summaryrefslogtreecommitdiff
path: root/public/docs/release-notes.md
blob: 4849a0294617b4628b2b14a396e466f7f08c9fd8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
# Release Notes
## <i class="fa fa-tag"></i> 1.8.0-rc1 <i class="fa fa-calendar-o"></i> 2021-04-26

This release fixes a security issue. We recommend upgrading as soon as possible.

**Please note:** This release dropped support for Node 10, which is end-of-life since April 2021. You now need at least Node 12 to run HedgeDoc, but we recommend running [the latest LTS release](https://nodejs.org/en/about/releases/).

### Security Fixes
- [CVE-2021-29474: Relative path traversal Attack on note creation](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-p528-555r-pf87)

We also published an advisory for [CVE-2021-29475: PDF export allows arbitrary file reads](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-pxxg-px9v-6qf3),  
which has already been fixed since HedgeDoc 1.6.0.

### Features
- Database migrations are now automatically applied on application startup  
  The separate `.sequelizerc` configuration file is no longer necessary and can be safely deleted
- A Prometheus-endpoint is now available at `/metrics`, exposing the same stats as `/status`
  in addition to various Node.js performance figures
- Add a config option to require authentication in FreeURL mode ([#755](https://github.com/hedgedoc/hedgedoc/pull/755) by [@nidico](https://github.com/nidico))

### Enhancements
- Removed dependency on external imgur library
- HTML language tags are now set up in a way that stops Google Translate from translating note contents while editing
- Removed `yahoo.com` from the default content security policy
- New translations for Bulgarian, Persian, Galician, Hebrew, Hungarian, Occitan and Brazilian Portuguese  
  Updated translations for Arabic, English, Esperanto, Spanish, Hindi, Japanese, Korean, Polish, Portuguese, Turkish and Traditional Chinese
  Thanks to all translators!
- Various dependency updates

### Bugfixes
- Improve readability of diagrams & embeddings in night-mode
- Use the default template for new notes in FreeURL mode
- Fix frontend-crash in slide-mode if no `slideOptions` are present in the frontmatter
- Return 404 on the `/download` route for non-existent notes in FreeURL mode
- Properly clean up the UNIX socket on application exit
- Don't overwrite existing notes on POST-requests to `/new/<alias>` in FreeURL mode

### Contributors
- Amit Upadhyay (translator)
- Atef Ben Ali (translator)
- Edi Feschiyan (translator)
- Gabriel Santiago Macedo (translator)
- Longyklee (translator)
- Nika. zhenya (translator)
- [Nicolas Dietrich](https://github.com/nidico)
- Nis (translator)
- rogerio-ar-costa (translator)
- sanami (translator)
- Tom Dereszynski (translator)
- 상규 (translator)
- uıʞǝʇuɐϽ (translator)
- UwYFmLpoKtYn (translator)

## <i class="fa fa-tag"></i> 1.7.2 <i class="fa fa-calendar-o"></i> 2021-01-15
This release fixes a security issue. We recommend upgrading as soon as possible.
### Security Fixes
- [CVE-2021-21259: Stored XSS in slide mode](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-44w9-vm8p-3cxw)  
  An attacker can inject arbitrary JavaScript into a HedgeDoc note.

### Bugfixes
- Ensure the last line of the markdown editor is not covered by the status bar (thanks to [@mhdrone](https://github.com/mhdrone) for reporting!)

## <i class="fa fa-tag"></i> 1.7.1 <i class="fa fa-calendar-o"></i> 2020-12-27
This release fixes two security issues. We recommend upgrading as soon as possible.
### Security Fixes
- [CVE-2020-26286: Arbitrary file upload](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-wcr3-xhv7-8gxc)  
  An unauthenticated attacker can upload arbitrary files to the upload storage backend.
- [CVE-2020-26287: Stored XSS in mermaid diagrams](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-g6w6-7xf9-m95p)  
  An attacker can inject arbitrary script tags in HedgeDoc notes using mermaid diagrams.


## <i class="fa fa-tag"></i> 1.7.0 <i class="fa fa-calendar-o"></i> 2020-12-21

We have renamed to HedgeDoc!
Many thanks to [Éric Gaspar](https://github.com/ericgaspar/) who designed our new logo!
Have a look at our new website (which also explains the reasoning behind the renaming) at https://hedgedoc.org

This is probably the last release in the 1.x series. Stay tuned for 2.0, scheduled for release next year.

**Please note:** This release dropped support for Node 8, which is end-of-life since January 2020. You now need at least Node 10.13 to run HedgeDoc, but we recommend running [the latest LTS release](https://nodejs.org/en/about/releases/).

**Please note:** If you use a reverse proxy and TLS, make sure it sets the `X-Forwarded-Proto` header correctly,
otherwise you will encounter login-issues.
[Our docs](https://github.com/hedgedoc/hedgedoc/blob/72734690225bb431908b0d4bd8edf38576a95f2f/docs/setup/reverse-proxy.md#reverse-proxy-config) have example configs for common reverse proxies. 

### Enhancements
- Our release tarballs now contain the frontend bundle. This saves users from building the frontend themselves, which was an issue on memory-constrained systems.
- Add OIDC scopes for email & profile retrieval ([#278](https://github.com/hedgedoc/hedgedoc/pull/278) & [#419](https://github.com/hedgedoc/hedgedoc/pull/419) by [@elespike](https://github.com/elespike) & [@vberger](https://github.com/vberger))
- Allow to set a SAML client certificate ([#350](https://github.com/hedgedoc/hedgedoc/pull/350) by [@n0emis](https://github.com/n0emis) & [@em0lar](https://github.com/em0lar))
- Add YunoHost docs ([#431](https://github.com/hedgedoc/hedgedoc/pull/431) by [@ericgaspar](https://github.com/ericgaspar))
- Set OAuth2 `state` parameter ([#407](https://github.com/hedgedoc/hedgedoc/pull/407) & [#541](https://github.com/hedgedoc/hedgedoc/pull/541) by [@dalcde](https://github.com/dalcde) & [@haslersn](https://github.com/haslersn))
- Various documentation improvements (by [@oupala](https://github.com/oupala), [@autra](https://github.com/autra) & [@AdamWorley](https://github.com/AdamWorley))
- Add migration script for minio ([#499](https://github.com/hedgedoc/hedgedoc/pull/499) by [@pierreozoux](https://github.com/pierreozoux))
- Add authorization for OAuth ([#595](https://github.com/hedgedoc/hedgedoc/pull/595) by [@joachimmathes](https://github.com/joachimmathes))
- Improvements to our cookie handling
- Compatibility with Node 14
- Translation updates
- Various dependency updates

### Bugfixes
- Fix compatibility with upper-case MIME-types ([#509](https://github.com/hedgedoc/hedgedoc/pull/509) by [@pierreozoux](https://github.com/pierreozoux))
- Add fix for missing deletion of notes on user-deletion request
- Fix relative path for fetching the style when set 
- Fix broken redirect on login
- CSS fixes for slide mode
- Do not create new notes with `null` as content
- Fix crash when OAuth2 config parameters are missing (thanks to [@vberger](https://github.com/vberger) for reporting!)
- Handle broken `SequelizeMeta` table on MySQL/MariaDB (thanks to [@titulebolide](https://github.com/titulebolide) for reporting!)

