This release includes 1 security fix for security teams reviewing exposed deployments.
Published 9d
Productivity & Wikis
โ No known CVEs patched
This release patches 1 known CVE
Topics
docker
documentation
file-based
go
knowledge-base
markdown
+6 more
react
runbooks
self-hosted
single-binary
sqlite
wiki
Affected surfaces
deps
auth
Summary
AI summaryBroad release touches ๐งฐ Chores, chore, @perber, and โจ Features.
Full changelog
๐ Changelog for HEAD
๐ Highlights
- New
TagsandPropertiessupport withFrontmatterintegration for better structured content - Improved editor experience with better markdown insert tools,
Search / Replace, and several keyboard and layout fixes - Better content navigation with
Table of Contents, improvedPageSelect, andDrag & Dropsorting - Stronger authentication flows with
Proxy Auth, token refresh before expiry - Technical improvements including
KaTeXsupport, dependency cleanup, and stronger supply chain security
โจ Features
- feat(editor): improve markdown insert tools (#1040) (@perber)
- feat(deps): remove blackfriday markdown parser dependency (#1030) (@perber)
- feat(auth): add test setup with dex & oauth2-proxy (#1028) (@perber)
- feat(ui): update metadata (@perber)
- feat(tags): improve tag browsing excerpts (#998) (@perber)
- feat(script): Add update scripts (#1014) (@Freaks)
- feat(ui): add katex support (#995) (@Zhaoyang (Cyrus) Hong)
- feat(ui): add frontmatter support & tags filtering (@perber)
- feat(codemirror): add search / replace support (#992) (@perber)
- feat(ui): adjust metadata pageviwer ui (#991) (@perber)
- feat(ui): add toc (#974) (@perber)
- feat(ui): improve PageSelect (#973) (@perber)
- feat(ui): add drag & drop sort (#972) (@perber)
- feat(auth): add proxy auth (#971) (@perber)
๐ Bug Fixes
- fix(auth): refresh before token expiry (#1042) (@perber)
- fix(ui): italic shortcut (#1039) (@perber)
- fix(auth): await logout (#1029) (@perber)
- fix(ui): reset metadata dirty state (#1027) (@perber)
- fix(ui): improve editor and asset layouts (#1026) (@perber)
- fix(ui): favicon is not displayed when changed in branding settings (#1023) (@perber)
- fix(auth): resets basic auth credentials (#1017) (@perber)
- fix(tags): keyboard regression after introducing Tags & Properties in page editor (#1016) (@perber)
- fix(ui): improve tag suggestions & keyboard handling (#997) (@perber)
- fix(ui): ToC hierarchy (#993) (@perber)
- fix(ui): favicon initial html (#1025) (@perber)
๐ง Refactoring
- refactor: remove tree dependency from TagsService and PropertiesService (#1022) (@perber)
- refactor: search indexing via pagesave hook (#1019) (@perber)
๐งช Tests
- test: verify imported metadata (#1031) (@perber)
- test: update search index after move (#1020) (@perber)
๐งฐ Chores
- chore: bump node from
95034e7to7c6af15(#1033) (@dependabot[bot]) - chore: bump alpine from
4d889c1to5b10f43(#1034) (@dependabot[bot]) - chore: bump golang from
f44b851to91eda97(#1036) (@dependabot[bot]) - chore: bump golang.org/x/crypto in the go-dependencies group (#1035) (@dependabot[bot])
- chore: bump github action to newer version (@perber)
- chore: bump tailwindcss from 4.2.4 to 4.3.0 in /ui/leafwiki-ui (#1001) (@dependabot[bot])
- chore: bump postcss from 8.5.12 to 8.5.15 in /ui/leafwiki-ui (#1005) (@dependabot[bot])
- chore: bump @types/node from 25.7.0 to 25.9.1 in /e2e (#1006) (@dependabot[bot])
- chore: bump eslint from 10.3.0 to 10.4.0 in /e2e (#1007) (@dependabot[bot])
- chore: bump @tailwindcss/vite from 4.2.4 to 4.3.0 in /ui/leafwiki-ui (#1004) (@dependabot[bot])
- chore: bump typescript-eslint from 8.59.3 to 8.59.4 in /e2e (#1008) (@dependabot[bot])
- chore: bump @typescript-eslint/parser from 8.59.3 to 8.59.4 in /e2e (#1009) (@dependabot[bot])
- chore: bump prettier from 3.8.1 to 3.8.3 in /ui/leafwiki-ui (#1002) (@dependabot[bot])
- chore: bump @playwright/test from 1.59.1 to 1.60.0 in /e2e (#984) (@dependabot[bot])
- chore: bump golang.org/x/crypto from 0.49.0 to 0.51.0 (#977) (@dependabot[bot])
- chore: bump uuid from 11.1.0 to 14.0.0 in /ui/leafwiki-ui (#990) (@dependabot[bot])
- chore: bump tailwind-merge from 3.5.0 to 3.6.0 in /ui/leafwiki-ui (#978) (@dependabot[bot])
- chore: bump @types/node from 25.5.2 to 25.7.0 in /e2e (#985) (@dependabot[bot])
- chore: bump mermaid from 11.14.0 to 11.15.0 in /ui/leafwiki-ui (#989) (@dependabot[bot])
- chore: bump node from 25-alpine to 26-alpine (#982) (@dependabot[bot])
- chore: bump globals from 17.4.0 to 17.6.0 in /ui/leafwiki-ui (#980) (@dependabot[bot])
- chore: bump react-router-dom from 7.14.1 to 7.15.0 in /ui/leafwiki-ui (#976) (@dependabot[bot])
- chore: bump @codemirror/autocomplete in /ui/leafwiki-ui (#981) (@dependabot[bot])
- chore: bump typescript-eslint from 8.59.2 to 8.59.3 in /e2e (#983) (@dependabot[bot])
- chore: bump modernc.org/sqlite from 1.50.0 to 1.50.1 (#975) (@dependabot[bot])
- chore: bump @tailwindcss/vite from 4.2.3 to 4.2.4 in /ui/leafwiki-ui (#963) (@dependabot[bot])
- chore: bump eslint from 10.2.1 to 10.3.0 in /e2e (#965) (@dependabot[bot])
- chore: bump typescript-eslint from 8.59.1 to 8.59.2 in /e2e (#964) (@dependabot[bot])
- chore: bump github.com/fsnotify/fsnotify from 1.9.0 to 1.10.1 (#960) (@dependabot[bot])
- chore: bump zustand from 5.0.11 to 5.0.13 in /ui/leafwiki-ui (#961) (@dependabot[bot])
- chore: bump typescript from 6.0.2 to 6.0.3 in /ui/leafwiki-ui (#962) (@dependabot[bot])
- chore: bump @typescript-eslint/parser from 8.59.1 to 8.59.2 in /e2e (#966) (@dependabot[bot])
๐น Other Changes
- security: harden supply chain across CI, Docker and dependencies (#1032) (@perber)
- perf: eliminate redundant disk reads in pagesave effects (#1021) (@perber)
Security Fixes
- Supply chain hardened across CI, Docker images, and dependencies (#1032)
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About LeafWiki
A fast wiki for people who think in folders, not feeds. Fast editing. Tree navigation. Markdown on disk.
Beta — feedback welcome: [email protected]