Joplin

What's new in Joplin 2.12

Mon, 23 Oct 2023 00:00:00 GMT

The majority of Joplin's development is carried out in the public domain. This includes the discussion of issues on GitHub, as well as the submission of pull requests and related discussions. The transparency of these processes allows for collaborative problem-solving and shared insights.

However, there is one aspect that operates behind closed doors, and for good reason: addressing cybersecurity vulnerabilities. It is imperative that these issues remain undisclosed until they have been resolved. Once a solution is implemented, it is usually accompanied by discreet commits and a message in the changelog to signify the progress made.

Typically, the process begins with an email from a security researcher. They provide valuable insights, such as a specially crafted note that triggers a bug, or an API call, along with an explanation of how the application's security can be circumvented. We examine the vulnerability, create a fix, and create automated test units to prevent any accidental reintroduction of the vulnerability in future code updates. An example of such a commit is: 9e90d9016daf79b5414646a93fd369aedb035071

We then share our fix with the researcher for validation. Additionally, we often apply the fix to previous versions of Joplin, depending on the severity of the vulnerability.

The contribution of security researchers in this regard is immeasurable. They employ their ingenuity to identify inventive methods of bypassing existing security measures and often discover subtle flaws in the code that might otherwise go unnoticed.

We would like to express our sincere gratitude to the security researchers who have assisted us throughout the years in identifying and rectifying security vulnerabilities!

@Alise
@hexodotsh
@ly1g3
@maple3142
Ademar Nowasky Junior
Benjamin Harris
Javier Olmedo
Jubair Rehman Yousafzai
lin@UCCU Hacker
personalizedrefrigerator
Phil Holbrook
RyotaK
Yaniv Nizry

What's new in Joplin 2.12

Fri, 17 Dec 2021 12:03:24 GMT

Desktop🔗

Support for Apple Silicon🔗

A new release is now available for Apple Silicon, which provides improve performances on this architecture.

Rich Text editor🔗

@@ -319,17 +340,4 @@

https://joplinapp.org/changelog_android/

https://joplinapp.org/changelog_ios/

https://joplinapp.org/changelog_cli/

Potential breaking change in next Joplin Server update (2.5.10)

Tue, 02 Nov 2021 15:04:03 GMT

Just a head up that the next Joplin Server update could potentially include a breaking change, depending on your data.

One of the database migration is going to add an "owner_id" column to the "items" table (where all notes, notebooks, etc. are stored), and automatically populate it. Normally that shouldn't take too long but you might want to make sure you won't need the server right away when you process this.

The second database migration will add a unique constraint on items.name and items.owner_id and that's where the breaking change might be. Normally this data is already unique because that's enforced by the application but in some rare cases, due a race condition, there could be duplicate data in there. If that happens the migration will fail and the server will not start.

If that happens, you'll need to decide what to do with the data, as it's not possible to automatically decide. You can find all duplicates using this query:

select count(), name, owner_id -from items group by name, owner_id -having count() > 1;

Once you have the list of IDs you have a few options:

Find the corresponding item in Joplin (it can unfortunately be anything - a note, resource, folder, etc.), then delete it and sync.
Or, just delete the data directly in the database. You'll want to delete the corresponding item_id from the user_items table too.

But really in most cases you should be fine. Especially if you don't have that many notes it's unlikely you have duplicates.