Security
- Delete server-side session on logout.
- Sanitize markdown output in edit history and TOC edit views.
- Sanitize search results to prevent XSS from FTS5 output.
Security-related dependency updates: rack, rack-session, uri, rails-html-sanitizer, nokogiri, addressable.
Features
- Markdown rendering for books and leaves — appending
.md to any book or leaf URL renders it as inline markdown.
- YAML frontmatter in markdown views — markdown output includes title, author, and URL metadata.
- HTML link tags for markdown alternate format — pages include
<link> tags pointing to the markdown version.
- Use relative links for uploaded files — uploaded file URLs are now relative, improving portability.
Other
- Add README and license.
- Add publish-image workflow for container releases.
- Remove redundant dev credentials and old deployment configs.
- Update fixtures to use example domain.
- Toggle table of contents in new sidebar.
- Allow searching inside books.
- Fix that clicking new page buttons would sometimes trigger unexpected navigation.
- Update dependencies.
Fix issue with forwarded headers when running behind an external proxy.
- Fix incorrect configuration when running without TLS (via Thruster update).
- Fix a typo in The Writebook Manual.
- Update to latest Thruster version.
- Allow navigating between pages with a swipe gesture on touch devices.
- Fix incorrect icon on first run form.
- Ensure signed QR code links are URL safe.
- Ensure text is visible on white theme cover.
- Improve images used in OpenGraph metadata.
- Minor layout adjustments for mobile.
- Edits and improvements to The Writebook Manual.
- Allow
summary and source tags in Markdown.
- Fix broken link in
og:url.
- Refactor user profile links to simplify controller permissions.
- Use signed links for QR code generation to prevent tampering.
Fix bug that prevented non-admin users from updating their profile.