### Contributors
- [Adam Worley](https://github.com/AdamWorley)
- andreas koidis (translator)
- [Augustin Trancart](https://github.com/autra)
- Benjamin Bett (translator)
- Butterflyoffire (translator)
- civic john (translator)
- [Daniel Lublin](https://github.com/quite)
- [David Mehren](github.com/davidmehren)
- [david-sawatzke](https://github.com/david-sawatzke)
- deluxghost (translator)
- [Dexter Chua](https://github.com/dalcde)
- Dimitri (translator)
- [em0lar](https://github.com/em0lar)
- [Éric Gaspar](https://github.com/ericgaspar)
- [Erik Michelson](https://github.com/ErikMichelson)
- Giacomo lanza (translator)
- [Girish Ramakrishnan](https://github.com/gramakri)
- Grzegorz (translator)
- [haslersn](https://github.com/haslersn)
- Igor Kerstges (translator)
- Info (translator)
- Jleeothon (translator)
- Johannes Nilsso (translator)
- Jolly Jumper (translator)
- [Jonas Zohren](https://github.com/jfowl)
- Jothish (translator)
- Julien lebranch (translator)
- [Marvin Gaube](https://github.com/margau)
- Mdhm (translator)
- Mostafa Ahangarha (translator)
- [Nick Hahn](https://github.com/codingHahn)
- [Nils van Zuijlen](https://github.com/nils-van-zuijlen)
- Nithin Prabhakaran (translator)
- numéro6 (translator)
- [n0emis](https://github.com/n0emis)
- [oupala](https://github.com/oupala)
- [Philip Molares](https://github.com/DerMolly)
- [Pierre Ozoux](https://github.com/pierreozoux)
- Quentin Pages (translator)
- [Renan Rodrigues](https://github.com/renanqts)
- Renne (translator)
- [Sandro](https://github.com/SuperSandro2000)
- Smaran (translator)
- Sooraj Kenoth (translator)
- themedleb (translator)
- [Tilman Vatteroth](https://github.com/mrdrogdrog)
- Tomasz (translator)
- [Victor Berger](https://github.com/vberger)
- XoseM (translator)
- [Yannick Bungers](https://github.com/InnayTool)
- zgroska (translator)


## <i class="fa fa-tag"></i> 1.6.0 <i class="fa fa-calendar-o"></i> 2020-02-17

### Announcements

- After the 1.6 release we will start to develop Version 2.0, which will introduce breaking changes. But we will take care of making your way to 2.0 easy.
- Since Node version 8 is EOL since January 2020, 1.6 will be the last version with support for Node version 8
- `useCDN` is now `false` by default. This feature is deprecated already and will be removed in 2.0.

### Enhancements

- Add AWS endpoint configuration options
- Add ability to add an imprint using `./public/docs/imprint.md`
- Improve documentation in various sections
- Add ability to create note based on alias in free-url-mode
- Add security note describing the preferred way for responsible disclosures
- Extend forbiddenNoteIds to prevent conflicts with resource directories
- Add OpenGraph metadata support
- Add slovak language
- Add API documentation
- Allow different reference-url styles
- Add automatic focus username field in login modal
- Add ability to limit google-auth to own domain
- Upgrade revealJS to version 3.9.2
- Upgrade mermaid to version 8.4.6
- Update translations (zh-cn, zh-TW, en, de, id, pl, ar, ca, fr, it, sk, sv, ja, nl, pt, ru, es)

### Fixes

- Fix docker secrets support
- Fix sequlize-cli dependency location
- Fix crash in lutim integration
- Fix manage_users CLI handling of non-existing user
- Fix ability to serve CodiMD from different urlpath than `/`
- Fix change from gravatar to libravatar in privacy policy example
- Fix missing browser icons in README

### Refactors

- Refactor note creation handling
- Improve webpack documentation
- Split note actions into own files
- Refactor returnTo handling for auth

### Removals

- Legacy handling of socket.io connections
- Node 8 CI jobs

### Contributors

- [Amolith](https://github.com/Amolith)
- Andrea Rossi (translator)
- CasperS (translator)
- Cpp.create (translator)
- [David Mehren](https://github.com/davidmehren)
- Deluxghost (translator)
- em_crx (translator)
- [Enrico Guiraud](https://github.com/bluehood)
- Epson12332 (translator)
- [Erik Michelson](https://github.com/ErikMichelson)
- Fajar Maulana (translator)
- [Fonata](https://github.com/Fonata)
- [foobarable](https://github.com/foobarable)
- [Girish Ramakrishnan](https://github.com/gramakri)
- Grzegorz (translator)
- [hoijui](https://github.com/hoijui)
- [Ian Tsai](https://github.com/b10102016)
- id7xyz (translator)
- [ike](https://github.com/ikewat)
- Info (translator)
- Javier Leandro (translator)
- [Jonas Thelemann](https://github.com/dargmuesli)
- [Jonas Zohren](https://github.com/jfowl)
- kazutomo.waragai (translator)
- [MartinT](https://github.com/MartinTuroci)
- [Mathias Merscher](https://github.com/madddi)
- [Matthias Lindinger](https://github.com/morpheus-87)
- Mdhm (translator)
- Me (translator)
- mondstern (translator)
- Patrick (translator)
- Rafael Gauna Trindade (translator)
- Ramon van Biljouw (translator)
- [RyotaK](https://github.com/Ry0taK)
- [Sandro](https://github.com/SuperSandro2000)
- [Sören Wegener](https://github.com/soerface)
- [Stefan Peters](https://github.com/stefandesu)
- [Yukai Huang](https://github.com/Yukaii)

## <i class="fa fa-tag"></i> 1.5.0 <i class="fa fa-clock-o"></i> 2019-08-15 00:00

### Announcements

- There is a new docker image available by LinuxServer.io providing an ARM container
- Disabling PDF export due to security problems

### Enhancements

- Add migration guide for Node version 6
- Add functionality to respect Do-Not-Track header
- Add Arabian translation

