--- tags: releases --- # CodiMD 2.5.0 - The Formosan hare  > The Formosan hare (scientific name: Lepus sinensis formosus), a species of the rabbit family, is a subspecies unique to Taiwan. It measures 30-40 centimeters in length, with a tail that's 5-6 centimeters long and ears that are 8-10 centimeters long. Smaller than the Chinese hare, it has brownish eyes. > [Wikipedia](https://zh.wikipedia.org/wiki/%E5%8F%B0%E7%81%A3%E9%87%8E%E5%85%94?oldformat=true) ## Security Fixes * **\[Security Issue]** Strip HTML tags for gist id to avoid stored XSS on showing error [Security Issue] [#1691](https://github.com/hackmdio/codimd/pull/1691) [@jackycute](https://github.com/jackycute) * **\[Security Issue]** Upgrade mermaid to version 8.10.2 to avoid prototype pollution [#1690](https://github.com/hackmdio/codimd/pull/1690) [@jackycute](https://github.com/jackycute) * **\[Security Issue]** potential XSS in vimeo embed [#1792](https://github.com/hackmdio/codimd/pull/1792) [@galaxian85](https://github.com/galaxian85) * **\[Security Issue]** FIX: pandoc security issue [#1790](https://github.com/hackmdio/codimd/pull/1790) by [@galaxian85](https://github.com/galaxian85) * **\[Security Issue]** fix: sanitize pdf url to prevent XSS on inline PDFs [#1832](https://github.com/hackmdio/codimd/pull/1832) [@EastSun5566](https://github.com/EastSun5566) ## Fixes * Avoid append zero suffix on exporting user data [#1680](https://github.com/hackmdio/codimd/pull/1680) [@jackycute](https://github.com/jackycute) * Handle when request url has no valid referer [#1679](https://github.com/hackmdio/codimd/pull/1679) [@jackycute](https://github.com/jackycute) * Fix S3 client config passing for image upload [#1683](https://github.com/hackmdio/codimd/pull/1683) [@jackycute](https://github.com/jackycute) * Set a proper "lang" attribute on <html> [#1481](https://github.com/hackmdio/codimd/pull/1481) * Fix matchInContainer false positives [#1605](https://github.com/hackmdio/codimd/pull/1605) [@tamo](https://github.com/tamo) * Convert "include" directives to functions [#1580](https://github.com/hackmdio/codimd/pull/1580) [@tamo](https://github.com/tamo) * Move HTML-related code from JS to EJS to enable more i18n [#1587](https://github.com/hackmdio/codimd/pull/1587) [@tamo](https://github.com/tamo) * fix: may referernce out of bound index in clearDuplicatedHistory [#1706](https://github.com/hackmdio/codimd/pull/1706) [@a60814billy](https://github.com/a60814billy) * Feat/csrf export user data [#1695](https://github.com/hackmdio/codimd/pull/1695) [@a60814billy](https://github.com/a60814billy) * sequelize.import deprecation [#1724](https://github.com/hackmdio/codimd/pull/1724) [@Yukaii](https://github.com/Yukaii) * chore: remove unused uglifyjs-webpack-plugin dep [#1723](https://github.com/hackmdio/codimd/pull/1723) [@Yukaii](https://github.com/Yukaii) * fix: should not clear guest history when guest pin note [#1697](https://github.com/hackmdio/codimd/pull/1697) [@a60814billy](https://github.com/a60814billy) * Fix: s3 api supported multiple cloud providers. fixes: https://github.com/hackmdio/codimd/issues/1761 [#1762](https://github.com/hackmdio/codimd/pull/1762) [@blademainer](https://github.com/blademainer) * Fix: Code Fence parameter parsing [#1739](https://github.com/hackmdio/codimd/pull/1739) [@V1ncNet](https://github.com/V1ncNet) * Update README.md to remove IE from supporting list [#1729](https://github.com/hackmdio/codimd/pull/1729) [@jackycute](https://github.com/jackycute) * FIX: server crash when filename too long [#1789](https://github.com/hackmdio/codimd/pull/1789) [@galaxian85](https://github.com/galaxian85) * fix: use encoded note id to update history [#1804](https://github.com/hackmdio/codimd/pull/1804) [@bbtfr](https://github.com/bbtfr) * 🐛 [fix] modify replacement rule for disqus short-name [#1750](https://github.com/hackmdio/codimd/pull/1750) [@chenxuanzzy](https://github.com/chenxuanzzy) * Fix history page nav [#1808](https://github.com/hackmdio/codimd/pull/1808) [@jackycute](https://github.com/jackycute) * Fix the uploadimage form [#1814](https://github.com/hackmdio/codimd/pull/1814) [@hcyuser](https://github.com/hcyuser) * bugfix/uploadimage form [#1836](https://github.com/hackmdio/codimd/pull/1836) [@Yukaii](https://github.com/Yukaii) * Add the logout callback