v1.8.4 - Security Fix

Security

Three vulnerabilities reported by CERT-EU Offensive Security Team via coordinated disclosure:

• Remote Code Execution via Server-Side Template Injection (CVSS 9.2 Critical)

  • User-created transformation prompts were rendered by an unsandboxed Jinja2 environment, allowing arbitrary Python code execution on the server. Bumped ai-prompter to 0.4.0 which uses SandboxedEnvironment for all template rendering.

• Arbitrary file write via path traversal (CVSS 7.0 High)

  • File upload did not sanitize filenames, allowing path traversal payloads (e.g., ../../../../tmp/test.txt) to write files outside the upload directory. Filenames are now sanitized with os.path.basename() and resolved paths are validated.

• Arbitrary file read via Local File Inclusion (CVSS 8.2 High)

  • The source creation endpoint accepted arbitrary file_path values, allowing reading of any file on the container (e.g., /etc/passwd, /proc/self/environ). File paths are now validated to be within the uploads directory.

Affected versions

All versions up to and including v1.8.3.

Recommended action

Upgrade to v1.8.4 immediately.

Credit

Reported by CERT-EU Offensive Security Team via coordinated vulnerability disclosure.

v1.8.3 - Security Fix

Security

• Fix SurrealDB injection via unsanitized order_by query parameter (CVSS 8.7 High)
  • GET /api/notebooks accepted arbitrary input in the order_by parameter, allowing injection of SurrealQL commands. Exploitable via CSRF by tricking a user into clicking a crafted URL.
  • Added allowlist validation for sorting parameters in the notebooks endpoint
  • Replaced f-string query interpolation with parameterized $variable binding in source chat and migration queries
  • Added defensive validation in the get_all() base method to prevent injection via order_by parameter

Affected versions

All versions up to and including v1.8.2.

Recommended action

Upgrade to v1.8.3 immediately.

Credit

Reported by CERT-EU Offensive Security Team via coordinated vulnerability disclosure.

v1.8.2

What's New

Features

• DashScope (Qwen) & MiniMax provider support — Two new AI providers via Esperanto v2.20.0: Alibaba Cloud's Qwen models and MiniMax models with 204K context (#725)
• Bengali (bn-IN) language support — Full i18n translation for Bengali (#643)

Bug Fixes

• Source asset persistence — Failed sources now persist their asset (URL/file path), making them identifiable and retryable (#722)
• Source title preservation — User-set custom titles are no longer overwritten after background processing (#722)
• Credential cascade delete — Deleting a credential now automatically removes linked models instead of returning a 409 error (#722)
• Source list auto-refresh — Source list now updates automatically after adding a new source via URL, file upload, or text (#721)
• Podcast directory names — Uses UUID for episode directories, fixing filesystem errors with special characters in titles (#666)
• Tiktoken offline handling — API no longer crashes in air-gapped environments when tiktoken can't download encodings (#622)
• SurrealDB healthcheck — Removed incompatible healthcheck from Docker Compose that caused false-negative container status (#656)
• Esperanto embedding fixes — Bumped to v2.19.7 fixing base_url/api_key config issues across multiple embedding providers (#664, #665)

Maintenance

• Upgraded default Azure API version to 2024-10-21 (#638)
• Deprecated single-container Docker image in favor of Docker Compose (#723)
• Dependency updates: langchain-core, fastmcp 3.x, Next.js 16.1.7, aiohttp, cryptography, and more

Contributors

Thanks to everyone who contributed to this release! 🎉

• @dobberr (#656)
• @kunalk16 (#643)
• @orihatav (#622)

Full Changelog: v1.8.1...v1.8.2

v1.8.1

What's Changed

Added

• i18n support for Bengali (bn-IN) (#643)
• Podcast language support via podcast-creator 0.12.0 (#645)
• Upgrade default Azure API version for model testing and fetching (#638)

Fixed

• Tiktoken network errors in offline/air-gapped Docker deployments — pre-downloads encoding at build time (#264, #622)
• SurrealDB getting stuck (#656)

