Stable 1.18.1

Join our communities

---

Changelog

Hi,

Quick release today, I just wanted to address a couple of annoying little bugs and have a few quick wins.
From tomorrow I'll start focusing on big features implementations like websocket support, tags (maybe) and some amazing requests that have been piling up in the issues lately.

I know it feels like I have been doing a lot of small releases, but I NEEDED to add these tests and there were a lot of minor small bugs that I really wanted to address, the app is becoming more and more professional and it makes me very very happy.

Please don't think I'm ignoring your feature requests, I just don't want to implement things for the sake of it without properly planning stuff or it'll end up being a huge mess in the long run, trust me!

bugfixes

• Fix bulk checklist create allowed to users with read only permissions
• Fix delete checklist item allowed to users with read only permissions
• Fix permission issue when sharing to non admin user, introduced when changing all sharing permissions to uuid based search a couple of releases ago #361.
  • Sorry about all the sharing bugs that came up lately, I have added comprehensive sharing tests now, so this should not happen any longer, LOVING the tests btw, it's making my life so much easier.
• Fix sidebar scrolling to active item on page load, looking sluggish #354
• Fix history move actions when they happen from sidebar, it was only working from the note header, forgot you can move items within the sidebar, whops #358
• Fix code highlight in list, it didn't show up as black with orange text like it does anywhere else (to whom it may concern.. I REMEMBERED TO FIX IT, BEEN AN ISSUE FOR 3 RELEASES ALREADY AND I KEPT FORGETTING)

translations

zh.json - Simplified Chinese - Thank you @resomi #352

Stable 1.18.0

Join our communities

---

Changelog

features

• Add note history
  • This will need to be enabled from Admin Settings -> Editor (I didn't want to risk suddenly pushing something that may conflict with an already present git folder in your local environments)
  • Each user will have a git init . within the ./data/notes/users folders
  • Each note MANUAL save is tracked (autosave won't be tracked or your file system will seriously cry out) and committed locally, on revert the file gets reverted to a specific commit hash, it's pretty powerful in its simplicity
  • The application technically tracks rename/delete but I have not implemented a UI for it yet, not sure if I will, for now it's nice to have proper content history
  • Added full on git diff look in each revision, so you can easily see what's different and what you are reverting into
  • Encrypted note WON'T be committed on save, the only way to create history for an encrypted note is to decrypt it first, this is by design, I purposely disabled it, feel free to come argue in the issues if needed, but I'm fairly confident having a local history of changes for encrypted note is kinda dumb
• Create an animated SVG to replace the pulsing logo on page loads, because why not, feels more... Jotty now
• Add callout blocks to rich editor using the [!INFO] | [!WARNING]... syntax (see the markdown page in the help section for more info) #346
• Add visual indicators of theme colours in the theme dropdown because I saw it in another project and I thought it was a good idea, I obviously gave it a Jotty twist 😆

bugfixes

• Fix issue where PWA icon doesn't center nicely on some devices, you'll need to uninstall your PWA, clear cache/storage and re-install it for the change to apply #341
• Fix theme bug where the sakura themes were showing up on top of the custom ones (whops)
• Fix theme editor to look a bit more up to Jotty standards
• Fixed functionality around slash commands and @ bylateral note linking, it now should work so much more fluidly, you can type / and just select with arrows, OR start typing and enter to select the only available option straight away, no more mouse needed. sorry it took this long.
• Tweaked mobile sidebar swipe in to be slightly less responsive, also it won't trigger while dragging of checklist items

tests

• As promised I started working on unit testing and e2e tests. The e2e stuff is not ready yet, I am getting the grasp of playwright, it's a powerful tool and it has a lot of nuances, I don't want to rush it and do half assed work. However I have now started implementing unit testing on important server actions and security testing to make sure data never leaks and user sessions are protected.
• Setup a new pipeline on pr creation that checks new pull requests from contributors are pointing at develop and runs linting/type checks and unit tests. This should ensure at the very least contributions will have some structure finally.

Full disclosure, I have set up the tests myself, configured it all myself, wrote the first two dozens for the most important part of the site and fed it to AI to copy-paste my work and speed up the process 10x. If you have issues with that please feel free to message me and we can discuss why you're wrong and I'm right 😆

Anyhow, everything should make sense, I went through them all individually and double check the logic, I'm not a tester tho, so if you are an automation tester and you have opinions/ideas PLEASE open a pr, i'm out of my depth a little with tests.

