docs

v5.1.0 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 23d Productivity & Wikis

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 2 known CVEs

Topics

blocknotejs collaborative django documentation g2g government

+9 more

knowledge knowledge-base mit opensource reactjs realtime-collaboration self-hosted wiki yjs

ReleasePort's take

Moderate signal

editorial:auto 13d

v5.1.0 adds sanitization of pasted/dropped document title content and collaboration colors to prevent injection attacks.

Why it matters: Patch immediately if your deployment uses title editing or collaborative color features; the fix addresses injection vulnerabilities in those surfaces.

Summary

AI summary

Frontend sanitizes pasted/dropped document title content and colors during collaboration to prevent injection.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	sanitize color during collaboration (frontend) sanitize color during collaboration (frontend) Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	add skeleton on content loading (frontend) add skeleton on content loading (frontend) Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	close websocket connection when user change tab (frontend) close websocket connection when user change tab (frontend) Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix
Bugfix	Medium	reload app if front and back unsync (project) reload app if front and back unsync (project) Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	sanitize pasted and dropped content in document title (frontend) sanitize pasted and dropped content in document title (frontend) Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	manage race condition between GET and PATCH content (backend) manage race condition between GET and PATCH content (backend) Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	replace document creation table locks with retry strategy (backend) replace document creation table locks with retry strategy (backend) Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Block menu doesn't stay open on 1st line fixed (frontend) Block menu doesn't stay open on 1st line fixed (frontend) Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	The "+" on the first line of a new doc works now (frontend) The "+" on the first line of a new doc works now (frontend) Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	fix patch and comments (frontend) fix patch and comments (frontend) Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	interlinking are exported correctly in print mode (frontend) interlinking are exported correctly in print mode (frontend) Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	add missing link in onboarding description (frontend) add missing link in onboarding description (frontend) Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Emoji menu doesn't display above comment box fixed (frontend) Emoji menu doesn't display above comment box fixed (frontend) Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Low	Keep Block menu open on the first line (frontend) Keep Block menu open on the first line (frontend) Source: granite4.1:30b@2026-05-24-audit Confidence: low	—
Bugfix	Low	Enable "+" button on the first line of a new document (frontend) Enable "+" button on the first line of a new document (frontend) Source: granite4.1:30b@2026-05-24-audit Confidence: low	—
Refactor	Medium	migrate from pip to uv (core) migrate from pip to uv (core) Source: llm_adapter@2026-05-21 Confidence: high	—

Full changelog

Added

⚡️(frontend) add skeleton on content loading #2254
⚡️(frontend) close websocket connection when user change tab #2264

Changed

🏗️(core) migrate from pip to uv

Fixed

🩺(project) reload app if front and back unsync #2276
🐛(frontend) fix patch and comments #2273
🐛(frontend) interlinking are exported correctly in print mode #2269
💬(frontend) add missing link in onboarding description #2233
🐛(frontend) sanitize pasted and dropped content in document title #2210
🐛(frontend) Emoji menu doesn't display above comment box #2229
🐛(frontend) Block menu doesn't stay open on 1st line #2229
🐛(frontend) The "+" on the first line of a new doc doesn't work #2229
🐛(backend) manage race condition between GET and PATCH content #2271
🐛(backend) replace document creation table locks with retry strategy #2274

Security

🔒️(frontend) sanitize color during collaboration #2270

Security Fixes

Sanitize pasted and dropped document title content (fix #2210)
Sanitize color values during collaboration to prevent injection (#2270)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track docs

Get notified when new releases ship.

About docs

A collaborative note taking, wiki and documentation platform that scales. Built with Django and React.

All releases →