summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Release version 1.5.0Sheogorath2019-08-152-1/+48
|
* Update yarn.lockSheogorath2019-08-151-16/+49
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Add arabian translationSheogorath2019-08-153-1/+123
| | | | | | | Thanks to our great translators that made it to translate the major parts of CodiMD into Arabic! Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Disable PDF export due to security issueSheogorath2019-08-151-0/+6
| | | | | | | | | | | | As a temporary fix, to keep you and your users save, this patch disables the PDF export feature. Details of the attack along with a fix for future versions of CodiMD will be released in future. I hope you can live with this solution for this release because I'm super short on time and the alternative would be to ship no fix at all. This appears to be the better solution for this release. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Switch mysql library to mysql2Sheogorath2019-08-151-1/+1
| | | | | | | The recent sequelize upgrade introduced some other dependencies, this is one of them. This patch replaces the old `mysql` library with `mysql2`. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix variable names for docker secretsSheogorath2019-08-151-5/+5
| | | | | | | It seems like since we switched to camelcase we missed to update some variable names in the config section. This patch fixes those. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update meta-marked to latest versionSheogorath2019-08-152-10/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Meta-marked 0.4.4 which we used from our git repository contains a RegexDOS attack in the marked dependency. The dependency was already updated in our meta-marked repository, but not updated in yarn. This made us still vulnerable to this ReDOS which was able to cause a DOS attack on the server when updating a note. For Details: https://github.com/markedjs/marked/releases/tag/v0.7.0 https://github.com/markedjs/marked/pull/1515 What is a ReDOS? A ReDOS attack is a DOS attack where an attacker targets a not-well-written Regular Expression. Regular expressions try to build a tree of all possibilities it can match in order to figure out if the given statement is valid or not. A ReDOS attack abuses this concept by providing a statement that doesn't match but causes extremly huge trees that simply lead to exhausting CPU usage. For more details see: https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS Credit: Huge thanks to @bitinerant for finding this and handling it with a responsible disclosure. Also thanks to the `marked`-team for fixing things already. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update id.json (POEditor.com)Sheogorath2019-08-151-1/+3
|
* Merge pull request #141 from alangecker/fix/migration-should-return-promiseSheogorath2019-08-123-18/+18
|\ | | | | fix: migration should return promise
| * fix: migration should return promisechandi2019-08-123-18/+18
|/ | | | Signed-off-by: chandi <git@chandi.it>
* Merge pull request #140 from SISheogorath/docs/updateIconsSheogorath2019-08-081-2/+2
|\ | | | | Update badge icons
| * Update badge iconsSheogorath2019-08-031-2/+2
| | | | | | | | | | | | | | | | I just noticed that shields.io provides some nice new badges including one explicitly for Matrix and one for Mastodon. Since those are really our platforms, let's get them into our README. Just a cosmetic change. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Update de.json (POEditor.com)Sheogorath2019-08-031-14/+14
|/
* Update yarn.lockSheogorath2019-08-011-74/+2744
|
* Slightly improve docker-linux-server.mdSalim B2019-08-011-4/+4
| | | | | | | | - fix typo - add link to PhantomJS - improve formatting Signed-off-by: Salim B <salim@posteo.de>
* Merge pull request #114 from SISheogorath/fix/linuxServerDocsSheogorath2019-08-012-7/+7
|\ | | | | Fix some minor quirks in the LinuxServer.io docs
