From a01ce2c3fc1ec88a8892eeec99fdb4caa8cbcd1e Mon Sep 17 00:00:00 2001 From: Elian Doran Date: Sun, 5 Apr 2026 19:28:03 +0300 Subject: [PATCH] docs(release): release notes for v0.102.2 --- docs/Release Notes/!!!meta.json | 132 +++++++++++------- .../Release Notes/Release Template.md | 4 + docs/Release Notes/Release Notes/v0.102.2.md | 37 +++++ 3 files changed, 120 insertions(+), 53 deletions(-) create mode 100644 docs/Release Notes/Release Notes/v0.102.2.md diff --git a/docs/Release Notes/!!!meta.json b/docs/Release Notes/!!!meta.json index 60744e69d0..a8e7fa7ce4 100644 --- a/docs/Release Notes/!!!meta.json +++ b/docs/Release Notes/!!!meta.json @@ -1,6 +1,6 @@ { "formatVersion": 2, - "appVersion": "0.102.0", + "appVersion": "0.102.1", "files": [ { "isClone": false, @@ -61,6 +61,32 @@ "attachments": [], "dirFileName": "Release Notes", "children": [ + { + "isClone": false, + "noteId": "ZdWJsMQvY1fo", + "notePath": [ + "hD3V4hiu2VW4", + "ZdWJsMQvY1fo" + ], + "title": "v0.102.2", + "notePosition": 10, + "prefix": null, + "isExpanded": false, + "type": "text", + "mime": "text/html", + "attributes": [ + { + "type": "relation", + "name": "template", + "value": "wyurrlcDl416", + "isInheritable": false, + "position": 60 + } + ], + "format": "markdown", + "dataFileName": "v0.102.2.md", + "attachments": [] + }, { "isClone": false, "noteId": "4FTGCuCiG7s7", @@ -69,7 +95,7 @@ "4FTGCuCiG7s7" ], "title": "v0.102.1", - "notePosition": 10, + "notePosition": 20, "prefix": null, "isExpanded": false, "type": "text", @@ -95,7 +121,7 @@ "d582eD4RY4OM" ], "title": "v0.102.0", - "notePosition": 20, + "notePosition": 30, "prefix": null, "isExpanded": false, "type": "text", @@ -121,7 +147,7 @@ "IlBzLeN3MJhw" ], "title": "v0.101.3", - "notePosition": 30, + "notePosition": 40, "prefix": null, "isExpanded": false, "type": "text", @@ -147,7 +173,7 @@ "vcBthaXcwAm6" ], "title": "v0.101.2", - "notePosition": 40, + "notePosition": 50, "prefix": null, "isExpanded": false, "type": "text", @@ -173,7 +199,7 @@ "AgUcrU9nFXuW" ], "title": "v0.101.1", - "notePosition": 50, + "notePosition": 60, "prefix": null, "isExpanded": false, "type": "text", @@ -199,7 +225,7 @@ "uYwlZ594eyJu" ], "title": "v0.101.0", - "notePosition": 60, + "notePosition": 70, "prefix": null, "isExpanded": false, "type": "text", @@ -225,7 +251,7 @@ "iPGKEk7pwJXK" ], "title": "v0.100.0", - "notePosition": 70, + "notePosition": 80, "prefix": null, "isExpanded": false, "type": "text", @@ -251,7 +277,7 @@ "7HKMTjmopLcM" ], "title": "v0.99.5", - "notePosition": 80, + "notePosition": 90, "prefix": null, "isExpanded": false, "type": "text", @@ -277,7 +303,7 @@ "RMBaNYPsRpIr" ], "title": "v0.99.4", - "notePosition": 90, + "notePosition": 100, "prefix": null, "isExpanded": false, "type": "text", @@ -303,7 +329,7 @@ "yuroLztFfpu5" ], "title": "v0.99.3", - "notePosition": 100, + "notePosition": 110, "prefix": null, "isExpanded": false, "type": "text", @@ -329,7 +355,7 @@ "z207sehwMJ6C" ], "title": "v0.99.2", - "notePosition": 110, + "notePosition": 120, "prefix": null, "isExpanded": false, "type": "text", @@ -355,7 +381,7 @@ "WGQsXq2jNyTi" ], "title": "v0.99.1", - "notePosition": 120, + "notePosition": 130, "prefix": null, "isExpanded": false, "type": "text", @@ -381,7 +407,7 @@ "cyw2Yue9vXf3" ], "title": "v0.99.0", - "notePosition": 130, + "notePosition": 140, "prefix": null, "isExpanded": false, "type": "text", @@ -407,7 +433,7 @@ "QOJwjruOUr4k" ], "title": "v0.98.1", - "notePosition": 140, + "notePosition": 150, "prefix": null, "isExpanded": false, "type": "text", @@ -433,7 +459,7 @@ "PLUoryywi0BC" ], "title": "v0.98.0", - "notePosition": 150, + "notePosition": 160, "prefix": null, "isExpanded": false, "type": "text", @@ -459,7 +485,7 @@ "lvOuiWsLDv8F" ], "title": "v0.97.2", - "notePosition": 160, + "notePosition": 170, "prefix": null, "isExpanded": false, "type": "text", @@ -485,7 +511,7 @@ "OtFZ6Nd9vM3n" ], "title": "v0.97.1", - "notePosition": 170, + "notePosition": 180, "prefix": null, "isExpanded": false, "type": "text", @@ -511,7 +537,7 @@ "SJZ5PwfzHSQ1" ], "title": "v0.97.0", - "notePosition": 180, + "notePosition": 190, "prefix": null, "isExpanded": false, "type": "text", @@ -537,7 +563,7 @@ "mYXFde3LuNR7" ], "title": "v0.96.0", - "notePosition": 190, + "notePosition": 200, "prefix": null, "isExpanded": false, "type": "text", @@ -563,7 +589,7 @@ "jthwbL0FdaeU" ], "title": "v0.95.0", - "notePosition": 200, + "notePosition": 210, "prefix": null, "isExpanded": false, "type": "text", @@ -589,7 +615,7 @@ "7HGYsJbLuhnv" ], "title": "v0.94.1", - "notePosition": 210, + "notePosition": 220, "prefix": null, "isExpanded": false, "type": "text", @@ -615,7 +641,7 @@ "Neq53ujRGBqv" ], "title": "v0.94.0", - "notePosition": 220, + "notePosition": 230, "prefix": null, "isExpanded": false, "type": "text", @@ -641,7 +667,7 @@ "VN3xnce1vLkX" ], "title": "v0.93.0", - "notePosition": 230, + "notePosition": 240, "prefix": null, "isExpanded": false, "type": "text", @@ -659,7 +685,7 @@ "WRaBfQqPr6qo" ], "title": "v0.92.7", - "notePosition": 240, + "notePosition": 250, "prefix": null, "isExpanded": false, "type": "text", @@ -685,7 +711,7 @@ "a2rwfKNmUFU1" ], "title": "v0.92.6", - "notePosition": 250, + "notePosition": 260, "prefix": null, "isExpanded": false, "type": "text", @@ -703,7 +729,7 @@ "fEJ8qErr0BKL" ], "title": "v0.92.5-beta", - "notePosition": 260, + "notePosition": 270, "prefix": null, "isExpanded": false, "type": "text", @@ -721,7 +747,7 @@ "kkkZQQGSXjwy" ], "title": "v0.92.4", - "notePosition": 270, + "notePosition": 280, "prefix": null, "isExpanded": false, "type": "text", @@ -739,7 +765,7 @@ "vAroNixiezaH" ], "title": "v0.92.3-beta", - "notePosition": 280, + "notePosition": 290, "prefix": null, "isExpanded": false, "type": "text", @@ -757,7 +783,7 @@ "mHEq1wxAKNZd" ], "title": "v0.92.2-beta", - "notePosition": 290, + "notePosition": 300, "prefix": null, "isExpanded": false, "type": "text", @@ -775,7 +801,7 @@ "IykjoAmBpc61" ], "title": "v0.92.1-beta", - "notePosition": 300, + "notePosition": 310, "prefix": null, "isExpanded": false, "type": "text", @@ -793,7 +819,7 @@ "dq2AJ9vSBX4Y" ], "title": "v0.92.0-beta", - "notePosition": 310, + "notePosition": 320, "prefix": null, "isExpanded": false, "type": "text", @@ -811,7 +837,7 @@ "3a8aMe4jz4yM" ], "title": "v0.91.6", - "notePosition": 320, + "notePosition": 330, "prefix": null, "isExpanded": false, "type": "text", @@ -829,7 +855,7 @@ "8djQjkiDGESe" ], "title": "v0.91.5", - "notePosition": 330, + "notePosition": 340, "prefix": null, "isExpanded": false, "type": "text", @@ -847,7 +873,7 @@ "OylxVoVJqNmr" ], "title": "v0.91.4-beta", - "notePosition": 340, + "notePosition": 350, "prefix": null, "isExpanded": false, "type": "text", @@ -865,7 +891,7 @@ "tANGQDvnyhrj" ], "title": "v0.91.3-beta", - "notePosition": 350, + "notePosition": 360, "prefix": null, "isExpanded": false, "type": "text", @@ -883,7 +909,7 @@ "hMoBfwSoj1SC" ], "title": "v0.91.2-beta", - "notePosition": 360, + "notePosition": 370, "prefix": null, "isExpanded": false, "type": "text", @@ -901,7 +927,7 @@ "a2XMSKROCl9z" ], "title": "v0.91.1-beta", - "notePosition": 370, + "notePosition": 380, "prefix": null, "isExpanded": false, "type": "text", @@ -919,7 +945,7 @@ "yqXFvWbLkuMD" ], "title": "v0.90.12", - "notePosition": 380, + "notePosition": 390, "prefix": null, "isExpanded": false, "type": "text", @@ -937,7 +963,7 @@ "veS7pg311yJP" ], "title": "v0.90.11-beta", - "notePosition": 390, + "notePosition": 400, "prefix": null, "isExpanded": false, "type": "text", @@ -955,7 +981,7 @@ "sq5W9TQxRqMq" ], "title": "v0.90.10-beta", - "notePosition": 400, + "notePosition": 410, "prefix": null, "isExpanded": false, "type": "text", @@ -973,7 +999,7 @@ "yFEGVCUM9tPx" ], "title": "v0.90.9-beta", - "notePosition": 410, + "notePosition": 420, "prefix": null, "isExpanded": false, "type": "text", @@ -991,7 +1017,7 @@ "o4wAGqOQuJtV" ], "title": "v0.90.8", - "notePosition": 420, + "notePosition": 430, "prefix": null, "isExpanded": false, "type": "text", @@ -1024,7 +1050,7 @@ "i4A5g9iOg9I0" ], "title": "v0.90.7-beta", - "notePosition": 430, + "notePosition": 440, "prefix": null, "isExpanded": false, "type": "text", @@ -1042,7 +1068,7 @@ "ThNf2GaKgXUs" ], "title": "v0.90.6-beta", - "notePosition": 440, + "notePosition": 450, "prefix": null, "isExpanded": false, "type": "text", @@ -1060,7 +1086,7 @@ "G4PAi554kQUr" ], "title": "v0.90.5-beta", - "notePosition": 450, + "notePosition": 460, "prefix": null, "isExpanded": false, "type": "text", @@ -1087,7 +1113,7 @@ "zATRobGRCmBn" ], "title": "v0.90.4", - "notePosition": 460, + "notePosition": 470, "prefix": null, "isExpanded": false, "type": "text", @@ -1105,7 +1131,7 @@ "sCDLf8IKn3Iz" ], "title": "v0.90.3", - "notePosition": 470, + "notePosition": 480, "prefix": null, "isExpanded": false, "type": "text", @@ -1123,7 +1149,7 @@ "VqqyBu4AuTjC" ], "title": "v0.90.2-beta", - "notePosition": 480, + "notePosition": 490, "prefix": null, "isExpanded": false, "type": "text", @@ -1141,7 +1167,7 @@ "RX3Nl7wInLsA" ], "title": "v0.90.1-beta", - "notePosition": 490, + "notePosition": 500, "prefix": null, "isExpanded": false, "type": "text", @@ -1159,7 +1185,7 @@ "GyueACukPWjk" ], "title": "v0.90.0-beta", - "notePosition": 500, + "notePosition": 510, "prefix": null, "isExpanded": false, "type": "text", @@ -1177,7 +1203,7 @@ "kzjHexDTTeVB" ], "title": "v0.48", - "notePosition": 510, + "notePosition": 520, "prefix": null, "isExpanded": false, "type": "text", @@ -1244,7 +1270,7 @@ "wyurrlcDl416" ], "title": "Release Template", - "notePosition": 520, + "notePosition": 530, "prefix": null, "isExpanded": false, "type": "text", diff --git a/docs/Release Notes/Release Notes/Release Template.md b/docs/Release Notes/Release Notes/Release Template.md index ff160444ca..d14bba34cf 100644 --- a/docs/Release Notes/Release Notes/Release Template.md +++ b/docs/Release Notes/Release Notes/Release Template.md @@ -32,4 +32,8 @@ ## 🛠️ Technical updates +* \[…\] + +## 🔒️ Security improvements + * \[…\] \ No newline at end of file diff --git a/docs/Release Notes/Release Notes/v0.102.2.md b/docs/Release Notes/Release Notes/v0.102.2.md new file mode 100644 index 0000000000..94a3b5e1fc --- /dev/null +++ b/docs/Release Notes/Release Notes/v0.102.2.md @@ -0,0 +1,37 @@ +# v0.102.2 +> [!IMPORTANT] +> **This release contains important security fixes. All users are strongly encouraged to update immediately.** +> +> Several vulnerabilities affecting content handling and the desktop application have been addressed. We recommend upgrading before the next scheduled release to ensure your installation is protected. + +> [!NOTE] +> If you enjoyed this release, consider showing a token of appreciation by: +> +> * Pressing the “Star” button on [GitHub](https://github.com/TriliumNext/Trilium) (top-right). +> * Considering a one-time or recurrent donation to the [lead developer](https://github.com/eliandoran) via [GitHub Sponsors](https://github.com/sponsors/eliandoran) or [PayPal](https://paypal.me/eliandoran). +> * If you are interested in an [official mobile application](https://oss.issuehunt.io/r/TriliumNext/Trilium/issues/7447)  ([#7447](https://github.com/TriliumNext/Trilium/issues/7447)) or [multi-user support](https://oss.issuehunt.io/r/TriliumNext/Trilium/issues/4956) ([#4956](https://github.com/TriliumNext/Trilium/issues/4956)), consider offering financial support via IssueHunt (see links). + +## 🔒️ Security improvements + +* Content Handling + + * Improved request handling for SVG content in share routes + * Improved request handling for SVG content in the main API + * Enhanced content rendering in the Mermaid diagram editor + * Fixed toast notifications to properly escape content + * Added validation for the `docName` attribute in the document renderer + * Marked `docName` as a sensitive attribute in the commons module +* Desktop Application (Electron) + + * Added Electron fuses to harden the desktop application against external abuse + * Improved application integrity checks +* API & Import + + * Added MIME type validation for image uploads via ETAPI + * Aligned attachment upload validation with note upload validation + * Import no longer preserves named note IDs to prevent potential conflicts +* Authentication + + * OpenID Connect now uses a more secure random number generator + +We've also updated our SECURITY.MD file to detail our security practices and how to report vulnerabilities. \ No newline at end of file