HedgeDoc - Package Updates
-
[1.16.2]
- Update HedgeDoc to 1.9.8
- Full changelog
- Extend boolean environment variable parsing with other positive answers and case insensitivity
- Allow setting of documentMaxLength via CMD_DOCUMENT_MAX_LENGTH environment variable (contributed by @jmallach)
- Add dedicated healthcheck endpoint at /_health that is less resource intensive than /status
- Compatibility with Node.js 18 and later
- Add a config option to disable the /status and /metrics endpoints
-
[1.20.0]
- Update HedgeDoc to 1.10.0
- Full changelog
- GHSA-pjf2-269h-cx7p: MySQL & free URL mode allows to hide existing notes
- Add disableNoteCreation config option for read-only instances
- Add a pointer to Mermaid 9.1.7 documentation, which is what HedgeDoc 1 supports.
- Compatibility with Node.js 22 is now checked in CI
- Fix a crash when having numeric-only values in opengraph frontmatter
- Fix unnecessary session creation on healthcheck endpoint
- Fix invalid metadata being sent for minio uploads
- Fix screen readers announcing headings twice
- Fix a crash when receiving unexpected OAuth profile data
- Fix some cases of HedgeDoc not redirecting to the previous page after login
- Fix heading anchor links referencing an invalid URL
- Our meta-marked package is now published to NPM, fixing some installation issues
-
Latest release was reverted https://community.hedgedoc.org/t/new-hedgedoc-1-x-release/1908
-
Turns out it was a false alarm , so the release is back
-
[1.20.1]
- CLOUDRON_OIDC_PROVIDER_NAME implemented
-
[1.20.2]
- Update hedgedoc to 1.10.1
- Full Changelog
- Add fixed rate-limiting to the login and register endpoints
- Add configurable rate-limiting to the new notes endpoint
- Fix a crash when cannot read user profile in OAuth (#5850 by @lautaroalvarez)
- Fix CSP Header for mermaid embedded images (#5887 by @domrim)
- Change default of HSTS preload to false for compliance with the HSTS preload list requirements (#5913 by @SvizelPritula)
- Dominik Rimpf
- Lautaro Alvarez
-
[1.20.3]
- Update hedgedoc to 1.10.2
- Full Changelog
- Check if a valid user id is present when using OAuth2
- Abort SAML login if NameID is undefined instead of logging in with a user named "undefined" (Thanks @Haanifee)
- Set default values for username and email attribute mapping in SAML configuration
-
[1.21.0]
- Update base image to 5.0.0
-
[1.21.1]
- Update hedgedoc to 1.10.3
- Full Changelog
- This release fixes a security issue of a possible XSS exploit which can be planted via a malicous SVG file upload.
- See GHSA-3983-rrqh-mvx5 for more details
- Add config options
CMD_SAML_WANT_ASSERTIONS_SIGNEDandCMD_SAML_WANT_AUTHN_RESPONSE_SIGNEDfor SAML auth, since - some instances didn't comply with the new defaults of
@node-saml/passport-saml
