Typemill 2.1.0: New Security Features

Typemill 2.1.0 is now available, focusing on new security features like a login verification code for enhanced protection against password theft. Download the latest version from our start page and view all updates in the changelog.

Login Verification Code

This new feature sends a 5-digit verification code to a user's email after entering valid credentials. The code expires in 5 minutes. You can generate a new code by restarting the login process. Successful verification allows 24-hour login without needing a new code.

Some providers may reject these emails. Before enabling this feature, send a testmail through the new button in email settings. Always have FTP access to disable this feature manually in settings.yaml if needed.

Be aware, Typemill will store simple device fingerprints in user accounts. You will need to verify again when logging in from a new device or IP. Ensure compliance with your country's privacy legislation.

New Reference Feature

Discover a new reference section in the meta tab of each page.

Add a relative or absolute URL (for external links) in the URL field to use this feature. The options are:

• Permanent Redirect (301): Redirect visitors to a new page permanently. This feature is also useful in SEO.
• Temporary Redirect (302): Temporarily redirect visitors to another URL.
• Copy: Copy page content to another page. Useful in many situations, but avoid this feature for public sites due to duplicate content penalties.
• External Link: Add navigation items leading directly to external URLs.

Security Headers

Security headers are crucial for developers, enhancing technical security. Typemill has reinstated the security headers from Version 1 and introduced new measures. Now, HTML pages are protected with a Content Security Policy (CSP-Headers), and all API endpoints are secured with CORS (Cross-Origin Resource Sharing) headers.

These security headers are configurable in the developer tab of the system settings, where they can also be disabled if necessary. For integration with plugins and themes, external domains must be whitelisted.

Additional security improvements include the removal of basic authentication credentials from the URL object and the reactivation of proxy detection, a feature commonly utilized in corporate environments from version 1.

Roadmap and Release Dates

To streamline scheduling, new releases are now set for the 15th of each month, followed by newsletters. Consequently, version numbers will align with the months, starting with 2.1 in January and ending with 2.12 in December this year.

See the updated public roadmap for this year's expectations, including significant milestones like the license system, AI integration, and headless mode, along with a lot new plugins.

Upgrade From Version 1

If you're still using Typemill version 1 without requiring specific features, plugins, or themes, it's a good time to upgrade to version 2.

I've completed several upgrades and found the following process most effective: First, back up your website locally. Next, create a fresh Typemill 2 installation on your local machine. Transfer all content to this new installation and conduct local tests. If everything functions smoothly, upload the new version to your live server. Detailed steps are available in the upgrade guide.

Version 2.2.0

Version 2.2.0 will introduce the previously detailed license model, hopefully alongside one or two new plugins designed for it.

I am also planning some minor enhancements, such as refining the translation process and bolstering security features. Additionally, I am exploring the possibility of supporting basic HTML in markdown via the shortcode feature. Lastly, version 2.2.0 will introduce an exciting new administrative interface for tasks like clearing navigation cache, reviewing security logs, and much more.

Stay updated, and see you on the 15th!