Jekyll 2.1.1 Released

This is a minor release for Jekyll 2.1.0. It fixes a couple bugs and introduces fixes for a couple security-related issues.

It covers two security vulnerabilities:

  1. One in the reading of data
  2. One in the layouts setting

They were identified in Jekyll 1.5.1 and has been confirmed as patched in this version and the version used by GitHub Pages. If you are in the business of building Jekyll sites, please ensure you upgrade to 2.1.1 as soon as possible.

For more, check out jekyll/jekyll#2563.

Additionally, the dependency on Maruku has been loosened and a bug was fixed with document URLs.

As always, check out the full changelog for more info!

Happy Jekylling!

Jekyll Turns 21! Err... I mean 2.1.0.

Jekyll’s finally legal to drink in the States. And he’s done a lot of learning in the process! Here are some of the new things to look forward to:

  • Uses the latest Liquid version (2.6.1) (#2495)
  • Set front-matter defaults for collections (#2419)
  • Set a collection-specific URL template (#2418)
  • pygments.rb 0.6.0! (#2504)
  • .json files in _data (#2369)
  • Allow subdirectories in _data (#2395)
  • Add support for hl_lines in highlight tag (#2532)
  • Post categories now merge with directory, front-matter, and defaults (#2373)
  • New --skip_initial_build flag for jekyll serve (#2477)
  • A bajilion bug fixes and site updates!

Let’s go party!

Check out the full changelog for more.

Many thanks to these 37 contributors for the 2.1.0 release:

Alberto Grespan, Alessandro Lorenzi, Alex Medearis, Alfred Xing, Anatol Broder, Ben, Ben Balter, Bud Parr, Chezou, Denilson Figueiredo de Sá, Denilson Sá, Ivan Tse, Jens Nazarenus, Jesse Shawl, Jordon Bedwell, Josh Davis, János Rusiczki, Marc Ransome, Mathieu Bruyen, Matt Rogers, Parker Moore, Pat Hawks, Paul Henry, Peter Rhoades, Philipp Rudloff, Quinn Shanahan, Renaud Martinet, Rob Murray, Rodrigo Dumont, Simon Sarris, Terry, Terry Schmidt, Tomer Cohen, XhmikosR, Yihang Ho, jaybe@jekyll, and mikecole.

Pick Up your $1 Jekyll Sticker

Jekyll Sticker

You may have heard that @cobyism’s excellent Jekyll logo has been made into a sticker. You may have sat idly by, wishing that you could have a sticker honoring your beloved Jekyll.

The StickerMule team says, “Pine no longer!” StickerMule has discounted the price of Jekyll stickers down to $1 and are offering free (domestic) shipping! Go grab one now on the StickerMule marketplace – they’ll look swell on your favourite hardware.

Jekyll 2.0.3 Released

Hey again! Just wanted to let you know we’ve released another version of Jekyll, jam-packed with bug fixes.

A huge “thank you” is in order for all the folks who have submitted bug reports over the last 2 days — your input is what allows this project to continue. It’s always a pain to deal with a MAJOR version bump release, but it’s been pretty smooth so far and you have all been nice about the flaws you’ve found in the tool. Keep filing those reports so we can continue to make Jekyll even better!

Thank you to the contributors that contributed code to 2.0.1, 2.0.2, and/or 2.0.3:

Parker Moore, Yi Zeng, Gabe Ortiz, Aaron Broder, Alberto Grespan, gpxl, David Briggs, Kevin Ingersoll, and Troy Swanson.

As always, check out the changelog for more info. Happy Jekylling!

Jekyll turns 2.0.0

A year ago to the day, we released Jekyll 1.0.0. One year later, we present to you the next major version: Jekyll 2.0.0.

