Today, we're excited to announce the release of Linkwarden 2.12! đ„ł This update brings significant improvements and new features to enhance your experience.
For those who are new to Linkwarden, itâs basically a tool for saving and organizing webpages, articles, and documents all in one place. Itâs great for bookmarking stuff to read later, and you can also share your resources, create public collections, and collaborate with your team. Linkwarden is available as a Cloud subscription or you can self-host it on your own server.
This release brings a range of updates to make your bookmarking and archiving experience even smoother. Letâs take a look:
Whatâs new:
𫧠Drag and Drop Support
One of our most requested features is finally here! You can now drag and drop Links onto Collections and Tags. This makes it much easier to organize your bookmarks and keep everything tidy.
đ€ Upload from SingleFile
SingleFile is an awesome browser extension that allows you to save complete webpages as a single HTML file on your device. As of Linkwarden 2.12, you can upload your saved links directly from the SingleFile browser extension into Linkwarden. This allows you to easily save articles which are behind paywalls or require authentication directly from your browser.
To use this feature, simply install the SingleFile extension, and then follow the documentation.
đ Progressed Translations
Weâve made significant progress in our translations, with many languages now fully supported. If youâre interested in helping out with translations, check out our Crowdin page.
â And more...
There are also a bunch of smaller improvements and fixes in this release to keep everything running smoothly.
Full Changelog: https://github.com/linkwarden/linkwarden/compare/v2.11.8...v2.12.0
Want to skip the technical setup?
If youâd rather skip server setup and maintenance, our Cloud Plan takes care of everything for you. Itâs a great way to access all of Linkwardenâs featuresâplus future updatesâwithout the technical overhead.
We hope you enjoy these new enhancements, and as always, we'd like to express our sincere thanks to all of our supporters and contributors. Your feedback and contributions have been invaluable in shaping Linkwarden into what it is today. đ
How would you add new links if its read only?
As always you store data you want to keep in the volumes section.
With read-only you prevent new binaries from being added in the image space. You can add ânoexecâ to your volumes/tmpfs preventing binaries to the areas that are writable. Then ideally you are using an image with minimal surface area (e.g., only sh and the exact binaries needed to make it go) and itâs very secure! Itâs still plenty secure without a minimal image.
Couldn't the attacker just drop a dangerous binary into the data volume then?
Not if you annotate your data volume with said ânoexecâ which prevents execution from anything in the data volume. It looks like this, you can slam it on any volume you like - no volumes should have executables in them anyways.
Also Iâm pretty sure ânoexecâ is the default, so thatâs by default protected. But I canât confirm that from a quick search so not 100% on that.
â/mnt/data:/container/place/it/wants:rw,noexec,nosuid,nodev,Zâ
ârwâ means read/write. You can change it to âroâ for read-only if the volume shouldnât write to it (maybe a config file).
Z is for selinux that means âonly one program can read/write tho thisâ. You can change it to âzâ lowercase in case more than one needs to read/write. Only case Iâve found for little z is crowdsec needing to watch Caddyâs log for blocking.
So overall, the idea is that your volume mounts canât be used to execute arbitrary binaries AND the image file system is frozen so that arbitrary binaries cannot be loaded into the image (which is by default all executable, a requirement to run anything in it). So if someone was able to hack into an internet-facing container, they wonât be able to load up whatever they want. Theyâll be limited to whatâs built into the image (which ideally are secure and limited in scope).
This is great. Thanks!