| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| checksums-windows.txt | 2026-05-24 | 194 Bytes | |
| Mini-Diarium-0.5.0-windows.exe | 2026-05-24 | 12.1 MB | |
| Mini-Diarium-0.5.0-windows.msi | 2026-05-24 | 14.9 MB | |
| checksums-macos.txt | 2026-05-24 | 95 Bytes | |
| Mini-Diarium-0.5.0-macos.dmg | 2026-05-24 | 26.7 MB | |
| checksums-linux.txt | 2026-05-24 | 195 Bytes | |
| Mini-Diarium-0.5.0-linux.AppImage | 2026-05-24 | 89.5 MB | |
| Mini-Diarium-0.5.0-linux.deb | 2026-05-24 | 15.7 MB | |
| 0.5.0 source code.tar.gz | 2026-05-24 | 15.6 MB | |
| 0.5.0 source code.zip | 2026-05-24 | 16.2 MB | |
| README.md | 2026-05-24 | 10.1 kB | |
| Totals: 11 Items | 190.7 MB | 0 | |
What's Changed
v0.5.0 is the biggest Mini Diarium release to date, delivering substantial improvements on every front. User-facing highlights include entry tags with calendar filtering, a first-run welcome tour, expanded cross-app image drag-and-drop, a fully configurable editor toolbar with 17 individually toggleable controls (including optional font family and size pickers), and smooth blur animations on lock and unlock. On the internal side, the Rust backend and SolidJS frontend were each refactored into focused, independently testable modules, test coverage was substantially expanded across both layers, a multi-auth duplicate-credential vulnerability was fixed, network isolation was hardened with additional defense-in-depth layers, and all user-facing documentation was brought fully up to date.
Added
- IndexNow integration for the marketing website: all public URLs are now automatically submitted to Bing, Yandex, Seznam, and other participating search engines via the IndexNow protocol. A new
scripts/submit-indexnow.mjsscript reads the sitemap and submits URLs in bulk. A GitHub Actions workflow (.github/workflows/indexnow.yml) enables manual submission after deployment, with an automatic push trigger ready to be enabled once Coolify auto-deployment is configured. Runbun run website:submit-indexnowto submit, orbun run website:submit-indexnow:dry-runto preview the payload. - Multi-auth duplicate-credential fix:
unlock_diary_all_methodspreviously accepted the same credential twice, allowing a single factor to satisfy both slots in a require-all-auth setup. The backend now rejects duplicate slot IDs so each registered factor must be provided independently. - Error message sanitization: several dialogs (import, statistics, journal picker, security preferences, password creation) were displaying raw internal error strings that could leak filesystem paths or library internals. All user-facing error messages are now sanitized before display.
- Network isolation hardening: added defense-in-depth layers to prevent outbound network use from within the WebView. Layers added: explicit
connect-src 'self' ipc: http://ipc.localhostCSP directive;worker-src 'none',child-src 'none',frame-src 'none',object-src 'none',form-action 'none',manifest-src 'none'CSP directives; document-start init script nullingRTCPeerConnection,WebTransport,Worker,SharedWorker,navigator.serviceWorker,navigator.sendBeacon,navigator.connection, andwindow.openin all frames;on_new_window(Deny)handler blocking popup creation on all platforms; Windows WebView2WebResourceRequestedCOM handler; macOSWKContentRuleListcontent-blocking rule; Windows installer outbound firewall rule (NSIS,perMachine); removeddevtoolsCargo feature from release builds; added CI static check for network-capable crates and APIs. (fetch/XMLHttpRequest/WebSocket/EventSourceremain available for IPC/local runtime communication and are constrained by CSP + platform handlers.) - Tags for diary entries: entries can now be tagged with user-defined labels. A row of tag chips appears below the title in the editor. Click
+ Add tagto type a new tag or pick an existing one from the dropdown; click×on a chip to remove it. Tags are managed globally via Manage tags → rename or delete any tag across all entries. Tag names are encrypted with AES-256-GCM (the same key as entry content) so they are never stored as readable text in the database. A keyed HKDF-SHA256 fingerprint enforces deduplication at the database level. Existing journals are automatically migrated to schema v7 on next unlock.- Tag filter: click a tag chip's name to activate a tag filter — the calendar in the sidebar narrows its dot indicators to only show dates that have entries with that tag. A banner above the calendar names the active filter and provides a
×to clear it. Clicking the same chip again also clears it. The filter persists across month navigation and is automatically cleared on journal lock or when the filtered tag is deleted.