### Fixes

- Fix styling in slide preview
- Fix some lint warning
- Upgrade Sequelize to version 5
- Add Linuxserver.io setup instructions for CodiMD
- Update translations for DE, SV, ID
- Add ability to upload SVGs
- Add `dbURL`config as docker secret
- Upgrade meta-marked - Fixes DOS capability in CodiMD (<https://github.com/codimd/server/commit/ba6a24a673c24db25969de2a59b9341247f3f722>)
- Fix variable names in docker secrets config library

### Refactors

- Refactor debug logging in various places

### Deprecations

- `useCDN` will be deprecated and will disappear in favor of locally served resources. (<https://community.codimd.org/t/poll-on-cdn-usage/28>)

### Contributors

- [Amolith](https://github.com/Amolith) (social media)
- Aro Row (translator)
- bitinerant (security)
- Butterflyoffire (translator)
- [Claudius Coenen (ccoenen)](https://github.com/ccoenen)
- Erik (translator)
- Fajar Maulana (translator)
- id7xyz (translator)
- joohoi (security)
- [Jonas Thelemann (dargmuesli)](https://github.com/dargmuesli)
- [Lennart Weller (lhw)](https://github.com/lhw)
- [chbmb](https://github.com/CHBMB)
- [Raccoon (a60814billy)](https://github.com/a60814billy)
- RS232 (translator)
- [Toma Tasovac (ttasovac)](https://github.com/ttasovac)

## <i class="fa fa-tag"></i> 1.4.0 <i class="fa fa-clock-o"></i> 2019-05-31 00:00

### Announcements

- CodiMD now has a [Mastodon account](https://social.codimd.org/mastodon)
- CodiMD now has a [community forum](https://community.codimd.org)
- With CodiMD 1.4.0 we're dropping node 6 support. That version of node.js is discontinued and no longer receives any security updates. We would like to encourage you to upgrade node 8 or later. Node 8 will continue to be supported at least until its end-of-life in January 2020.

### Enhancements

- Use libravatar instead of Gravatar
- Fix language description capitalization
- Move upload button into the toolbar
- Clean up Heroku configurations
- Add new screenshot to README and index page
- Add link to community call to README
- Update languages (pl, sr, zh-CN, fr, it, ja, zh-TW, de, sv, es)
- Change edit link to `both` view
- Hide minio default ports
- Add missing passport-saml configuration
- Add lutim support
- Update dependencies
- Add documentation for keycloak
- Add tests for user model
- Add Mastodon link
- Add config for toobusy middleware
- Add vietnamese language

### Fixes

- Fix missing space in footer
- Fix various possible security vulnerabilities in dependencies
- Fix broken dependency js-sequence-diagrams
- Fix XSS in graphviz error message rendering
- Fix toolbar night mode
- Fix hidden header on scroll
- Fix missing pictures for OpenID
- Fix statusbar hiding text in edit view

### Refactors

- Refactor README and documentation
- Integrate the old wiki into documentation section
- Refactor headers on Features page
- Replace js-url with wurl
- Refactor scrypt integration

### Removals

- Remove sass-loader

### Contributors

- [Amolith](https://github.com/Amolith)
- CasperS (translator)
- Cedric.couralet (translator)
- [Claudius Coenen (ccoenen)](https://github.com/ccoenen)
- Daniel (translator)
- Deluxghost (translator)
- [Dylan Dervaux (Dylanderv)](https://github.com/Dylanderv)
- [Emmanuel Ormancey (nopap)](https://github.com/nopap)
- Grzegorz (translator)
- [Henrik Hüttemann (HerHde)](https://github.com/HerHde)
- Hồng (translator)
- [Mauricio Robayo (archemiro)](https://github.com/archemiro)
- [Max Wu (jackycute)](https://github.com/jackycute)
- [naimo](https://github.com/naimo)
- [Pedro Ferreira (pferreir)](https://github.com/pferreir)
- [Simon Fish (boardfish)](https://github.com/boardfish)
- [Stéphane Guillou (stragu)](https://github.com/stragu)
- Sylke Vicious (translator)
- [Thor77](https://github.com/Thor77)
- veracosta (translator)
- Vladan (translator)
- War (translator)
- Zhai233 (translator)

## <i class="fa fa-tag"></i> 1.3.2 <i class="fa fa-clock-o"></i> 2019-03-28 00:00

### Announcement

- CodiMD is now running in an own organization. [Check out our vision for the future](https://github.com/codimd/server/issues/10)

### Fixes

- Update various links to the new repositories
- Fix background color for mode switching button in night mode

## <i class="fa fa-tag"></i> 1.3.1 <i class="fa fa-clock-o"></i> 2019-03-23 00:00

### Enhancements

- Add some missing translations
- Add Serbian language

### Fixes

- Fix broken redirect for empty `serverURL`
- Fix wrong variable type for HSTS maxAge
- Fix GitLab snippets showing up without being configured
- Fix Google's API after disabling Google+
- Fix broken PDF export

### Contributors

- atachibana (translator)
- [Aurélien JANVIER](https://github.com/ajanvier) (translator)
- [Daan Sprenkels](https://github.com/dsprenkels) (translator)
- Farizrizaldy (translator)
- [Luclu7](https://github.com/Luclu7)
- Sylke Vicious (translator)
- [toshi0123](https://github.com/toshi0123) & okochi-toshiki
- [Turakar](https://github.com/Turakar)
- [Vladan](https://github.com/cvladan) (translator)

## <i class="fa fa-tag"></i> 1.3.0 <i class="fa fa-clock-o"></i> 2019-03-03 00:00

### Enhancements

- Run db migrations on `npm start`
- Add documentation about integration with AD LDAP
- Add `rel="noopener"` to all links
- Add documentation about integration with Nextcloud for authentication
- Update URL on frontpage to point to codimd.org
- Replace Fontawesome with Forkawesome
- Add OpenID support
- Add print icon to slide view
- Add auto-complete for language names that are highlighted in codeblocks
- Improve translations for Chinese, Dutch, French, German, Italien, Korean, Polish, and Russian language
- Add Download action to published document API
- Add reset password feature to `manage_users` script
- Move from own `./tmp` directory to system temp directory
- Add Etherpad migration guide
- Move XSS library to a more native position
- Use full version string to determine changes from the backend
- Update winston (logging library)
- Use slide preview in slide example
- Improve migration handling
- Update reveal.js to version 3.7.0
- Replace scrypt library with its successor
- Replace `to-markdown` with `turndown` (successor library)
- Update socket.io
- Add warning on missing base URL
- Update bootstrap to version 3.4.0
- Update handlebar

