Skip to content

Release history

Algernon releases

Small self-contained pure-Go web server with Lua, Markdown, HTTP/2, QUIC, Redis and PostgreSQL support.

Back to tool Latest release

All releases

6 shown

Review required
v1.17.9 Breaking risk
Dependencies

Go 1.26 requirement + NTFS check + config changes

Open
Upgrade now
v1.17.8 Breaking risk
RCE / SSRF

Security fix + new functionality + improvements

Open
Review required
v1.17.7 Bug fix
Auth RBAC

Bolt DB fix

Open
v1.17.6 Security relevant
Security fixes
  • Fix path traversal vulnerability in file uploads and Lua handling (ref #172)
Notable features
  • Support for npm‑less React 19 with partial reload using the --autorefresh flag
  • IPv6 support
Full changelog

Security

  • Add a --testcert flag, for using the Let's Encrypt staging CA when configuring a new domain, to avoid hitting rate limits.
  • Fix a Lua-related race condition, ref #172 (thanks @KatrielMoses).
  • Fix path traversal in connection with file uploads and Lua, ref #172 (thanks @KatrielMoses).
  • Update dependencies, including golang/x/crypto, ref #168.
  • Add a ReadHeaderTimeout setting to engine/serve.go.

New features

  • Add support for npm-less React 19 with partial reload with the -a / --autorefresh flag.
  • Add IPv6 support.

Performance

  • Adjust how Pongo2 templates are applied.
  • Append concurrently to access logs.

Samples

  • Adjust CSS for the "formulas" example.
  • Update the typewriter example.
  • Update all React-related samples.
  • Update the Hyperapp gif example.
  • Update systemd example files + add an example Fedora .spec file.

Local AI

  • Fix mimetype handling for .prompt files.
  • Update the default Ollama model.
  • Update the ai example.

REPL

  • Fix syntax highlighting in the help text for the REPL.

Code quality

  • Add more checks in the code, to increase robustness.
  • Use an atomic bool in connection with shutting down the server.

Build process

  • Remove GOEXPERIMENT=greenteagc since this is now the default.
  • Build the release with Go 1.26.2.

General

  • Update CI configuration.
  • Update documentation.
View release on GitHub
v1.17.5 New feature
Security fixes
  • Added extra sanitation / XSS protection
Notable features
  • Support for serving the QOI image format
Full changelog

Fixes

  • Fix HTML detection, ref #164 (thanks @astynax).

Security

  • Add an initial Security.md file.
  • Add extra sanitation / XXS protection (thanks @Bnyt7).

New features

  • Add support for serving the QOI image format.

Code quality

  • Simplify favicon / mimetype related code.
  • Remove some unused code.

Documentation

  • Add more documentation, ref #163 (thanks @myselfghost).
  • Add an example for HTMX.

Performance

  • Build release executables with GOEXPERIMENT=greenteagc.

Lua related

  • If a single file is given as an argument, don't output the server name and version (to make Algernon more suitable for being used as a "Lua runtime", ref #163).

General

  • Update CI configuration.
  • Update dependencies.
View release on GitHub
v1.17.4 Mixed
Security fixes
  • HTML sanitization of filename on the "file not found" page prevents XSS (Snyk GOLANG-GITHUBCOMXYPROTOALGERNONTHEMES-3312112)
Notable features
  • Show banner/logo at start on Windows
Full changelog
  • Fix a missing m character when drawing the banner/logo at start.
  • Also show the banner/logo at start on Windows.
  • Add HTML sanitization of the filename for the "file not found" page". This fixes an XSS issue.
  • Switch from vt100 to the vt package.
  • Update go.mod, ref #159.
  • Update CI configuration.
  • Remove FUNDING.yml.
  • Update documentation.
  • Update dependencies.
View release on GitHub

Beta — feedback welcome: [email protected]