Skip to content

outline

v1.8.0 Breaking

This release includes breaking changes for platform teams planning a safe upgrade.

Published 2d Productivity & Wikis
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

docker javascript mobx nodejs react slack
+1 more
wiki

Affected surfaces

auth

ReleasePort's take

Moderate signal
editorial:auto 2d

The OAuth scope validation has been hardened in this release.

Why it matters: Hardened OAuth scope validation (severity 70) reduces authorization bypass risk for all authentication flows.

Summary

AI summary

Updates Performance, Other Improvements, and MCP across a mixed release.

Changes in this release

Security High

Hardened OAuth scope validation.

Hardened OAuth scope validation.

Source: llm_adapter@2026-06-01

Confidence: high
Feature Medium

Members can now request access to documents they lack permission for.

Members can now request access to documents they lack permission for.

Source: llm_adapter@2026-06-01

Confidence: high
Feature Medium

Inline comments can be created and managed via the API and MCP.

Inline comments can be created and managed via the API and MCP.

Source: llm_adapter@2026-06-01

Confidence: high
Feature Medium

The `fetch` tool can now access signed attachment URLs.

The `fetch` tool can now access signed attachment URLs.

Source: llm_adapter@2026-06-01

Confidence: high
Feature Medium

Added `fullWidth` parameter to `create_document` and `update_document`.

Added `fullWidth` parameter to `create_document` and `update_document`.

Source: llm_adapter@2026-06-01

Confidence: high
Feature Medium

Document responses now include a `commentCount` field.

Document responses now include a `commentCount` field.

Source: llm_adapter@2026-06-01

Confidence: high
Feature Medium

MCP responses now return full URLs instead of relative paths.

MCP responses now return full URLs instead of relative paths.

Source: llm_adapter@2026-06-01

Confidence: high
Feature Medium

Optional MCP fields now accept empty strings without erroring.

Optional MCP fields now accept empty strings without erroring.

Source: llm_adapter@2026-06-01

Confidence: high
Feature Medium

Aligned permission checks between the API and MCP when creating documents.

Aligned permission checks between the API and MCP when creating documents.

Source: llm_adapter@2026-06-01

Confidence: high
Feature Low

Comments are now available in the image lightbox.

Comments are now available in the image lightbox.

Source: granite4.1:30b@2026-06-01-audit

Confidence: low
Feature Low

Code blocks are supported inside comments.

Code blocks are supported inside comments.

Source: granite4.1:30b@2026-06-01-audit

Confidence: low
Feature Low

Viewers can create and use API keys.

Viewers can create and use API keys.

Source: granite4.1:30b@2026-06-01-audit

Confidence: low
Feature Low

Mentioned users are automatically subscribed to the document.

Mentioned users are automatically subscribed to the document.

Source: granite4.1:30b@2026-06-01-audit

Confidence: low
Feature Low

Command menu shows breadcrumbs for disambiguation.

Command menu shows breadcrumbs for disambiguation.

Source: granite4.1:30b@2026-06-01-audit

Confidence: low
Feature Low

Format word at cursor with shortcut without selection.

Format word at cursor with shortcut without selection.

Source: granite4.1:30b@2026-06-01-audit

Confidence: low
Feature Low

Self‑hosted instances can use HTTP webhook URLs.

Self‑hosted instances can use HTTP webhook URLs.

Source: granite4.1:30b@2026-06-01-audit

Confidence: low
Feature Low

Delete confirmation dialogs use segmented-style input.

Delete confirmation dialogs use segmented-style input.

Source: granite4.1:30b@2026-06-01-audit

Confidence: low
Feature Low

Images pasted as data URIs are supported.

Images pasted as data URIs are supported.

Source: granite4.1:30b@2026-06-01-audit

Confidence: low
Feature Low

Icon picker is responsive on mobile.

Icon picker is responsive on mobile.

Source: granite4.1:30b@2026-06-01-audit

Confidence: low
Feature Low

Notifications open in a mobile drawer on small screens.

Notifications open in a mobile drawer on small screens.

Source: granite4.1:30b@2026-06-01-audit

Confidence: low
Feature Low

Minimum table column width reduced to 25 px.

Minimum table column width reduced to 25 px.

Source: granite4.1:30b@2026-06-01-audit

Confidence: low
Feature Low

Hyphenated words treated as single units when diffing changes.