### Fixes

- Fix paths in GitLab documentation
- Fix missing `data:` URL in CSP
- Fix oAuth2 name/label field
- Fix GitLab API integration
- Fix auto-completed but not rendered emojis
- Fix menu organization depending on enabled services
- Fix some logging in the OT module
- Fix some unhandled internalOAuthError exception
- Fix unwanted creation of robots.txt document in "freeurl-mode"
- Fix some links on index page to lead to the right sections on feature page
- Fix document breaking, empty headlines
- Fix wrong multiplication for HSTS header seconds
- Fix wrong subdirectories in exported user data
- Fix CSP for speaker notes
- Fix CSP for disqus
- Fix URL API usage
- Fix Gist embedding
- Fix upload provider error message
- Fix unescaped disqus user names
- Fix SAML vulnerability
- Fix link to SAML guide
- Fix deep dependency problem with node 6.x
- Fix broken PDF export by wrong unlink call
- Fix possible XSS attack in MathJax

### Refactors

- Refactor to use `ws` instead of the the no longer supported `uws`
- Refactor frontend build system to use webpack version 4
- Refactor file path configuration (views, uploads, …)
- Refactor `manage_users` script
- Refactor handling of template variables
- Refactor linting to use eslint

### Removals

- Remove no longer working Octicons
- Remove links to our old Gitter channel
- Remove unused library node-uuid
- Remove unneeded blueimp-md5 dependency
- Remove speakerdeck due to broken implementation

### Contributors

- Adam.emts (translator)
- [Alex Garcia](https://github.com/asg017)
- [Cédric Couralet (micedre)](https://github.com/micedre)
- [Claudius Coenen](https://github.com/ccoenen)
- [Daan Sprenkels](https://github.com/dsprenkels)
- [David Mehren](https://github.com/davidmehren)
- [Erona](https://github.com/Eronana)
- [Felix Yan](https://github.com/felixonmars)
- [Jonathan](https://github.com/phrix32)
- Jong-kai Yang (translator)
- [MartB](https://github.com/MartB)
- [Max Wu (jackycute)](https://github.com/jackycute)
- [mcnesium](https://github.com/mcnesium)
- Nullnine (translator)
- RanoIP (translator)
- [SuNbiT](https://github.com/sunbit)
- Sylke Vicious (translator)
- Timothee (translator)
- [WilliButz](https://github.com/WilliButz)
- [Xaver Maierhofer](https://github.com/xf-)
- [云屿](https://github.com/cloudyu)

## <i class="fa fa-tag"></i> 1.2.1 <i class="fa fa-clock-o"></i> 2018-09-26 00:00

### Enhancements

- Update Italian translations
- Update Japanese translations
- Update markdown-pdf
- Add support for unix sockets
- Update "follow us" information to Community channel and translation
- Add Cloudron installation method
- Add guide for Mattermost authentication
- Update various packages
- Add Indonesian language as new translation

### Fixes

- Fix content types in status router
- Fix some modal colors in night mode
- Fix CSP to allow usage of speaker notes
- Fix some wrong title attributes in the editor toolbar
- Fix some confusion about the default location of images. It's always the local filesystem now
- Fix object handling in avatar generation code
- Finally fix error handling of LZ-String by using self-maintained version
- Fix migration handling
- Fix gitlab API version
- Fix some server crashes caused by PDF creation
- Fix document length limit on post to `/new`
- Fix broken youtube embedding on `/features` page

### Refactors

- Refactor generation of table of contents
- Refactor "copyright"-section to be a "Powered by"

### Removes

- Remove unneeded inline styling

### Deprecations

- NodeJS version 6
- Mattermost login integration (is replaced by [generic oAuth2 module](https://github.com/codimd/server/blob/6ce7b20a7f92ccff2f7f870ff5d116d685310cfd/docs/guides/auth/mattermost-self-hosted.md))

### Honorable mentions

- [Alex Hesse (Pingu501)](https://github.com/Pingu501)
- [Alexander Wellbrock (w4tsn)](https://github.com/w4tsn)
- [Cédric Couralet (micedre)](https://github.com/micedre)
- [Girish Ramakrishnan (gramakri)](https://github.com/gramakri)
- [maahl](https://github.com/maahl)
- [Max Wu (jackycute)](https://github.com/jackycute)
- [Miranda (ahihi)](https://github.com/ahihi)
- [Ondřej Slabý (maxer456)](https://github.com/maxer456)

## <i class="fa fa-tag"></i> 1.2.0 <i class="fa fa-clock-o"></i> 2018-06-28 00:00

### Announcement

- HackMD CE is renamed to CodiMD to prevent confusion. [For details see here](https://github.com/codimd/server/tree/master/docs/history.md)

### Enhancements

- Show full title by hovering over to table of contents entries
- Add generic OAUTH2 support for authentication
- Redirect unauthenticated user to login page on "forbidden" pages
- Add ability to add ToS and privacy documents without code changes
- Add account deletion as part of user self-management
- Add download of all own notes
- Add privacy policy example (no legal advice)
- Increase checkbox size on slides
- Add support for Azure blob storage for image uploads
- Add Korean translation
- Add note about official K8s chart for deployment
- Add toolbar for markdown shortcuts in editor
- Add ability to disable Gravatar integration
- Add print icon to slide menu which leads to the print view.
- Add sequelize to setup instructions
- Update various packages

### Fixes

- Fix local writes for non-existing translations in production
- Fix wrong documentation about default image upload type
- Fix possible error if CodiMD is started with wrong working directory
- Fix issues caused by cached/cacheeable client config
- Fix issues caused by notes created via curl/API with CRLF line endings
- Fix broken images for downloaded PDFs while using `filesystem` as `imageUploadType`
- Fix Unicode URLs when using `allowFreeURL=true`

### Refactors

- Split auth documentation into multiple documents

### Removes

- Remove polyfill for `useCDN=false` setups
- Remove unused and no longer needed symlink from translations

### Honorable mentions

- [Adam Hoka (ahoka)](https://github.com/ahoka)
- [Edgar Z. Alvarenga (aivuk)](https://github.com/aivuk)
- [Jacob Burden (jekrb)](https://github.com/jekrb)
- [Pedro Ferreira (pferreir)](https://github.com/pferreir)
- [TC Liu (liuderchi)](https://github.com/liuderchi)

## <i class="fa fa-tag"></i> 1.1.1-ce <i class="fa fa-clock-o"></i> 2018-05-23 12:00

### Security

- Fix Google Drive integration leaked `clientSecret` for Google integration
- Update base64url package

### Fixes

- Fix typos in integrations
- Fix high need of file descriptors during build
- Fix heroku deployment by limiting node version to <10.x

### Refactors

- Refactor letterAvatars to be compliant with CSP

### Removes

- Google Drive integration

### Honorable mentions

- [Max Wu (jackycute)](https://github.com/jackycute)