Dependencies

• Bump esperanto to 2.19.5 (#657)
• Bump langgraph from 1.0.6 to 1.0.10rc1 (#658)
• Bump authlib from 1.6.6 to 1.6.7 (#649)
• Bump lxml-html-clean from 0.4.3 to 0.4.4 (#646)
• Bump rollup from 4.55.1 to 4.59.0 (#635)
• Bump minimatch in frontend (#634)
• Bump tar from 7.5.9 to 7.5.11 (#650, #659)

Contributors

• @kunalk16
• @orihatav
• @dobberr
• @lfnovo

Full Changelog: v1.8.0...v1.8.1

v1.8.0 - Podcast Model Registry Integration

What's New

Podcast Model Registry Integration & Credential Passthrough

Episode and speaker profiles now use the model registry instead of loose provider/model strings. This enables automatic credential passthrough to podcast-creator and brings podcasts in line with the rest of the system.

• Episode profiles use outline_llm / transcript_llm (model registry references) instead of provider/model strings
• Speaker profiles use voice_model (model registry reference) instead of tts_provider/tts_model strings
• Credentials are automatically resolved and passed to podcast-creator
• New language field on episode profiles (BCP 47 locale codes like pt-BR, en-US)
• Per-speaker voice model override support
• Data migration auto-converts legacy profiles on startup (idempotent)
• New GET /api/languages endpoint
• Profile forms use ModelSelector component instead of manual provider/model dropdowns
• "Templates" tab renamed to "Profiles"
• "Setup required" badge on profiles missing model configuration
• i18n updated across all 8 locales
• Added pycountry and babel dependencies

Closes #486, closes #552

Chat: Remove 50-source cap

Notebook chat context no longer has a hard limit of 50 sources. All sources in a notebook are now available for context. (#628)

Docker: Pin SurrealDB version

Pin SurrealDB to a specific version in Docker Compose to prevent breaking changes from upstream updates. Also fixes single-container documentation. (#629)

UI: Fix CJK text orientation

Correct text orientation for CJK (Chinese, Japanese, Korean) characters in the collapsible column component. (#619)

Other

• docs: add missing SURREAL_NAMESPACE and SURREAL_DATABASE env vars
• chore(deps-dev): bump tar from 7.5.7 to 7.5.9 in frontend

Migration

Existing podcast profiles are automatically migrated on first startup. If your profiles used providers with configured credentials, the migration is seamless. Profiles that can't be auto-migrated will show a "Setup required" badge in the UI.

Contributors

Thank you to everyone who contributed to this release!

• @1Zonghao — CJK text orientation fix (#619)

v1.7.4

Fixed

• Embedding large documents (3MB+) fails with 413 Payload Too Large (#594)
• generate_embeddings() now batches texts in groups of 50 with per-batch retry, preventing provider payload limits from being exceeded
• 413 errors now classified with user-friendly message in error classifier
• Misleading "Created 0 embedded chunks" log in process_source_command — embedding is fire-and-forget, so the count was always 0; now logs "embedding submitted" instead

v1.7.3 - Podcast failure recovery and retry

This release makes a ton of fixed in the podcast creation functionality. It adds retry capabilities, improved Json parsing for Gemini, ability to retry failed generation and more. Hope you enjoy it.

Added

• Retry button for failed podcast episodes in the UI (#211, #218)
• Error details displayed on failed podcast episodes (#185, #355)
• POST /podcasts/episodes/{id}/retry API endpoint for re-submitting failed episodes
• error_message field in podcast episode API responses

Fixed

• Podcast generation failures now correctly marked as "failed" instead of "completed" (#300, #335)
• Disabled automatic retries for podcast generation to prevent duplicate episode records (#302)

Dependencies

• Bump podcast-creator to >= 0.11.2
• Bump esperanto to >= 2.19.4

KNOWN ISSUES

The podcast creation process is still not respecting the new credentials config and relies on the ENV variables to work. This will be fixed in the next release.

v1.7.2

Added

• Error classification utility that maps LLM provider errors to user-friendly messages (#506)
• Global exception handlers in FastAPI for all custom exception types with proper HTTP status codes
• getApiErrorMessage() frontend helper that falls back to backend messages when no i18n mapping exists

