HedgeDoc - Package Updates
-
[1.16.2]
- Update HedgeDoc to 1.9.8
- Full changelog
- Extend boolean environment variable parsing with other positive answers and case insensitivity
- Allow setting of documentMaxLength via CMD_DOCUMENT_MAX_LENGTH environment variable (contributed by @jmallach)
- Add dedicated healthcheck endpoint at /_health that is less resource intensive than /status
- Compatibility with Node.js 18 and later
- Add a config option to disable the /status and /metrics endpoints
-
[1.20.0]
- Update HedgeDoc to 1.10.0
- Full changelog
- GHSA-pjf2-269h-cx7p: MySQL & free URL mode allows to hide existing notes
- Add disableNoteCreation config option for read-only instances
- Add a pointer to Mermaid 9.1.7 documentation, which is what HedgeDoc 1 supports.
- Compatibility with Node.js 22 is now checked in CI
- Fix a crash when having numeric-only values in opengraph frontmatter
- Fix unnecessary session creation on healthcheck endpoint
- Fix invalid metadata being sent for minio uploads
- Fix screen readers announcing headings twice
- Fix a crash when receiving unexpected OAuth profile data
- Fix some cases of HedgeDoc not redirecting to the previous page after login
- Fix heading anchor links referencing an invalid URL
- Our meta-marked package is now published to NPM, fixing some installation issues
-
Latest release was reverted https://community.hedgedoc.org/t/new-hedgedoc-1-x-release/1908
-
Turns out it was a false alarm , so the release is back
-
[1.20.1]
- CLOUDRON_OIDC_PROVIDER_NAME implemented
-
[1.20.2]
- Update hedgedoc to 1.10.1
- Full Changelog
- Add fixed rate-limiting to the login and register endpoints
- Add configurable rate-limiting to the new notes endpoint
- Fix a crash when cannot read user profile in OAuth (#​5850 by @​lautaroalvarez)
- Fix CSP Header for mermaid embedded images (#​5887 by @​domrim)
- Change default of HSTS preload to false for compliance with the HSTS preload list requirements (#​5913 by @​SvizelPritula)
- Dominik Rimpf
- Lautaro Alvarez
-
[1.20.3]
- Update hedgedoc to 1.10.2
- Full Changelog
- Check if a valid user id is present when using OAuth2
- Abort SAML login if NameID is undefined instead of logging in with a user named "undefined" (Thanks @​Haanifee)
- Set default values for username and email attribute mapping in SAML configuration
-
[1.21.0]
- Update base image to 5.0.0
-
[1.21.1]
- Update hedgedoc to 1.10.3
- Full Changelog
- This release fixes a security issue of a possible XSS exploit which can be planted via a malicous SVG file upload.
- See GHSA-3983-rrqh-mvx5 for more details
- Add config options
CMD_SAML_WANT_ASSERTIONS_SIGNEDandCMD_SAML_WANT_AUTHN_RESPONSE_SIGNEDfor SAML auth, since - some instances didn't comply with the new defaults of
@node-saml/passport-saml
-
[1.21.2]
- Update hedgedoc to 1.10.5
- Full Changelog
- Fix the bundled healthcheck in the docker container
- GHSA-gmgw-rcmh-7x47 reports potential cross-site side-effects due to not applying sandboxing to iframes.
- GHSA-6wm6-3vpq-6qvv reports a possible CSRF vulnerability when using certain social login providers because the
stateparameter is not used and checked. - Add
enableUploads(CMD_ENABLE_UPLOADS) config option to restrict uploads toregisteredusers,allusers or - Allow links to protocols such as xmpp, webcal or geo
- Switch from deprecated shortid to nanoid module, with 10 character long aliases in "public" links
- Ensure compatibility with Node 24
- Protect user history from accidental or malicious deletion by adding a CSRF-like token
- Many enhancements in the documentation at docs.hedgedoc.org
- Ignore the healthcheck endpoint in the "too busy" limiter
- Send the referrer origin for YouTube embeddings due to their requirement
-
[1.21.3]
- Update hedgedoc to 1.10.6
- Full Changelog
- GHSA-x74j-jmf9-534w reports a bug where security headers for upload files were not set correctly.
- GHSA-672m-p72w-gw28 reports potential security issues with limited script execution in uploaded SVG files.
-
[1.21.4]
- Update hedgedoc to 1.10.7
- Full Changelog
- Random colors for user's cursors and selections are now always in hex format to avoid conversion errors
- Correctly close realtime connections if they disconnect during connection creation
- manage_users CLI does not silently drop errors
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login