Jam-packed with some highly-requested features and bugfixes galore, this is the best Jekyll yet. Some notable changes:

  1. Collections - Collections allow you to define an unlimited number of custom document types (beyond just posts and pages) for different types of content you may want to author in Jekyll such as API documentation or a cookbook!
  2. Brand new site template (thanks @jglovier!) - Getting started with Jekyll just got a lot easier and a lot more beautiful. Just run jekyll new <path> and you’re good to go.
  3. Native Sass & CoffeeScript support - We love CSS and JavaScript as much as the next guy, but there will always be a special place in our hearts for Sass and CoffeeScript. We now offer native support for these file types — no more messing around with Rake or Grunt!
  4. YAML Front-Matter defaults - If you’ve set layout: post more than once in your life, you’ll love this new feature: set front-matter defaults for a given directory or type.
  5. Custom markdown processors - Always wanted to use your favourite home-grown Markdown converter, but couldn’t with Jekyll? Now you can. Simply specify markdown: MyConverterClass and you’re on your way.
  6. Addition of where and group_by Liquid filters - Simplifying your Liquid templates one filter at a time. The where filter selects from an array all items within which have a given value for a property. The group_by filter groups all items in an array which have the same value for a given property.
  7. Switch from Maruku to Kramdown as default markdown converter - Maruku is dead. We’ve replaced it with the converter which has the closest feature parity: Kramdown!

Check out our changelog for a complete list of all (200+) changes.

Many thanks to these 183 contributors for making Jekyll 2.0.0 happen:

Parker Moore, Matt Rogers, maul.esel, Anatol Broder, Zach Gersh, Joel Glovier, Ben Balter, XhmikosR, Coby Chapple, John Piasetzki, Aidan Feldman, Robin Dupret, Pascal Borreli, Troy Swanson, Erik Michaels-Ober, albertogg, Lucas Jenss, Matt Rogers & Persa Zula, Eric Mill, Shigeya Suzuki, Jens Nazarenus, ddavison, Pat Hawks, Rob Wierzbowski, MURAOKA Taro, Casey Lang, Fabian Rodriguez, Greg Karékinian, Zlatan Vasović, Christopher Nicotera, Dmitry Chestnykh, Ryan Morrissey, Jordon, John Hughes, akira yamada, Matt Swanson, Jashank Jeremy, Matthew Iversen, Meeka, liufengyun, Anand Narayan, nitoyon, Geoff Shannon, Benjamin J. Balter, Juan Ignacio Donoso, David Briggs, Benjamin Esham, Slava Pavlutin, Assaf Gelber, Josh Brown, Nick Fagerlund, Davide Ficano, pilosus, Anthony Smith, André Arko, Mikael Konutgan, Matthew Scharley, Dan Tao, scribu, Mort Yao, m, Stephen McDonald, Marcus Stollsteimer, Thomas Torsney-Weir, Jordon Bedwell, Tom Preston-Werner, Lincoln Mullen, Philip Poots, Ivan Tse, Christopher Giroir, Valery Tolstov, Wlodek Bzyl, Xavier Noria, Yi Zeng, Persa Zula, Phil Leggetter, Pirogov Evgenij, Rafael Revi, Rob McGuire-Dale, Rob Muhlestein, Robin Mehner, Roland Warmerdam, Rusty Geldmacher, Sam Rayner, Santeri Paavolainen, Sebastian Morr, Stephan Groß, Steven Spasbo, Tobias Brunner, Tuomas Kareinen, Tyler Margison, Uwe Dauernheim, Yihang Ho, Zach Leatherman, Zequez, andrew morton, andrewhavens, imathis, jannypie, jaybe@jekyll, kk_Ataka, markets, redwallhp, schneems, szymzet, thomasdao, tomsugden, wǒis神仙, 张君君, Noah Slater, Abhi Yerra, Adam Heckler, Ahmed Hazem, Aigars Dzerviniks, Aleksey V. Zapparov, Andreas Möller, Andy Lindeman, Arlen Cuss, Aziz Shamim, Ben Baker-Smith, Ben Hanzl, Ben Hildred, Brian Kim, Brice, Carol Nichols, Chezou, Chris Jones, Christian Grobmeier, Christoph Hochstrasser, Christoph Schiessl, Clint Shryock, Colin Dean, Corey Ward, Damian Lettie, Daniel Schauenberg, David Ensinger, David Paschich, David Sawyer, David Silva Smith, Donald Perry, Doug Johnston, Edward Ball, Eric Dobson, Erik Dungan, Florent Guilleux, Francis, Frederic ROS, GSI2013, Garen Torikian, George Anderson, Giuseppe Capizzi, Ishibashi Hideto, Jarrod Birch, Jeff Kolesky, Jens Bissinger, Jens Krause, John Firebaugh, John Papandriopoulos, Josh Branchaud, Katy DeCorah, Lachlan Holden, Mark Prins, Markus Roth, Martin Charles, Matt Iversen, Matt Sheehan, Matt Swensen, Matthias Vogelgesang, Michael Parker, Miha Rekar, Nathan Youngman, Nick Quaranto, Nick Quinlan, Nick Schonning, Nicolas Alpi, Nicolás Reynolds, Nikkau, 4ensicLog, Octavian Damiean, Olov Lassus, PatrickC8t, Paul Annesley, and Paul Oppenheim.

