Releases: outline/outline
Releases · outline/outline
v0.64.4
Fixes
This patch release fixes an issue in the editor that allowed stored XSS to occur by not correctly sanitizing link href's. Note, that In order for this vulnerability to be abused you would need to have a malicious actor with access to the knowledge base (one of your team members).
v0.64.3
v0.64.2
v0.64.1
v0.64.0
Note: This update requires database migrations, take your installation offline, backup the database, and run with yarn db:migrate or yarn db:migrate --env production-ssl-disabled
The ALLOWED_DOMAINS environment variable was moved into the UI under Settings -> Security. Upon upgrading, any existing values set in the environment will be automatically migrated and you can safely remove the ALLOWED_DOMAINS value post-upgrade.
We also introduced stricter validation of all environment variables to help with debugging and setup of the community edition, depending on your environment this may result in new errors or warnings being output upon server startup. If you have empty environment variables defined these should be removed.
Enhancements
- Migration of
ALLOWED_DOMAINSto a team level setting (see above) by @coreyja in #3489 - New TLDraw, Otter.ai, Gliffy, JSFiddle, and Scribe embed integrations.
- Document can now be fetched through API with knowing the slug by @coreyja in #3453
- Multiple performance improvements for large documents with collaborative editing enabled #3567
- Improved performance by requesting less db columns when calculating collection permissions in #3498
- Improved performance for large collections by refactoring sorting in #3475
- ioredis is now configurable via environment variables by @heilerich in #3365
- Disabled state of embeds now persists per-document #3407
- Suspended users are no longer shown in the document facepile in #3497
- Added initial support to import data from Notion (Settings -> Import -> Notion)
- Publicly shared links now include title and description in metadata for improved previews in third party services
- Improve speed of Azure login (parallelize two slow API requests) in bb074ed
- Turkish language translations were added 🇹🇷
Fixes
Editor
- Emojis and embeds can now be copied to plain text clipboard in #3561
- Floating toolbar now only appears on mouse up when selecting text with the mouse in #3561
- Links to anchors in other pages are no longer broken when the page is renamed in 0577c73
- Applying a template no longer overwrites an existing title in 7fa0199
- "Referenced by" is now "Backlinks"
Platform
- A shared persistence debounce between docs could result in some docs not saving on the server in high-concurrency editing environments #3401
- Fixed translation strings throughout the UI by @Limezy in #3417 #3441
- Fixed an issue where the "last edited by" timestamp could be updated when the user had made no changes
- Fixed an issue where CRDT creation from markdown state touches document updated timestamp in #3482
- Paginated list history headings were not rendering when there was only one unique heading by @thenanyu in #3496
- Data import and export codepaths were refactored and improved #3434
- Confirm button is now focused by default in confirmation dialogs in 4c15f27
- Fixed extra separator in collection context menu with read-only permissions in b152b9f
- Fixed blank screen instead of "Not found" page in some situations in 40e41b2
- Revisions are now created on document publish in ec1bc80
- Collection names with slashes no longer produce an invalid export in 4177031
- "Settings" navigation is no longer offered to non-admins in 78da5e2
New Contributors
- @meltyshev made their first contribution in #3428
- @Limezy made their first contribution in #3439
- @gemathus made their first contribution in #3447
- @coreyja made their first contribution in #3453
- @EmirBoyaci made their first contribution in #3473
- @heilerich made their first contribution in #3365
- @rusakovdenis made their first contribution in #3548
Full Changelog: v0.63.0...v0.64.0
v0.63.0
Enhancements
- The editor now supports file attachments in #3031
- We added search to publicly shared documents by @thenanyu in #3126
- It is now possible to star collections in #3327
- Outline will now work behind a Pomerium proxy in #3219
- You can now navigate to all the pages of settings through command bar by @iamsaumya in #3226
- Much improved settings layout in #3234
- Collection creation can now be disabled for members in #3270
- Added /date, /time, and /datetime patterns to insert into doc in #3309
- Empty documents are now cleaned up automatically in #3310
- Adds menu item to resend outstanding invites in #3348
- Arm64 docker image build by @Yggdrasil80 in #3262
Fixes
Editor
- SVGs without a natural px width are no longer invisible in #3220
- Editor title does not autoFocus on first load in #3238
- Prevent circumstances where history sidebar would crash by @thenanyu in #3257
- Catch error when emoji combinations cause document to be unable to persist in #3250
::symbols appearing between lines when pasting plaintext in #3323- Improve paste handler parsing for more cases in #3322
- Capture file and image drop events below editor in #3376
- Added Solidity language support by @fr0zn in #3303
Platform
- Navigation of shared trees performance in #3171
- Hide TOC toggle on publicly shared links if there are no headings in #3172
- Don't hide sidebar when menu is open by @iamsaumya in #3203
- Don't load CRDT state from database by default in #3215
- Stop copying attachments when moving documents in #3251
- chore:
documentStructuredatabase locking in #3254 - Add stricter validation around image file type uploads in #3324
- Allow admin edit/update access to all collections in #3335
- Link preview and search should work on collection descriptions in #3355