| * Fix some minor quirks in the LinuxServer.io docsSheogorath2019-08-012-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current documents might end up confusing people and are not completely accessible. This minor fixes should clear up the situation and add alt texts to all badges, explain the links at the end of the docs, and list LinuxServer.io in the supported provider section of the README. Some reasoning on the change in the listing: Since we maintain an own container image which is for sure kept updated on release, this is our first listing, as well as general solutions that are build on that image, like the K8s integration. The next listings are integrated provides which allow self-hosting, like Cloudron and I also consider LinuxServer.io as this kind of providers. Which try to enable people to run CodiMD on their own hardware or rented servers in a very easy way, but by using their own images. As third category I would look at hosted offers, like Heroku, which are not completely SaaS but far enough away from the self-hostability that I consider them as an own category. PaaS-based solutions are not as FOSS-style as we want our setups to be, but of course still supported. Finally the manual setup. We keep it down here, because we support it, but don't recommend it in general. It's hard to upgrade and can cause problems when dependencies are not correctly updated or people don't run the db migrations. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #137 from codimd/snyk-fix-90a963f5d1c4d3e15b1c30f372c2f444Sheogorath2019-08-011-1/+1
|\ \ | | | | | | [Snyk] Fix for 1 vulnerable dependencies
| * | fix: package.json to reduce vulnerabilitiessnyk-test2019-07-241-1/+1
|/ / | | | | | | | | The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MERMAID-174698
* | Merge pull request #104 from SISheogorath/feature/dntSheogorath2019-07-204-5/+7
|\ \ | | | | | | Respect DNT header
| * | Respect DNT headerSheogorath2019-06-084-5/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Do Not Track (DNT) is an old web standard in order to notify pages that the user doesn't want to be tracked. Even while a lot of pages either ignore this header or even worse, use it for tracking purposes, the orignal intention of this header is good and should be adopted. This patch implements a respect of the DNT header by no longer including the optional Google Analytics and disqus integrations when sending a DNT header. This should reduce outside resource usage and help to stay more private. This should later-on extended towards other document content (i.e. iframe based content). The reason to not change the CDN handling is that CDNs will be deprecated with next release and removed in long term. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Merge pull request #128 from dargmuesli/docker-secretsSheogorath2019-07-201-0/+1
|\ \ \ | | | | | | | | DB URL: Secret File Support
| * | | Docker Secrets: Add DB URL SupportJonas Thelemann2019-07-011-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | As the connection string may include a password it should be supported by Docker Secrets. Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
* | | | Merge pull request #119 from lhw/patch-1Sheogorath2019-07-011-0/+2
|\ \ \ \ | |/ / / |/| | | Add SVG image detection based on file extension
| * | | Add SVG image detection based on file extensionLennart Weller2019-06-181-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Add simple SVG image detecetion base on the file extension .svg. This fixes the SVG being delivered as binary/octet-stream and makes it possible to embedd the SVG. Signed-off-by: Lennart Weller <lennart.weller@hansemerkur.de>
* | | | Update sequelize to latest versionSheogorath2019-06-222-13/+16
| | | | | | | | | | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | | Update yarn.lockSheogorath2019-06-221-923/+176
| | | | | | | | | | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | | Merge pull request #107 from SISheogorath/feature/db-upgradeSheogorath2019-06-226-748/+755
|\ \ \ \ | |/ / / |/| | | Fix sequelize by updating to the latest version
| * | | fix: upgrade sequelize to latest version to fix CVEBoHong Li2019-06-116-748/+755
| | | | | | | | | | | | | | | | Signed-off-by: BoHong Li <a60814billy@gmail.com>
* | | | Update sv.json (POEditor.com)Sheogorath2019-06-161-1/+1
| | | |
* | | | Update de.json (POEditor.com)Sheogorath2019-06-161-3/+3
| |_|/ |/| |
* | | Merge pull request #111 from CHBMB/ls.ioSheogorath2019-06-133-2/+17
|\ \ \ | | | | | | | | Add docker image from LinuxServer.io as an install option.
