github lfnovo/open-notebook v1.11.0
v1.11.0 — Security Hardening & Quality of Life

3 hours ago

We recommend all users upgrade. This release includes a comprehensive security-hardening pass (16 fixes), several long-requested features, and meaningful performance improvements — validated by a new release-testing process covering everything from the unit suite to fresh-install and upgrade tests on the actual Docker images.

🔒 Security hardening

A dedicated security review produced 16 fixes across the stack. Highlights:

  • SurrealQL injection closed in the repository layer and credential ordering (#1002, #1021)
  • SSRF protection on web-source ingestion, plus request-time re-validation of provider URLs (DNS-rebinding window closed) — private IPs and localhost remain fully supported for self-hosted Ollama/LM Studio (#1005, #1006)
  • Constant-time comparison for the API password (#1003)
  • User prompts are no longer compiled as Jinja2 templates (#1004)
  • Request body cap (default 100 MB, configurable via OPEN_NOTEBOOK_MAX_UPLOAD_SIZE_MB) (#1014)
  • Markdown note previews sanitize raw HTML (#1007)
  • API error responses no longer leak internal details (#1012, #1017)
  • Pillow forced to 12.3.0, resolving all 6 open Dependabot advisories (#1041)
  • docker-compose now binds SurrealDB to localhost only (#1025) and sources DB credentials from env (#946)

✨ New features

  • Sort the Sources table by any column — including the new "Updated" column (#895)
  • Recently Viewed section on the Notebooks page (#850)
  • List view for notebooks — tile/list toggle, remembered across reloads (#885)
  • Per-transformation model selection — assign a specific model to each transformation (#776)
  • "Refresh content" action on web-link sources (#259)
  • Syntax highlighting for code blocks + restored markdown typography (#783)
  • LaTeX math (KaTeX) everywhere — sources, insights, Ask answers, transformations and the note editor, not just chat (#269)
  • EasyPanel deployment template (#189)

⚡ Performance

  • Ask and source-chat now stream progressively through the Next.js proxy — no more waiting at "Processing..." (#770)
  • Chat/context/podcast startup uses batched insight queries (14 → 3 queries on a 12-source notebook) (#1008)
  • File uploads, DNS resolution and chat inference no longer block the event loop (#1009, #1011, #704)

🐛 Notable fixes

  • Google/Vertex connection tests survive Google retiring Gemini models (#970)
  • API startup waits for SurrealDB instead of crashing on boot races (#708)
  • Podcast generation no longer truncates dense content — max_tokens on episode profiles (#639)
  • Clearing credential fields (Ollama base URL, Vertex settings) now actually clears them (#1046)
  • Note editor fills the dialog properly and long notes scroll instead of overflowing (#932)
  • CRUD endpoints return proper 404s instead of 500s (#862)

⚠️ Behavior changes for self-hosters

  1. SurrealDB port binding: docker-compose.yml now publishes SurrealDB on 127.0.0.1 only. If you connect to the DB from another machine, use the new docker-compose.override.yml.example.
  2. CORS: the default wildcard no longer sends credentials. If you make credentialed cross-origin requests, set CORS_ORIGINS explicitly.
  3. Upload cap: request bodies over 100 MB are now rejected — raise OPEN_NOTEBOOK_MAX_UPLOAD_SIZE_MB if you upload larger files.
  4. Host validation: reverse proxies must forward a clean Host header; malformed values now fall back to localhost instead of being trusted.
  5. Raw HTML in notes no longer renders in the preview (it is sanitized).

🙏 Thanks

This release carries contributions from all over the community:

  • @kwp3 — the entire 16-fix security-hardening pass, plus the performance work on batched queries and event-loop hygiene (#1002#1026)
  • @mvanhorn — API startup resilience (#977), Recently Viewed (#979), per-transformation model selection (#978), podcast max_tokens (#982) and typing improvements (#983)
  • @ProfTrader — sortable sources table (#930), the flow-driven release process docs (#960), dependency audit resolution (#962) and typing work (#929, #961)
  • @hyeonho-park — end-to-end SSE streaming through the Next.js proxy (#770)
  • @Markus328 — syntax highlighting and the markdown typography restoration (#980)
  • @GeorgijGrigoriev — configurable API listen host (#986)
  • @Thiamath — deprecated Gemini model cleanup (#1027)
  • @D-revv — test coverage measurement in CI (#966)
  • @nyxst4ck — EasyPanel deployment template (#927)

And a big thank-you to everyone who reported the issues this release closes — the fixes above exist because you took the time to file them. ❤️

Full details in the CHANGELOG.

Don't miss a new open-notebook release

NewReleases is sending notifications on new releases.