Happy developing!

Jekyll 1.5.1 Released

The hawk-eyed @gregose spotted a bug in our Jekyll.sanitized_path code:

> sanitized_path("/tmp/foobar/jail", "..c:/..c:/..c:/etc/passwd")
=> "/tmp/foobar/jail/../../../etc/passwd"

Well, we can’t have that! In 1.5.1, you’ll instead see:

> sanitized_path("/tmp/foobar/jail", "..c:/..c:/..c:/etc/passwd")
=> "/tmp/foobar/jail/..c:/..c:/..c:/etc/passwd"

Luckily not affecting 1.4.x, this fix will make 1.5.0 that much safer for the masses. Thanks, Greg!

Jekyll 1.5.0 Released

As work continues on Jekyll 2.0.0, we felt it was important to address two key issues of Jekyll 1.4.3, namely the safe_yaml dependency below 1.0 and the inability to use Jekyll 1.4.3 on Windows due to a fun issue with path sanitizing.

For a full changelog, check out our history page.

Now, back to work on 2.0.0!

Jekyll 1.4.3 Released

Jekyll 1.4.3 contains two critical security fixes. If you run Jekyll locally and do not run Jekyll in “safe” mode (e.g. you do not build Jekyll sites on behalf of others), you are not affected and are not required to update at this time. (See pull request.)

Versions of Jekyll prior to 1.4.3 and greater than 1.2.0 may allow malicious users to expose the content of files outside the source directory in the generated output via improper symlink sanitization, potentially resulting in an inadvertent information disclosure.

Versions of Jekyll prior to 1.4.3 may also allow malicious users to write arbitrary .html files outside of the destination folder via relative path traversal, potentially overwriting otherwise-trusted content with arbitrary HTML or Javascript depending on your server’s configuration.

Maintainer’s note: Many thanks to @gregose and @charliesome for discovering these vulnerabilities, and to @BenBalter and @alindeman for writing the patch.

Jekyll 1.4.2 Released

This release fixes a regression where Maruku fenced code blocks were turned off, instead of the previous default to on. We’ve added a new default configuration to our maruku config key: fenced_code_blocks and set it to default to true.

If you do not wish to use Maruku fenced code blocks, you may turn this option off in your site’s configuration file.

Jekyll 1.4.1 Released

Another quick turnover, anyone? A critical bug in the reading of posts snuck itself into the 1.4.0 release.

To address this issue, we’re releasing v1.4.1 of Jekyll so that you can keep on writing without any problems.

As always, you can find the full list of fixes in this release in the change log!

Jekyll 1.4.0 Released

About a month after the release of Jekyll v1.3.0, we are releasing Jekyll v1.4.0. This release will be the last non-patch release to support Ruby 1.8.7 and our next release will be Jekyll 2.0.0.

Here are a few things we think you’ll want to know about this release:

  • TOML is now a supported markup language for config files.
  • Maruku has been updated to 0.7.0 which provides some new features and a ton of bugfixes over the previous 0.6.x releases.
  • Non-gem Plugins are now sorted alphabetically by filename before they’re processed, which can provide a rudimentary way to establish a load order for plugins.

For a full run-down, visit our change log!