## <i class="fa fa-tag"></i> 1.1.0-ce <i class="fa fa-clock-o"></i> 2018-04-06 12:00

### Security

- Adding CSP headers
- Prevent data-leak by wrong LDAP config
- Generate dynamic `sessionSecret` if none is specified

### Enhancements

- Add Minio support
- Allow posting content to new notes by API
- Add anonymous edit function in restricted mode
- Add support for more Mimetypes on S3, Minio and local filesystem uploads
- Add basic CLI tooling for local user management
- Add referrer policy
- Add more usable HTML5 tags
- Add `useridField` in LDAP config
- Add option for ReportURI for CSP violations
- Add persistance for night mode
- Allow setting of `sessionSecret` by environment variable
- Add night mode to features page
- Add Riot / Matrix - Community link to help page

### Fixes

- Fix ToDo-toggle function
- Fix LDAP provider name in front-end
- Fix errors on authenticated sessions for deleted users
- Fix typo in database migration
- Fix possible data truncation of authorship
- Minor fixes in README.md
- Allow usage of ESC-key by codemirror
- Fix array of emails in LDAP
- Fix type errors by environment configs
- Fix error message on some file API errors
- Fix minor CSS issues in night mode

### Refactors

- Refactor contact
- Refactor social media integration on main page
- Refactor socket.io code to no longer use referrer
- Refactor webpack config to need less dependencies in package.json
- Refactor imageRouter for modularity
- Refactor configs to be camel case

### Removes

- Remove unused `tokenSecret` from LDAP config

### Deprecations

- All non-camelcase config

### Honorable mentions

- [Dario Ernst (Nebukadneza)](https://github.com/Nebukadneza)
- [David Mehren (davidmehren)](https://github.com/davidmehren)
- [Dustin Frisch (fooker)](https://github.com/fooker)
- [Felix Schäfer (thegcat)](https://github.com/thegcat)
- [Literallie (xxyy)](https://github.com/xxyy)
- [Marc Deop (marcdeop)](https://github.com/marcdeop)
- [Max Wu (jackycute)](https://github.com/jackycute)
- [Robin Naundorf (senk)](https://github.com/senk)
- [Stefan Bühler (stbuehler)](https://github.com/stbuehler)
- [Takeaki Matsumoto (takmatsu)](https://github.com/takmatsu)
- [Tang TsungYi (vazontang)](https://github.com/vazontang)
- [Zearin (Zearin)](https://github.com/Zearin)

## <i class="fa fa-tag"></i> 1.0.1-ce <i class="fa fa-clock-o"></i> 2018-01-19 15:00

### Security

- Fix Dropbox client secret leak

### Enhancements

- Improve version handling
- It's 2018!

### Fixes

- Fix image alt-tag rendering
- Fix Dropbox appkey

## <i class="fa fa-tag"></i> 1.0.0-ce <i class="fa fa-clock-o"></i> 2018-01-18 12:00

### License

- Switch from MIT to AGPL

### Enhancements

- Improve language support
- Allow themes for reveal
- Add dark theme for editor and view
- Add danish translation
- Add simplified chinese translation
- Provide new permission table
- Make HSTS configurable
- Make PDF export configurable
- Add Mattermost auth support
- Add SAML support

### Fixes

- Fix regex for speaker notes
- Fix S3 endpoint support
- Fix German translation
- Fix English translation
- Fix broken profile images
- Fix XSS attacks
- Fix history order
- Fix missing boolean settings
- Fix LDAP auth
- Fix too long notes droping content
- Fix mermaid compatiblity with new version
- Fix SSL CA path parsing

### Refactors

- Refactor main page
- Refactor status pages
- Refactor config handling
- Refactor auth backend
- Refactor code styling
- Refactor middleware to modules

## <i class="fa fa-tag"></i> 0.5.1 `Doppio` <i class="fa fa-clock-o"></i> 2017-03-23 00:20

### Enhancements

- Update to indicate version in status API header
- Update to generate front-end constants on server startup
- Update to add gitlab api scope option and auto adapt gitlab snippet feature on it
- Update to add default permission config option
- Update to add basics for secret management by Docker 1.13
- Update webpack config to use parallel uglify plugin to speed up production build
- Update realtime to use timer to avoid memory leaks on busy tick
- Update to remove history cache to lower application coupling
- Update to add screenshot on index page
- Update index layout to add profile on navbar
- Update to support allow email register option
- Update to support disable anonymous view option
- Update to add limited and protected permission
- Update to allow displaying LDAP provider name on sign-in modal
- Update to show yaml-metadata and diagram parsing error in the view

### Fixes

- Fix XSS vulnerability in link regex [Security Issue]
- Fix todo list item class might add in wrong element
- Fix pagination error in list.js over v1.5.0
- Fix update doc from filesystem cause redundant authorship stringify
- Fix export html to replace fallen cdn tortue.me to cdnjs
- Fix rendering might result XSS attribute on self closing tag [Security Issue]
- Fix out of sync when deleting on same cursor position on several clients
- Fix not determine OT have pending operations properly
- Fix to keep selections on save and restore info
- Fix image path problem when using filesystem backend
- Fix meta error not clear on before rendering
- Fix duplicated headers anchor link not been updated properly
- Fix checkLoginStateChanged might fall into infinite loop while calling loginStateChangeEvent
- Fix to workaround text shadow for font antialias might cause cut off in Edge
- Fix and refactor extracting content using metaMarked directly might lead in invalid object

### Refactors

- Refactor editor related code
- Refactor code with JavaScript Standard Style
- Refactor templates, partials and rearrange its path
- Refactor front-end code with more modular concepts
- Refactor front-end code using ES6 (also unify configs to `config.json`)

### Removes

- Removed UTF-8 BOM in download function

## <i class="fa fa-tag"></i> 0.5.0 `Ristretto` <i class="fa fa-clock-o"></i> 2017-01-02 02:35

### Enhancements

- Update year to 2017 (Happy New Year!)
- Update to improve editor performance by debounce checkEditorScrollbar event
- Refactor data processing to model definition
- Update to remove null byte on editor changes
- Update to remove null byte before saving to DB
- Update to support Esperanto locale
- Little improvements (typos, uppercase + accents, better case) for French locale
- Update features.md publish button name and icon

### Fixes

- Fix authorship might losing update event because of throttling
- Fix migration script of revision lacks of definition of primary key
- Fix to not use diff_cleanupSemantic
- Fix URL concatenation when uploading images to local filesystem
- Fix js-url not import correctly
- Fixed typo: anonmyous
- Fix codemirror spell checker not considering abbreviation which contain apostrophe in word
- Fix possible user is undefined in realtime events
- Fix wrong package name reference in webpack config for bootstrap-validator
- Fix email option in config not parse correctly
- Fix mathjax not able to render issue

