Release 2.5.0

[stanley2058]

CodiMD 2.5.0

Security Fixes

• Strip HTML tags for gist id to avoid stored XSS on showing error [Security Issue] #1691 [Security Issue] Strip HTML tags for gist id to avoid stored XSS on showing error [Security Issue]
• Upgrade mermaid to version 8.10.2 to avoid prototype pollution #1690 [Security Issue] Upgrade mermaid to version 8.10.2 to avoid prototype pollution
• potential XSS in vimeo embed #1792 [Security Issue] potential XSS in vimeo embed
• FIX: pandoc security issue #1790 [Security Issue] FIX: pandoc security issue
• fix: sanitize pdf url to prevent XSS on inline PDFs #1832 [Security Issue] fix: sanitize pdf url to prevent XSS on inline PDFs

Fixes

• Avoid append zero suffix on exporting user data #1680 Avoid append zero suffix on exporting user data
• Handle when request url has no valid referer #1679 Handle when request url has no valid referer
• Fix S3 client config passing for image upload #1683 Fix S3 client config passing for image upload
• Set a proper "lang" attribute on <html> #1481 Set a proper "lang" attribute on
• Fix matchInContainer false positives #1605 Fix matchInContainer false positives
• Convert "include" directives to functions #1580 Convert "include" directives to functions
• Move HTML-related code from JS to EJS to enable more i18n #1587 Move HTML-related code from JS to EJS to enable more i18n
• fix: may referernce out of bound index in clearDuplicatedHistory #1706 fix: may referernce out of bound index in clearDuplicatedHistory
• Feat/csrf export user data #1695 Feat/csrf export user data
• sequelize.import deprecation #1724 sequelize.import deprecation
• chore: remove unused uglifyjs-webpack-plugin dep #1723 chore: remove unused uglifyjs-webpack-plugin dep
• fix: should not clear guest history when guest pin note #1697 fix: should not clear guest history when guest pin note
• Fix: s3 api supported multiple cloud providers. fixes: https://github.com/hackmdio/codimd/issues/1761 #1762 Fix: s3 api supported multiple cloud providers. fixes: Error happened when s3's provider is not aws "Unable to connect to instance metadata service" #1761
• Fix: Code Fence parameter parsing #1739 Fix: Code Fence parameter parsing
• Update README.md to remove IE from supporting list #1729 Update README.md to remove IE from supporting list
• FIX: server crash when filename too long #1789 FIX: server crash when filename too long
• fix: use encoded note id to update history #1804 fix: use encoded note id to update history
• 🐛 [fix] modify replacement rule for disqus short-name #1750 🐛 [fix] modify replacement rule for disqus short-name
• Fix history page nav #1808 Fix history page nav
• Fix the uploadimage form #1814 Fix the uploadimage form
• bugfix/uploadimage form #1836 bugfix/uploadimage form
• Add the logout callback to prevent exception. #1813 Add the logout callback to prevent exception.
• Add the logout callback to prevent exception #1837 Add the logout callback to prevent exception

Enhancements

• Add TeX mhchem extensions for MathJax #1684 Add TeX mhchem extensions for MathJax
• Upgrade flowchart.js to version 1.15.0 #1685 Upgrade flowchart.js to version 1.15.0
• Upgrade codemirror to 5.63.2 #1716 Upgrade codemirror to 5.63.2
• Update de.json #1741 Update de.json
• Documentation - add Music section and move abc abd fretboard to this section #1715 Documentation - add Music section and move abc abd fretboard to this section
• chore: bump meta-marked to 0.5.0 #1722 chore: bump meta-marked to 0.5.0
• Typos + Better translation for "Externals" #1793 Typos + Better translation for "Externals"
• feat: Migrate to gtag and support GA4 #1798 feat: Migrate to gtag and support GA4
• 【fix】reword japanese #1802 【fix】reword japanese
• upgrading pg to 8.8.0 to support new scram-sha-256 authentication #1784 upgrading pg to 8.8.0 to support new scram-sha-256 authentication
• feat: add organizations whitelist to GitHub OAuth #1710 feat: add organizations whitelist to GitHub OAuth
• Add oauth2 authorization #1626 Add oauth2 authorization
• Update both Traditional and Simplified Chinese locales #1815 Update both Traditional and Simplified Chinese locales

DX

• Run CI with GitHub Actions #1694 Run CI with GitHub Actions
• Add dev container for GitHub Codespaces and VSCode remote container #1688 Add dev container for GitHub Codespaces and VSCode remote container
• Add arm64 docker image build. #1701 Add arm64 docker image build.
• fix(buildpacks): replace custom buildpack with APT buildpack #1797 fix(buildpacks): replace custom buildpack with APT buildpack
• Update minimum required node.js version to v12 with npm package dependencies #1799 Update minimum required node.js version to v12 with npm package dependencies
• Upgrade Node.js version #1767 Upgrade Node.js version
• Update node.js version in .nvmrc #1816 Update node.js version in .nvmrc
• Update npm dependencies #1817 Update npm dependencies

Thank you

Thank you guys for being here and making CodiMD awesome ❤️

• @jackycute
• @galaxian85
• @EastSun5566
• @tamo
• @a60814billy
• @Yukaii
• @blademainer
• @V1ncNet
• @bbtfr
• @chenxuanzzy
• @brunetton
• @eyssette
• @assanges
• @AQ-masatoshi-yamaguchi
• @phntom
• @jakubgs
• @joachimmathes
• @PeterDaveHello
• @YadominJinta
• @EtienneM
• @inductor

[jackycute]

Thanks @stanley2058 @Yukaii

[Neustradamus]

@stanley2058: Nice version with SCRAM-SHA-256 support!

Linked to:

• State of Play scram-sasl/info#1