to prevent exception. [#1813](https://github.com/hackmdio/codimd/pull/1813) [@hcyuser](https://github.com/hcyuser) * Add the logout callback to prevent exception [#1837](https://github.com/hackmdio/codimd/pull/1837) [@Yukaii](https://github.com/Yukaii) ## Enhancements * Add TeX mhchem extensions for MathJax [#1684](https://github.com/hackmdio/codimd/pull/1684) [@jackycute](https://github.com/jackycute) * Upgrade flowchart.js to version 1.15.0 [#1685](https://github.com/hackmdio/codimd/pull/1685) [@jackycute](https://github.com/jackycute) * Upgrade codemirror to 5.63.2 [#1716](https://github.com/hackmdio/codimd/pull/1716) [@Yukaii](https://github.com/Yukaii) * Update de.json in [#1741](https://github.com/hackmdio/codimd/pull/1741) * Documentation - add Music section and move abc abd fretboard to this section [#1715](https://github.com/hackmdio/codimd/pull/1715) [@brunetton](https://github.com/brunetton) * chore: bump meta-marked to 0.5.0 [#1722](https://github.com/hackmdio/codimd/pull/1722) [@Yukaii](https://github.com/Yukaii) * Typos + Better translation for "Externals" [#1793](https://github.com/hackmdio/codimd/pull/1793) [@eyssette](https://github.com/eyssette) * feat: Migrate to gtag and support GA4 [#1798](https://github.com/hackmdio/codimd/pull/1798) [@assanges](https://github.com/assanges) * 【fix】reword japanese [#1802](https://github.com/hackmdio/codimd/pull/1802) [@AQ-masatoshi-yamaguchi](https://github.com/AQ-masatoshi-yamaguchi) * upgrading pg to 8.8.0 to support new scram-sha-256 authentication [#1784](https://github.com/hackmdio/codimd/pull/1784) [@phntom](https://github.com/phntom) * feat: add organizations whitelist to GitHub OAuth [#1710](https://github.com/hackmdio/codimd/pull/1710) [@jakubgs](https://github.com/jakubgs) * Add oauth2 authorization [#1626](https://github.com/hackmdio/codimd/pull/1626) [@joachimmathes](https://github.com/joachimmathes) * Update both Traditional and Simplified Chinese locales [#1815](https://github.com/hackmdio/codimd/pull/1815) [@PeterDaveHello](https://github.com/PeterDaveHello) ## DX * Run CI with GitHub Actions [#1694](https://github.com/hackmdio/codimd/pull/1694) [@Yukaii](https://github.com/Yukaii) * Add dev container for GitHub Codespaces and VSCode remote container [#1688](https://github.com/hackmdio/codimd/pull/1688) [@a60814billy](https://github.com/a60814billy) * Add arm64 docker image build. [#1701](https://github.com/hackmdio/codimd/pull/1701) [@YadominJinta](https://github.com/YadominJinta) * fix(buildpacks): replace custom buildpack with APT buildpack [#1797](https://github.com/hackmdio/codimd/pull/1797) [@EtienneM](https://github.com/EtienneM) * Update minimum required node.js version to v12 with npm package dependencies [#1799](https://github.com/hackmdio/codimd/pull/1799) [@PeterDaveHello](https://github.com/PeterDaveHello) * Upgrade Node.js version [#1767](https://github.com/hackmdio/codimd/pull/1767) [@inductor](https://github.com/inductor) * Update node.js version in .nvmrc [#1816](https://github.com/hackmdio/codimd/pull/1816) [@PeterDaveHello](https://github.com/PeterDaveHello) * Update npm dependencies [#1817](https://github.com/hackmdio/codimd/pull/1817) [@PeterDaveHello](https://github.com/PeterDaveHello) ## Thank you Thank you guys for being here and making CodiMD awesome ❤️ * [@jackycute](https://github.com/jackycute) * [@galaxian85](https://github.com/galaxian85) * [@EastSun5566](https://github.com/EastSun5566) * [@tamo](https://github.com/tamo) * [@a60814billy](https://github.com/a60814billy) * [@Yukaii](https://github.com/Yukaii) * [@blademainer](https://github.com/blademainer) * [@V1ncNet](https://github.com/V1ncNet) * [@bbtfr](https://github.com/bbtfr) * [@chenxuanzzy](https://github.com/chenxuanzzy) * [@brunetton](https://github.com/brunetton) * [@eyssette](https://github.com/eyssette) * [@assanges](https://github.com/assanges) * [@AQ-masatoshi-yamaguchi](https://github.com/AQ-masatoshi-yamaguchi) * [@phntom](https://github.com/phntom) * [@jakubgs](https://github.com/jakubgs) * [@joachimmathes](https://github.com/joachimmathes) * [@PeterDaveHello](https://github.com/PeterDaveHello) * [@YadominJinta](https://github.com/YadominJinta) * [@EtienneM](https://github.com/EtienneM) * [@inductor](https://github.com/inductor) * [@hcyuser](https://github.com/hcyuser)