Jekyll 1.4.3 Released

Jekyll 1.4.3 contains two critical security fixes. If you run Jekyll locally and do not run Jekyll in “safe” mode (e.g. you do not build Jekyll sites on behalf of others), you are not affected and are not required to update at this time. (See pull request.)

Versions of Jekyll prior to 1.4.3 and greater than 1.2.0 may allow malicious users to expose the content of files outside the source directory in the generated output via improper symlink sanitization, potentially resulting in an inadvertent information disclosure.

Versions of Jekyll prior to 1.4.3 may also allow malicious users to write arbitrary .html files outside of the destination folder via relative path traversal, potentially overwriting otherwise-trusted content with arbitrary HTML or Javascript depending on your server’s configuration.

Maintainer’s note: Many thanks to @gregose and @charliesome for discovering these vulnerabilities, and to @BenBalter and @alindeman for writing the patch.

Jekyll 1.4.2 Released

This release fixes a regression where Maruku fenced code blocks were turned off, instead of the previous default to on. We’ve added a new default configuration to our maruku config key: fenced_code_blocks and set it to default to true.

If you do not wish to use Maruku fenced code blocks, you may turn this option off in your site’s configuration file.

Jekyll 1.4.1 Released

Another quick turnover, anyone? A critical bug in the reading of posts snuck itself into the 1.4.0 release.

To address this issue, we’re releasing v1.4.1 of Jekyll so that you can keep on writing without any problems.

As always, you can find the full list of fixes in this release in the change log!

Jekyll 1.4.0 Released

About a month after the release of Jekyll v1.3.0, we are releasing Jekyll v1.4.0. This release will be the last non-patch release to support Ruby 1.8.7 and our next release will be Jekyll 2.0.0.

Here are a few things we think you’ll want to know about this release:

  • TOML is now a supported markup language for config files.

  • Maruku has been updated to 0.7.0 which provides some new features and a ton of bugfixes over the previous 0.6.x releases.

  • Non-gem Plugins are now sorted alphabetically by filename before they’re processed, which can provide a rudimentary way to establish a load order for plugins.

For a full run-down, visit our change log!

As always, Jekyll wouldn’t be possible without the contributions from others in the Jekyll community. We’d like to thank the following people for contributing to this release: Anatol Broder, David Sawyer, Greg Karékinian, Jordon Bedwell, Matthew Iversen, Persa Zula, and Yi Zeng.

Jekyll 1.3.1 Released

Just in time for the US holiday Thanksgiving, we’re releasing version 1.3.1 of Jekyll to address some of the issues seen since the release of 1.3.0.

In addition to a couple of other smaller bug fixes, the biggest thing we’ve fixed is an issue with the --watch option with Ruby 1.8.7. For a full run-down, visit our change log!

Thanks to all the people who have contributed to this release! They are (in alphabetical order): Abhi Yerra, Anatol Broder, Andreas Möller, Greg Karékinian, Sam Rayner, Santeri Paavolainen, Shigeya Suzuki, Yihang Ho, albertogg, andrewhavens, maul.esel, and thomasdao

Jekyll 1.3.0 Released

It’s been about six weeks since v1.2.0 and the Jekyll team is happy to announce the arrival of v1.3.0. This is a huge release full of all sorts of new features, bug fixes, and other things that you’re sure to love.

Here are a few things we think you’ll want to know about this release:

  • You can add arbitrary data to the site by adding YAML files under a site’s _data directory. This will allow you to avoid repetition in your templates and to set site specific options without changing _config.yml.

  • You can now run jekyll serve --detach to boot up a WEBrick server in the background. Note: you’ll need to run kill [server_pid] to shut the server down. When ran, you’ll get a process id that you can use in place of [server_pid]

  • You can now disable automatically-generated excerpts if you set excerpt_separator to "".

  • If you’re moving pages and posts, you can now check for URL conflicts by running jekyll doctor.

  • If you’re a fan of the drafts feature, you’ll be happy to know we’ve added -D, a shortened version of --drafts.

  • Permalinks with special characters should now generate without errors.

  • Expose the current Jekyll version as the jekyll.version Liquid variable.

For a full run-down, visit our change log!

Jekyll 1.3.0.rc1 Released

Jekyll 1.3.0 is going to be a big release! In order to make sure we didn’t screw anything up too badly, we’re making a release candidate available for any early adopters who want to give the latest and greatest code a spin without having to clone a repository from git.

Please take this prerelease for a spin and let us know if you run into any issues!

Jekyll 1.2.1 Released

Quick turnover, anyone? A recent incompatibility with Liquid v2.5.2 produced a nasty bug in which include tags were not rendered properly within if blocks.

This release also includes a better handling of detached servers (prints pid and the command for killing the process). Note: the --detach flag and --watch flags are presently incompatible in 1.2.x. Fix for that coming soon!

For a full list of the fixes in this release, check out the change log!

Jekyll 1.2.0 Released

After nearly a month and a half of hard work, the Jekyll team is happy to announce the release of v1.2.0. It’s chock full of bug fixes and some enhancements that we think you’ll love.

