du82/nonograph
Nonograph is a self-hosted anonymous publishing platform. Write anonymously, publish instantly, read privately.
du82·2w ago·May 18, 2026Makes moderation actually possible and improves the editor UI slightly. The UI changes aren't anything major, just more cohesive. As always, it's up to those hosting instances to moderate if they wish, there's no central servers, no authority, and no phoning home. **Full Changelog**: https://github.com/du82/nonograph/compare/v0.2.2...v0.2.3
du82·2w ago·May 12, 2026Tiny fix for dockerized hidden service address persistence **Full Changelog**: https://github.com/du82/nonograph/compare/v0.2.1...v0.2.2
du82·2w ago·May 12, 2026📋 What's Changed
- docs: add Simplified Chinese translation and language selector in README by @Shiniese in https://github.com/du82/nonograph/pull/12
- Change Cascadia Code to Cascadia Mono by @myfonj in https://github.com/du82/nonograph/pull/14
✨ New Contributors
- @Shiniese made their first contribution in https://github.com/du82/nonograph/pull/12
- @myfonj made their first contribution in https://github.com/du82/nonograph/pull/14
- Full Changelog: https://github.com/du82/nonograph/compare/v0.2.0...v0.2.1
du82·1mo ago·April 26, 2026The first truly stable release! Comes with new containers for even easier deployment, including the self-healing Tor hidden service.
du82·1mo ago·April 26, 2026du82·1mo ago·April 25, 2026Critical security fix that patches a hidden service deanonymization technique through malformed URLs.
du82·1mo ago·April 15, 2026📋 What's Changed
- Syntax highlighting by @du82 in https://github.com/du82/nonograph/pull/6
- Switch to baseline Dockerfile due to local build errors by @eversiege in https://github.com/du82/nonograph/pull/11
✨ New Contributors
- @eversiege made their first contribution in https://github.com/du82/nonograph/pull/11
- Full Changelog: https://github.com/du82/nonograph/compare/v0.0.6...v0.1.0
du82·6mo ago·November 8, 2025Now you can strip out all JS on the server side by hitting /nojs/ instead of /, also works great on posts!
du82·7mo ago·October 17, 2025The markup has been finalized and will now be considered stable
du82·7mo ago·October 16, 2025📋 Changes
- Added CSRF protection using cookieless tokens with 24-hour expiration
- Added CSRF configuration toggle in Config.toml (csrf_protection_enabled)
- Added SSRF protection blocking private IPs and dangerous protocols
- Added security tests for sanitation, XSS, CSRF, and SSRF to the now 97 tests!
- Fixed XSS vulnerability in OpenGraph meta tags via HTML escaping
- Fixed client-side SSRF attacks through image URL validation
- Blocked dangerous URLs: localhost, 192.168.x, 10.x, 172.16-31.x, 169.254.x, javascript:, data:, file:
- Allowed safe URLs: HTTPS/HTTP external domains, relative URLs
- + 1 more
du82·7mo ago·October 14, 2025📋 Changes
- Fix the Windows build on GitHub Actions
du82·7mo ago·October 14, 2025📋 Changes
- Fixed multiple edge cases which could allow an XSS attack.
- Fixed truncation of titles and authors as a result of a mistype.
- Added new tests to check for XSS attack vectors in the title and author.
du82·7mo ago·October 12, 2025📋 Changes
- Markdown editor with slash commands
- Context-aware formatting suggestions
- Improve privacy and usability
- Keyboard shortcuts for all formatting options
- Smart menu positioning