This is what will be pushed with this release:

Test results

# yarn test:run --reporter=verbose                                                              
yarn run v1.22.22
$ vitest run --reporter=verbose

 RUN  v4.0.17

 ✓ tests/security/auth-required.test.ts > Security: Authentication Required > Note Actions > createNote should reject unauthenticated requests 316ms
 ✓ tests/security/auth-required.test.ts > Security: Authentication Required > Note Actions > deleteNote should reject unauthenticated requests 0ms
 ✓ tests/security/auth-required.test.ts > Security: Authentication Required > Note Actions > getUserNotes should reject unauthenticated requests 0ms
 ✓ tests/security/auth-required.test.ts > Security: Authentication Required > Checklist Actions > createList should reject unauthenticated requests 22ms
 ✓ tests/security/auth-required.test.ts > Security: Authentication Required > Checklist Actions > deleteList should reject unauthenticated requests 0ms
 ✓ tests/security/auth-required.test.ts > Security: Authentication Required > Checklist Actions > getUserChecklists should reject unauthenticated requests 0ms
 ✓ tests/security/auth-required.test.ts > Security: Authentication Required > User Actions > deleteUser should reject non-admin requests 0ms
 ✓ tests/security/auth-required.test.ts > Security: Authentication Required > User Actions > updateUser should reject non-admin requests 0ms
 ✓ tests/security/auth-required.test.ts > Security: Authentication Required > User Actions > updateProfile should reject unauthenticated requests 0ms
 ✓ tests/security/auth-required.test.ts > Security: Authentication Required > User Actions > updateUserSettings should reject unauthenticated requests 0ms
 ✓ tests/security/auth-required.test.ts > Security: Authentication Required > User Actions > deleteAccount should reject unauthenticated requests 0ms
 ✓ tests/security/auth-required.test.ts > Security: Authentication Required > Category Actions > createCategory should fail for unauthenticated users 12ms
 ✓ tests/security/auth-required.test.ts > Security: Authentication Required > Category Actions > deleteCategory should fail for unauthenticated users 0ms
 ✓ tests/server-actions/checklist-item.test.ts > Checklist Item Actions - Comprehensive Tests > updateItem > should update item text 13ms
 ✓ tests/server-actions/checklist-item.test.ts > Checklist Item Actions - Comprehensive Tests > updateItem > should mark item as completed 0ms
 ✓ tests/server-actions/checklist-item.test.ts > Checklist Item Actions - Comprehensive Tests > updateItem > should update item description 0ms
 ✓ tests/server-actions/checklist-item.test.ts > Checklist Item Actions - Comprehensive Tests > updateItem > should return error when permission denied 4ms
 ✓ tests/server-actions/checklist-item.test.ts > Checklist Item Actions - Comprehensive Tests > updateItem > should skip revalidation when flag is set 0ms
 ✓ tests/server-actions/checklist-item.test.ts > Checklist Item Actions - Comprehensive Tests > updateItem > should update child items when parent is completed 0ms
 ✓ tests/server-actions/checklist-item.test.ts > Checklist Item Actions - Comprehensive Tests > updateItem > should update due date for task items 0ms
 ✓ tests/server-actions/checklist-item.test.ts > Checklist Item Actions - Comprehensive Tests > createItem > should create a new item 0ms
 ✓ tests/server-actions/checklist-item.test.ts > Checklist Item Actions - Comprehensive Tests > createItem > should create item with description 0ms
 ✓ tests/server-actions/checklist-item.test.ts > Checklist Item Actions - Comprehensive Tests > createItem > should return error when permission denied 0ms
 ✓ tests/server-actions/checklist-item.test.ts > Checklist Item Actions - Comprehensive Tests > createItem > should create task item with status for task checklists 0ms
 ✓ tests/server-actions/checklist-item.test.ts > Checklist Item Actions - Comprehensive Tests > createItem > should create item with custom status for task checklists 0ms
 ✓ tests/server-actions/checklist-item.test.ts > Checklist Item Actions - Comprehensive Tests > createItem > should create item with due date 0ms
 ✓ tests/server-actions/checklist-item.test.ts > Checklist Item Actions - Comprehensive Tests > deleteItem > should delete an item 0ms
 ✓ tests/server-actions/checklist-item.test.ts > Checklist Item Actions - Comprehensive Tests > deleteItem > should return success when item does not exist 0ms
 ✓ tests/server-actions/checklist-item.test.ts > Checklist Item Actions - Comprehensive Tests > deleteItem > should handle list not found 0ms
 ✓ tests/server-actions/checklist-item.test.ts > Checklist Item Actions - Comprehensive Tests > deleteItem > should delete item with children recursively 0ms
 ✓ tests/server-actions/checklist-item.test.ts > Checklist Item Actions - Comprehensive Tests > updateItemStatus (Task/Kanban) > should return error when listId or itemId missing 0ms
 ✓ tests/server-actions/checklist-item.test.ts > Checklist Item Actions - Comprehensive Tests > updateItemStatus (Task/Kanban) > should return error when neither status nor timeEntries provided 0ms
 ✓ tests/server-actions/checklist-item.test.ts > Checklist Item Actions - Comprehensive Tests > updateItemStatus (Task/Kanban) > should update item status 0ms
 ✓ tests/server-actions/checklist-item.test.ts > Checklist Item Actions - Comprehensive Tests > updateItemStatus (Task/Kanban) > should update to completed status and mark item completed 0ms
 ✓ tests/server-actions/checklist-item.test.ts > Checklist Item Actions - Comprehensive Tests > updateItemStatus (Task/Kanban) > should return error when permission denied 0ms
 ✓ tests/server-actions/checklist-item.test.ts > Checklist Item Actions - Comprehensive Tests > updateItemStatus (Task/Kanban) > should return error when list not found 0ms
 ✓ tests/server-actions/checklist-...

