From 2c12feb127259545c11dcbd0ad3d4aa64cd90a4b Mon Sep 17 00:00:00 2001 From: David Mehren Date: Thu, 6 May 2021 20:48:30 +0200 Subject: Fix 1.8.0 changelog CVE-2021-29475 has been fixed since HedgeDoc 1.5.0, instead of 1.6.0 Signed-off-by: David Mehren --- public/docs/release-notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public/docs/release-notes.md b/public/docs/release-notes.md index d3173450..38b64d34 100644 --- a/public/docs/release-notes.md +++ b/public/docs/release-notes.md @@ -11,7 +11,7 @@ This release fixes multiple security issues. We recommend upgrading as soon as p This issue allowed an attacker to hang HedgeDoc by inserting a malicious string into a note. Thanks to Ralph Krimmel for reporting! We also published an advisory for [CVE-2021-29475: PDF export allows arbitrary file reads](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-pxxg-px9v-6qf3), -which has already been fixed since HedgeDoc 1.6.0. +which has already been fixed since HedgeDoc 1.5.0. ### Features - Database migrations are now automatically applied on application startup -- cgit v1.2.3 From 1b1b328d49fe318b234d3d898db52c838a05d02a Mon Sep 17 00:00:00 2001 From: David Mehren Date: Thu, 6 May 2021 20:48:46 +0200 Subject: Add release notes for 1.8.1 Signed-off-by: David Mehren --- public/docs/release-notes.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/public/docs/release-notes.md b/public/docs/release-notes.md index 38b64d34..307c8e68 100644 --- a/public/docs/release-notes.md +++ b/public/docs/release-notes.md @@ -1,4 +1,21 @@ # Release Notes +## 1.8.1 2021-05-06 +### Enhancements +- Speed up `yarn install` in production mode (as performed by `bin/setup`) by marking frontend-only dependencies as dev-dependencies. + This also reduces the size of the docker container +- Speed up the frontend-build by using `esbuild` instead of `terser` to minify JavaScript +- Improve behavior of the 'Quote', 'List', 'Unordered List' and 'Check List' buttons in the editor to automatically + apply to the complete first and last line of the selection + +### Bugfixes +- Correct the 1.8.0 release notes to state that CVE-2021-29475 has been fixed since HedgeDoc 1.5.0. +- Fix crash on startup when `useSSL` or `csp.upgradeInsecureRequests` is enabled (thanks to [@mdegat01](https://github.com/mdegat01) for reporting) +- Automatically enable `protocolUseSSL` when `useSSL` is also enabled +- Fix the 'Quote', 'List', 'Unordered List' and 'Check List' buttons in the editor to not duplicate content + when only parts of a line are selected (thanks to [@AnomalRoli](https://github.com/AnomalRoil) for reporting) +- Fix click handler for numbered task lists (thanks to [@xoriade](https://github.com/xoriade) for reporting) + + ## 1.8.0 2021-05-03 This release fixes multiple security issues. We recommend upgrading as soon as possible. -- cgit v1.2.3 From 62452cda9ac68f3c4482df4842ac41f3eb007718 Mon Sep 17 00:00:00 2001 From: David Mehren Date: Thu, 6 May 2021 20:52:03 +0200 Subject: Update maintainers list Signed-off-by: David Mehren --- package.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/package.json b/package.json index 30dd3788..c2ebba52 100644 --- a/package.json +++ b/package.json @@ -131,6 +131,10 @@ "name": "Christoph (Sheogorath) Kern", "email": "codimd@sheogorath.shivering-isles.com", "url": "https://shivering-isles.com" + }, + { + "name":"David Mehren", + "email": "hedgedoc@herrmehren.de" } ], "repository": { -- cgit v1.2.3 From 0555d01f4a7adbb5b83137b6813245ec66518ddd Mon Sep 17 00:00:00 2001 From: David Mehren Date: Thu, 6 May 2021 20:54:50 +0200 Subject: Bump version to 1.8.1 Signed-off-by: David Mehren --- docs/content/dev/openapi.yml | 2 +- docs/content/setup/docker.md | 2 +- docs/content/setup/manual-setup.md | 4 ++-- package.json | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/content/dev/openapi.yml b/docs/content/dev/openapi.yml index 1a734451..45585e8a 