Hugo

This is mostly a bug fix release, ironing out some quirks with the partial server rebuilds etc., but notable is also the new [responseHeaders ](https://gohugo.io/functions/resources/getremote/#responseheaders) option on `resources.GetRemote` that allows you to extract headers from the server’s response.

Bug fixes

* Fix some server/watch rebuild issues db28695ff bep 13316
* Fix "concurrent map iteration and map write" in pages from data 329b2342f bep 13254
* Fix TailwindCSS related server rebuild issue 6c68142cc bep 13316
* Fix some server rebuild issues for non-HTML custom output formats cd7dc7a37 bep 13014
* Fix cascade with overlapping sections bb7b3d3cd bep 12465
* markup/goldmark: Fix typo in func comment f704d7569 chalin

Improvements

* Don't re-render aliases on server rebuilds 778f0d900 bep
* tpl/tplimpl: Remove leading whitespaces produced by Youtube shortcode 13b208e2f alex-shpak
* resources: Remove debug statement 33b46d8a4 jmooring 13320
* markup/goldmark: Trim space from blockquote render hook text e08d9af21 jmooring 13302
* parser/pageparser: Don't allow parameters after closing tag in shortcodes c939c33fd guilhas07
* tpl/tplimpl: Improve shortcode test coverage 873a5cda1 jmooring
* tpl/tplimpl: Deprecate gist shortcode f42a4b6af jmooring 13211
* resources: Remove conditional used for debugging a5637831c bep
* resources: Add responseHeaders option to resources.GetRemote 68586c891 bep 12521
* tpl/tplimpl: Skip TestTemplateFuncsExamples on s390x 51bb2feda bep 13204
* Make cascade front matter order deterministic 7f0f50b13 bep 12594
* tpl/tplimpl: Deprecate comment shortcode 77a8e347b jmooring

This is is mostly a bug fix release. It's a minor and not a patch release because of the image file cache issue fixes (see 13273 13272). Fixing this required us to break the hashes for many of the generated images so we used this opportunity to simplify how we generate these hashes/image filenames.

Bug fixes

* Fix render hook's PlainText with typographer extension enabled 6aa72acaf bep 13286 13292
* Fix build with Go 1.24 4b0c194fb flyn-org
* tpl/tplimpl: Fix context in shortcode error messages 8de4ffb29 jmooring 13279
* resources: Fix 2 image file cache key issues 1f5a15aba bep 13273 13272

Improvements
* Also handle inline HTML comments 637995ba8 bep
* Do not warn on potentially unsafe HTML comments when unsafe=false f1de5d2a0 bep 13278
* tpl: Add loading attribute to qr shortcode 889711366 nfriedli

This release adds [try](https://gohugo.io/functions/go-template/try/), a new general mechanism for handling errors within templates, a new [images.Mask](https://gohugo.io/functions/images/mask/) image filter, a new [images.QR](https://gohugo.io/functions/images/qr/) function, a new `alignx` option to control horizontal alignment in [images.Text](https://gohugo.io/functions/images/text/), and more.


Note

* Adjust error handling in ToMath vs try (note) dde9d9d54 bep 13239
* resources: Replace error handling in GetRemote with try (note) 0918e087e bep 13216
* For render hooks, only fallback to HTML (or the defaultOutputFormat) template 76993369a bep 13242

Bug fixes

* common/paths: Fix docstring 8b5262691 jdbaldry
* commands: Fix spelling in comment 60c24fc5e bep
* Fix branch resource overlapping bundle path c5a63a3b4 bep 13228
* templates: Fix handling of multiple defers in the same template 61d3d2012 bep 13236
* Fix NPX issue with TailwindCSS v4 cfa080181 bep 13221
* Fix server refresh on 404 template changes d913f46a8 bep 13209

Improvements

* tpl/tplimpl: Simplify some test assertions 1fad3832a bep
* tpl/tplimpl: Deprecate twitter shortcode in favor of x shortcode 1191467c0 jmooring 13214
* commands: Set up the glboal logger early 41137077b bep 13265
* commands: Add --printZero to the config command 5bb156457 bep
* tpl/collections: Use MapRange/SetIterKey/SetIterValue for Where, Sort and Merge de7137cc3 bep
* tpl/collections: Add BenchmarkWhereMap 956f915f7 bep
* tpl/collections: Add BenchmarkSortMap a2a4166f6 bep
* tpl/collections: Add Merge benchmark 39f582f9f bep
* resources/images: Refactor golden image tests to locate them closer to the implementation 2501de7aa bep
* resources/images: Add some mask tests 06cc8673f bep 13244
* resources/images: Add images.Mask 71fae9918 trickkiste 13244
* tpl/tplimpl: Use plain text for image render hook alt attribute 8af04745f jmooring
* resources/images: Add some golden tests for images.QR 892b49110 bep
* tpl/images: Change signature of images.QR to images.QR TEXT OPTIONS b13d0a68e jmooring 13230
* resources/images: Add some golden tests for images.Text d9594a96f bep
* images.Text: Add "alignx" option for horizontal alignment 4a5cc2dd2 jlskuz 10849
* images: Rework the golden tests 9cad8d38c bep
* create: Respect --noBuildLock in hugo new 2a7bb1c7c bep
* tpl/images: Format the QR hashes as hex 5f2adad2c bep
* tpl/images: Add images.QR function 4ea94c451 jmooring 13205
* Add try 5d2cbee98 bep 9737
* resources: Add FromOpts for more effective resource creation 723e3f434 bep
* markup/highlight: Remove noHl option 2db43f841 jmooring 9885

