Skip to main content

Changelog

All notable changes to PaperForge.

Feature / Improvement Bug Fix Security

v23.0.0

2026-03-29Latest
  • Atomic Lua rate limiter — prevents TOCTOU race condition bypass
  • CSP hardened: removed unsafe-eval from script-src
  • KaTeX rendering: DOM-based render() replaces innerHTML in share/equation
  • File path encoding: all 15+ client fetch calls now URL-encode paths
  • Path validation: backslash, double-slash, Windows absolute path rejection
  • Register/invite: fire-and-forget emails prevent timing side-channels
  • Compilation log: full light theme support with semantic CSS classes
  • Status bar: responsive breakpoints prevent overflow on narrow screens
  • ARIA: tablist, progressbar, meter, aria-pressed across 12 components
  • AnimatedCounter: rAF cancelled on unmount (memory leak fix)
  • Clipboard: execCommand return value checked, try/finally cleanup
  • All 1,634 tests passing — 0 regressions across 9 review loops

v22.1.0

2026-03-29
  • SyncTeX/ZIP export buffer size limits — all download routes protected
  • Project creation rate limiting (20/hour per user)
  • File CRUD API: path validation + content size cap + rate limiting
  • Deprecated escape()/unescape() replaced with TextEncoder/TextDecoder

v21.0.0

2026-03-29
  • Email XSS prevention: escapeHtml() on all user data in templates
  • PDF/DOCX download stream buffer capped at 50MB (OOM prevention)
  • Git credential token length limited to 4KB

v20.0.0

2026-03-29
  • Version service IDOR fix: projectId validation on restore/diff
  • Member invitation rate limiting (20/hour)
  • Upload path hardening: URL-decode + backslash normalization

v19.0.0

2026-03-29
  • CSRF protection via Sec-Fetch-Site middleware validation
  • Prototype pollution prevention in settings API (key whitelist)
  • Health endpoint hardened: no latencies or infrastructure details exposed
  • isValidFilePath blocks Windows/UNC paths, null bytes, control chars
  • Removed non-functional "Remember Me" checkbox from login

v18.5.0

2026-03-29
  • Landing page detects logged-in users (Go to Dashboard vs Get Started)
  • Changelog overhaul with realistic release timeline
  • Command palette: semantic icons (Sparkles for AI, FileText for files)
  • Progress bar accessibility (role=progressbar, aria-valuenow)

v18.1.0

2026-03-29
  • Unified clipboard utility with browser fallback (13 operations)
  • Rate limiter: crypto.randomUUID() for collision resistance
  • Fixed useState-as-useEffect bugs in 6 components
  • next/image migration, path validation improvements

v18.0.0

2026-03-28
  • Focus mode (F11) for distraction-free writing
  • 42 keyboard shortcuts documented in help dialog
  • Ctrl+Shift+C compilation, Ctrl+J log toggle, Ctrl+\ sidebar toggle

v7.0.0

2026-03-27
  • Crash recovery — tabs persist to localStorage
  • AI LaTeX assistant (Claude-powered, 4 modes)
  • Equation builder (19 templates + KaTeX preview)
  • Table generator with booktabs format
  • Public share pages with KaTeX math rendering
  • 12 right-panel types, 160+ completions, 27 snippets

v2.0.0

2026-03-26
  • Live Vercel deployment
  • Pricing page, Privacy & Terms, Documentation hub
  • BibTeX autocomplete, environment auto-close
  • 454 integration tests

v1.0.0

2026-03-25
  • CodeMirror 6 editor with LaTeX syntax highlighting
  • Real-time collaboration via Yjs CRDT + WebSocket
  • PDF viewer with SyncTeX, zoom, keyboard navigation
  • Git integration (push/pull), version history
  • DOCX export via Pandoc, admin panel