18.3

[carloscabanero]

Heads up we have also updated our fonts repository to follow Nerd Fonts 3.4.0. Special thanks to @mtrolley for making it happen!
https://github.com/blinksh/fonts

v18.3.0

Build 1003 & 1004

• Fixes on mosh for clearing terminal.

Build 1001

• Bookmark fixes for external hard drives. When a location cannot be restored by the system, the URL is deemed invalid and Bookmarks would not be read anymore. Thanks to @rrgeorge for the help.

Build 995

• Alternative fix as it was noticed that this would provoke the terminal to behave erratically in some contexts.

Build 993

• Fixes a screen corruption on clear. When pressing ctrl-l or clearing the terminal some elements on the screen would persist. This seems to be a bug in WebKit. Fixes Screen corruption on clear #2127. Thanks to @Sandyel89, @mtrolley and @selevko for the thorough debugging!

[carloscabanero]

v18.3.1 build 1005 (TestFlight) and 1006 (AppStore)

This release fixes a security bug pointed by David Leadbeater! You can read all about it here: https://dgl.cx/2025/06/blink-at-a-url-handler.

When calling SSH URLs, Blink will use the URL given by the system. The URL percentage encoded components at the Host or User may contain special control characters. Although those characters may not be allowed on host or user, the decoded characters can make it down to the shell. Blink will warn the user before executing links, but a malicious link may hide this behavior within markdown or even a QR code.

This fixes the issue by rejecting sequences containing control characters before sending them to the terminal. Additionally, we are supporting proper SSH URI forms to connect additional parameters later on.

Special thanks again to David Leadbeater for the help!