Etherpad Lite - Package updates

girish

Update to 2.5.0 is blocked by https://github.com/ether/ep_font_color/issues/106

Package Updates

[4.4.0]

• Update etherpad-lite to 2.5.1
• Full Changelog
• Added endpoint for prometheus scraping. You can now scrape the metrics endpoint with prometheus. It is available at /stats/prometheus if you have enableMetrics set to true in your settings.json
• fixed exposeVersion causing the pad panel to not load correctly
• fixed admin manage pad url to also take the base path into account
• Updated to express 5.0.0. This is a major update to express that brings a lot of improvements and fixes. Please update all your plugins to the latest version to ensure compatibility. A lot changed in the route matching, and thus old plugins will throw errors and crash Etherpad.
• Fixed an issue with the no-skin theme with cookie recentPadList feature
• Fixed layout issues with the no-skin theme

Package Updates

[4.4.1]

• Ensure all preinstalled plugins have pinned versions

Package Updates

[4.4.2]

• Update etherpad-lite to 2.5.2
• Full Changelog
• Fixes the no skin theme having an overlapping
• Adds a new setting to disable recent pads to be shown. By setting showRecentPads to false in the settings.json file you can disable the recent pads feature on the home screen.
• Sets the oidc-provider version to 9.5.1 as 9.5.2 crashes Etherpad on startup.

Package Updates

[4.4.3]

• Update etherpad-lite to 2.5.3
• Full Changelog

Package Updates

[4.5.0]

• Update etherpad-lite to 2.6.0
• Full Changelog
• Added native option to transfer your Etherpad session between browsers. If you use multiple browsers or different PC for Etherpad they are different sessions. Meaning typing on one PC and then switching to another one in the same pad will result in different authorship colors. With this new feature you can now transfer your session to another browser or PC. To do so, open the home page and click on the wheel icon in the top right corner. After that click through the first dialog prompting you to copy a code to your clipboard. On your second browser open the same dialog and switch to "Receive Session" tab. There you can paste the code you copied before and click on "Receive Session". After that your session is transferred, and you can continue editing with the same authorship color as before. Just be aware that you can't have two active sessions at once in a pad.
• Updated to oidc provider v2.6.0 after resolving compatibility issues.

Package Updates

[4.6.0]

• Update etherpad-lite to 2.7.0
• Full Changelog
• Abiword has been replaced with LibreOffice for document import/export. If you were using Abiword for DOCX/ODT/PDF conversion, update your settings.json to point soffice at your LibreOffice binary. DOCX export is now supported out of the box.
• Added line numbers to the timeslider so you can follow along with specific lines while replaying a pad's history.
• Added a playback speed setting to the timeslider you can now scrub through history faster (or slower) than real time.
• Creator-owned pad settings defaults: the user who creates a pad now seeds its default settings, giving pad creators more control over initial configuration.
• Cookie names are now configurable via a prefix setting. Useful when running multiple Etherpads on the same domain and you need to keep their session cookies from colliding.
• Added a new aceRegisterLineAttributes hook so plugins can preserve custom line attributes across Enter / line-split operations. Documentation for the hook is included.
• Database drivers are now bundled with Etherpad again, so fresh installs no longer fail to connect to Postgres, MySQL, and friends out of the box. A regression test has been added to prevent this from breaking again.
• Pending changesets are now flushed immediately after a reconnect instead of being silently dropped, and users are warned when a pending edit is not accepted by the server.
• Head revision and atext are now captured atomically, preventing the occasional "mismatched apply" errors on busy pads.
• POST API requests with a JSON body no longer time out.

Package Updates

[4.6.1]

• Update etherpad-lite to 2.7.1
• Full Changelog
• fixed stop harcoding lang=en, letting the client auto detect locale
• Stop mutating the shared plugin registry during sanitization
• Preserve non-breaking space

Package Updates

[4.6.2]

• Update etherpad-lite to 2.7.2
• Full Changelog
• Accessibility pass: corrected dialog semantics, improved focus management, added missing icon labels, and set the html lang attribute correctly.
• Chat: clicking the chat icon works again, disabled toggles render properly, and the username layout no longer overflows.
• /export/etherpad now honors the :rev URL segment, so revision-specific exports return the requested revision instead of the latest.
• Undo / redo now scrolls the viewport to follow the caret, so reverted edits stay in view.
• Page Down / Page Up now scrolls by viewport height instead of a fixed line count, matching standard editor behavior on tall and short windows alike.
• Editbar: caret is restored to the pad after changing a toolbar select, so typing continues in the document instead of falling through to the toolbar.
• Admin: i18n is restored on /admin so the admin UI is translated again.