Here are a few things we think you’ll want to know about this release:

  • Run jekyll serve --detach to boot up a WEBrick server in the background. Note: you’ll need to run kill [server_pid] to shut the server down.
  • You can now disable automatically-generated excerpts if you set excerpt_separator to "".
  • If you’re moving around pages and post, you can now check for URL conflicts by running jekyll doctor.
  • If you’re a fan of the drafts feature, you’ll be happy to know we’ve added -D, a shortened version of --drafts.
  • Permalinks with special characters should now generate without errors.
  • Expose the current Jekyll version as the jekyll.version Liquid variable.

For a full run-down, visit our change log!

Jekyll 1.1.2 Released

Version 1.1.2 fixes a minor, but nonetheless important security vulnerability affecting several third-party Jekyll plugins. If your Jekyll site does not use plugins, you may, but are not required to upgrade at this time.

Community and custom plugins extending the Liquid::Drop class may inadvertently disclose some system information such as directory structure or software configuration to users with access to the Liquid templating system.

We recommend you upgrade to Jekyll v1.1.2 immediately if you use Liquid::Drop plugins on your Jekyll site.

Many thanks for Ben Balter for alerting us to the problem and submitting a patch so quickly.

Jekyll 1.0.4 Released

Version 1.0.4 fixes a minor, but nonetheless important security vulnerability affecting several third-party Jekyll plugins. If your Jekyll site does not use plugins, you may, but are not required to upgrade at this time.

Community and custom plugins extending the Liquid::Drop class may inadvertently disclose some system information such as directory structure or software configuration to users with access to the Liquid templating system.

We recommend you upgrade to Jekyll v1.0.4 immediately if you use Liquid::Drop plugins on your Jekyll site.

Many thanks for Ben Balter for alerting us to the problem and submitting a patch so quickly.

Jekyll 1.1.1 Released

Coming just 10 days after the release of v1.1.0, v1.1.1 is out with a patch for the nasty excerpt inception bug (#1339) and non-zero exit codes for invalid commands (#1338).

To all those affected by the strange excerpt bug in v1.1.0, I’m sorry. I think we have it all patched up and it should be deployed to GitHub Pages in the next couple weeks. Thank you for your patience!

If you’re checking out v1.1.x for the first time, definitely check out what shipped with v1.1.0!

See the GitHub Release page for more a more detailed changelog for this release.

Jekyll 1.1.0 Released

After a month of hard work, the Jekyll core team is excited to announce the release of Jekyll v1.1.0! This latest release of Jekyll brings some really exciting new additions:

  • Add docs subcommand to read Jekyll’s docs when offline. (#1046)
  • Support passing parameters to templates in include tag (#1204)
  • Add support for Liquid tags to post excerpts (#1302)
  • Fix pagination for subdirectories (#1198)
  • Provide better error reporting when generating sites (#1253)
  • Latest posts first in non-LSI related_posts (#1271)

See the GitHub Release page for more a more detailed changelog for this release.

Jekyll 1.0.3 Released

v1.0.3 contains some key enhancements and bug fixes:

  • Fail with non-zero exit code when MaRuKu errors (#1190) or Liquid errors (#1121)
  • Add support for private gists to gist tag (#1189)
  • Add --force option to jekyll new (#1115)
  • Fix compatibility with exclude and include with pre-1.0 Jekyll (#1114)
  • Fix pagination issue regarding File.basename and page:num (#1063)

See the History page for more information on this release.

Jekyll 1.0.2 Released

v1.0.2 has some key bugfixes that optionally restore some behaviour from pre-1.0 releases, and fix some other annoying bugs:

  • Backwards-compatibilize relative permalinks (#1081)
  • Add jekyll doctor command to check site for any known compatibility problems (#1081)
  • Deprecate old config server_port, match to port if port isn’t set (#1084)
  • Update pygments.rb and kramdon versions to 0.5.0 and 1.0.2, respectively (#1061, #1067)
  • Fix issue when post categories are numbers (#1078)
  • Add a data-lang="<lang>" attribute to Redcarpet code blocks (#1066)
  • Catching that Redcarpet gem isn’t installed (#1059)

See the History page for more information on this release.

Jekyll 1.0.1 Released

Hot on the trails of v1.0, v1.0.1 is out! Here are the highlights:

  • Add newer language- class name prefix to code blocks (#1037)
  • Commander error message now preferred over process abort with incorrect args (#1040)
  • Do not force use of toc_token when using generate_toc in RDiscount (#1048)
  • Make Redcarpet respect the pygments configuration option (#1053)
  • Fix the index build with LSI (#1045)
  • Don’t print deprecation warning when no arguments are specified. (#1041)
  • Add missing </div> to site template used by new subcommand, fixed typos in code (#1032)

See the History page for more information on this release.

Jekyll 1.0.0 Released

Hey! After many months of hard work by Jekyll’s contributors, we’re excited to announce the first major release of the project in a long while. v1.0.0 is finally here! While the list of improvements and bug fixes is quite lengthy, here are the highlights (thanks to @benbalter for the examples and for compiling this list):

  • Support for the Gist tag for easily embedding Gists (example)
  • Automatically generated post excerpts (example)
  • Save and preview drafts before publishing (example)

Take a look at the Upgrading page in the docs for more detailed information.