diff options
| -rw-r--r-- | docs/content/dev/openapi.yml | 2 | ||||
| -rw-r--r-- | docs/content/setup/manual-setup.md | 2 | ||||
| -rw-r--r-- | package.json | 2 | ||||
| -rw-r--r-- | public/docs/release-notes.md | 9 |
4 files changed, 12 insertions, 3 deletions
diff --git a/docs/content/dev/openapi.yml b/docs/content/dev/openapi.yml index c5de475c..3ad0837e 100644 --- a/docs/content/dev/openapi.yml +++ b/docs/content/dev/openapi.yml @@ -3,7 +3,7 @@ openapi: 3.0.1 info: title: HedgeDoc description: HedgeDoc is an open source collaborative note editor. Several tasks of HedgeDoc can be automated through this API. - version: 1.7.1 + version: 1.7.2 contact: name: HedgeDoc on GitHub url: https://github.com/hedgedoc/hedgedoc diff --git a/docs/content/setup/manual-setup.md b/docs/content/setup/manual-setup.md index 6cb7c75a..143d7544 100644 --- a/docs/content/setup/manual-setup.md +++ b/docs/content/setup/manual-setup.md @@ -19,7 +19,7 @@ 1. Check if you meet the [requirements at the top of this document](#requirements-on-your-server). 2. Download a [release](https://github.com/hedgedoc/hedgedoc/releases) tarball and extract it. - Alternatively, you can use Git to clone the repository and checkout a release, e.g. with `git clone -b 1.7.0 https://github.com/hedgedoc/hedgedoc.git`. + Alternatively, you can use Git to clone the repository and checkout a release, e.g. with `git clone -b 1.7.2 https://github.com/hedgedoc/hedgedoc.git`. 3. Enter the directory and type `bin/setup`, which will install the dependencies and create configs. 4. Modify the file named `config.json` or configure HedgeDoc through environment variables which will overwrite the configs, see docs [here](https://github.com/hedgedoc/hedgedoc/blob/master/docs/configuration.md). 5. **If using the release tarball for 1.7.0 or newer, this step can be skipped.** diff --git a/package.json b/package.json index 3e8046bb..6b0f0da3 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "HedgeDoc", - "version": "1.7.1", + "version": "1.7.2", "description": "The best platform to write and share markdown.", "main": "app.js", "license": "AGPL-3.0", diff --git a/public/docs/release-notes.md b/public/docs/release-notes.md index 598a5c83..a58018c2 100644 --- a/public/docs/release-notes.md +++ b/public/docs/release-notes.md @@ -1,4 +1,13 @@ # Release Notes +## <i class="fa fa-tag"></i> 1.7.2 <i class="fa fa-calendar-o"></i> 2021-01-15 +This release fixes a security issue. We recommend upgrading as soon as possible. +### Security Fixes +- [CVE-2021-21259: Stored XSS in slide mode](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-44w9-vm8p-3cxw) + An attacker can inject arbitrary JavaScript into a HedgeDoc note. + +### Bugfixes +- Ensure the last line of the markdown editor is not covered by the status bar (thanks to [@mhdrone](https://github.com/mhdrone) for reporting!) + ## <i class="fa fa-tag"></i> 1.7.1 <i class="fa fa-calendar-o"></i> 2020-12-27 This release fixes two security issues. We recommend upgrading as soon as possible. ### Security Fixes |