HedgeDoc - Package Updates
Pinned
HedgeDoc
-
[1.13.0]
- Update HedgeDoc to 1.8.0
- Full changelog
- CVE-2021-29474: Relative path traversal Attack on note creation
- Removed dependency on external imgur library
- HTML language tags are now set up in a way that stops Google Translate from translating note contents while editing
- Removed yahoo.com from the default content security policy
- New translations for Bulgarian, Persian, Galician, Hebrew, Hungarian, Occitan and Brazilian Portuguese
- Updated translations for Arabic, English, Esperanto, Spanish, Hindi, Japanese, Korean, Polish, Portuguese, Turkish and Traditional Chinese
- CVE-2021-21306: Underscore ReDoS in the marked library
-
[1.13.1]
- Update HedgeDoc to 1.8.1
- Full changelog
- Improve behavior of the 'Quote', 'List', 'Unordered List' and 'Check List' buttons in the editor to automatically apply to the complete first and last line of the selection
- Fix click handler for numbered task
-
[1.15.0]
- Update HedgeDoc to 1.9.0
- Full changelog
- CVE-2021-39175: XSS vector in slide mode speaker-view
- This release removes Google Analytics and Disqus domains from our default Content Security Policy, because they were repeatedly used to exploit security vulnerabilities.
If you want to continue using Google Analytics or Disqus, you can re-enable them in the config.
-
[1.15.3]
- Update HedgeDoc to 1.9.3
- Full changelog
- Fix Enumerable upload file names
- Libravatar avatars render as ident-icons when no avatar image was uploaded to Libravatar or Gravatar
- Add database connection error message to log output
- Allow SAML authentication provider to be named
- Suppress error message when git binary is not found
-
[1.16.2]
- Update HedgeDoc to 1.9.8
- Full changelog
- Extend boolean environment variable parsing with other positive answers and case insensitivity
- Allow setting of documentMaxLength via CMD_DOCUMENT_MAX_LENGTH environment variable (contributed by @jmallach)
- Add dedicated healthcheck endpoint at /_health that is less resource intensive than /status
- Compatibility with Node.js 18 and later
- Add a config option to disable the /status and /metrics endpoints