Stable 1.17.2

Join our communities

---

Changelog

Small release to address a few bugfixes that were annoying me.
I also tried to focus a bit on the accessibility score, it's the only one slightly lacking in lighthouse, unfortunately the biggest hit is due to branding, I'd need to change primary color/background color slightly and I REALLY don't want to do that.

If you have any issue seeing things in Jotty let me know and I'll personally create a high contrast easy to see theme you can use ❤️

Otherwise, here's the consistent result in my production environment

bugfixes

• Keep working on drag/drop on checklists, fixed bug where swiping left deletes a checklist item, fixed bug where moving nested items at times deletes them, fixed issue with delay on hover to create a child item doesn't matter (it does now)
• Fix a whole bunch of shortcuts in markdown mode
• Add aria-label to all icon button for accessibility reason

features

• In markdown mode, pasting a link in selected text make it a link
• In markdown mode you can now easily continue adding bullet points

still outstanding

• Continue work on the markdown editor shortcuts, they are still not perfect and as good as the tiptap editor shortcuts
• Continue improving drag and drop for checklist page, although I feel I am getting very close to something I am extremely proud of.

Stable 1.17.1

Join our communities

---

Changelog

Sorry for the double release, this only affects fresh install so no need to pull until 1.17.2 if you already have accounts setup, but I don't want new users to not be able to register easily. This was caused by my attempt of hiding the register step when there's no users if only oidc is enabled (no local auth fallback).

Jotty caches routes heavily and when I tested the registration it worked just fine.. A user warned me on discord right after release (gosh thank you so much @dawiddyd !!!) and I have jumped on it and fixed it right away.

I DESPISE redirects.

bugfixes

• Fix redirect loop on new registration

Stable 1.17.0

Join our communities

---

ALERT [BROKEN FRESH INSTALL, I'M RELEASING IN HALF HOUR OR SO]

If you are trying to install Jotty for the first time there's a redirect loop caused by a change I made to the setup to try and secure it more when oidc is enabled, you won't be able to register, I am on it and will fix in half hour, unfortunately that means I'll need to release twice today, I'm sorry.

