3 hours ago
26.5.1
Added a Reload button to the Note Bookmarks dialog to re-check bookmarks from disk without having to close and reopen the dialog (for #3589)
The Store note bookmark sub-menu in Note / Navigation is now grayed out when the note editing panel does not have focus, making it clear that storing a bookmark requires the editor to be active (for #3589)
Fixed several security issues (for #3591)
Fixed a plaintext password leak where a qDebug() call in restoreTrashedNoteOnServer() logged a QUrl containing the embedded server password
Changed the default value of the Ignore SSL errors network setting from true to false to prevent man-in-the-middle attacks on fresh installs
The MCP server CORS header was narrowed from the wildcard * to http://localhost to reduce the DNS-rebinding / localhost attack surface
The Linux dark-mode D-Bus check now invokes dbus-send directly instead of via /bin/sh -c, eliminating unnecessary shell interpretation
URLs typed without a scheme now default to https:// instead of http://
A table-name whitelist was added to generateDatabaseTableSha1Signature() to guard against SQL injection via concatenated table names
The FakeVim shell-filter (!) on Qt < 5.15 no longer passes the full command string to QProcess:
tart() (which invoked the shell); the executable is now split out and run directly in all Qt versions
The macOS updater temporary script file now has owner-only permissions (0700) set before its content is written, hardening against TOCTOU replacement by other local users
Fixed IME candidate window overlapping text when typing with a Japanese (or other CJK) IME on Windows by overriding inputMethodQuery() in QOwnNotesMarkdownTextEdit to offset the reported cursor rectangle by the current viewport margins (for #3590)
Source
More at Home Site
Added a Reload button to the Note Bookmarks dialog to re-check bookmarks from disk without having to close and reopen the dialog (for #3589)
The Store note bookmark sub-menu in Note / Navigation is now grayed out when the note editing panel does not have focus, making it clear that storing a bookmark requires the editor to be active (for #3589)
Fixed several security issues (for #3591)
Fixed a plaintext password leak where a qDebug() call in restoreTrashedNoteOnServer() logged a QUrl containing the embedded server password
Changed the default value of the Ignore SSL errors network setting from true to false to prevent man-in-the-middle attacks on fresh installs
The MCP server CORS header was narrowed from the wildcard * to http://localhost to reduce the DNS-rebinding / localhost attack surface
The Linux dark-mode D-Bus check now invokes dbus-send directly instead of via /bin/sh -c, eliminating unnecessary shell interpretation
URLs typed without a scheme now default to https:// instead of http://
A table-name whitelist was added to generateDatabaseTableSha1Signature() to guard against SQL injection via concatenated table names
The FakeVim shell-filter (!) on Qt < 5.15 no longer passes the full command string to QProcess:
tart() (which invoked the shell); the executable is now split out and run directly in all Qt versionsThe macOS updater temporary script file now has owner-only permissions (0700) set before its content is written, hardening against TOCTOU replacement by other local users
Fixed IME candidate window overlapping text when typing with a Japanese (or other CJK) IME on Windows by overriding inputMethodQuery() in QOwnNotesMarkdownTextEdit to offset the reported cursor rectangle by the current viewport margins (for #3590)
Source
More at Home Site
![[-]](https://www.geeks.fyi/images/collapse.png)
