Skip to content

Releases: nlink-jp/markdown-viewer

v1.3.1 — Developer ID signed + Apple notarized darwin builds

22 May 16:34
@magifd2 magifd2
v1.3.1
5640e2c

Choose a tag to compare

View all tags
v1.3.1 — Developer ID signed + Apple notarized darwin builds Latest
Latest

Summary

Darwin builds are now Apple Developer ID Application signed and Apple-notarized, adopting the org-wide convention defined in nlink-jp/.github CONVENTIONS.md §Code Signing. End users on macOS no longer need to bypass Gatekeeper with right-click → Open or xattr -d com.apple.quarantine on first launch — the binary is trusted by the OS out of the box.

Release zips now include LICENSE + README.md alongside the binary. Asset filenames are versioned (mdv-vX.Y.Z-<os>-<arch>.zip), matching the Makefile-generated names.

Changes

  • feat(build): Developer ID codesigning, Apple notarization, bundle LICENSE+READMEmake package signs darwin/amd64 and darwin/arm64 builds with a Developer ID Application certificate and notarizes the resulting zips via xcrun notarytool. No personal identifiers, certificates, or credentials are committed; builds without local cert/profile fall back gracefully.

Verifying the signature

codesign -dv mdv
spctl --assess --type install --context context:primary-signature mdv

No behaviour change to the binary itself — feature-wise this is identical to v1.3.0.

Assets 7
Loading

v1.3.0

14 Apr 14:58
@magifd2 magifd2
v1.3.0
843b0ad

Choose a tag to compare

View all tags
v1.3.0

Added

  • Draggable sidebar divider for resizing file tree pane (150px–60%)
  • File names truncated with ellipsis when sidebar is narrow
  • Unit tests for config, filebrowser, markdown, browser, server
  • README.ja.md, AGENTS.md

Fixed

  • Sidebar file list no longer hidden behind shutdown button
  • isSafeLink security: blocks all protocol schemes (ftp://, javascript:, data:, etc.)
  • Default port standardized to 8080
  • Sidebar horizontal scrollbar removed

Changed

  • Removed dead code (templates.go)
  • Replaced javascript:void(0) with # + preventDefault
  • Cleaned up .gitignore and config.json.example
Loading

v1.2.0

27 Mar 23:51
@magifd2 magifd2
v1.2.0
79ea5f9

Choose a tag to compare

View all tags
v1.2.0

Changed

  • Migrated to nlink-jp organisation — module path updated to github.com/nlink-jp/markdown-viewer
  • Standardised Makefile: dist/ output, build / build-all / package / test / clean targets; separate amd64/arm64 binaries
  • Updated README to follow organisation conventions

See CHANGELOG.md for full history.

Loading

v1.1.0

10 Aug 07:05
@magifd2 magifd2
v1.1.0
051ef9f

Choose a tag to compare

View all tags
v1.1.0

[1.1.0] - 2025-08-10

Added

  • Embedded UI Assets: All CSS, JavaScript, and HTML templates are now embedded directly into the executable, making the application a truly single, self-contained binary. This eliminates the need for a separate static/ or templates/ directory alongside the binary at runtime.

Changed

  • Refactored Asset Management: The internal structure for managing UI assets has been refactored for better organization and maintainability.
  • Updated Documentation: DEVELOPMENT.md and README.md have been updated to reflect the single-binary nature and embedded assets.
Loading

v1.0.1

10 Aug 05:43
@magifd2 magifd2
v1.0.1
c3c2b17

Choose a tag to compare

View all tags
v1.0.1

[1.0.1] - 2025-08-10

Security

  • Resolved GO-2025-3595 Vulnerability: Updated golang.org/x/net from v0.26.0 to v0.38.0 to address a vulnerability related to incorrect neutralization of input during web page generation.

Added

  • Local Bundling of Client-Side Assets: highlight.js and Mermaid.js are now bundled directly with the application, removing external CDN dependencies for offline and closed-network environments.
  • Third-Party License Notice: Included NOTICE.md in release packages for compliance with third-party software licenses.

Changed

  • Updated Documentation: DEVELOPMENT.md and README.md have been updated to reflect local asset bundling and license information.
Loading

v1.0.0

10 Aug 04:04
@magifd2 magifd2
v1.0.0
b94d321

Choose a tag to compare

View all tags
v1.0.0

[1.0.0] - 2025-08-10

This is the first stable release after a major security and functionality overhaul.

Security

  • Prevented Directory Traversal: Implemented a custom router to validate request paths, blocking access to files outside the intended directory.
  • Prevented Cross-Site Scripting (XSS): Integrated the bluemonday library to sanitize all HTML rendered from Markdown, mitigating XSS risks.
  • Hardened Browser Auto-Open: Re-implemented the browser auto-open feature with strict URL validation and command path verification to prevent command injection vulnerabilities.
  • Disabled Unsafe Links: The Markdown renderer now disables links to local non-Markdown files and requires user confirmation before opening external links in a new tab.
  • Updated Dependencies: Updated all dependencies to their latest versions to patch known vulnerabilities.
  • Addressed gosec Findings: Fixed all issues reported by the gosec static analysis tool, including potential Slowloris attacks and unhandled errors.

Fixed

  • Markdown Rendering Engine: Replaced the blackfriday parser with goldmark and its GFM extension. This fixed numerous rendering bugs, including incorrect handling of code blocks within lists, unwanted line breaks, and improved standards compliance.
  • Shutdown Mechanism: Fixed a bug where the shutdown button was not working due to an uninitialized channel.

Changed

  • Improved Layout: Increased the maximum width of the Markdown rendering area to 1140px for better readability on wider screens.
Loading