HedgeDoc - Package Updates
-
[1.22.0]
- Update hedgedoc to 1.11.0
- Full Changelog
- GHSA-6c2w-8w96-3pcv reports a possible HTML injection via the localpart of an email address.
- GHSA-qj78-mjch-wwrv reports a possible Denial-of-Service attack using the YAML frontmatter parsing.
- GHSA-8v9p-5j95-826j reports a possible CSRF attack vector in the GitHub Gist export.
- GHSA-2f9f-w8xq-276v reports a rate-limiting bypass by abusing the CF-Connecting-IP header.
- When using Cloudflare in front of HedgeDoc, you should set
rateLimitUsingCloudflarein the config.json orCMD_RATE_LIMIT_USING_CLOUDFLAREas environment variable totrue. - Added a warning page when clicking external links
- Improve the config.json.example file, which is used by
bin/setup - Allow configuration of login / signup rate-limits
- Allow configuration of Cloudflare usage in regards of rate-limits
- Several improvements in the documentation at https://docs.hedgedoc.org
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login