@girish said in Security issue: Notes do not require auth to be viewed:

"defaultPermission": "limited",

Thanks guys, this did it.

The per doc setting is also good, however it only shows from the read-only view, non-editor mode. (Hint for those who can't find it while editing a doc and looking at the menus.)

@rstockm this is the upstream default, so might be worthwhile opening an issue upstream.

@girish wow, that's, ... ahem, .. questionably lovely.

One response there does mention how to transition in a few steps via unpublishing, etc, however users must deal with the old app as well as the new app manually. Less of an issue with Cloudron Admins.

If you were to now package HackMD, what would you do to name it?

Since the two apps are still data compatible, it would be a good time to migrate. Harder later.

@nebulon upstream has "heard us" 🙂
https://github.com/hedgedoc/hedgedoc/issues/2082

@hexbin thanks for the hint, this is fixed now.

I have updated the package to match upstream default of editable.

@grienauer You can set this thread to "solved" yourself.

Ha, I was right, without looking.

The logo is designed well!

Here's the process.. https://github.com/hedgedoc/hedgedoc-logo

I actually like the middle alteration best, looks like a pencil head for writing.

As mentioned in the other thread, current CodiMD upstream versions do not allow enabling this anymore due to security risks.

https://github.com/codimd/server/blob/master/public/docs/release-notes.md#announcements-1

Maybe you can raise awareness for the need with the upstream project or see if you can contribute.

I think we can close this since it's irrelevant to the actual codiMD app in the store 🙂

@girish Cool! Until then I will try to get it working myself. I'm about to submit a support request regarding a custom app deployment of hackmdio/codimd. But when do you think it will be available on the App Store?

CodiMD was updated to 1.5.0. So this issue is most likely fixed there.