- Fix an XSS vulnerability in a specific route where malicious Markdown files could execute JavaScript when viewed. Reported by @cyberducky0o0
- Add MIME type validation for file and vault uploads
- Fix unnecessary backend calls when changing edit modes in the editor
- Add language label to code blocks
- Update editor toolbar UI and UX
- Adjust UI theme colors for better contrast
Thanks to Juan Soberanes (@cyberducky0o0) for responsibly disclosing the XSS vulnerability and assisting in testing the fix.