| * | | Add docker image from LinuxServer.io as an install option.chbmb2019-06-123-2/+17
|/ / / | | | | | | | | | | | | As requested by @SISheogorath [here](https://github.com/linuxserver/docker-codimd/issues/4#issue-454332233) and further to discussion about previous PR [here.](https://github.com/codimd/server/pull/110#issuecomment-501214087) Signed-off-by: Neil Green <chbmb@linuxserver.io>
* | | Merge pull request #106 from SISheogorath/fix/dco-locationSheogorath2019-06-112-1/+1
|\ \ \ | |/ / |/| | Move DCO into docs section
| * | Move DCO into docs sectionSheogorath2019-06-102-1/+1
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | The DCO currently resides in an own directory creating a pointless additional click/tab in order to reach end read it. It also just clutteres the directory structure of the project. Therefore this patch provides moves the DCO into an own legal section in the docs directory, which is hopefully a more reasonable place. This section can also be extended in future in order to host other legal documents as well. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #103 from SISheogorath/feature/improve-loggingSheogorath2019-06-0915-69/+54
|\ \ | |/ |/| Rework debug logging
| * Rework debug loggingSheogorath2019-06-0815-69/+54
|/ | | | | | | | | | | | | | We have various places with overly simple if statements that could be handled by our logging library. Also a lot of those logs are not marked as debug logs but as info logs, which can cause confusion during debugging. This patch removed unneeded if clauses around debug logging statements, reworks debug log messages towards ECMA templates and add some new logging statements which might be helpful in order to debug things like image uploads. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #97 from SISheogorath/fix/lintingSheogorath2019-06-0450-1040/+1053
|\ | | | | Fix eslint warnings
| * Fix eslint warningsSheogorath2019-05-3150-1040/+1053
| | | | | | | | | | | | | | | | | | | | | | Since we are about to release it's time to finally fix our linting. This patch basically runs eslint --fix and does some further manual fixes. Also it sets up eslint to fail on every warning on order to make warnings visable in the CI process. There should no functional change be introduced. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #93 from ttasovac/masterSheogorath2019-06-042-0/+63
|\ \ | | | | | | fixed styling of slides preview
| * | fixed styling of slides previewToma Tasovac2019-05-302-0/+63
| |/ | | | | | | Signed-off-by: Toma Tasovac <ttasovac@humanistika.org>
* | Merge pull request #98 from codimd/ccoenen-patch-1Claudius Coenen2019-05-311-0/+4
|\ \ | | | | | | mentioning the node 6 deprecation along with the migration guide
| * | mentioning the node 6 deprecation along with the migration guideClaudius Coenen2019-05-311-0/+4
|/ / | | | | Signed-off-by: Claudius <opensource@amenthes.de>
* | Release version 1.4.0Sheogorath2019-05-312-2/+75
| | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #94 from SISheogorath/fix/mathjaxSheogorath2019-05-301-1/+11
|\ \ | |/ |/| Fix hidden MathJax output
| * Fix hidden MathJax outputSheogorath2019-05-301-1/+11
|/ | | | | | | | | | | | | | | In order to have a better experience when linking to headlines based on their ID, a patch[1] introduced a new CSS construct to add some space in front of HTML tags with an id field. Therefore they would no longer be hidden by a visible navbar. This cause a regression bug by moving the rendered mathjax out of its visible area. This patch fixes the problem by restricting the previous change to headlines only. [1]: commit c9af13cf34d1b4d66e4c3a590b875669455122a4 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update yarn.lockSheogorath2019-05-301-465/+466
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Add Discourse link to footerSheogorath2019-05-301-1/+1
| | | | | | | | As we are about to announce the community forum, we should provide a link to it in the footer. This patch adds Discouse between Riot, GitHub and Mastodon as platform to follow our progress. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #81 from SISheogorath/fix/codemirrorBottomCSSSheogorath2019-05-261-1/+4
|\ | | | | Fix CodeMirror toolbar hiding content
| * Fix CodeMirror toolbar hiding contentSheogorath2019-05-261-1/+4
| | | | | | | | | | | | | | | | | | As it may happens that the codemirror content flows underneath the status bar, this patch should help to avoid it. It adds the size of the status bar as margin-bottom so the codemirror window itself is forced above the statusbar. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>