Package Updates

[4.6.3]

• Update etherpad-lite to 2.7.3
• Full Changelog
• Pad compaction. New compactPad HTTP API plus bin/compactPad and bin/compactAllPads CLIs to reclaim database space on long-lived pads with heavy edit history (issue #6194). --keep N retains the last N revisions; --dry-run previews per-pad rev counts before writing. Per-pad failures don't stop the bulk run.
• Social / mobile metadata. Pad, timeslider, and home views now emit Open Graph and Twitter Card tags (closes #7599) and a theme-color meta that matches the toolbar on mobile.
• Socket.io: don't kick authenticated duplicate-author sessions. A regression where two tabs from the same authenticated author could evict each other has been fixed (#7656 / #7678).
• Anchor scrolling. Anchor-link navigation now waits for layout to settle, so jumping to a deep link no longer overshoots.
• Plugin updater. bin/updatePlugins.sh actually updates installed plugins again (closes #6670).
• Settings: stable per-release version string. randomVersionString is now derived from the release identity rather than regenerated on each boot, so caches behave correctly across restarts of the same version.

Package Updates

[4.6.4]

• fix: update doc links from /apps/ to /packages/

Package Updates

[4.7.0]

• Update etherpad-lite to 3.0.0
• Full Changelog
• Minimum required Node.js version is now 24. Node.js 22 is no longer supported. Node 25 was briefly the floor mid-cycle but was rolled back to 24 LTS (Krypton, supported through ~May 2028) because Node 25 reached end-of-life on 2026-04-10 (see #7779 / #7781). The CI matrix targets Node 24 and 26. Node 24 still ships Corepack, so existing bin/installer.sh / bin/installer.ps1 flows continue to work unchanged; the global pnpm install fallback added for the Node 25 detour is kept for forward-compatibility.
• pnpm floor raised to pnpm@11.1.2. packageManager is now pinned to pnpm@11.1.2 and engines.pnpm requires >=11.1.2. The Dockerfile, snap, .deb and all GitHub workflows are aligned.
• swagger-ui-express removed. /api-docs now serves a vendored, telemetry-free copy of Scalar (see the privacy item below). The route, the OpenAPI document, and the rendered output are unchanged for downstream consumers, but anything that introspected swagger-ui-express internals will need updating.
• Debian package depends on nodejs (>= 24). The signed apt repository at etherpad.org/apt is rebuilt against this floor; older Node packages are no longer acceptable as a dependency (#7754).
• Parsed JSONC settings editor in /admin. The settings page now parses settings.json as JSONC (with comments and trailing commas preserved), validates edits in-browser, and writes the file back without clobbering comment blocks (#7709, closes #7603, takes over #7666).
• Native DOCX export (opt-in). A html-to-docx-based exporter lands as an alternative to the LibreOffice path, so installs that don't want soffice on the host can still produce .docx. soffice is now documented as optional for .docx and .pdf (#7568 / #7707, issue #7538).
• Admin restore search and sort. SearchField and the column-sort helpers used by the authors page were lost during the admin rework; they're restored (#7746).
• Admin German strings hardcoded in error paths. A handful of leftover German strings from the rework are replaced with i18n keys (#7735 / #7736).
• Settings username: false / malformed color: false regression. Legacy settings.json files that used false to disable a feature no longer surface as 'false' username or 'malformed color: false' errors (#7688, issue #7686).
• Reject USER_CHANGES inserts that arrive without an author attribute, closing a server-side trust gap where unattributed changes could be applied to a pad (#7773).

