From 81d73b2db9e0d9bc938e242bb57bd45d948ce4f4 Mon Sep 17 00:00:00 2001 From: David Mehren Date: Tue, 11 May 2021 19:42:57 +0200 Subject: Add release notes for 1.8.2 Signed-off-by: David Mehren --- public/docs/release-notes.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/public/docs/release-notes.md b/public/docs/release-notes.md index ac4bd0bd..1d957b72 100644 --- a/public/docs/release-notes.md +++ b/public/docs/release-notes.md @@ -1,4 +1,12 @@ # Release Notes +## 1.8.2 2021-05-11 + +This release fixes two security issues. We recommend upgrading as soon as possible. + +### Security Fixes +- [CVE-2021-29503: Improper Neutralization of Script-Related HTML Tags in Notes](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-gjg7-4j2h-94fq) +- Fix a potential XSS-vector in the handling of usernames and profile pictures + ## 1.8.1 2021-05-06 ### Enhancements - Speed up `yarn install` in production mode (as performed by `bin/setup`) by marking frontend-only dependencies as dev-dependencies. -- cgit v1.2.3 From 32e31ac1e3751c47985269890580561cf452c270 Mon Sep 17 00:00:00 2001 From: David Mehren Date: Tue, 11 May 2021 21:09:03 +0200 Subject: Bump version to 1.8.2 Signed-off-by: David Mehren --- docs/content/dev/openapi.yml | 2 +- docs/content/setup/docker.md | 2 +- docs/content/setup/manual-setup.md | 4 ++-- package.json | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/content/dev/openapi.yml b/docs/content/dev/openapi.yml index 45585e8a..e28ea7d8 100644 --- a/docs/content/dev/openapi.yml +++ b/docs/content/dev/openapi.yml @@ -3,7 +3,7 @@ openapi: 3.0.1 info: title: HedgeDoc description: HedgeDoc is an open source collaborative note editor. Several tasks of HedgeDoc can be automated through this API. - version: 1.8.1 + version: 1.8.2 contact: name: HedgeDoc on GitHub url: https://github.com/hedgedoc/hedgedoc diff --git a/docs/content/setup/docker.md b/docs/content/setup/docker.md index 41daac84..ab029bad 100644 --- a/docs/content/setup/docker.md +++ b/docs/content/setup/docker.md @@ -28,7 +28,7 @@ services: restart: always app: # Make sure to use the latest release from https://hedgedoc.org/latest-release - image: quay.io/hedgedoc/hedgedoc:1.8.1 + image: quay.io/hedgedoc/hedgedoc:1.8.2 environment: - CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc - CMD_DOMAIN=localhost diff --git a/docs/content/setup/manual-setup.md b/docs/content/setup/manual-setup.md index f3ce3702..1b0bd684 100644 --- a/docs/content/setup/manual-setup.md +++ b/docs/content/setup/manual-setup.md @@ -16,7 +16,7 @@ 1. Check if you meet the [requirements at the top of this document](#manual-installation). 2. Download the [latest release](https://hedgedoc.org/latest-release/) and extract it. - Alternatively, you can use Git to clone the repository and checkout a release, e.g. with `git clone -b 1.8.1 https://github.com/hedgedoc/hedgedoc.git`. + Alternatively, you can use Git to clone the repository and checkout a release, e.g. with `git clone -b 1.8.2 https://github.com/hedgedoc/hedgedoc.git`. 3. Enter the directory and execute `bin/setup`, which will install the dependencies and create example configs. 4. Configure HedgeDoc: To get started, you can use this minimal `config.json`: ```json @@ -58,7 +58,7 @@ If you want to upgrade HedgeDoc from an older version, follow these steps: and the latest release. 2. Fully stop your old HedgeDoc server. 3. [Download](https://hedgedoc.org/latest-release/) the new release and extract it over the old directory. - If you use Git, you can check out the new tag with e.g. `git fetch origin && git checkout 1.8.1` + If you use Git, you can check out the new tag with e.g. `git fetch origin && git checkout 1.8.2` 5. Run `bin/setup`. This will take care of installing dependencies. It is safe to run on an existing installation. 6. *:octicons-light-bulb-16: If you used the release tarball for 1.7.0 or newer, this step can be skipped.* Build the frontend bundle by running `yarn install` and `yarn build`. The extra `yarn install` is necessary as `bin/setup` does not install the build dependencies. diff --git a/package.json b/package.json index 61a37f82..c7fb794a 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "HedgeDoc", - "version": "1.8.1", + "version": "1.8.2", "description": "The best platform to write and share markdown.", "main": "app.js", "license": "AGPL-3.0", -- cgit v1.2.3