### Removes

- Remove LZString compression for data storage
- Remove LZString compression for some socket.io event data

## <i class="fa fa-tag"></i> 0.4.6 `Melya` <i class="fa fa-clock-o"></i> 2016-12-19 17:20

### Features

- Add support of allow free url config option
- Add support of allow anonymous config option
- Add preferences to editor status bar and add allow override browser keymap option
- Add support of s3 and local filesystem for image uploading
- Add of support optional email register and signin
- Use uWebSocket to improve websocket performance
- Use CDNJS by default with https and SRI support
- Use Webpack to bundle frontend code

### Enhancements

- Update to make TOC syntax be case-insensitive
- Update to handle request with invalid uri
- Update to auto generate meta description based on content in publish note and slide
- Update to support haskell, go, typescript and jsx syntax highlighting in code block
- Update to use workers to leverage intensive work loading
- Update to support summary tag
- Change use cdn config option default to be true
- Update to retry when anytime the socket io disconnect
- Change to raise socket io timeout, heartbeat interval and timeout to lower offline period
- Update emoji parser using markdown-it-emoji instead of emojify
- Optimize finishView selector performance by avoid universal selector
- Config heroku deployment
- Update to support Hindi, Swedish locale
- Update to support wrap syntax for code block
- Update to support pagination for history list

### Fixes

- Fix slide mode on print pdf not finish view rendering
- Fix when server have heavy loading cache might not update to db properly
- Fix redirection to url without trailing slashes not considering about config urlpath
- Fix header id and text might affects by mathjax tags
- Fix possible meta XSS in history list [Security Issue]
- Fix possible XSS in yaml-metadata and turn using ejs escape syntax than external lib [Security Issue]
- Fix to allow data attribute of section tag in slide
- Fix slide might able to add unsafe attribute on section tag which cause XSS [Security Issue]
- Fix slide might trigger script when processing markdown which cause XSS [Security Issue]
- Fix published note won't scroll to hash on load
- Fix mathjax with blockquote might have race condition
- Fix server reconnect might not resend pending operations
- Fix slide export pdf styles not applied issue
- Fix possible unclose HTML and leaked html tags when fail to parse diagrams
- Fix typos in the `slide-example.md`
- Fix socket io doc event should setDoc when revision mismatch and no outstanding operation
- Fix markdown styles conflicting bootstrap on p and ul under alert area
- Fix finishView mermaid might select and replace whole markdown-body issue
- Fix code block which in deeper level will not be parsed issue
- Fix code block highlighting html not escaped when no languages specified
- Fix client socket on delete event might not delete corresponding history record correctly
- Fix to handle name or color is undefined error
- Fix history item event not bind properly on pagination change
- Fix history time should save in UNIX timestamp to avoid time offset issue

### Removes

- Drop bower the package manager
- Remove auto linkify image

## <i class="fa fa-tag"></i> 0.4.5 `latte` <i class="fa fa-clock-o"></i> 2016-10-11 01:22

### Features

- Add more environment variables for server configuration
- Add setup script for getting started
- Add support of deleting note
- Add support of shortcut keys which can add and remove symbol surround text
- Add support of shortcut keys for changing mode
- Add support of i18n (English, Chinese, French, German, Japanese, Spanish, Portuguese, Greek, Italian, Turkish, Russian, Dutch, Croatian, Polish, Ukrainian)
- Add support of note info API
- Add support of disqus via yaml-metadata

### Enhancements

- Optimize png images by using zopflipng
- Update CodeMirror to 5.19.0 and rename jade to pug
- Update to add cache to history and improve its performance
- Update default indent to use spaces instead of tabs
- Improve syntax highlighting performance
- Update to make client handle syncing error better, use delay to avoid wrong document revision
- Update to allow CORS as API on revision actions
- Update to support showing owner on the infobar
- Update to prevent duplicate client push in queue to lower down server loading
- Reduce update view debounce time to make preview refresh quicker
- Update help modal cheatsheet font styles to make it more clear on spaces
- Update to add revision saving policy
- Update to support tiddlywiki and mediawiki syntax highlighting in editor
- Update to support save mode to url and vise versa
- Update edit and publish icon and change toggle icon for UX  
- Improve authorship markers update performance
- Update slide mode to show extra info and support url actions
- Change the last change user saving strategy
- Update to support data uri in src attribute of image tag
- Improve index layout and UX with UI adjustments
- Update XSS policy to allow iframe and link with custom protocol
- Update markdown styles to follow github latest layout styles
- Update slide mode, now respect all meta settings and update default styles
- Update to make ToC menu always accessible without scrolling
- Update to make doc only update while filesystem content not match db content

### Fixes

- Fix README and features document format and grammar issues
- Fix some potential memory leaks bugs
- Fix history storage might not fallback correctly
- Fix to make mathjax expression display in editor correctly (not italic)
- Fix note title might have unstriped html tags
- Fix client reconnect should resend last operation
- Fix a bug when setting both maxAge and expires may cause user can't signin
- Fix text complete extra tags for blockquote and referrals
- Fix bug that when window close will make ajax fail and cause cookies set to wrong state
- Fix markdown render might fall into regex infinite loop
- Fix syntax error caused by element contain special characters
- Fix reference error caused by some scripts loading order
- Fix ToC id naming to avoid possible overlap with user ToC
- Fix header nav bar rwd detect element should use div tag or it might glitch the layout
- Fix textcomplete of extra tags for blockquote not match space character in the between
- Fix text-shadow for text antialiased might cause IE or Edge text cutoff

### Removes

- Cancel updating history on page unload

## <i class="fa fa-tag"></i> 0.4.4 `mocha` <i class="fa fa-clock-o"></i> 2016-08-02 17:10

### Features

- Add support of showing authorship in editor
- Add support of saving authorship
- Add support of saving authors
- Add support of slide preview in both mode
- Add support of all extra syntax in slide mode

### Enhancements

- Update realtime check and refresh event, compress data to minimize network transfer delay
- Update to keep showing second level TOC if there is only one first level TOC
- Update to add expand and collapse toggle for TOC
- Update to make help modal and text complete hint using consistent reminder text
- Update to support slideOptions in the yaml metadata for customize slides
- Update to support redirect back to previous url after signin
- Update to avoid duplicated rendering slides and reduce DOM wrap
- Update CodeMirror to version 5.17.1
- Update to make random color more discrete
- Update user icon styles to make avatar more obvious
- Update Bootstrap to 3.3.7 and jQuery to 3.1.0 with related patches
- Update spell checker to ignore non-english or numeric alphabets
- Update to auto rolling session for auto extending cookies expiration
- Update some menu items and UIs
- Update to reduce realtime timeout and heartbeat interval to handle stale clients quicker
- Update to force note, publish note, publish slide redirect to their expected url
- Update to change server pre-rendering engine to markdown-it

