From 2c12feb127259545c11dcbd0ad3d4aa64cd90a4b Mon Sep 17 00:00:00 2001 From: David Mehren Date: Thu, 6 May 2021 20:48:30 +0200 Subject: Fix 1.8.0 changelog CVE-2021-29475 has been fixed since HedgeDoc 1.5.0, instead of 1.6.0 Signed-off-by: David Mehren --- public/docs/release-notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'public') diff --git a/public/docs/release-notes.md b/public/docs/release-notes.md index d3173450..38b64d34 100644 --- a/public/docs/release-notes.md +++ b/public/docs/release-notes.md @@ -11,7 +11,7 @@ This release fixes multiple security issues. We recommend upgrading as soon as p This issue allowed an attacker to hang HedgeDoc by inserting a malicious string into a note. Thanks to Ralph Krimmel for reporting! We also published an advisory for [CVE-2021-29475: PDF export allows arbitrary file reads](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-pxxg-px9v-6qf3), -which has already been fixed since HedgeDoc 1.6.0. +which has already been fixed since HedgeDoc 1.5.0. ### Features - Database migrations are now automatically applied on application startup -- cgit v1.2.3 From 1b1b328d49fe318b234d3d898db52c838a05d02a Mon Sep 17 00:00:00 2001 From: David Mehren Date: Thu, 6 May 2021 20:48:46 +0200 Subject: Add release notes for 1.8.1 Signed-off-by: David Mehren --- public/docs/release-notes.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'public') diff --git a/public/docs/release-notes.md b/public/docs/release-notes.md index 38b64d34..307c8e68 100644 --- a/public/docs/release-notes.md +++ b/public/docs/release-notes.md @@ -1,4 +1,21 @@ # Release Notes +## 1.8.1 2021-05-06 +### Enhancements +- Speed up `yarn install` in production mode (as performed by `bin/setup`) by marking frontend-only dependencies as dev-dependencies. + This also reduces the size of the docker container +- Speed up the frontend-build by using `esbuild` instead of `terser` to minify JavaScript +- Improve behavior of the 'Quote', 'List', 'Unordered List' and 'Check List' buttons in the editor to automatically + apply to the complete first and last line of the selection + +### Bugfixes +- Correct the 1.8.0 release notes to state that CVE-2021-29475 has been fixed since HedgeDoc 1.5.0. +- Fix crash on startup when `useSSL` or `csp.upgradeInsecureRequests` is enabled (thanks to [@mdegat01](https://github.com/mdegat01) for reporting) +- Automatically enable `protocolUseSSL` when `useSSL` is also enabled +- Fix the 'Quote', 'List', 'Unordered List' and 'Check List' buttons in the editor to not duplicate content + when only parts of a line are selected (thanks to [@AnomalRoli](https://github.com/AnomalRoil) for reporting) +- Fix click handler for numbered task lists (thanks to [@xoriade](https://github.com/xoriade) for reporting) + + ## 1.8.0 2021-05-03 This release fixes multiple security issues. We recommend upgrading as soon as possible. -- cgit v1.2.3