As always, Jekyll wouldn’t be possible without the contributions from others in the Jekyll community. We’d like to thank the following people for contributing to this release: Anatol Broder, David Sawyer, Greg Karékinian, Jordon Bedwell, Matthew Iversen, Persa Zula, and Yi Zeng.

Jekyll 1.3.1 Released

Just in time for the US holiday Thanksgiving, we’re releasing version 1.3.1 of Jekyll to address some of the issues seen since the release of 1.3.0.

In addition to a couple of other smaller bug fixes, the biggest thing we’ve fixed is an issue with the --watch option with Ruby 1.8.7. For a full run-down, visit our change log!

Thanks to all the people who have contributed to this release! They are (in alphabetical order): Abhi Yerra, Anatol Broder, Andreas Möller, Greg Karékinian, Sam Rayner, Santeri Paavolainen, Shigeya Suzuki, Yihang Ho, albertogg, andrewhavens, maul.esel, and thomasdao

Jekyll 1.3.0 Released

It’s been about six weeks since v1.2.0 and the Jekyll team is happy to announce the arrival of v1.3.0. This is a huge release full of all sorts of new features, bug fixes, and other things that you’re sure to love.

Here are a few things we think you’ll want to know about this release:

  • You can add arbitrary data to the site by adding YAML files under a site’s _data directory. This will allow you to avoid repetition in your templates and to set site specific options without changing _config.yml.
  • You can now run jekyll serve --detach to boot up a WEBrick server in the background. Note: you’ll need to run kill [server_pid] to shut the server down. When ran, you’ll get a process id that you can use in place of [server_pid]
  • You can now disable automatically-generated excerpts if you set excerpt_separator to "".
  • If you’re moving pages and posts, you can now check for URL conflicts by running jekyll doctor.
  • If you’re a fan of the drafts feature, you’ll be happy to know we’ve added -D, a shortened version of --drafts.
  • Permalinks with special characters should now generate without errors.
  • Expose the current Jekyll version as the jekyll.version Liquid variable.

For a full run-down, visit our change log!

Jekyll 1.3.0.rc1 Released

Jekyll 1.3.0 is going to be a big release! In order to make sure we didn’t screw anything up too badly, we’re making a release candidate available for any early adopters who want to give the latest and greatest code a spin without having to clone a repository from git.

Please take this prerelease for a spin and let us know if you run into any issues!

Jekyll 1.2.1 Released

Quick turnover, anyone? A recent incompatibility with Liquid v2.5.2 produced a nasty bug in which include tags were not rendered properly within if blocks.

This release also includes a better handling of detached servers (prints pid and the command for killing the process). Note: the --detach flag and --watch flags are presently incompatible in 1.2.x. Fix for that coming soon!

For a full list of the fixes in this release, check out the change log!

Jekyll 1.2.0 Released

After nearly a month and a half of hard work, the Jekyll team is happy to announce the release of v1.2.0. It’s chock full of bug fixes and some enhancements that we think you’ll love.

Here are a few things we think you’ll want to know about this release:

  • Run jekyll serve --detach to boot up a WEBrick server in the background. Note: you’ll need to run kill [server_pid] to shut the server down.
  • You can now disable automatically-generated excerpts if you set excerpt_separator to "".
  • If you’re moving around pages and post, you can now check for URL conflicts by running jekyll doctor.
  • If you’re a fan of the drafts feature, you’ll be happy to know we’ve added -D, a shortened version of --drafts.
  • Permalinks with special characters should now generate without errors.
  • Expose the current Jekyll version as the jekyll.version Liquid variable.

For a full run-down, visit our change log!

Jekyll 1.1.2 Released

Version 1.1.2 fixes a minor, but nonetheless important security vulnerability affecting several third-party Jekyll plugins. If your Jekyll site does not use plugins, you may, but are not required to upgrade at this time.

Community and custom plugins extending the Liquid::Drop class may inadvertently disclose some system information such as directory structure or software configuration to users with access to the Liquid templating system.

We recommend you upgrade to Jekyll v1.1.2 immediately if you use Liquid::Drop plugins on your Jekyll site.

Many thanks for Ben Balter for alerting us to the problem and submitting a patch so quickly.