100644 --- a/docs/content/dev/openapi.yml +++ b/docs/content/dev/openapi.yml @@ -3,7 +3,7 @@ openapi: 3.0.1 info: title: HedgeDoc description: HedgeDoc is an open source collaborative note editor. Several tasks of HedgeDoc can be automated through this API. - version: 1.8.0 + version: 1.8.1 contact: name: HedgeDoc on GitHub url: https://github.com/hedgedoc/hedgedoc diff --git a/docs/content/setup/docker.md b/docs/content/setup/docker.md index bc8b3ac9..41daac84 100644 --- a/docs/content/setup/docker.md +++ b/docs/content/setup/docker.md @@ -28,7 +28,7 @@ services: restart: always app: # Make sure to use the latest release from https://hedgedoc.org/latest-release - image: quay.io/hedgedoc/hedgedoc:1.8.0 + image: quay.io/hedgedoc/hedgedoc:1.8.1 environment: - CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc - CMD_DOMAIN=localhost diff --git a/docs/content/setup/manual-setup.md b/docs/content/setup/manual-setup.md index 26882ba2..bbd73f79 100644 --- a/docs/content/setup/manual-setup.md +++ b/docs/content/setup/manual-setup.md @@ -16,7 +16,7 @@ 1. Check if you meet the [requirements at the top of this document](#manual-installation). 2. Download the [latest release](https://hedgedoc.org/latest-release/) and extract it. - Alternatively, you can use Git to clone the repository and checkout a release, e.g. with `git clone -b 1.8.0 https://github.com/hedgedoc/hedgedoc.git`. + Alternatively, you can use Git to clone the repository and checkout a release, e.g. with `git clone -b 1.8.1 https://github.com/hedgedoc/hedgedoc.git`. 3. Enter the directory and execute `bin/setup`, which will install the dependencies and create example configs. 4. Configure HedgeDoc: To get started, you can use this minimal `config.json`: ```json @@ -58,7 +58,7 @@ If you want to upgrade HedgeDoc from an older version, follow these steps: and the latest release. 2. Fully stop your old HedgeDoc server. 3. [Download](https://hedgedoc.org/latest-release/) the new release and extract it over the old directory. - If you use Git, you can check out the new tag with e.g. `git fetch origin && git checkout 1.8.0` + If you use Git, you can check out the new tag with e.g. `git fetch origin && git checkout 1.8.1` 5. Run `bin/setup`. This will take care of installing dependencies. It is safe to run on an existing installation. 6. *:octicons-light-bulb-16: If you used the release tarball for 1.7.0 or newer, this step can be skipped.* Build the frontend bundle by running `yarn run build`. diff --git a/package.json b/package.json index c2ebba52..0b9dc600 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "HedgeDoc", - "version": "1.8.0", + "version": "1.8.1", "description": "The best platform to write and share markdown.", "main": "app.js", "license": "AGPL-3.0", -- cgit v1.2.3 From a897ef7dea1fd3d0ef7415bff5b3312e5fb3828a Mon Sep 17 00:00:00 2001 From: David Mehren Date: Thu, 6 May 2021 22:01:50 +0200 Subject: Update example config The development config now runs on http://localhost:3000 out-of-the-box. The production config now makes clear that domain should be changed. Both configs don't include `"linkifyHeaderStyle": "gfm"` anymore to make the links on the homepage work. Signed-off-by: David Mehren --- config.json.example | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/config.json.example b/config.json.example index 258643a9..42dac856 100644 --- a/config.json.example +++ b/config.json.example @@ -8,17 +8,15 @@ }, "development": { "loglevel": "debug", - "hsts": { - "enable": false - }, "db": { "dialect": "sqlite", "storage": "./db.hedgedoc.sqlite" }, - "linkifyHeaderStyle": "gfm" + "domain": "localhost", + "urlAddPort": true }, "production": { - "domain": "localhost", + "domain": "change this", "loglevel": "info", "hsts": { "enable": true, @@ -126,7 +124,6 @@ { "connectionString": "change this", "container": "change this" - }, - "linkifyHeaderStyle": "gfm" + } } } -- cgit v1.2.3