enchant97/note-mark v0.19.2
V0.19.2

on GitHub

13 hours ago

⛔ Security Fixes ⛔

Stored XSS via Unrestricted Asset Upload (CVE-2026-40262) - GHSA-9pr4-rf97-79qh
Broken Access Control on Asset Download (CVE-2026-40265) - GHSA-p5w6-75f9-cc2p
Username Enumeration via Login Endpoint by CWE-208 (CVE-2026-40263) - GHSA-w6m9-39cv-2fwp

Thanks to @QiaoNPC for reporting these.

Changes

Fixed

Stored XSS via Unrestricted Asset Upload (CVE-2026-40262)
Broken Access Control on Asset Download (CVE-2026-40265)
Username Enumeration via Login Endpoint by CWE-208 (CVE-2026-40263)

Changed

bump deps

Removed

liquid parser from render (it was unused, since disabled)

Full Changelog: v0.19.0...v0.19.2

Check out latest releases or
releases around enchant97/note-mark v0.19.2

Don't miss a new note-mark release

NewReleases is sending notifications on new releases.

Get notifications