Changelog

Seems like @BaccanoMob got busy suggesting new features and reporting bugs, which helped me find a ton of small annoying issues that were very easily fixable and will definitely improve user experience, so big shout out to our first unofficial tester 😆

bugfixes

• Fixed issue where in wysiwyg mode you can't see the last couple of lines of text in a note
• Fixed OIDC user info claims when response is still a jwt instead of a raw json object
• Fixed editor dirty state, people were alerted of potentially losing their note updates even if they didn't make any changes to the note itself, the new system actually detects user change rather than comparing previous/new content, this should be more reliable and less subject to breaking on nuance cases
• Changed checklist drag and drop to use draggable rather than sortable, it's a bit more complex code-wise but the UI improvements to the user experience are outstanding (works like the sidebar now). #320
• Fix public routes being inaccessible if the .sharing.json file doesn't have a category. Category lookup is legacy and redundant, so from now on sharing is not using categories at all, it's finally all being migrated to uuid usage. #323
• Local auth still visible when fallback is set to no/false if using OIDC #333
• Make sure checklist items are always accessible from mobile #332
• Complete/Reset all subtasks in a task wasn't working properly #327
• Fixed issue around autosave where sometimes it'd push the markdown editor input to the very end of the textarea, frankly one of the most annoying things i've ever had to deal with.

features

• Add ability to get secret values from files for OIDC #324
• Add OIDC_USER_GROUPS and OIDC_USER_ROLES so admins can map specific users to specific roles and have more control over them #325
• Add a modal with some info about the app (like an about page) #322
• Added an autocomplete input in the statuses modal next to each status, this allows user to set a complete status that'll automatically check an item as complete in the markdown #329 this means we can now safely convert between task/checklist without losing data, which brings us to next feature
• Persist data when converting between task/simple checklist #334
• Add editor toolbar to markdown mode (pretty much in beta, please raise as many bugs as you can find around it, I just don't want to hold release up because of it, it all works as it should in tiptap, so the worst that should happen is that a few of these items don't work as expected in markdown mode, but that's ok as they didn't even exist until this release ❤️ ) #330

work in progress

• This is not ready yet, but I am trying to have bilateral linking/slash commands/text bubble in markdown mode too, just like the rich editor one, that'd increase usability by MUCH
• Also playing around with a tagging system, no promises but I know tags are important to a lot of you
• Started work on e2e test, I have a private repo that I'll eventually make public with playwright tests :)

Stable 1.16.1

Join our communities

---

Changelog

If you share notes with non admin users please pull this version, or they won't be able to edit notes.

bugfixes

• Fix sharing permission bug where edit/delete permissions don't work if the user is not admin (this is still a reminiscence of the changes from 1.15.2, sorry, that whole security fix messed up with users big time, but no other major issue seems to exist after this last patch, so hopefully we're good, I am testing more and more features manually). #319

dev notes

• From the next few releases I'll start to add an automated test suite within Jotty to do proper test automation (wish me luck), the app got way too big for me to manually test releases, it's more time consuming than actually releasing and things slip through too easily. Please if your job is actually an e2e automation tester get in touch and feel free to help set it all up in a PR to develop.

Stable 1.16.0

Join our communities

---

Changelog

security

• Continue improving security by obfuscating more sensitive data on logged in instances for your own user (less critical but still worth addressing).

ui improvements

• Updated mobile bottom bar/header to look/work better with hand gestures
• Increase mobile font sizes/button sizes, things should just feel easier to use now, hopefully (did it for myself, I have chunky fingers and I kept miss-clicking)
• Updated note editor action buttons to be on the bottom right of the screen (bottom left if you are left handed)
• Added the ability to choose "left handed" in user preferences, in the future items that usually are easily accessible by right handed people will have a left handed version of it, because we don't discriminate here 😆

features

• Added a couple of fun easter eggs, find them ❤️
• Add clear all button at the top of completed/uncompleted checklists and protect it (and check all/uncheck all button) with a confirmation modal #299
• Add brute force protection for accounts, after 3 failed login it'll start exponentially delaying you until it's absolutely not worth even trying - You can disable it with the env variable DISABLE_BRUTEFORCE_PROTECTION #300
• Continue improving checklist drag and drop experience, you can now drag an item into another one without soo much hassle and the dropzones in between items should be clearer, also mobile drag and drop usage is slightly improved (it was already pretty decent to be fair) #302

