diff options
author | David Mehren | 2021-04-26 22:20:57 +0200 |
---|---|---|
committer | GitHub | 2021-04-26 22:20:57 +0200 |
commit | 90a8aebb711c42765450f6006a0400ed06202eb7 (patch) | |
tree | d82aa115813cf3d5be8725533219019953a696fd /public | |
parent | 75f1192dbe14eedfd16b8a85d8a638f9a78f11cc (diff) | |
parent | 0d943d128431f166045de53bd64575dac142d320 (diff) |
Merge pull request #1191 from hedgedoc/release/1.8.0-rc1
Diffstat (limited to 'public')
-rw-r--r-- | public/docs/release-notes.md | 50 | ||||
-rw-r--r-- | public/js/locale.js | 11 | ||||
-rw-r--r-- | public/views/index/body.ejs | 32 |
3 files changed, 52 insertions, 41 deletions
diff --git a/public/docs/release-notes.md b/public/docs/release-notes.md index 26257541..4849a029 100644 --- a/public/docs/release-notes.md +++ b/public/docs/release-notes.md @@ -1,17 +1,55 @@ # Release Notes -## <i class="fa fa-tag"></i> 1.8.0 <i class="fa fa-calendar-o"></i> UNRELEASED +## <i class="fa fa-tag"></i> 1.8.0-rc1 <i class="fa fa-calendar-o"></i> 2021-04-26 + +This release fixes a security issue. We recommend upgrading as soon as possible. **Please note:** This release dropped support for Node 10, which is end-of-life since April 2021. You now need at least Node 12 to run HedgeDoc, but we recommend running [the latest LTS release](https://nodejs.org/en/about/releases/). +### Security Fixes +- [CVE-2021-29474: Relative path traversal Attack on note creation](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-p528-555r-pf87) + +We also published an advisory for [CVE-2021-29475: PDF export allows arbitrary file reads](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-pxxg-px9v-6qf3), +which has already been fixed since HedgeDoc 1.6.0. + ### Features -- Database migrations are now automatically applied on application startup. - The separate `.sequelizerc` configuration file is no longer necessary and can be safely deleted. +- Database migrations are now automatically applied on application startup + The separate `.sequelizerc` configuration file is no longer necessary and can be safely deleted - A Prometheus-endpoint is now available at `/metrics`, exposing the same stats as `/status` - in addition to various Node.js performance figures. - + in addition to various Node.js performance figures +- Add a config option to require authentication in FreeURL mode ([#755](https://github.com/hedgedoc/hedgedoc/pull/755) by [@nidico](https://github.com/nidico)) + ### Enhancements - Removed dependency on external imgur library - +- HTML language tags are now set up in a way that stops Google Translate from translating note contents while editing +- Removed `yahoo.com` from the default content security policy +- New translations for Bulgarian, Persian, Galician, Hebrew, Hungarian, Occitan and Brazilian Portuguese + Updated translations for Arabic, English, Esperanto, Spanish, Hindi, Japanese, Korean, Polish, Portuguese, Turkish and Traditional Chinese + Thanks to all translators! +- Various dependency updates + +### Bugfixes +- Improve readability of diagrams & embeddings in night-mode +- Use the default template for new notes in FreeURL mode +- Fix frontend-crash in slide-mode if no `slideOptions` are present in the frontmatter +- Return 404 on the `/download` route for non-existent notes in FreeURL mode +- Properly clean up the UNIX socket on application exit +- Don't overwrite existing notes on POST-requests to `/new/<alias>` in FreeURL mode + +### Contributors +- Amit Upadhyay (translator) +- Atef Ben Ali (translator) +- Edi Feschiyan (translator) +- Gabriel Santiago Macedo (translator) +- Longyklee (translator) +- Nika. zhenya (translator) +- [Nicolas Dietrich](https://github.com/nidico) +- Nis (translator) +- rogerio-ar-costa (translator) +- sanami (translator) +- Tom Dereszynski (translator) +- 상규 (translator) +- uıʞǝʇuɐϽ (translator) +- UwYFmLpoKtYn (translator) ## <i class="fa fa-tag"></i> 1.7.2 <i class="fa fa-calendar-o"></i> 2021-01-15 This release fixes a security issue. We recommend upgrading as soon as possible. diff --git a/public/js/locale.js b/public/js/locale.js index 8baa77fc..ccc1d0e4 100644 --- a/public/js/locale.js +++ b/public/js/locale.js @@ -1,7 +1,6 @@ /* eslint-env browser, jquery */ /* global Cookies */ - -const supported = ['en', 'zh-CN', 'zh-TW', 'fr', 'de', 'ja', 'es', 'ca', 'el', 'pt', 'it', 'tr', 'ru', 'nl', 'hr', 'pl', 'uk', 'hi', 'sv', 'eo', 'da', 'ko', 'id', 'sr', 'vi', 'ar', 'cs', 'sk'] +const supportedLanguages = require('../../locales/_supported.json') function detectLang () { if (Cookies.get('locale')) { @@ -13,9 +12,10 @@ function detectLang () { } const userLang = navigator.language || navigator.userLanguage const userLangCode = userLang.split('-')[0] - if (supported.includes(userLangCode)) { + const supportedLanguagesList = Object.keys(supportedLanguages) + if (supportedLanguagesList.includes(userLangCode)) { return userLangCode - } else if (supported.includes(userLang)) { + } else if (supportedLanguagesList.includes(userLang)) { return userLang } return 'en' @@ -23,6 +23,9 @@ function detectLang () { const lang = detectLang() const localeSelector = $('.ui-locale') +Object.entries(supportedLanguages).forEach(function ([isoCode, nativeName]) { + localeSelector.append(`<option value="${isoCode}">${nativeName}</option>`) +}) // the following condition is needed as the selector is only available in the intro/history page if (localeSelector.length > 0) { diff --git a/public/views/index/body.ejs b/public/views/index/body.ejs index 5ae462d9..ca6204b1 100644 --- a/public/views/index/body.ejs +++ b/public/views/index/body.ejs @@ -127,37 +127,7 @@ <div class="mastfoot"> <div class="inner"> - <select class="ui-locale"> - <option value="en">English</option> - <option value="zh-CN">简体中文</option> - <option value="zh-TW">繁體中文</option> - <option value="fr">Français</option> - <option value="de">Deutsch</option> - <option value="ja">日本語</option> - <option value="es">Español</option> - <option value="ca">Català</option> - <option value="el">Ελληνικά</option> - <option value="pt">Português</option> - <option value="it">Italiano</option> - <option value="tr">Türkçe</option> - <option value="ru">Русский</option> - <option value="nl">Nederlands</option> - <option value="hr">Hrvatski</option> - <option value="pl">Polski</option> - <option value="uk">Українська</option> - <option value="hi">हिन्दी</option> - <option value="sv">Svenska</option> - <option value="eo">Esperanto</option> - <option value="da">Dansk</option> - <option value="ko">한국어</option> - <option value="id">Bahasa Indonesia</option> - <option value="sr">Cрпски</option> - <option value="vi">Tiếng Việt</option> - <option value="ar">العربية</option> - <option value="cs">Česky</option> - <option value="sk">Slovensky</option> - <option value="ml">മലയാളം</option> - </select> + <select class="ui-locale"></select> <p> <%- __('Powered by %s', '<a href="https://hedgedoc.org">HedgeDoc</a>') %> | <a href="<%- serverURL %>/s/release-notes" target="_blank" rel="noopener"><%= __('Releases') %></a> | <a href="<%- sourceURL %>" target="_blank" rel="noopener"><%= __('Source Code') %></a><% if(imprint) { %> | <a href="<%- serverURL %>/s/imprint" target="_blank" rel="noopener"><%= __('Imprint') %></a><% } %><% if(privacyStatement) { %> | <a href="<%- serverURL %>/s/privacy" target="_blank" rel="noopener"><%= __('Privacy') %></a><% } %><% if(termsOfUse) { %> | <a href="<%- serverURL %>/s/terms-of-use" target="_blank" rel="noopener"><%= __('Terms of Use') %></a><% } %> </p> |