Package Updates

[4.8.0]

• Update etherpad-lite to 3.1.0
• Full Changelog
• Self-update Tier 4 (autonomous in a maintenance window). Set updates.tier: "autonomous" together with updates.maintenanceWindow: {"start":"HH:MM","end":"HH:MM","tz":"local"|"utc"} to constrain autonomous updates to a nightly window. The scheduler snaps scheduledFor forward to the next window opening when grace would otherwise land outside the window, and defers the fire when the window has closed by the timer callback. Cross-midnight windows (end < start) are supported; DST transitions are absorbed by host wall-clock arithmetic. A missing or malformed window degrades the policy to Tier 3 with an explicit policy.reason of maintenance-window-missing / maintenance-window-invalid; an admin banner surfaces the misconfiguration so autonomous behaviour is not silently disabled. The admin update page shows a "Maintenance window" section with the parsed window summary, the next opening, and a "deferred until <iso>" subtitle on the scheduled panel when the timer has been snapped forward. Closes #7607 (#7753).
• Updater real SMTP via nodemailer (new top-level mail.* block). Replaces the "(would send email)" stub. New settings: mail.host, mail.port, mail.secure, mail.from, mail.auth.{user,pass}. mail.host=null keeps the legacy log-only behaviour. The nodemailer dependency is lazy-imported on first send so installs that don't configure mail pay no runtime cost; the transport is cached on the full SMTP options tuple so a reloadSettings() change to host/port/credentials invalidates the cache. settings.json.docker reads MAIL_HOST / MAIL_FROM / MAIL_PORT / MAIL_SECURE from env. Send errors are logged warn and swallowed so a transient SMTP failure can never poison the updater state machine.

Package Updates

[4.9.0]

• Update etherpad-lite to 3.2.0
• Full Changelog
• HTTP accept X-Forwarded-Prefix and X-Ingress-Path under trustProxy (#7802 / #7806).
• Admin settings resolved runtime values surface on env-pill chips (#7803 / #7807).
• Admin pads filter chip now applies server-side, before pagination (#7798).
• Pad outdated notice author now resolved from token cookie, not session (Qodo #7804 / #7805).
• Localisation silence spurious "could not translate element content" warning (#7797).
• CI swap archived ep_readonly_guest for ep_guest in the plugin matrix (#7795 / #7808).
• Tests admin saveSettings round-trip + cross-restart persistence (#7819 / #7820 / #7821).
• Bug report template now asks contributors whether the abstraction in their proposed fix matches the rest of the codebase, to head off premature-generalisation fixes earlier in review.
• ueberdb2 6.0.3 6.1.2 (two patch releases of cleanup on top of the 6.1.0 findKeysPaged API that the 3.1.0 sessionstorage OOM fix relies on).
• Multiple updates from translatewiki.net.

Package Updates

[4.10.0]

• Update etherpad-lite to 3.3.0
• Full Changelog
• Plugin pad options on by default settings.enablePluginPadOptions now defaults to true (#7841).
• Timeslider honour the editor's view settings (#7899).
• HTTP API request handling, random IDs, and plugin loading (#7906).
• Escape exported data-* attributes; warn on default/placeholder credentials (#7905).
• Docker deployment defaults require explicit credentials, default TRUST_PROXY off (#7907).
• History mode lay the timeslider iframe in the editor's flex slot (#7903).
• Pad editor restore URL wrapping (#7894 / #7896).
• RTL content option no longer flips the whole page (#7900 / #7901).
• URL view-option params lost to a padeditor.init race (#7840 / #7843).
• Two major bumps: redis 5.12.1 6.0.0 (#7869) and ejs 5.0.2 6.0.1 (#7860).

Package Updates

[4.10.1]

