Merge pull request #1267 from hedgedoc/release/1.8.2

5 files changed, 13 insertions, 5 deletions

diff --git a/docs/content/dev/openapi.yml b/docs/content/dev/openapi.yml
index 45585e8a..e28ea7d8 100644
--- a/docs/content/dev/openapi.yml
+++ b/docs/content/dev/openapi.yml
@@ -3,7 +3,7 @@ openapi: 3.0.1
 info:
   title: HedgeDoc
   description: HedgeDoc is an open source collaborative note editor. Several tasks of HedgeDoc can be automated through this API.
-  version: 1.8.1
+  version: 1.8.2
   contact:
     name: HedgeDoc on GitHub
     url: https://github.com/hedgedoc/hedgedoc
diff --git a/docs/content/setup/docker.md b/docs/content/setup/docker.md
index 41daac84..ab029bad 100644
--- a/docs/content/setup/docker.md
+++ b/docs/content/setup/docker.md
@@ -28,7 +28,7 @@ services:
     restart: always
   app:
     # Make sure to use the latest release from https://hedgedoc.org/latest-release
-    image: quay.io/hedgedoc/hedgedoc:1.8.1
+    image: quay.io/hedgedoc/hedgedoc:1.8.2
     environment:
       - CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc
       - CMD_DOMAIN=localhost
diff --git a/docs/content/setup/manual-setup.md b/docs/content/setup/manual-setup.md
index f3ce3702..1b0bd684 100644
--- a/docs/content/setup/manual-setup.md
+++ b/docs/content/setup/manual-setup.md
@@ -16,7 +16,7 @@
 
 1. Check if you meet the [requirements at the top of this document](#manual-installation).
 2. Download the [latest release](https://hedgedoc.org/latest-release/) and extract it.  
-   <small>Alternatively, you can use Git to clone the repository and checkout a release, e.g. with `git clone -b 1.8.1 https://github.com/hedgedoc/hedgedoc.git`.</small>
+   <small>Alternatively, you can use Git to clone the repository and checkout a release, e.g. with `git clone -b 1.8.2 https://github.com/hedgedoc/hedgedoc.git`.</small>
 3. Enter the directory and execute `bin/setup`, which will install the dependencies and create example configs.
 4. Configure HedgeDoc: To get started, you can use this minimal `config.json`:
    ```json
@@ -58,7 +58,7 @@ If you want to upgrade HedgeDoc from an older version, follow these steps:
    and the latest release.
 2. Fully stop your old HedgeDoc server.
 3. [Download](https://hedgedoc.org/latest-release/) the new release and extract it over the old directory.  
-   <small>If you use Git, you can check out the new tag with e.g. `git fetch origin && git checkout 1.8.1`</small>
+   <small>If you use Git, you can check out the new tag with e.g. `git fetch origin && git checkout 1.8.2`</small>
 5. Run `bin/setup`. This will take care of installing dependencies. It is safe to run on an existing installation.
 6. *:octicons-light-bulb-16: If you used the release tarball for 1.7.0 or newer, this step can be skipped.*  
    Build the frontend bundle by running `yarn install` and `yarn build`. The extra `yarn install` is necessary as `bin/setup` does not install the       build dependencies.
diff --git a/package.json b/package.json
index 61a37f82..c7fb794a 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "HedgeDoc",
-  "version": "1.8.1",
+  "version": "1.8.2",
   "description": "The best platform to write and share markdown.",
   "main": "app.js",
   "license": "AGPL-3.0",
diff --git a/public/docs/release-notes.md b/public/docs/release-notes.md
index ac4bd0bd..1d957b72 100644
--- a/public/docs/release-notes.md
+++ b/public/docs/release-notes.md
@@ -1,4 +1,12 @@
 # Release Notes
+## <i class="fa fa-tag"></i> 1.8.2 <i class="fa fa-calendar-o"></i> 2021-05-11
+
+This release fixes two security issues. We recommend upgrading as soon as possible.
+
+### Security Fixes
+- [CVE-2021-29503: Improper Neutralization of Script-Related HTML Tags in Notes](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-gjg7-4j2h-94fq)
+- Fix a potential XSS-vector in the handling of usernames and profile pictures
+
 ## <i class="fa fa-tag"></i> 1.8.1 <i class="fa fa-calendar-o"></i> 2021-05-06
 ### Enhancements
 - Speed up `yarn install` in production mode (as performed by `bin/setup`) by marking frontend-only dependencies as dev-dependencies.