Fixed

• LLM errors (invalid API key, wrong model, rate limits) now show descriptive messages instead of "An unexpected error occurred" (#590)
• SSE streaming error events in source chat and ask hooks were swallowed by inner JSON parse catch blocks
• Transformation execution errors were caught and re-wrapped as generic 500s instead of using proper status codes
• Fail fast when source content extraction returns empty instead of retrying (#589)
• Chat input and message overflow with long unbroken strings (#588)
• Word-wrap overflow in source cards, note editor, inline edit, note titles, and dialog content (#588)
• Translation proxy shadowing name keys (#588)
• OpenAI-compatible provider name handling via Esperanto update (#583)

Changed

• ValueError replaced with ConfigurationError in model provisioning for proper error classification
• ConfigurationError added to command retry stop_on lists to avoid retrying permanent config failures

Dependencies

• Bump esperanto to 2.19.3 (#583)
• Bump podcast-creator to 0.9.1

v1.7.1

What's Changed

Added

• French (fr-FR) language support (#581)
• CI test workflow and improved i18n validation (#580)
• Expose embed command_id in note API responses (#545)

Fixed

• ElevenLabs TTS credential passthrough via Esperanto update (#578)
• Handle empty/whitespace source content without retry loop (#576)
• Increase transformation max_tokens and update Esperanto dep (#568)
• Turn the embedding field into optional (#557)

Docs

• Fix docker container names in local setup guides (#577)

Dependencies

• Bump langchain-core from 1.2.7 to 1.2.11 (#564)
• Bump cryptography from 46.0.3 to 46.0.5 (#563)

Thank You

Thanks to everyone who contributed to this release! 🙏

• @richardsolomou for exposing embed command_id in note API responses (#545)
• @saikrishna-prathapaneni for the French translation work (#514)

Full Changelog: v1.7.0...v1.7.1

v1.7.0 - Credential-Based Provider Management

🎉 Release 1.7.0 - Credential-Based Provider Management

Major release introducing UI-based API key management, comprehensive security enhancements, and significantly improved getting started experience.

✨ Highlights

🔑 API Keys Management via UI - The biggest feature of this release!

• New Settings → API Keys page for managing all AI provider credentials
• Support for 14 providers: OpenAI, Anthropic, Google, Groq, Mistral, DeepSeek, xAI, OpenRouter, Voyage AI, ElevenLabs, Ollama, Azure OpenAI, OpenAI-Compatible, and Vertex AI
• One-click connection testing, model discovery, and registration
• Secure encryption (Fernet AES-128-CBC + HMAC-SHA256)
• Migration tool for existing .env configurations
• No more editing .env files! 🎊

🚀 Easier Getting Started

• Simplified docker-compose.yml setup (2 minutes from zero to running)
• Ready-made examples for common scenarios (Ollama, Speaches, full-local)
• Inline quick start in README
• Better onboarding for new users

🔒 Security Improvements

• Docker secrets support
• SSRF protection for URL validation
• Encrypted API key storage

📦 What's New

Added

• Credential-Based Provider Management (#477)

  • New Settings → API Keys page for managing AI provider credentials via the UI
  • Support for 14 providers with one-click setup
  • Secure storage with Fernet AES-128-CBC + HMAC-SHA256 encryption
  • Migration tool for existing .env configurations

• Security Enhancements

  • Docker secrets support via _FILE suffix pattern
  • URL validation for SSRF protection
  • Encrypted API key storage at rest

• Improved Getting Started Experience

  • Simplified docker-compose.yml in repository root
  • Added examples/ folder with ready-made configurations
  • Inline quick start in README
  • Cross-references between examples and documentation

• HTML clipboard detection for text sources (#426)

Fixed

• SqliteSaver async compatibility issues in chat system (#509, #525, #538)
• Re-embedding failures with empty content (#513, #515)
• Deletion cascade for notes and sources (#77)
• YouTube content availability issues (#494)
• Large document embedding errors (#489)

Internationalization

• Added Russian (ru-RU) language support (#524)
• Added Italian (it-IT) language support (#508)

🙏 Contributors

Special thanks to our community contributors for this release:

• @OraCatQAQ
• @gitjfmd

And to everyone who tested the RC and provided valuable feedback!

📚 Documentation

• Installation Guide
• API Keys Configuration
• Docker Compose Examples

🆘 Need Help?

• Discord Community
• GitHub Issues

---

Full Changelog: https://github.com/lfnovo/open-notebook/blob/main/CHANGELOG.md