Hyphenated words treated as single units when diffing changes.

Source: granite4.1:30b@2026-06-01-audit

Confidence: low
Feature Low

Hover previews trigger while editor is focused.

Hover previews trigger while editor is focused.

Source: granite4.1:30b@2026-06-01-audit

Confidence: low
Feature Low

Settings sidebar is no longer collapsible.

Settings sidebar is no longer collapsible.

Source: granite4.1:30b@2026-06-01-audit

Confidence: low
Feature Low

Added Catalan as a language option.

Added Catalan as a language option.

Source: granite4.1:30b@2026-06-01-audit

Confidence: low
Bugfix Medium

Fixed issue where updating a collection description via MCP would not persist.

Fixed issue where updating a collection description via MCP would not persist.

Source: llm_adapter@2026-06-01

Confidence: high
Full changelog

What's changed

Highlights

  • Members can now request access to documents they don't have permission to view – https://github.com/outline/outline/pull/10825
  • Comments are now available in the image lightbox, making it easier to discuss visuals in context – https://github.com/outline/outline/pull/12335

MCP

  • Inline comments can now be created and managed through the API and MCP – https://github.com/outline/outline/pull/12322
  • The fetch tool can now access signed attachment URLs, allowing MCP clients to read images and files – https://github.com/outline/outline/pull/12315
  • Added a fullWidth parameter to create_document and update_document, by @toralux – https://github.com/outline/outline/pull/12338
  • Document responses now include a commentCount field – https://github.com/outline/outline/pull/12355
  • MCP Responses now return full URLs instead of relative paths – https://github.com/outline/outline/pull/12255
  • Optional MCP fields now accept empty strings without erroring – https://github.com/outline/outline/pull/12310
  • Fixed an issue where updating a collection description via MCP wouldn't persist – https://github.com/outline/outline/pull/12410
  • Aligned permission checks between the API and MCP when creating documents – https://github.com/outline/outline/pull/12517

Other Improvements

  • Code blocks are now supported inside comments – https://github.com/outline/outline/pull/12480
  • Added a system preference to open the desktop app automatically on startup – https://github.com/outline/outline/pull/12279
  • Viewers can now create and use API keys – https://github.com/outline/outline/pull/12278
  • Mentioned users are now automatically subscribed to the document – https://github.com/outline/outline/pull/12235
  • The command menu now shows breadcrumbs alongside documents to make results easier to disambiguate – https://github.com/outline/outline/pull/12403
  • You can now format the word at the cursor with the associated shortcut without needing to select it first – https://github.com/outline/outline/pull/12492
  • Self-hosted instances can now use HTTP webhook URLs – https://github.com/outline/outline/pull/12499
  • Delete confirmation dialogs now use a segmented-style input – https://github.com/outline/outline/pull/12495
  • Images pasted as data URIs are now supported – https://github.com/outline/outline/pull/12294
  • The icon picker is now responsive and easier to use on mobile – https://github.com/outline/outline/pull/12275
  • Notifications now open in a mobile drawer on small screens – https://github.com/outline/outline/pull/12276
  • Reduced minimum table column width to 25px for tighter layouts – https://github.com/outline/outline/pull/12269
  • Hyphenated words are now treated as a single unit when diffing changes – https://github.com/outline/outline/pull/11272
  • Hover previews now trigger while the editor is focused – https://github.com/outline/outline/pull/12545
  • The settings sidebar is no longer collapsible – https://github.com/outline/outline/pull/12460
  • Hardened OAuth scope validation – https://github.com/outline/outline/pull/12490
  • Added Catalan as a language option – https://github.com/outline/outline/pull/12454
  • Thousands of new community translations

Performance

  • Cached decorations across three editor plugins for smoother editing – https://github.com/outline/outline/pull/12030
  • Virtualized the main sidebar and reduced unnecessary re-renders – https://github.com/outline/outline/pull/12443
  • Added missing indexes on foreign keys referencing documents – https://github.com/outline/outline/pull/12473
  • Replaced a correlated subquery in Slack hooks user lookup – https://github.com/outline/outline/pull/12432
  • Removed an N+1 query in documents.search – https://github.com/outline/outline/pull/12540
  • Reduced batch size when deleting documents – https://github.com/outline/outline/pull/12474
  • Avoided a redundant import lookup when presenting documents – https://github.com/outline/outline/pull/12529
  • Mammoth is now lazy-loaded to reduce startup memory – https://github.com/outline/outline/pull/12538
  • Unused services are no longer loaded at boot – https://github.com/outline/outline/pull/12537
  • Importers now stream from the zip archive instead of loading it fully – https://github.com/outline/outline/pull/12372 https://github.com/outline/outline/pull/12380
  • Popularity scoring now reads from the document_insights table for faster results – https://github.com/outline/outline/pull/12103

