This release includes 1 breaking change for platform teams planning a safe upgrade.
✓ No known CVEs patched in this version
Topics
ReleasePort's take
Moderate signalThe v6.0.0 release raises the minimum required server version to 33 and adds a category indicator in the "All notes" view.
Why it matters: Deployments must run on server version 33 or higher; otherwise they will fail. The new UI indicator improves note organization instantly.
Summary
AI summaryBroad release touches deps-dev, deps, ui, and https://github.com/nextcloud/notes/pull/1840.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Breaking | High |
Updates minimum required server version to 33. Updates minimum required server version to 33. Source: llm_adapter@2026-06-02 Confidence: high |
— |
| Feature | Medium |
Adds category indicator in "All notes" view. Adds category indicator in "All notes" view. Source: llm_adapter@2026-06-02 Confidence: high |
— |
| Dependency | Low |
Bumps easymde from 2.20.0 to 2.21.0. Bumps easymde from 2.20.0 to 2.21.0. Source: llm_adapter@2026-06-02 Confidence: high |
— |
| Dependency | Low |
Bumps axios from 1.15.0 to 1.16.0. Bumps axios from 1.15.0 to 1.16.0. Source: llm_adapter@2026-06-02 Confidence: high |
— |
| Dependency | Low |
Bumps markdown-it from 14.1.1 to 14.2.0. Bumps markdown-it from 14.1.1 to 14.2.0. Source: llm_adapter@2026-06-02 Confidence: high |
— |
| Dependency | Low |
Bumps qs and express. Bumps qs and express. Source: llm_adapter@2026-06-02 Confidence: high |
— |
| Dependency | Low |
Updates composer command to include all dependencies for nextcloud notes. Updates composer command to include all dependencies for nextcloud notes. Source: llm_adapter@2026-06-02 Confidence: low |
— |
| Performance | Medium |
Replaces legacy NotesHooks boot registration with typed file event listeners. Replaces legacy NotesHooks boot registration with typed file event listeners. Source: llm_adapter@2026-06-02 Confidence: high |
— |
| Bugfix | Medium |
Fixes dead zones in clickable note area. Fixes dead zones in clickable note area. Source: llm_adapter@2026-06-02 Confidence: high |
— |
| Bugfix | Low |
Fixes npm audit issues (multiple occurrences). Fixes npm audit issues (multiple occurrences). Source: llm_adapter@2026-06-02 Confidence: high |
— |
Full changelog
Added
Changed
- Fix(perf): replace legacy NotesHooks boot registration with typed file event listeners (notes#1836)
- Fix: Update min server version to 33 (notes#1852)
- Style: Update sidebar and general icons to latest design (notes#1863)
Fixed
- Fix dead zones in clickable note area (notes#1841)
- Fix: Update composer command to include all dependencies for nextclou… (notes#1859)
Dependencies
- [main] Fix npm audit (notes#1834)
- Chore(deps-dev): Bump php-cs-fixer/shim from 3.94.2 to 3.95.1 (notes#1838)
- [main] Fix npm audit (notes#1844)
- Chore(deps): Bump easymde from 2.20.0 to 2.21.0 (notes#1845)
- Chore(deps-dev): Bump @nextcloud/stylelint-config from 3.2.1 to 3.2.2 (notes#1847)
- Chore(deps): Bump axios from 1.15.0 to 1.16.0 (notes#1848)
- Chore(deps): Bump fast-xml-builder from 1.1.5 to 1.2.0 (notes#1849)
- Chore(deps-dev): Bump fast-uri from 3.1.0 to 3.1.2 (notes#1850)
- Chore(deps-dev): Bump @babel/plugin-transform-modules-systemjs from 7.28.5 to 7.29.4 (notes#1851)
- Chore(deps-dev): Bump @playwright/test from 1.59.1 to 1.60.0 (notes#1855)
- Chore(deps-dev): Bump @protobufjs/utf8 from 1.1.0 to 1.1.1 (notes#1856)
- Chore(deps-dev): Bump protobufjs from 7.5.5 to 7.5.8 (notes#1857)
- Chore(deps): Bump shivammathur/setup-php from 2.37.0 to 2.37.1 (notes#1860)
- [main] Fix npm audit (notes#1862)
- Chore(deps): Bump brace-expansion from 5.0.5 to 5.0.6 (notes#1865)
- Chore(deps-dev): Bump webpack-dev-server from 5.2.3 to 5.2.4 (notes#1867)
- Chore(deps): Bump qs and express (notes#1868)
- Chore(deps): Bump markdown-it from 14.1.1 to 14.2.0 (notes#1869)
Breaking Changes
- Update min server version to 33
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Beta — feedback welcome: [email protected]