- Queue retry behavior in #3359
- Automatic invite reminder email in #3354
- Lowercase email from auth providers to match any outstanding invites in #3369
New Contributors
- @huruji made their first contribution in #3282
- @CommanderRoot made their first contribution in #3285
- @fr0zn made their first contribution in #3303
- @github-actions made their first contribution in #3356
- @Yggdrasil80 made their first contribution in #3262
Full Changelog: v0.62.0...v0.63.0
v0.62.0
Enhancements
- Updated navigation sidebar design with ability to collapse and expand collections that are not active
- Added navigation sidebar to shared documents #2899
- Added reordering to starred documents #2953
- Support SSL without usage of reverse proxy #2959
- Display progress of import operations in settings #3064
- Added the ability to choose a collection as default home #3029
- Added DBdiagram (dbdiagram.io) embed by @n3n in #3124
- Show icon on external links #3100
- Add "new doc" button on collections in sidebar #3174
- Add "danger" background to dangerous menu items on hover #3148
Fixes
Editor
- fix: Templates menu does not appear when collaborative editing is enabled #2915
- Editor shortcut conflicts #2943
- Emoji in title positioning #2927
- fix: changing the title and body content in quick succession would trigger unsaved changes warning prompt #2950
- fix: Flash of content when selecting text on RHS of document #2981
- fix: remove scrollbar on x-axis in Table of Contents by @iamsaumya in #3008
- fix: Ensure copy code button appears in collaborative editing mode #3021
- fix: Disabling editor embeds should work with collaborative editing #2968
- fix: Do not parse
:smile:style emoji in Markdown paste handler #3056 - fix: Improvements to image positioning #3061
Platform
- fix: Missing space character by @rossmeissl in #2961
- fix: trim collection name on save rather than on change by @thenanyu in #2962
- fix: truncate a very long team name with ellipses by @thenanyu in #2963
- fix: Share popover incorrectly displays draft as publicly shared #2982
- fix: consistently check allowed domains by @eug-vs in #2985
- fix: issue-2974 reparent nested document when dropped on current collection by @ChuckJonas in #2975
- fix: Should be able to unstar archived and trashed documents #2983
- fix: Team logo shows as white in settings #3015
- fix: Cannot view history with view-only permissions and collaborative editing enabled #3024
- fix: Added Table of Contents to mobile views and account for branding on shared view layouts by @thenanyu in #2997
- fix: error from api rate limiting by @iamsaumya in #3050
- fix: make mobile popover dialog styling nice by @thenanyu in #3059
- fix: Images no longer in original document not included in export #3063
- fix: Auth persistence to
localStorage#3078 - fix: Export now includes all documents that have identical names #3098
- fix: sync the correct collection with edit action by @iamsaumya in #3166
- fix: Reuse
InputSearchstyle for move dialog #3173 - fix: editing collections should not forward to collection on save by @iamsaumya in #3187
New Contributors
- @max-mykhailenko made their first contribution in #2895
- @rossmeissl made their first contribution in #2961
- @eug-vs made their first contribution in #2985
- @ChuckJonas made their first contribution in #2975
- @louisphn made their first contribution in #3034
v0.61.1
Fixes
This release addresses a stored XSS vulnerability in document titles that was introduced in v0.57.0.
Note: XSS allows an attacker to execute code in another users browser such as accessing cookie values. As document write permissions are required to inject a malicious payload within Outline, this is not considered to be a high severity issue for self-hosted installations at this time.
v0.61.0
Note: This update requires database migrations, take your installation offline, backup the database, and run with yarn db:migrate or yarn db:migrate --env production-ssl-disabled
Pin to Home
This month pinned documents got a visual refresh to help them stand out – we also added the option to reorder pins and pin documents to the home screen for everyone in the team. Make sure to check out all the other enhancements below…
Enhancements
- Drafts are now displayed in the sidebar while viewing and editing (#2820)
- Added ability to "follow" another user in a document by clicking their avatar (#2858)
- Added "full width" option for documents display (#2869)
- Added recent searches to search screen (#2868)
- Added '+' button to create new docs from sidebar (#2864)
- Added 'Whimsical' as embed provider
- Added various new collection icons
- It's now possible to replace images in editor
- You can now choose which events publish to Slack (#2857)
- Updated and improved translations
- Views are now recorded for drafts (#2862)
- IAM role authentication now supported for S3 (#2830)
- 🇻🇳 Vietnamese added as language option
Fixes
Editor
- Fixed emoji text selection behavior
- Document titles in RTL script not correctly aligned
- Github Gist's now load correctly in Safari (#2520)
- Improved inline code display in dark mode (#2835)
- Document hover previews restored when collaborative editing enabled
- Nested list items no longer escape page boundaries
- Emoticons are no longer converted to emojis on save (#2785)
Platform
- Fixed incorrect styling of icon color picker in dark mode
- Fixed an issue that would show group creation options to those without permission (#2621)
- Fixed unresponsiveness of select inputs
- Fixed history sidebar behavior
- Fixed duplicate notification for publish event (#2757)
- It's now possible to use email providers with no password (#2767)
- Clickable area for docs in sidebar is no longer constructed (#2809)
- Removed unused database indexes (#2747)
- Sidebar toggle now displayed on tablets