Skip to content

Algernon

Dashboards & Home Pages

A compact web server with built‑in support for multiple scripting languages, template engines, databases and protocols (HTTP/2, QUIC) in a single executable

Track releases GitHub Website
JavaScript Latest v1.17.9 · 5d ago Security brief →

Features

  • Built‑in support for Lua, Teal, Markdown, Pongo2, Amber, Sass/SCSS, GCSS, JSX, TypeScript and HyperApp templates
  • Native HTTP/2 over TLS with optional QUIC (HTTP/3) via a flag
  • Integrated databases: BoltDB, SQLite, PostgreSQL, MySQL/MariaDB, MSSQL, Redis/Valkey
  • User authentication and role‑based permissions out of the box
  • Lightweight self‑contained binary (~12 MB Docker image)
  • Plugin system via pie and graceful shutdown handling

Recent releases

View all 6 releases →
Review required
v1.17.9 Breaking risk
Dependencies

Go 1.26 requirement + NTFS check + config changes

Open
Upgrade now
v1.17.8 Breaking risk
RCE / SSRF

Security fix + new functionality + improvements

Open
Review required
v1.17.7 Bug fix
Auth RBAC

Bolt DB fix

Open
v1.17.6 Security relevant
Security fixes
  • Fix path traversal vulnerability in file uploads and Lua handling (ref #172)
Notable features
  • Support for npm‑less React 19 with partial reload using the --autorefresh flag
  • IPv6 support
Full changelog

Security

  • Add a --testcert flag, for using the Let's Encrypt staging CA when configuring a new domain, to avoid hitting rate limits.
  • Fix a Lua-related race condition, ref #172 (thanks @KatrielMoses).
  • Fix path traversal in connection with file uploads and Lua, ref #172 (thanks @KatrielMoses).
  • Update dependencies, including golang/x/crypto, ref #168.
  • Add a ReadHeaderTimeout setting to engine/serve.go.

New features

  • Add support for npm-less React 19 with partial reload with the -a / --autorefresh flag.
  • Add IPv6 support.

Performance

  • Adjust how Pongo2 templates are applied.
  • Append concurrently to access logs.

Samples

  • Adjust CSS for the "formulas" example.
  • Update the typewriter example.
  • Update all React-related samples.
  • Update the Hyperapp gif example.
  • Update systemd example files + add an example Fedora .spec file.

Local AI

  • Fix mimetype handling for .prompt files.
  • Update the default Ollama model.
  • Update the ai example.

REPL

  • Fix syntax highlighting in the help text for the REPL.

Code quality

  • Add more checks in the code, to increase robustness.
  • Use an atomic bool in connection with shutting down the server.

Build process

  • Remove GOEXPERIMENT=greenteagc since this is now the default.
  • Build the release with Go 1.26.2.

General

  • Update CI configuration.
  • Update documentation.
View release on GitHub
v1.17.5 New feature
Security fixes
  • Added extra sanitation / XSS protection
Notable features
  • Support for serving the QOI image format
Full changelog

Fixes

  • Fix HTML detection, ref #164 (thanks @astynax).

Security

  • Add an initial Security.md file.
  • Add extra sanitation / XXS protection (thanks @Bnyt7).

New features

  • Add support for serving the QOI image format.

Code quality

  • Simplify favicon / mimetype related code.
  • Remove some unused code.

Documentation

  • Add more documentation, ref #163 (thanks @myselfghost).
  • Add an example for HTMX.

Performance

  • Build release executables with GOEXPERIMENT=greenteagc.

Lua related

  • If a single file is given as an argument, don't output the server name and version (to make Algernon more suitable for being used as a "Lua runtime", ref #163).

General

  • Update CI configuration.
  • Update dependencies.
View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
3,011
Forks
146
Languages
JavaScript Go Lua
View on GitHub Homepage

Install & Platforms

Install via
go

Similar tools

Websoft9
Kottster
WinterCMS
StartOS
homer

Beta — feedback welcome: [email protected]