Applications advertising use of AES is generally a good red flag that they're rolling some sort of custom, broken crypto. Fortunately, neither seems to be the case with joplin.
I mostly was noting that they were using a recognised authenticated AES mode instead of a custom alternative which you rightly identify as almost certainly being broken crypto :P
No, I mean when an application advertises AES, then they often roll their own protocol, which is broken until proven otherwise (taught by experience). Applications advertising use of an existing protocol (e.g. "Uses [signal/noise/whatever protocol] for end-to-end encryption") are less likely to be broken than those rolling their own.
For the record, I'm using SJCL [0] for encryption based on the parameters they suggest, and whenever random numbers are needed I use cryptographically secure ones, so overall I think it should be reasonably secure. I would welcome any third-party audit though. There's some more info about E2EE in Joplin there - https://joplin.cozic.net/spec/
