2026.03.10 / v0.18.1
- [BREAKING] Minimum Node.js is v24.x LTS
- [Fix] Filepath location for language translations
- [Fix] Path traversal vulnerability
- [Fix] Sitemap string escaping
- [Fix] Better escaping and sanitization for markdown rendering
- [Fix] GitHub Actions repository permissions: read-only
- [Fix] Search ReDoS with lunr
- [Fix] Login password comparison
- [Fix] Path traversal outside of content directory
- [Fix] Authentication redirect continues with flow
- [Fix] Prevent error details leakage
- [Fix] Editor escaping Markdown content and base_url
- [Fix] Ensure redirect "return" is relative path only
- [Fix] Using callback for logout
- [Fix] Explicitly specify "Lax" for cookies
- [Add] Rate Limiting (200 req/min)
- [Add] Configuration verification function
- [Add] CSP Nonce with res.locals.csp_nonce
- [Edit] Refactoring (simplify, use native functions)
- [Deps] Upgrading marked from v16.4.2 to v17.0.2