HedgeDoc - Package Updates

girish

[1.15.0]

• Update HedgeDoc to 1.9.0
• Full changelog
• CVE-2021-39175: XSS vector in slide mode speaker-view
• This release removes Google Analytics and Disqus domains from our default Content Security Policy, because they were repeatedly used to exploit security vulnerabilities.
  If you want to continue using Google Analytics or Disqus, you can re-enable them in the config.

nebulon

The next version is blocked by a known passport node module issue. Upstream already has a branch with fixes but we will just wait for a fixed official release.

girish

[1.15.1]

• Update HedgeDoc to 1.9.2
• Full changelog
• Add workaround for incorrect CSP handling in Safari
• Fix crash when an unexpected response from the GitLab API is encountered
• Fix crash when using hungarian language

girish

[1.15.2]

• Update base image to 3.2.0

nebulon

[1.15.3]

• Update HedgeDoc to 1.9.3
• Full changelog
• Fix Enumerable upload file names
• Libravatar avatars render as ident-icons when no avatar image was uploaded to Libravatar or Gravatar
• Add database connection error message to log output
• Allow SAML authentication provider to be named
• Suppress error message when git binary is not found

nebulon

[1.15.4]

• Update HedgeDoc to 1.9.4
• Full changelog
• Remove unexpected shell call during migrations
• More S3 config options: upload folder & public ACL (thanks to @lautaroalvarez)

girish

[1.15.5]

• Change allowFreeUrl to allowFreeURL in default config

girish

[1.15.6]

• Update HedgeDoc to 1.9.5
• Full changelog
• Add dark mode toggle in mobile view
• Replace embedding shortcode regexes with more specific ones to safeguard against XSS attacks

girish

[1.15.7]

• Update HedgeDoc to 1.9.6
• Full changelog
• Fix migrations deleting all notes when SQLite is used

girish

[1.16.0]

• Update base image to 4.0.0

girish

[1.16.1]

• Update HedgeDoc to 1.9.7
• Full changelog
• Fix note titles with special characters producing invalid file names in user export zip file
• Fix night-mode toggle not working when page is loaded with night-mode enabled

girish

[1.16.2]

• Update HedgeDoc to 1.9.8
• Full changelog
• Extend boolean environment variable parsing with other positive answers and case insensitivity
• Allow setting of documentMaxLength via CMD_DOCUMENT_MAX_LENGTH environment variable (contributed by @jmallach)
• Add dedicated healthcheck endpoint at /_health that is less resource intensive than /status
• Compatibility with Node.js 18 and later
• Add a config option to disable the /status and /metrics endpoints

girish

[1.16.3]

• Update HedgeDoc to 1.9.9
• Full changelog
• CVE-2023-38487: API allows to hide existing notes

girish

[1.17.0]

• Implement OIDC auth

girish

[1.18.0]

• Update base image to 4.2.0

girish

[1.19.0]

• Implement optionalSso

Package Updates

[1.20.0]

• Update HedgeDoc to 1.10.0
• Full changelog
• GHSA-pjf2-269h-cx7p: MySQL & free URL mode allows to hide existing notes
• Add disableNoteCreation config option for read-only instances
• Add a pointer to Mermaid 9.1.7 documentation, which is what HedgeDoc 1 supports.
• Compatibility with Node.js 22 is now checked in CI
• Fix a crash when having numeric-only values in opengraph frontmatter
• Fix unnecessary session creation on healthcheck endpoint
• Fix invalid metadata being sent for minio uploads
• Fix screen readers announcing headings twice
• Fix a crash when receiving unexpected OAuth profile data
• Fix some cases of HedgeDoc not redirecting to the previous page after login
• Fix heading anchor links referencing an invalid URL
• Our meta-marked package is now published to NPM, fixing some installation issues

Package Updates

Latest release was reverted https://community.hedgedoc.org/t/new-hedgedoc-1-x-release/1908

Package Updates

Turns out it was a false alarm , so the release is back

Package Updates

[1.20.1]

• CLOUDRON_OIDC_PROVIDER_NAME implemented