### Fixes

- Workaround vim mode might overwrite copy keyMap on Windows
- Fix TOC might not update after changeMode
- Workaround slide mode gets glitch and blurry text on Firefox 47+
- Fix idle.js not change isAway property on onAway and onAwayBack events
- Fix http body request entity too large issue
- Fix google-diff-match-patch encodeURI exception issue
- Fix yaml metadata title should pass to generateWebTitle
- Fix spellcheck settings from cookies might not a boolean in string type
- Fix cookies might not in boolean type cause page refresh loop
- Fix the signin and logout redirect url might be empty
- Fix realtime might not clear or remove invalid sockets in queue
- Fix slide not refresh layout on ajax item loaded
- Fix retryOnDisconnect not clean up after reconnected
- Fix some potential memory leaks

## <i class="fa fa-tag"></i> 0.4.3 `espresso` <i class="fa fa-clock-o"></i> 2016-06-28 02:04

### Features

- Add support of spellcheck
- Add support of light editor theme
- Add support of embed pdf
- Add support of exporting raw html
- Add revision modal with UIs and support marking patch diff texts
- Add support of saving note revision

### Enhancements

- Update to extend login info cookies to 365 days to reduce reductant page refresh
- Update to support new metadata: title, description, tags and google-analytics
- Prevent crawling editing note to enhance privacy
- Update to remove all data lines attributes to gain better update performance
- Update refresh modal to show more detail informations
- Update to make cursor tag default as hover mode to prevent tag overlay other lines
- Update highlight.js to version 9.4.0 and use bower dependency
- Improve history performance

### Fixes

- Fix history filter tags and search keyword might not apply after refresh
- Fix part class in list item might infect buildMap process
- Fix pdf tmp path is missing a folder slash before timestamp
- Fix realtime connection get stock when lots of client try to connect at same moment
- Fix locked or private permission should block any operation if owner is null
- Add back missing support of image size syntax in 0.4.2
- Fix update permission might cause duplicate view rendering
- Fix on paste long document to editor might cause scroll not syncing
- Workaround CodeMirror won't draw selections outside of the viewport
- Fix to make socket keep retry after disconnect on server maintenance

### Removes

- Remove metadata spellcheck support
- Remove robot meta on note edit page and html template

## <i class="fa fa-tag"></i> 0.4.2 `cappuccino` <i class="fa fa-clock-o"></i> 2016-04-22 10:43

### Features

- Support sync scrolling to edit area
- Support import and export with GitLab snippet
- Support GitLab signin
- Add cheatsheet and help modal

### Enhancements

- Upgrade CodeMirror to version 5.15.3
- Support maintenance mode and gracefully exit process on signal
- Update to update doc in db when doc in filesystem have newer modified time
- Update to replace animation acceleration library from gsap to velocity
- Support image syntax with size
- Update textcomplete rules to support more conditions
- Update to use bigger user profile image
- Support showing signin button only when needed

### Fixes

- Fix other clients' cursor might disappear or move out of bound
- Fix to handle user profile image not exists
- Fix potential toolbar layout glitch
- Fix imgur uploads should always use https to avoid mix-content warning
- Fix to change fullscreen key to avoid OS key conflicts
- Fix and change ESC key in Vim mode

## <i class="fa fa-tag"></i> 0.4.1 <i class="fa fa-clock-o"></i> 2016-04-22 10:43

### Enhancements

- Support when client domain not provided will use window.location variable
- Support when domain not provided will use relative path
- Support DOMAIN and URL_PATH environment variables

## <i class="fa fa-tag"></i> 0.4.0 `first-year` <i class="fa fa-clock-o"></i> 2016-04-20 14:30

### Features

- Support docs
- Support Ionicons and Octicons
- Support mermaid diagram
- Support import and export with Gist
- Support import and export with Google Drive
- Support more options in YAML metadata
- Support change keymap and indentation size/type

### Enhancements

- Change header anchor styles
- Refactor server code and configs
- Support experimental spell checking
- Upgrade CodeMirror to 5.13.5
- Update to emit info and disconnect clients if updater get errors
- Support to indicate if the note status is created or updated
- Support more DB types
- Server now use ORM for DBs
- Support static file cache
- Support more ssl settings
- Improve server stablilty
- Improve server performance
- Support Ionicons
- Support container syntax and styles
- Improve input performance
- Change markdown engine from remarkable to markdown-it
- Server now support set sub url path
- Support textcomplete in multiple editing
- Update to filter XSS on rendering
- Update to make sync scroll lerp on last line
- Update to make continue list in todo list default as unchecked
- Support auto indent whole line in list or blockquote

### Fixes

- Fix status bar might be inserted before loaded
- Fix mobile layout and focus issues
- Fix editor layout and styles might not handle correctly
- Fix all diagram rendering method and styles to avoid partial update gets wrong
- Fix to ignore process image which already wrapped by link node
- Fix when cut or patse scroll map might get wrong
- Fix to handle more socket error and info status
- Fix textcomplete not matching properly
- Fix and refactor cursor tag and cursor menu
- Fix Japanese, Chinese font styles
- Fix minor bugs of UI and seletor syntaxes

## <i class="fa fa-tag"></i> 0.3.4 `techstars` <i class="fa fa-clock-o"></i> 2016-01-19 00:22

### Features

- Beta Support slide mode
- Beta Support export to PDF
- Support TOC syntax
- Support embed slideshare and speakerdeck
- Support Graphviz charts
- Support YAML metadata
- Support private permission

### Enhancements

- Support pin note in history
- Support IE9 and above
- Support specify and continue line number in code block
- Changed all embed layout to 100% width
- Added auto detect default mode
- Support show last change note user
- Upgrade CodeMirror to 5.10.1 with some manual patches
- Improved server performance
- Support autocomplete for code block languages of charts

### Fixes

- Fixed some server connection issues
- Fixed several issues cause scrollMap incorrect
- Fixed cursor animation should not apply on scroll
- Fixed a possible bug in partial update
- Fixed internal href should not link out
- Fixed dropbox saver url not correct
- Fixed mathjax might not parse properly
- Fixed sequence diagram might render multiple times

## <i class="fa fa-tag"></i> 0.3.3 `moon-festival` <i class="fa fa-clock-o"></i> 2015-09-27 14:00

### Features

- Added status bar below editor
- Added resizable grid in both mode
- Added title reminder if have unread changes
- Support todo list change in the view mode
- Support export to HTML
- Changed to a new theme, One Dark(modified version)