Dependency Updates

* deps: Upgrade github.com/gohugoio/hashstructure from 0.1.0 to 0.3.0 a2edf04c2 bep
* build(deps): bump golang.org/x/tools from 0.28.0 to 0.29.0 f024a5050 dependabot[bot]
* build(deps): bump golang.org/x/net from 0.33.0 to 0.34.0 80704bc9a dependabot[bot]
* build(deps): bump github.com/evanw/esbuild from 0.24.0 to 0.24.2 b7b49fb0f dependabot[bot]
* build(deps): bump github.com/alecthomas/chroma/v2 from 2.14.0 to 2.15.0 a83797673 dependabot[bot]

Documentation

* docs: Regen CLI docs 88ecc3b75 bep
* docs: Regen CLI docs 44628616a bep

Build Setup

* snap: Always package latest stable version of Go 3682027a5 jmooring

The timing of this release comes from the security fix in `golang.org/x/net`'s `html.Parse` function. This is used in two places in Hugo:

1. Extracting table of contents from Asciidoctor rendered output.
2. Collecting HTML classes etc. when build stats is [enabled](https://gohugo.io/getting-started/configuration-build/#configure-build-stats)

It's a little bit of a stretch to see how this could be exploited in Hugo, but we understand that many want a clean security report. See [this issue](https://github.com/golang/go/issues/70179) for details.


What's Changed

* Print cli usage of `hugo gen chromastyles` alongside css 83cec785c diwasrimal
* build(deps): bump golang.org/x/net from 0.32.0 to 0.33.0 4e52be8b9 dependabot[bot]
* config/allconfig: Fix slice of language configs 7888ac585 jmooring 13201
* config/allconfig: Throw error when output format is not defined eb1dbe070 jmooring 13199
* Fix same resource file published more than once 77824d704 bep 13164
* markup/highlight: Add wrapperClass option ec0caaec7 bep
* Update README.md 845b8885d bep

Some bug fixes in the (most likely) last Hugo release of the year. Of some technical interest to some, I can mention that I, bep, have reworked [hugoreleaser](https://github.com/gohugoio/hugoreleaser) to use YAML (with anchors/aliases) instead of TOML for the release configuration. Have a look at the [end result](https://github.com/gohugoio/hugo/blob/master/hugoreleaser.yaml).

What's Changed

* Update gocloud and docs for S3-Compatible Endpoints e229f4b38 tebriel
* js/esbuild: Don't try to resolve packages in /assets marked as external 020253904 bep 13183
* Fix union, complement, symdiff, and intersect for transient resources 4a5e94087 bep 13181
* release: Add withdeploy deb extended archives 48a7aee96 bep 13166
* common/loggers: Write PrintTimerIfDelayed output to stdErr 6c583e322 jmooring 13171
* build(deps): bump github.com/spf13/cast from 1.7.0 to 1.7.1 5d64b492f dependabot[bot]
* hugolib: Fix fallbacks for menu entry Name and Title b3f32949c jmooring 13161

The big new feature in this release is [js.Batch](https://gohugo.io/functions/js/batch/) – this enables JavaScript bundle groups (e.g. scripts per section) with global code splitting and flexible hooks/runners setup.

Bug fixes

* Fix panic on server rebuilds when using both base templates and template.Defer a5e5be234 bep 12963
* js: Fix js.Batch for multihost setups 565c30eac bep 13151
* parser/pageparser: Fix Org Mode summary delimiter assignment 48dd6a918 jmooring 13152
* Fix a rebuild on resource rename case 744b8566e bep
* tpl/tplimpl: Fix title attribute in details shortcode a32c889a7 jmooring
* Fix Sass imports on the form index.{scss,sass} 5ab38de36 bep 13123
* markup/goldmark: Fix blockquote render hook text parsing 34373407b jmooring 12913 13119

Improvements

* js/esbuild: Add missing es2024 target 5c80cb0d2 bep
* js/esbuild: Add runners after scripts 7de5317ae bep
* js/esbuild: Batch: Avoid nil Instances slice 4cbd4ef99 bep
* tpl/tplimpl: Update youtube shortcode 852d86854 jmooring
* tpl/tplimpl: Update details shortcode 1e34e5b26 jmooring
* tpl/collections: Allow querify to accept a map argument 641d2616c jmooring 13131
* js/esbuild: Build groups in order of their ID a834bb9f7 bep
* tpl/tplimpl: Add details shortcode 4f130f6e4 racehd
* Write all logging (INFO, WARN, ERROR) to stderr 9dfa11261 bep 13074
* js/esbuild: Add platform option ec1933f79 bep 13136
* Add config option disableDefaultLanguageRedirect 75ad9cdaa bep 13133
* Add js.Batch e293e7ca6 bep 12626 7499 9978 12879 13113 13116
* Upgrade to Go 1.23.4 6be253000 bep 13130
* Remove some old and unused shell scripts 989b299b5 bep

Dependency Updates

* build(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 157d86414 dependabot[bot]
* build(deps): bump golang.org/x/tools from 0.27.0 to 0.28.0 947e4e66b dependabot[bot]
* build(deps): bump github.com/hairyhenderson/go-codeowners 5f897868c dependabot[bot]
* build(deps): bump golang.org/x/net from 0.31.0 to 0.32.0 7b6921848 dependabot[bot]