2 with generic types by @paskal in #1742
Add more tests for GET /find endpoint by @paskal in #1743
Update /site packages, Node version, apply prettier by @paskal in #1745
Fix readonly status, deleted count for plain /find request by @paskal in #1744
Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /backend by @dependabot in #1750
Collect /find Info for tree and plain types consistently by @paskal in #1685
Hide delete button for non-admin users after edit period expires by @paskal in #1751
Fix type for value for refresh token cache by @paskal in #1754
Update go modules by @paskal in #1757
Update cs.json - typos by @pavel-francirek in #1760
Pin golangci-lint version to latest available, fix reported errors by @paskal in #1767

New Contributors

@sharief007 made their first contribution in #1674
@vladimirdulov made their first contribution in #1712
@NavyStack made their first contribution in #1723
@pavel-francirek made their first contribution in #1760

Full Changelog: v1.12.1...v1.30.0

Contributors

vladimirdulov, paskal, and 6 other contributors

Assets 9

21 Aug 17:03

umputun

v1.12.1

1f2500f

Version 1.12.1

Full Changelog: v1.12.0...v1.12.1

Fix #1660

Assets 9

08 Aug 04:24

umputun

v1.12.0

26e6e57

Version 1.12.0

What's Changed

Bump go modules by @paskal in #1586
Make docker build fail on backend test failure by @paskal in #1591
Update translations by @dmitry-do in #1604
Update translation of the Simplified Chinese by @DejavuMoe in #1603
#1605 fix loading th locale by @Mavrin in #1608
Improve Simplified Chinese translation by @DejavuMoe in #1607
Fix spell errors by @DejavuMoe in #1609
fix editorconfig indentation for apps/remark42 by @akellbl4 in #1570
updated deprecated link by @SimonHaas in #1612
pin pnmp version to 7 by @paskal in #1615
Bump golangci-lint to latest by @paskal in #1616
Update go modules, fix Apple auth redirect by @paskal in #1617
Don't allow relative links in comments by @paskal in #1578
Fixed wrong markdown at the site by @vblz in #1636
[site] fix: anchor offset by @Jaskon in #1637
fix: Gap between buttons and markdown tip by @Jaskon in #1639
Telegram QR styling by @Jaskon in #1647
Switch from telegram_bot_username to telegram_notifications in /config endpoint by @paskal in #1648
Email subscription params in request body by @Jaskon in #1645
docs: added Astro w/ React/Preact Components Integration by @LoneExile in #1644
Skip confirmation step on email subscription by @Jaskon in #1646
RSS: Fix snippet generation for parent comment by @koteyur in #1643
Update Google auth setup instructions by @paskal in #1653
Clarify SharedSecret usage by comment by @paskal in #1650
Update documentation to support Caddy V2 by @tardisx in #1657
Fix preview and comment work with proxified images by @paskal in #1656
feat: UI for telegram user notifications by @goooseman in #1649