- Tag filter: click a tag chip's name to activate a tag filter — the calendar in the sidebar narrows its dot indicators to only show dates that have entries with that tag. A banner above the calendar names the active filter and provides a
- First-run onboarding tour: creating a new journal now triggers a 3-step transparent overlay tour that highlights key features — enabling the advanced toolbar (Preferences → Writing), importing entries from other apps, and finding the online documentation. The tour can be minimized to a floating help icon (
?) in the bottom-right corner; clicking the icon shows a popover with Resume Tour and Dismiss options. Pressing Escape while the tour is active minimizes it instead of quitting the app. The tour fires only once per app profile and is permanently dismissed via the popover or by completing all three steps; subsequent launches render nothing.- Spotlight anchoring: each tour step now highlights its real target element — the editor toolbar strip and the About button in the header are spotlit via a
box-shadowcutout with the card dynamically positioned adjacent and an arrow pointing at the target; for native OS elements outside the webview (such as Import in the menu bar) a soft pulsing glow appears at the webview edge nearest the item.
- Spotlight anchoring: each tour step now highlights its real target element — the editor toolbar strip and the About button in the header are spotlit via a
- Cross-application image drag-and-drop: dragging images from desktop apps that embed them as HTML payloads now works, extending the existing file-manager and clipboard-paste paths. Two payload types are handled: apps that inline images as
data:image/...base64 sources (some Electron apps), and apps that reference images as localfile://paths (e.g. Typora with file-linked images). All dropped images pass through the same canvas resize pipeline (max 1200 px, re-encoded as JPEG or PNG). The editor container shows a blue border highlight when a file-manager drag hovers over it. When an image is dragged from a web browser or web app (where the drag payload only contains an HTTPS URL), a dismissible banner explains that embedding is not possible because it would require a network request — which the app never makes — and directs the user to use right-click → Copy Image and paste instead.
Changed
- Unlock/lock transition animations: unlocking the journal now reveals the main view through a blur-dissolve effect (encrypted fog lifting over ~1.4 s); locking plays the reverse — a blur fades in over the content for ~700 ms while the backend closes the database, then the lock screen appears. Both animations respect
prefers-reduced-motion. The lock animation blocks pointer interaction during the transition; all security operations (save flush, database close) run on the same schedule as before — the timing change is cosmetic only. - Internal refactoring: a large structured pass across the Rust backend and SolidJS frontend. No user-facing behavior changes; all encryption and auth guarantees are preserved.
- Backend: the database query, schema/migration, and auth-command layers were each split into focused modules. Encrypted row decoding and the locked-state guard are now centralized, so failures surface as errors instead of being silently swallowed. The password, key-file, and multi-auth unlock paths share a single auditable implementation; the local-only auto-unlock path remains intentionally separate.
- Frontend: the security preferences panel and the rich-text editor were each broken into smaller, independently testable components.
- Test coverage: command-level, security-preference, and editor-integration tests were added across both layers; a CI check now enforces the error-sanitization rule going forward.
- Sticky editor toolbar: the formatting toolbar now stays pinned at the top of the scroll area while scrolling through a long entry, so formatting controls remain accessible at all times without scrolling back to the top. When multiple entries are stacked (multiple entries per day), each toolbar independently sticks as its entry scrolls through the viewport.
- Central plugins directory: user
.rhaiplugins now live in{app_data_dir}/plugins/(e.g.%APPDATA%\com.minidiarium\plugins\on Windows) instead of the per-journal{journal_path}/plugins/folder. Plugins are shared across all journals and loaded once at startup. On first launch after upgrading, any.rhaiscripts found in the old per-journal locations are automatically copied to the new central directory (originals are left in place). - Font family and font size in editor toolbar: the editor font family and font size can now be changed directly from the editor toolbar without opening Preferences. Both controls appear as compact dropdown selectors and are opt-in — enable them in Preferences → Writing → Toolbar items (Font family and Font size are added at the bottom of every user's item list, disabled by default). Existing users with a saved toolbar configuration automatically get the new items appended. The dropdowns write directly to the saved preference, so the value is always in sync with the Preferences → Writing sliders and selects.
- Per-item toolbar configuration: the all-or-nothing Show advanced formatting toolbar toggle in Preferences → Writing has been replaced with a fully configurable Toolbar items list. Each of the 15 formatting controls (Headings, Underline, Strikethrough, Text color, Highlight color, Blockquote, Inline code, Bullet list, Numbered list, Horizontal rule, Insert image, Import Markdown, Insert timestamp, Text direction, Alignment controls) can be individually enabled or disabled, and reordered with ↑/↓ arrows. Select all and Select none buttons enable quick bulk actions. Bold and Italic remain fixed at the start of the toolbar and are not configurable. Existing users are migrated automatically:
advancedToolbar: falsekeeps Underline, Bullet list, and Numbered list enabled (matching the previous basic toolbar);advancedToolbar: trueenables all 15 items.