github papra-hq/papra @papra/app@26.4.1
on GitHub

4 hours ago

  • #1080 47d44e0 Thanks @CorentinTh! - Fixed an authorization issue where tag updates and deletions were not scoped to the organization in the URL. Tag mutation endpoints are now correctly scoped to the requested organization.

    Addressing GHSA-wrx4-3vff-jm94, credit to @TinkAnet for the responsible disclosure.

  • #1074 e2e7fd4 Thanks @CorentinTh! - Limited search query to 1024 characters

  • #1099 086dccb Thanks @CorentinTh! - Webhooks no longer follow http redirects (3xx responses) when sending requests.

    Addressing GHSA-5g86-85rp-f9hx, credit to @FredrikEV for the responsible disclosure.

  • #1061 93c369d Thanks @CorentinTh! - Html-ish characters in email templates are now escaped instead of sanitized-out

  • #1067 79d4cac Thanks @CorentinTh! - Increased default max file size from 10MB to 25MB (can still be customized using DOCUMENT_STORAGE_MAX_UPLOAD_SIZE, disable by setting it to 0).

  • #1010 927c7d6 Thanks @CorentinTh! - Removed logging of a polluting empty error cause (with stack trace) when an error is thrown without a cause.

  • #1082 e8d19af Thanks @CorentinTh! - Added batch selection in the document page, allowing to select multiple documents (or all matching the current search) and either manage tags or delete them in one go.

  • #1080 47d44e0 Thanks @CorentinTh! - Tag deletion endpoint now returns a 204 No Content status code instead of 200 OK with an empty JSON object, and a 404 Not Found status code is returned when trying to delete a tag that does not exists for the organization.

  • #1015 5bdf0da Thanks @JohnCuba! - Synchronized the document pagination of the home page in query params to permit sharing and navigation.

  • #1096 2bb75ce Thanks @CorentinTh! - Updated some critical dependencies (better-auth, drizzle-orm, hono, ...) to fix transitive vulnerabilities. Please do not hesitate to report any regression you may encounter, especially if it is related to authentication or database access. Thanks!

  • #1034 c5ccac5 Thanks @CorentinTh! - Added content preview for yaml files

  • #1027 b154d2f Thanks @CorentinTh! - Removed weird shadows on ui components in light mode

  • #1091 4ab0f32 Thanks @CorentinTh! - The documents page content now uses the whole width of the page

  • #1082 e8d19af Thanks @CorentinTh! - Added a batch document tag management API endpoint.

  • #1097 928ffc3 Thanks @CorentinTh! - Switched docker image pnpm installation from corepack to npm global installation, as Node.js 26 image no longer ships corepack.

  • #1090 5ea8ca3 Thanks @CorentinTh! - Added sorting option in the documents list, allowing to sort documents by name, or creation date, in ascending or descending order.

  • #1098 7acca43 Thanks @CorentinTh! - Updated pnpm to v11

  • #1020 015bb53 Thanks @CorentinTh! - Added some size limits on the webhooks creation and update API endpoints parameters.

    • Names are limited to 128 characters.
    • Secret keys are limited to 256 characters.
    • URLs are limited to 2048 characters.

  • #1025 9c6985b Thanks @CorentinTh! - When reopening the quick search modal with existing query, the input content is automatically selected to allow easy replacement or editing.

  • #1033 5d55e41 Thanks @CorentinTh! - Changed the server endpoint validation library from zod to valibot, and improved some validation schemas in the process.

  • #1097 928ffc3 Thanks @CorentinTh! - Updated to Node.js 26

  • #1016 07d7109 Thanks @JohnCuba! - Removed native clear button of search bar in safari.

  • #1072 71d093f Thanks @mvlanga! - Added a download file option in document list action menu

  • #1089 aef3ef2 Thanks @CorentinTh! - Added sortField and sortOrder query parameters to the document list/search endpoint (GET /api/organizations/:organizationId/documents), allowing documents to be sorted by createdAt, updatedAt, name, or documentDate in ascending or descending order.

  • #1074 e2e7fd4 Thanks @CorentinTh! - Add batch document trash API endpoint.

  • #1099 086dccb Thanks @CorentinTh! - Webhooks ssrf validation is now enforced when sending webhook requests, preventing potential TOCTOU dns rebinding attacks (the exploitation window was very small and only theoretical though).

  • #1003 ad5e42d Thanks @JohnCuba! - Increased the sidebar collapsing breakpoint to improve the UX on tablets and small laptops.

  • #1016 07d7109 Thanks @JohnCuba! - Removed useless close button in the small-screen sidebar sheet.

  • #1003 ad5e42d Thanks @JohnCuba! - Prevented the users and organizations tables from forcing horizontal scrolling in the admin panels.

  • #1021 133d235 Thanks @CorentinTh! - Prevented long documents name from pushing the right columns out of the container.

Check out latest releases or
releases around papra-hq/papra @papra/app@26.4.1

Don't miss a new papra release

NewReleases is sending notifications on new releases.

Get notifications