Skip to content
Features
-
Document management with upload, storage, and organization
-
Full‑text search with advanced filters
-
Self‑hosting via Docker (lightweight <200 MB image)
Upgrade now
Auth
RBAC
Dependencies
Tag scope + webhook redirects + upload limit
No immediate action
Batch document trash API
Breaking changes
- Webhooks pointing to private or reserved IP addresses are now blocked unless explicitly listed in WEBHOOK_URL_ALLOWED_HOSTNAMES config
Security fixes
- GHSA-cjw7-qg95-58mq: SSRF protection for webhook URLs
- GHSA-866c-mc22-wvv5: Removed unsafe expiresAt placeholder fields in API key creation endpoint
- GHSA-6f8x-2rc9-vgh4: Sanitized user names in email content to prevent XSS/HTML injection
Notable features
- SSRF protection for webhook URLs with configurable allowlist via WEBHOOK_URL_ALLOWED_HOSTNAMES
- Improved error handling returning 409 status code for duplicate tags instead of 400 or 500 errors
Notable features
- Grayscale PDF OCR
- XLSX and ODS file extraction
- Vectorized text support
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
About
Languages
TypeScript
·
MDX
·
Astro
TypeScript
Types included ✓
Search tools, categories, lists, and users
Use ↑↓ to navigate, Enter to open, Esc to close
No results for ""
⌘K to open
↑↓ navigate
⏎ open