bugfixes

• Replace all browser default popup with the normal global modals - only two left are confirm/popup from the slash commands and bubble popup in tiptap editor as it'd be a huge architectural change to fix them and frankly.. not worth it lol #304
• Currently the user preference File Rename Mode is doing nothing, thankfully a discord user stanrc noticed it. This is now fixed and files get saved according to the mode you set there. For the past 10 or so releases this has been defaulted to minimal so if you don't want to disrupt your flow/new files you end up creating just make sure to keep the setting on minimal. This change should only affect people who care about their note titles being heavily sanitised OR keep them with dashed filenames.
• Fix issue where renaming folder/category of a shared item causes the item to be unaccessible. This is legacy stuff from before the switch to uuid, I have now fully deprecated the category entry in the shared items, so when sharing it'll only consider uuid from now on. This means no matter where you move a file/rename it/rename category, as long as a uuid is present and is consistent, it'll find it. #313
• Fix inconsistencies in slash modal and deprecate file upload from there (it's in the toolbar and you can literally drag/drop a file in the editor or paste a file, it feels redundant and fixing it would have taken me half a day of refactoring, not worth it). #305
• Fix the most annoying mobile ux issue i've experienced since introducing the feature: Bubble menu on mobile now shows underneath the selected text, so it doesn't conflict with the default mobile bubble menu.
• Continuing translating a bunch of UI items that were missed during the first translation's release (thanks @dawiddyd )

translations
Polish pl.json - by @dawiddyd
German de.json by @Tar-Minyatur

p.s. Jotty doesn't have any analytics so the only real statistic I know is how many times the image was downloaded, and so far we're at 95.2K total downloads!!! That's an absurd number in my eyes, so thank you so much for using the app!!! (I know this is not individual users but it accumulated across releases but nevertheless it's a big number indeed). I'd love if you'd find the time to stop by on reddit/discord and give a feedback of your experience so far, it really helps as I stare at this all the time and may be too bias, I have some amazing community members to keep me in check - mainly on discord - so feel free to be part of that too ❤️

SECURITY UPDATE 1.15.2

Join our communities

---

Changelog

security update

This is a fairly urgent security update after the issue #307 was raised.
This security incident affects all logged in pages and public checklists/notes pages.

There is data exposure that needed to be sanitised and removed and this is entirely my mess up, in the refactor from rwMarkable to Jotty I have removed a layout file that was sanitising public routes and the routes were using the same layout file as the private ones. I kept building since then with the assumption everything was sanitised but alas it was not.

I have patched every single one of the leaks on public routes, however for logged in users (only your own users) there's still some data on the frontend I'd like to clean up. This is not critical as it's only available to you, within your safe logged in session, but for good measures I'll also fix that with the next release. I would rather go live asap with the more critical fixes if that makes sense.

---

I highly suggest you pull the latest version AS SOON AS POSSIBLE and update your api keys to be absolutely safe. Sorry about this. I hate it happened but THANKFULLY this was raised and I patched it as fast as humanly possible.

your data is safe if:

• You host Jotty internally and is not exposed to the wider public
• You only use private notes and only share them internally
• You only have trusted users you share Jotty with

you really should update your admin api keys if:

• You have public notes/checklists in a public Jotty instance
• You have untrusted users you share Jotty with

---

I'll always be transparent with things and will not hide stuff like this from you all, at the end of the day this is an open source project and the approach should always include transparency and full disclosure.

This however means that the cat is out of the bag with this release, so PLEASE update your instances.

p.s. this was done as quick as possible to protect data, it fundamentally changes the way user data is loaded across the whole application. Whilst nothing should break I did go live without doing any testing. I feel the urgency of the matter grants some potential minor feature being broken. Make sure to raise issues if you find any bugs around user behaviour and I'll make sure to work twice as much to fix them all ❤️

As always I will be in discord (and as of today reddit & telegram) to answer your urgent questions/feedbacks.