Jekyll 1.0.4 Released

Version 1.0.4 fixes a minor, but nonetheless important security vulnerability affecting several third-party Jekyll plugins. If your Jekyll site does not use plugins, you may, but are not required to upgrade at this time.

Community and custom plugins extending the Liquid::Drop class may inadvertently disclose some system information such as directory structure or software configuration to users with access to the Liquid templating system.

We recommend you upgrade to Jekyll v1.0.4 immediately if you use Liquid::Drop plugins on your Jekyll site.

Many thanks for Ben Balter for alerting us to the problem and submitting a patch so quickly.

Jekyll 1.1.1 Released

Coming just 10 days after the release of v1.1.0, v1.1.1 is out with a patch for the nasty excerpt inception bug (#1339) and non-zero exit codes for invalid commands (#1338).

To all those affected by the strange excerpt bug in v1.1.0, I’m sorry. I think we have it all patched up and it should be deployed to GitHub Pages in the next couple weeks. Thank you for your patience!

If you’re checking out v1.1.x for the first time, definitely check out what shipped with v1.1.0!

See the GitHub Release page for more a more detailed changelog for this release.

Jekyll 1.1.0 Released

After a month of hard work, the Jekyll core team is excited to announce the release of Jekyll v1.1.0! This latest release of Jekyll brings some really exciting new additions:

  • Add docs subcommand to read Jekyll’s docs when offline. (#1046)
  • Support passing parameters to templates in include tag (#1204)
  • Add support for Liquid tags to post excerpts (#1302)
  • Fix pagination for subdirectories (#1198)
  • Provide better error reporting when generating sites (#1253)
  • Latest posts first in non-LSI related_posts (#1271)

See the GitHub Release page for more a more detailed changelog for this release.

Jekyll 1.0.3 Released

v1.0.3 contains some key enhancements and bug fixes:

  • Fail with non-zero exit code when MaRuKu errors (#1190) or Liquid errors (#1121)
  • Add support for private gists to gist tag (#1189)
  • Add --force option to jekyll new (#1115)
  • Fix compatibility with exclude and include with pre-1.0 Jekyll (#1114)
  • Fix pagination issue regarding File.basename and page:num (#1063)

See the History page for more information on this release.

Jekyll 1.0.2 Released

v1.0.2 has some key bugfixes that optionally restore some behaviour from pre-1.0 releases, and fix some other annoying bugs:

  • Backwards-compatibilize relative permalinks (#1081)
  • Add jekyll doctor command to check site for any known compatibility problems (#1081)
  • Deprecate old config server_port, match to port if port isn’t set (#1084)
  • Update pygments.rb and kramdon versions to 0.5.0 and 1.0.2, respectively (#1061, #1067)
  • Fix issue when post categories are numbers (#1078)
  • Add a data-lang="<lang>" attribute to Redcarpet code blocks (#1066)
  • Catching that Redcarpet gem isn’t installed (#1059)

See the History page for more information on this release.

Jekyll 1.0.1 Released

Hot on the trails of v1.0, v1.0.1 is out! Here are the highlights:

  • Add newer language- class name prefix to code blocks (#1037)
  • Commander error message now preferred over process abort with incorrect args (#1040)
  • Do not force use of toc_token when using generate_toc in RDiscount (#1048)
  • Make Redcarpet respect the pygments configuration option (#1053)
  • Fix the index build with LSI (#1045)
  • Don’t print deprecation warning when no arguments are specified. (#1041)
  • Add missing </div> to site template used by new subcommand, fixed typos in code (#1032)

See the History page for more information on this release.

Jekyll 1.0.0 Released

Hey! After many months of hard work by Jekyll’s contributors, we’re excited to announce the first major release of the project in a long while. v1.0.0 is finally here! While the list of improvements and bug fixes is quite lengthy, here are the highlights (thanks to @benbalter for the examples and for compiling this list):

  • Support for the Gist tag for easily embedding Gists (example)
  • Automatically generated post excerpts (example)
  • Save and preview drafts before publishing (example)

Take a look at the Upgrading page in the docs for more detailed information.