Release history
jotty releases
Lightweight but powerful alternative for managing your personal, file based, notes and checklists.
All releases
17 shown
1.23.0
Mixed
Notable features
- Runtime patching system for wrapping third-party modules at runtime
- Notes encrypted by default on creation with cached password
- Global time/date format with per-user override
Full changelog
Changelog
bugfixes
- Potentially fix IOS scroll issue #452
- Add tzdata package to Dockerfile for proper
TZsupport - Thank you @sethgregory - Nested checklist breaking to two lines before they need to #476
- Style up time input for the reminder time
- Wrong password length check on PGP encryption #467
- Username with spaces break image urls #494
- Fix table of content not working in edit mode #496
- FINALLY fix the damn body size limit issue #422
features
- Allow user to change checklist behaviour to edit on click rather than check on click #477
- Encrypt note by default on create so they never hit the server decrypted #468
- Store the encryption password in state (ref) so you are not prompted when editing/saving the encrypted note you are already viewing #469
- Added a whole patching system for issues like #422 and #488 . This allow users to create patches that run on runtime, effectively being able to wrap code around any node modules. It's particularly useful for issues that haven't been fixed by third parties and that are actually out of my control. Patches can be custom made by you or built in by me, please read the documentation in the howto section for more info ❤️
- Add support for FreeBSD #488 - Thank you @h-2
- Added global setting for time/date format that can be overridden on a per user basis #403
1.22.0
Breaking risk
Security fixes
- Jotty: High-severity vulnerability patched (CVE pending)
- simple-git: RCE via blockUnsafeOperationsPlugin bypass (Critical)
- vite: Arbitrary file read, path traversal, server.fs.deny bypass (High)
Notable features
- Kanban system with priorities, assignees, due dates, and reminders
- Calendar view for tasks with due dates
- LDAP authentication support
1.21.1
Bug fix
Fixed websocket looping connection for unauthenticated users and resolved asset blocking causing redirect loops.
1.21.0
New feature
Notable features
- Significant performance improvements for 5k+ notes through caching
- Tags support for checklists with sidebar filtering
- Drag-and-drop consistency fixes
1.20.0
New feature
Security fixes
- React and Next.js security fixes from v15+
Notable features
- PWA offline read-only caching for 30 days
- Live updates across all screens except editor
- Markdown editor ruler for line length guides
1.19.1
Security relevant
Security fixes
- Export functionality authentication bypass allowing unauthorized content access
1.19.0
New feature
Notable features
- Complete tagging system with subtag support
- Tag-based sidebar organization and filtering
- Cascading deletion fixes
1.18.1
Bug fix
Security fixes
- Fixed permission bypass allowing read-only users to create and delete checklists
1.18.0
New feature
Notable features
- Git-based local note history with diff and revert
- Callout blocks support for warnings/info
- Improved slash commands and @ mention linking
1.17.2
Bug fix
Improved accessibility and lighthouse scores, fixed drag-and-drop issues on checklists including swipe delete and nested item bugs, and enhanced markdown mode keyboard shortcuts.
1.17.1
Bug fix
Fixed redirect loop on new user registration caused by OIDC-only setup logic that prevented fresh installations from completing account creation.
1.17.0
New feature
Security fixes
- OIDC user info JWT response handling fixed
- Public routes accessibility for category-less sharing fixed
Notable features
- Improved checklist drag-and-drop with draggable system
- OIDC user groups and roles mapping
- Note conversion between task/checklist types
1.16.1
Bug fix
Fixed critical sharing permission bug where non-admin users couldn't edit shared notes, a regression from the 1.15.2 security update.
1.16.0
New feature
Security fixes
- Additional sensitive data obfuscation for logged-in user sessions
Notable features
- Left-handed mode in user preferences
- Brute force protection after 3 failed login attempts
- Improved mobile gesture handling and larger buttons
1.15.2
Security relevant
Security fixes
- Data exposure in public routes and logged-in pages fixed with restored sanitization
1.15.1
New feature
Breaking changes
- LOCALE environment variable deprecated in favor of DEFAULT_LOCALE
Notable features
- User-specific language preferences in settings
- Translation dropdown in header
- Unraid deployment template support