fccview

Stable 1.15.1

Join the discord to stay up to date and have early previews

---

Changelog

translations

• French fr.json by @TBDwarf
• Spanish es.json by @gavdgavd

features

• Deprecated LOCALE env variable in favour of DEFAULT_LOCALE. Translations are now handled via settings and are user specific (if you have users in your applications that speak different languages they'll be able to set their own). The app will still default to your DEFAULT_LOCALE if a user doesn't specify their own language AND for the login page (where there's no user session).
• Add translation dropdown on the UI to quickly change language from the user menu
• Add settings -> user preferences -> language
• Add settings -> admin -> app preference -> hide language from header option in case you just want english and don't care about translations at all, you can easily disable the extra UI element.
• Added Unraid template (thanks to sean from discord) (see howto/UNRAID.md )

bugfixes

• Fix annoying z-index issue with kanban tasks

Stable 1.15.0

Join the discord to stay up to date and have early previews

---

Changelog

Happy new year!
I wanted to make sure to release today.
I'll fix forward any possible minor bugs along the way ❤️

I'm never building something again without translations/logs from the get go as retconning it is a huge task lol it also gave me a chance to go through everything I have built and plan improvements in areas I may have slacked a bit in the past and let AI take over a bit too much. Some of you know this but I have uninstalled all AI tools and went back to do things the good old fashion way. All I'm using now is a tab with gemini to avoid having to google stuff and quickly create schemas, this is showing more and more in Jotty as the quality keeps improving, and I'm SO happy.

bugfixes

• Disregard archived items in stat counts #276 #274 - thank you @chinatsu
• Deleting statuses doesn't move tasks in the right place #270
• Checklist dropdown to work better on mobile view when there's not enough items #271
• Drag & drop on checklists to be more accurate and target which way you are dragging from #275
• Dropdown on sidebar last item opening upwards instead of downwards so you don't have to vertically scroll the sidebar anymore.
• Fixed issue editing other users from admin panel #286
• Fixed critical bug where if admin users had notes with same name/category as other users would override them #288

features

• Translations!! Most of the app has been translated, there's a few exceptions (such as "Uncategorized" and initial task statuses as they are also used in the backend, I'll need to change that). I highly encourage people to make pull requests with translations, it's a great way to help the project become more and more popular, on top of increasing usability of course. You can find a comprehensive guide for translations here. There's also a small guide on how to contribute with translations and how to create your own local translation file in case you don't want to rely on the provided ones. For now Jotty only supports English and Italian.
• Added mfa (2fa) support for local login (for SSO you will need to set it up via your providers, I don't want to take responsibility for that, frankly), this currently only works with authenticator apps, but it's a step forward to increasing Jotty's security and continuing with the privacy focus I have been working towards to lately. You can enable this in settings -> profile. You can find a comprehensive guide here (and in the relative mfa section in the new /howto page). #61
• Added full support for audit logs for both individual users and admin view #283 #206
• Fully re-designed settings thanks to a lovely wirframe contribution by gavdgavd - you can see the discussion and wireframes he provided here. I think this adds so much value, feel free to always get in touch with ux/ui changes you think would be valuable and provide designs/wireframes, it makes my job so much easier haha
• All pages now use the default sidebar with content relative to the page you are looking at (e.g. settings will have a settings menu in the sidebar, /checklists page will have filters within the sidebar, /notes will have filters and so on, this makes it so Jotty feels consistent all throughout).
• Ability to skip note create modal via user settings #262 - thank you @bradr
• Added a flag in app settings to stop admin to be able to view user content if you wish to keep everything private from administrators. This will allow ONLY the system admin to have access to all user contents #287
• Added specific admin view for notes/checklists in /admin/note/<uuid> and /admin/checklist/<uuid>, this will only be visible to admin if the flag mentioned above is turned on.
• Add fallback to OIDC to fetch claims from user info endpoint in case the provider doesn't append claims to the callback to begin with. This should make it so most providers will play nice with Jotty without any need of customisation #280
• Allow editing encrypted notes without decrypting them first #289
• Allow proxying draw.io via internal local network so that you can use a private instance of it #279
• Add excalidraw support (only free mode for now, the officially supported npm package doesn't allow for paid mode, and I don't want to create a custom iframe like I did for draw.io, it's a lot of work, I may do it in the future ❤️) #241
• The howto modal now has its own /howto page and section, it was getting out of hands and it's handy to have guides in one place, easily accessible.
• Added three possible views for the home page, notes page, checklist page and task pages. You can go in quick settings and set up card view, list view or grid view #274

New api endpoints

GET /api/logs
POST /api/logs/export
GET /api/logs/stats
POST /api/logs/cleanup