Security
- Fix path traversal vulnerability reported by @Pirrandi
- Add strict MIME type validation for file uploads
New features
- Add PKCE support for PocketID provider (#123)
- Add queue configuration to s6 overlay
Tree view component
- Loading only visible nodes, improving performance especially in large vaults
- Opened file is now highlighted (#97)
- Files and folders can now be moved via drag and drop
- Files can be imported by dragging them directly into the tree view (#73, #117)
- Links can be created by dragging files from the tree view into the editor
- Add a dedicated context menu action button
- Add file type icons to nodes
Frontend
- Migrate frontend to Vue + Inertia + TypeScript
- Improve overall UI and UX
File support updates
- Audio: add M4A, AAC, WAV, OGG, Opus
- Image: add AVIF; remove SVG
- Video: add M4V, MOV, WebM, MKV; remove AVI
Improvements
- Improve broadcasting events
Fixes
- Remove single quote from the auto close Tiptap extension
Maintenance
- Update dependencies
Thanks to Diego Valencia (@Pirrandi) for responsibly disclosing the path traversal vulnerability and assisting in testing the fix.