Fixes

  • Document text can now be selected in version history – https://github.com/outline/outline/pull/12268
  • Fixed search highlights not rendering in Firefox – https://github.com/outline/outline/pull/12273
  • Resolved console warnings for the rtl DOM attribute and an untracked MobX read – https://github.com/outline/outline/pull/12284
  • Outline now only preconnects to S3 when it's actually in use, by @marksteward – https://github.com/outline/outline/pull/12298
  • Improved handling of additional client-aborted error types – https://github.com/outline/outline/pull/12303
  • Short-circuited common scanner and crawler routes – https://github.com/outline/outline/pull/12306
  • Fixed a crash when file storage environment variables are misconfigured – https://github.com/outline/outline/pull/12325
  • Printing no longer includes an extra blank page – https://github.com/outline/outline/pull/12326
  • Document deletes are now batched when emptying trash – https://github.com/outline/outline/pull/12328
  • Upgraded Mermaid to 11.15.0 – https://github.com/outline/outline/pull/12331
  • Table cell selection no longer appears in print output – https://github.com/outline/outline/pull/12334
  • Fixed Mermaid diagrams not rendering correctly inside toggle blocks – https://github.com/outline/outline/pull/12343
  • Code blocks now automatically expand when a find result is inside – https://github.com/outline/outline/pull/12346
  • Mermaid diagrams now appear correctly in light theme when printing from dark theme – https://github.com/outline/outline/pull/12342
  • Fixed authorization providers not being correctly disabled via environment variables – https://github.com/outline/outline/pull/12349
  • Improved the resilience of the Markdown importer – https://github.com/outline/outline/pull/12357
  • Fixed a bug with multi-tab logout for OIDC providers – https://github.com/outline/outline/pull/12333
  • Fixed text selection insights initialization, by @mturac – https://github.com/outline/outline/pull/12366
  • Position submenu is now hidden when a collection is sorted alphabetically – https://github.com/outline/outline/pull/12377
  • No more "Imported from undefined" entries in document insights – https://github.com/outline/outline/pull/12378
  • Failed and canceled imports can now be deleted – https://github.com/outline/outline/pull/12379
  • Code blocks at the beginning of a document can now be collapsed – https://github.com/outline/outline/pull/12381
  • Fixed an infinite loop with the document restore action, by @Ali-ovo – https://github.com/outline/outline/pull/12395
  • Exported filenames are now sanitized of Windows-invalid characters, previously invalid characters would make the Zip file hard to open – https://github.com/outline/outline/pull/12407
  • Slack notifications no longer show "Untitled" for documents without titles – https://github.com/outline/outline/pull/12406
  • The mention menu now appears when pasting a link followed by a newline – https://github.com/outline/outline/pull/12402
  • Non-empty untitled drafts are no longer unintentionally trashed on editor unmount – https://github.com/outline/outline/pull/12418
  • "Premature close" stream errors are no longer reported to error tracking – https://github.com/outline/outline/pull/12424
  • Database query statement_timeout is now applied on request-handling processes – https://github.com/outline/outline/pull/12422
  • Fixed a crash when importing Notion pages containing empty tables – https://github.com/outline/outline/pull/12421
  • Upstream OAuth provider errors are no longer reported to error tracking – https://github.com/outline/outline/pull/12425
  • Double-clicking actions in DocumentExplorer no longer submits twice – https://github.com/outline/outline/pull/12417
  • Fixed a race condition causing undo/redo errors when the editor transitions from readonly – https://github.com/outline/outline/pull/12427
  • Removed unnecessary package resolutions – https://github.com/outline/outline/pull/12442
  • Fixed a sporadic infinite loop when rendering documents with code blocks – https://github.com/outline/outline/pull/12444
  • Updated Node.js to 24.16.0 – https://github.com/outline/outline/pull/12448
  • Fixed Safari heading widget handling for the Chinese IME, by @Wars – https://github.com/outline/outline/pull/12453
  • Fixed a database error from documents.list when filtering by Draft status – https://github.com/outline/outline/pull/12426
  • Internal links are now correctly remapped during JSON import – https://github.com/outline/outline/pull/12461
