HedgeDoc - Package Updates

girish

[1.16.0]

• Update base image to 4.0.0

girish

[1.16.1]

• Update HedgeDoc to 1.9.7
• Full changelog
• Fix note titles with special characters producing invalid file names in user export zip file
• Fix night-mode toggle not working when page is loaded with night-mode enabled

girish

[1.16.2]

• Update HedgeDoc to 1.9.8
• Full changelog
• Extend boolean environment variable parsing with other positive answers and case insensitivity
• Allow setting of documentMaxLength via CMD_DOCUMENT_MAX_LENGTH environment variable (contributed by @jmallach)
• Add dedicated healthcheck endpoint at /_health that is less resource intensive than /status
• Compatibility with Node.js 18 and later
• Add a config option to disable the /status and /metrics endpoints

girish

[1.16.3]

• Update HedgeDoc to 1.9.9
• Full changelog
• CVE-2023-38487: API allows to hide existing notes

girish

[1.17.0]

• Implement OIDC auth

girish

[1.18.0]

• Update base image to 4.2.0

girish

[1.19.0]

• Implement optionalSso

Package Updates

[1.20.0]

• Update HedgeDoc to 1.10.0
• Full changelog
• GHSA-pjf2-269h-cx7p: MySQL & free URL mode allows to hide existing notes
• Add disableNoteCreation config option for read-only instances
• Add a pointer to Mermaid 9.1.7 documentation, which is what HedgeDoc 1 supports.
• Compatibility with Node.js 22 is now checked in CI
• Fix a crash when having numeric-only values in opengraph frontmatter
• Fix unnecessary session creation on healthcheck endpoint
• Fix invalid metadata being sent for minio uploads
• Fix screen readers announcing headings twice
• Fix a crash when receiving unexpected OAuth profile data
• Fix some cases of HedgeDoc not redirecting to the previous page after login
• Fix heading anchor links referencing an invalid URL
• Our meta-marked package is now published to NPM, fixing some installation issues

Package Updates

Latest release was reverted https://community.hedgedoc.org/t/new-hedgedoc-1-x-release/1908

Package Updates

Turns out it was a false alarm , so the release is back

Package Updates

[1.20.1]

• CLOUDRON_OIDC_PROVIDER_NAME implemented

Package Updates

[1.20.2]

• Update hedgedoc to 1.10.1
• Full Changelog
• Add fixed rate-limiting to the login and register endpoints
• Add configurable rate-limiting to the new notes endpoint
• Fix a crash when cannot read user profile in OAuth (#​5850 by @​lautaroalvarez)
• Fix CSP Header for mermaid embedded images (#​5887 by @​domrim)
• Change default of HSTS preload to false for compliance with the HSTS preload list requirements (#​5913 by @​SvizelPritula)
• Dominik Rimpf
• Lautaro Alvarez

Package Updates

[1.20.3]

• Update hedgedoc to 1.10.2
• Full Changelog
• Check if a valid user id is present when using OAuth2
• Abort SAML login if NameID is undefined instead of logging in with a user named "undefined" (Thanks @​Haanifee)
• Set default values for username and email attribute mapping in SAML configuration

Package Updates

[1.21.0]

• Update base image to 5.0.0

Package Updates

[1.21.1]

• Update hedgedoc to 1.10.3
• Full Changelog
• This release fixes a security issue of a possible XSS exploit which can be planted via a malicous SVG file upload.
• See GHSA-3983-rrqh-mvx5 for more details
• Add config options CMD_SAML_WANT_ASSERTIONS_SIGNED and CMD_SAML_WANT_AUTHN_RESPONSE_SIGNED for SAML auth, since
• some instances didn't comply with the new defaults of @node-saml/passport-saml