• Update etherpad-lite to 3.3.1
• Full Changelog
• Pad editor escape and integer-coerce the numbered-list start attribute (GHSA-f7h5-v9hm-548j, #7937). A crafted <ol start> value flowed unescaped into domline.ts, a distinct client-side sink from the export-path fix in 3.3.0's #7905. The value is now integer-coerced and HTML-escaped before it reaches the DOM. A jsdom regression test covers the sink.
• Skin paint the root canvas so iOS dark mode has no white status bar (#7606 / #7931). iOS Safari paints the top safe area from the html root background, which theme-color (an Android address-bar hint) does not affect, so dark-mode pads showed a white status-bar strip on iOS. Colibris now sets the root background and color-scheme so the safe area matches the editor.
• Settings show the detected language in the dropdown (#7925 / #7928). The settings language <select> did not reflect the language Etherpad had actually auto-detected; it now shows the active selection.
• Pad don't issue a deletion token (or show its modal) when allowPadDeletionByAllUsers is on (#7929). With pad deletion open to all users the client still minted a deletion token and surfaced the confirm modal; both are now suppressed in that configuration.
• Admin one unreadable pad no longer empties the Manage-pads list (#7935 / #7938). A single pad that failed to read could throw out of the list-hydration path and blank the entire admin Manage-pads view; the read is now guarded per-pad so the rest of the list still renders.
• ueberdb2 6.1.8 6.1.9 PostgreSQL pool errors are now handled and TCP keep-alive is enabled (fixes #7878), and the Redis and RethinkDB drivers attach connection-error handlers so a dropped database connection no longer crashes the Etherpad process.
• semver 7.8.2 7.8.3 (#7933), rate-limiter-flexible 11.1.1 11.2.0 (#7934), plus a dev-dependencies group update (#7932).

Package Updates

[4.10.2]

• Update etherpad-lite to 3.3.2
• Full Changelog
• Force @opentelemetry/core 2.8.0 (GHSA-8988-4f7v-96qf / CVE-2026-54285, #7975). The transitive dep (pulled in via @elastic/elasticsearch @elastic/transport) had a W3CBaggagePropagator.extract() that did not enforce W3C size limits on inbound baggage headers, allowing unbounded memory allocation. Pinned via a pnpm-workspace.yaml override; satisfies the existing 2.x range with no parent bump.
• Resolve open Dependabot security alerts (#7967). Refreshes stale override floors and adds new ones via pnpm-workspace overrides: form-data 4.0.6, ws 8.21.0, esbuild 0.28.1, basic-ftp 5.3.1 (capped <6.0.0 to avoid a surprise major on the plugin-install path), tar 7.5.16, js-yaml 4.2.0, qs 6.15.2, ip-address 10.1.1, and @babel/core 7.29.6.
• Reject read-only deletion via token-less paths (part of #7959 / #7960). Under allowPadDeletionByAllUsers a read-only viewer was granted canDeletePad=true, and the server's flagOk/creatorOk branches never checked session.readonly so a read-only link holder could delete a pad without a token. Read-only sessions are now excluded from both the client var and the server's token-less authorization paths; a valid recovery token stays sufficient regardless of session mode.
• Pad deletion suppress the recovery token for durable identities and relabel the action (#7926 / #7930). Building on the allowPadDeletionByAllUsers suppression, a creator's deletion token is now also withheld when they have a durable identity authenticated (req.session.user with a username) and the deployment pins that identity to a stable authorID via a getAuthorId hook since only then does the creator survive a cookie clear or a different device, making the token redundant.
• Offline/air-gapped installs env-var overrides for the update check, plugin catalog, and updater (#7917, addresses #7911). Firewalled deployments could not disable Etherpad's outbound calls without editing settings.json inside the image.
• Pad keep the token-less Delete button reachable without pad-wide settings (#7959 / #7960). The token-less #delete-pad button was nested inside the enablePadWideSettings-gated section, so disabling pad-wide settings removed the only no-token deletion path.
• History mode restore the saved-revision markers (#7946 / #7948). When #7659 moved the timeslider into the pad as an embedded iframe, the user-facing control became the outer #history-slider-input, but the saved-revision stars were still drawn into the now-hidden iframe #ui-slider-bar, so "Save Revision" appeared to do nothing in in-pad history mode (a 3.3.x regression).
• Import dialog correct the outdated "no converter" help message (#7988 / #7989). The notice claimed only plain text and HTML could be imported and linked to the legacy AbiWord wiki, prompting LibreOffice installs for formats that already work natively.
• PadManager reject unreachable . and .. pad ids (#7962). isValidPadId accepted ids consisting only of URL dot-segments, but per the WHATWG URL standard a browser normalises /p/. to /p/ and /p/.. to /, so such a pad could be created in the database yet never opened or exported.
• CLI fix the database migration/import scripts against the ueberdb2 promise API (#7982 / #7983). migrateDB.ts opened source and target databases, copied all keys, then resolved without closing either so under ueberdb2 6.1.x the keep-alive timer kept the process hanging after "Done syncing dbs", and buffered target writes were only guaranteed flushed on close().