  • Fixed a TypeError when document.collaboratorIds is null – https://github.com/outline/outline/pull/12471
  • Skipped exporting attachments with malformed keys instead of failing the export – https://github.com/outline/outline/pull/12470
  • Prevented an internal error when a tsquery tail interleaves operator and escape characters – https://github.com/outline/outline/pull/12475
  • Removed a stray URL fragment from AuthenticationHelper – https://github.com/outline/outline/pull/12477
  • Guarded against table content changing mid-drag – https://github.com/outline/outline/pull/12476
  • Stopped logging an error when a team isn't found during apex auth redirect – https://github.com/outline/outline/pull/12478
  • Rate limiter errors are now distinguished from other errors – https://github.com/outline/outline/pull/12479
  • Notion API 5xx errors are now retried with exponential backoff – https://github.com/outline/outline/pull/12481
  • Search highlight chips are now clickable in the desktop app – https://github.com/outline/outline/pull/12482
  • Guarded against out-of-range positions in scrollToAnchor – https://github.com/outline/outline/pull/12489
  • Expected websocket "No access token" errors are no longer sent to error tracking – https://github.com/outline/outline/pull/12487
  • Imports can now target documents that the user can write to – https://github.com/outline/outline/pull/12485
  • Upload progress is now shown on the import dialog button – https://github.com/outline/outline/pull/12488
  • Fixed indent/outdent on Android mobile – https://github.com/outline/outline/pull/12496
  • Subdocuments can now be reordered with document-only access – https://github.com/outline/outline/pull/12493
  • Image and video dimension promises now reject with proper Error objects – https://github.com/outline/outline/pull/12498
  • Imports now exit gracefully when canceled mid-task – https://github.com/outline/outline/pull/12497
  • IP addresses are now normalized to avoid validation errors – https://github.com/outline/outline/pull/12500
  • Koa middleware spans are no longer reported to DataDog – https://github.com/outline/outline/pull/12501
  • Disabled floating toolbar interaction during the open animation – https://github.com/outline/outline/pull/12508
  • Avoided a team invariant violation on OAuth authorize errors – https://github.com/outline/outline/pull/12506
  • Shift-tab now outdents correctly inside code blocks – https://github.com/outline/outline/pull/12514
  • The block menu no longer triggers when the slash is marked – https://github.com/outline/outline/pull/12515
  • Webhooks are now disabled when their associated user is deleted – https://github.com/outline/outline/pull/12524
  • Prevented a crash when inserting files into a document with no attachment node in its schema – https://github.com/outline/outline/pull/12526
  • Fixed duplicate undo/redo events – https://github.com/outline/outline/pull/12525
  • Removed the resize grid-snap behavior in the editor, images and videos now resize smoothly – https://github.com/outline/outline/pull/12528
  • Pressing Enter on an image now adds a new paragraph below – https://github.com/outline/outline/pull/12530
  • Linear unfurl errors no longer bubble up to error tracking – https://github.com/outline/outline/pull/12532
  • Toggle blocks inside collapsed headings are now correctly hidden – https://github.com/outline/outline/pull/12536
  • Fixed Mermaid diagrams being mis-sized on high-DPI and RDP displays – https://github.com/outline/outline/pull/12531
  • Restored missing text color on search highlights – https://github.com/outline/outline/pull/12547
  • Many dependency updates

New Contributors

  • @marksteward made their first contribution in https://github.com/outline/outline/pull/12298
  • @toralux made their first contribution in https://github.com/outline/outline/pull/12338
  • @mturac made their first contribution in https://github.com/outline/outline/pull/12366
  • @Wars made their first contribution in https://github.com/outline/outline/pull/12453

Full Changelog: https://github.com/outline/outline/compare/v1.7.1...v1.8.0

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track outline

Get notified when new releases ship.

Sign up free

About outline

The fastest knowledge base for growing teams. Beautiful, realtime collaborative, feature packed, and markdown compatible.

All releases →

Related context

Related tools

Beta — feedback welcome: [email protected]