### Enhancements

- Support extra tags in todo list
- Changed overall font styles
- Optimized build sync scroll map, gain lots better performance
- Support and improved print styles
- Support to use CDN
- Image and link will href to new tab ors window
- Support auto scroll to corresponding position when change mode from view to edit
- Minor UI/UX tweaks

### Fixes

- Change DB schema to support long title
- Change editable permission icon to avoid misunderstanding
- Fixed some issues in OT and reconnection
- Fixed cursor menu and cursor tag are not calculate doc height properly
- Fixed scroll top might not animate
- Fixed scroll top not save and restore properly
- Fixed history might not delete or clear properly
- Fixed server might not clean client properly

## <i class="fa fa-tag"></i> 0.3.2 `typhoon` <i class="fa fa-clock-o"></i> 2015-07-11 12:30

### Features

- Support operational transformation
- Support show other user selections
- Support show user profile image if available

### Enhancements

- Updated editor to 5.4.0
- Change UI share to publish to avoid misleading
- Added random color in blockquote tag
- Optimized image renderer, avoid duplicated rendering
- Optimized building syncscroll map, make it faster
- Optimized SEO on publish and edit note

## <i class="fa fa-tag"></i> 0.3.1 `clearsky` <i class="fa fa-clock-o"></i> 2015-06-30 16:00

### Features

- Added auto table of content
- Added basic permission control
- Added view count in share note

### Enhancements

- Toolbar now will hide in single view
- History time now will auto update
- Smooth scroll on anchor changed
- Updated video style

### Fixes

- Note might not clear when all users disconnect
- Blockquote tag not parsed properly
- History style not correct

## <i class="fa fa-tag"></i> 0.3.0 `sunrise` <i class="fa fa-clock-o"></i> 2015-06-15 24:00

### Enhancements

- Used short url in share notes
- Added upload image button on toolbar
- Share notes are now SEO and mobile friendly
- Updated code block style
- Newline now will cause line breaks
- Image now will link out
- Used otk to avoid race condition
- Used hash to avoid data inconsistency
- Optimized server realtime script

### Fixes

- Composition input might lost or duplicated when other input involved
- Note title might not save properly
- Todo list not render properly

## <i class="fa fa-tag"></i> 0.2.9 `wildfire` <i class="fa fa-clock-o"></i> 2015-05-30 14:00

### Features

- Support text auto complete
- Support cursor tag and random last name
- Support online user list
- Support show user info in blockquote

### Enhancements

- Added more code highlighting support
- Added more continue list support
- Adjust menu and history filter UI for better UX
- Adjust sync scoll animte to gain performance
- Change compression method of dynamic data
- Optimized render script

### Fixes

- Access history fallback might get wrong
- Sync scroll not accurate
- Sync scroll reach bottom range too much
- Detect login state change not accurate
- Detect editor focus not accurate
- Server not handle some editor events

## <i class="fa fa-tag"></i> 0.2.8 `flame` <i class="fa fa-clock-o"></i> 2015-05-15 12:00

### Features

- Support drag-n-drop(exclude firefox) and paste image inline
- Support tags filter in history
- Support sublime-like shortcut keys

### Enhancements

- Adjust index description
- Adjust toolbar ui and view font
- Remove scroll sync delay and gain accuracy

### Fixes

- Partial update in the front and the end might not render properly
- Server not handle some editor events

## <i class="fa fa-tag"></i> 0.2.7 `fuel` <i class="fa fa-clock-o"></i> 2015-05-03 12:00

### Features

- Support facebook, twitter, github, dropbox login
- Support own history

### Enhancements

- Adjust history ui
- Upgrade realtime package
- Upgrade editor package, now support composition input better

### Fixes

- Partial update might not render properly
- Cursor focus might not at correct position

## <i class="fa fa-tag"></i> 0.2.6 `zippo` <i class="fa fa-clock-o"></i> 2015-04-24 16:00

### Features

- Support sync scroll
- Support partial update

### Enhancements

- Added feedback ui
- Adjust animations and delays
- Adjust editor viewportMargin for performance
- Adjust emit refresh event occasion
- Added editor fallback fonts
- Index page auto focus at history if valid

### Fixes

- Server might not disconnect client properly
- Resume connection might restore wrong info

## <i class="fa fa-tag"></i> 0.2.5 `lightning` <i class="fa fa-clock-o"></i> 2015-04-14 21:10

### Features

- Support import from dropbox and clipboard
- Support more code highlighting
- Support mathjax, sequence diagram and flow chart

### Enhancements

- Adjust toolbar and layout style
- Adjust mobile layout style
- Adjust history layout style
- Server using heartbeat to gain accuracy of online users

### Fixes

- Virtual keyboard might broken the navbar
- Adjust editor viewportMargin for preloading content

## <i class="fa fa-tag"></i> 0.2.4 `flint` <i class="fa fa-clock-o"></i> 2015-04-10 12:40

### Features

- Support save to dropbox
- Show other users' cursor with light color

### Enhancements

- Adjust toolbar layout style for future

### Fixes

- Title might not render properly
- Code border style might not show properly
- Server might not connect concurrent client properly

## <i class="fa fa-tag"></i> 0.2.3 `light` <i class="fa fa-clock-o"></i> 2015-04-06 20:30

### Features

- Support youtube, vimeo
- Support gist
- Added quick link in pretty
- Added font-smoothing style

### Enhancements

- Change the rendering engine to remarkable
- Adjust view, todo list layout style for UX
- Added responsive layout check
- Auto reload if client version mismatch
- Keep history stack after reconnect if nothing changed
- Added features page

### Fixes

- Closetags auto input might not have proper origin
- Autofocus on editor only if it's on desktop
- Prevent using real script and iframe tags
- Sorting in history by time not percise

## <i class="fa fa-tag"></i> 0.2.2 `fire` <i class="fa fa-clock-o"></i> 2015-03-27 21:10

### Features

- Support smartLists, smartypants
- Support line number on code block
- Support tags and search or sort history

### Enhancements

- Added delay on socket change
- Updated markdown-body width to match github style
- Socket changes now won't add to editor's history
- Reduce redundant server events

### Fixes

- Toolbar links might get wrong
- Wrong action redirections

## <i class="fa fa-tag"></i> 0.2.1 `spark` <i class="fa fa-clock-o"></i> 2015-03-17 13:40

### Features

- Support github-like todo-list
- Support emoji

### Enhancements

- Added more effects on transition
- Reduced rendering delay
- Auto close and match brackets
- Auto close and match tags
- Added code fold and fold gutters
- Added continue listing of markdown

## <i class="fa fa-tag"></i> 0.2.0 `launch-day` <i class="fa fa-clock-o"></i> 2015-03-14 20:20

### Features

- Markdown editor
- Preview html
- Realtime collaborate
- Cross-platformed
- Recently used history