HedgeDoc - Package Updates

nebulon

The next version is blocked by a known passport node module issue. Upstream already has a branch with fixes but we will just wait for a fixed official release.

girish

[1.15.1]

• Update HedgeDoc to 1.9.2
• Full changelog
• Add workaround for incorrect CSP handling in Safari
• Fix crash when an unexpected response from the GitLab API is encountered
• Fix crash when using hungarian language

girish

[1.15.2]

• Update base image to 3.2.0

nebulon

[1.15.3]

• Update HedgeDoc to 1.9.3
• Full changelog
• Fix Enumerable upload file names
• Libravatar avatars render as ident-icons when no avatar image was uploaded to Libravatar or Gravatar
• Add database connection error message to log output
• Allow SAML authentication provider to be named
• Suppress error message when git binary is not found

nebulon

[1.15.4]

• Update HedgeDoc to 1.9.4
• Full changelog
• Remove unexpected shell call during migrations
• More S3 config options: upload folder & public ACL (thanks to @lautaroalvarez)

girish

[1.15.5]

• Change allowFreeUrl to allowFreeURL in default config

girish

[1.15.6]

• Update HedgeDoc to 1.9.5
• Full changelog
• Add dark mode toggle in mobile view
• Replace embedding shortcode regexes with more specific ones to safeguard against XSS attacks

girish

[1.15.7]

• Update HedgeDoc to 1.9.6
• Full changelog
• Fix migrations deleting all notes when SQLite is used

girish

[1.16.0]

• Update base image to 4.0.0

girish

[1.16.1]

• Update HedgeDoc to 1.9.7
• Full changelog
• Fix note titles with special characters producing invalid file names in user export zip file
• Fix night-mode toggle not working when page is loaded with night-mode enabled

girish

[1.16.2]

• Update HedgeDoc to 1.9.8
• Full changelog
• Extend boolean environment variable parsing with other positive answers and case insensitivity
• Allow setting of documentMaxLength via CMD_DOCUMENT_MAX_LENGTH environment variable (contributed by @jmallach)
• Add dedicated healthcheck endpoint at /_health that is less resource intensive than /status
• Compatibility with Node.js 18 and later
• Add a config option to disable the /status and /metrics endpoints

girish

[1.16.3]

• Update HedgeDoc to 1.9.9
• Full changelog
• CVE-2023-38487: API allows to hide existing notes

girish

[1.17.0]

• Implement OIDC auth

girish

[1.18.0]

• Update base image to 4.2.0

girish

[1.19.0]

• Implement optionalSso

Package Updates

[1.20.0]

• Update HedgeDoc to 1.10.0
• Full changelog
• GHSA-pjf2-269h-cx7p: MySQL & free URL mode allows to hide existing notes
• Add disableNoteCreation config option for read-only instances
• Add a pointer to Mermaid 9.1.7 documentation, which is what HedgeDoc 1 supports.
• Compatibility with Node.js 22 is now checked in CI
• Fix a crash when having numeric-only values in opengraph frontmatter
• Fix unnecessary session creation on healthcheck endpoint
• Fix invalid metadata being sent for minio uploads
• Fix screen readers announcing headings twice
• Fix a crash when receiving unexpected OAuth profile data
• Fix some cases of HedgeDoc not redirecting to the previous page after login
• Fix heading anchor links referencing an invalid URL
• Our meta-marked package is now published to NPM, fixing some installation issues

Package Updates

Latest release was reverted https://community.hedgedoc.org/t/new-hedgedoc-1-x-release/1908

Package Updates

Turns out it was a false alarm , so the release is back

Package Updates

[1.20.1]

• CLOUDRON_OIDC_PROVIDER_NAME implemented

Package Updates

[1.20.2]

• Update hedgedoc to 1.10.1
• Full Changelog
• Add fixed rate-limiting to the login and register endpoints
• Add configurable rate-limiting to the new notes endpoint
• Fix a crash when cannot read user profile in OAuth (#​5850 by @​lautaroalvarez)
• Fix CSP Header for mermaid embedded images (#​5887 by @​domrim)
• Change default of HSTS preload to false for compliance with the HSTS preload list requirements (#​5913 by @​SvizelPritula)
• Dominik Rimpf
• Lautaro Alvarez