From e4c8f869f008d1389bba92987231df0406b6b828 Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sun, 25 Apr 2021 22:18:25 +0200 Subject: Add translators to the list of contributors for 1.8.0-rc1 Signed-off-by: David Mehren --- public/docs/release-notes.md | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'public') diff --git a/public/docs/release-notes.md b/public/docs/release-notes.md index 26257541..06944b52 100644 --- a/public/docs/release-notes.md +++ b/public/docs/release-notes.md @@ -11,7 +11,21 @@ ### Enhancements - Removed dependency on external imgur library - + +### Contributors +- Amit Upadhyay (translator) +- Atef Ben Ali (translator) +- Edi Feschiyan (translator) +- Gabriel Santiago Macedo (translator) +- Longyklee (translator) +- Nika. zhenya (translator) +- Nis (translator) +- rogerio-ar-costa (translator) +- sanami (translator) +- Tom Dereszynski (translator) +- 상규 (translator) +- uıʞǝʇuɐϽ (translator) +- UwYFmLpoKtYn (translator) ## 1.7.2 2021-01-15 This release fixes a security issue. We recommend upgrading as soon as possible. -- cgit v1.2.3 From 837cf59ef9f27d8cbc6d77120304d8dcf8e7e9bb Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sun, 25 Apr 2021 22:28:42 +0200 Subject: Add support for freshly imported languages New languages: bg, fa, gl, he, hu, oc, pt-br Signed-off-by: David Mehren --- public/js/locale.js | 3 ++- public/views/index/body.ejs | 7 +++++++ 2 files changed, 9 insertions(+), 1 deletion(-) (limited to 'public') diff --git a/public/js/locale.js b/public/js/locale.js index 8baa77fc..2470bd53 100644 --- a/public/js/locale.js +++ b/public/js/locale.js @@ -1,7 +1,8 @@ /* eslint-env browser, jquery */ /* global Cookies */ -const supported = ['en', 'zh-CN', 'zh-TW', 'fr', 'de', 'ja', 'es', 'ca', 'el', 'pt', 'it', 'tr', 'ru', 'nl', 'hr', 'pl', 'uk', 'hi', 'sv', 'eo', 'da', 'ko', 'id', 'sr', 'vi', 'ar', 'cs', 'sk'] +const supported = ['en', 'zh-CN', 'zh-TW', 'fr', 'de', 'ja', 'es', 'ca', 'el', 'pt', 'it', 'tr', 'ru', 'nl', 'hr', 'pl', + 'uk', 'hi', 'sv', 'eo', 'da', 'ko', 'id', 'sr', 'vi', 'ar', 'cs', 'sk', 'ml', 'bg', 'fa', 'gl', 'he', 'hu', 'oc', 'pt-br'] function detectLang () { if (Cookies.get('locale')) { diff --git a/public/views/index/body.ejs b/public/views/index/body.ejs index 5ae462d9..54d2b32f 100644 --- a/public/views/index/body.ejs +++ b/public/views/index/body.ejs @@ -157,6 +157,13 @@ + + + + + + +

<%- __('Powered by %s', 'HedgeDoc') %> | <%= __('Releases') %> | <%= __('Source Code') %><% if(imprint) { %> | <%= __('Imprint') %><% } %><% if(privacyStatement) { %> | <%= __('Privacy') %><% } %><% if(termsOfUse) { %> | <%= __('Terms of Use') %><% } %> -- cgit v1.2.3 From 0bf97f30c4dc77145756978e6345a91d38abf528 Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sun, 25 Apr 2021 22:50:01 +0200 Subject: Add changelog for 1.8.0-rc1 Signed-off-by: David Mehren --- public/docs/release-notes.md | 34 +++++++++++++++++++++++++++++----- 1 file changed, 29 insertions(+), 5 deletions(-) (limited to 'public') diff --git a/public/docs/release-notes.md b/public/docs/release-notes.md index 06944b52..4849a029 100644 --- a/public/docs/release-notes.md +++ b/public/docs/release-notes.md @@ -1,16 +1,39 @@ # Release Notes -## 1.8.0 UNRELEASED +## 1.8.0-rc1 2021-04-26 + +This release fixes a security issue. We recommend upgrading as soon as possible. **Please note:** This release dropped support for Node 10, which is end-of-life since April 2021. You now need at least Node 12 to run HedgeDoc, but we recommend running [the latest LTS release](https://nodejs.org/en/about/releases/). +### Security Fixes +- [CVE-2021-29474: Relative path traversal Attack on note creation](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-p528-555r-pf87) + +We also published an advisory for [CVE-2021-29475: PDF export allows arbitrary file reads](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-pxxg-px9v-6qf3), +which has already been fixed since HedgeDoc 1.6.0. + ### Features -- Database migrations are now automatically applied on application startup. - The separate `.sequelizerc` configuration file is no longer necessary and can be safely deleted. +- Database migrations are now automatically applied on application startup + The separate `.sequelizerc` configuration file is no longer necessary and can be safely deleted - A Prometheus-endpoint is now available at `/metrics`, exposing the same stats as `/status` - in addition to various Node.js performance figures. - + in addition to various Node.js performance figures +- Add a config option to require authentication in FreeURL mode ([#755](https://github.com/hedgedoc/hedgedoc/pull/755) by [@nidico](https://github.com/nidico)) + ### Enhancements - Removed dependency on external imgur library +- HTML language tags are now set up in a way that stops Google Translate from translating note contents while editing +- Removed `yahoo.com` from the default content security policy +- New translations for Bulgarian, Persian, Galician, Hebrew, Hungarian, Occitan and Brazilian Portuguese + Updated translations for Arabic, English, Esperanto, Spanish, Hindi, Japanese, Korean, Polish, Portuguese, Turkish and Traditional Chinese + Thanks to all translators! +- Various dependency updates + +### Bugfixes +- Improve readability of diagrams & embeddings in night-mode +- Use the default template for new notes in FreeURL mode +- Fix frontend-crash in slide-mode if no `slideOptions` are present in the frontmatter +- Return 404 on the `/download` route for non-existent notes in FreeURL mode +- Properly clean up the UNIX socket on application exit +- Don't overwrite existing notes on POST-requests to `/new/` in FreeURL mode ### Contributors - Amit Upadhyay (translator) @@ -19,6 +42,7 @@ - Gabriel Santiago Macedo (translator) - Longyklee (translator) - Nika. zhenya (translator) +- [Nicolas Dietrich](https://github.com/nidico) - Nis (translator) - rogerio-ar-costa (translator) - sanami (translator) -- cgit v1.2.3 From 0d943d128431f166045de53bd64575dac142d320 Mon Sep 17 00:00:00 2001 From: Erik Michelson Date: Mon, 26 Apr 2021 00:18:08 +0200 Subject: Extract list of supported languages in separate file Signed-off-by: Erik Michelson --- public/js/locale.js | 12 +++++++----- public/views/index/body.ejs | 39 +-------------------------------------- 2 files changed, 8 insertions(+), 43 deletions(-) (limited to 'public') diff --git a/public/js/locale.js b/public/js/locale.js index 2470bd53..ccc1d0e4 100644 --- a/public/js/locale.js +++ b/public/js/locale.js @@ -1,8 +1,6 @@ /* eslint-env browser, jquery */ /* global Cookies */ - -const supported = ['en', 'zh-CN', 'zh-TW', 'fr', 'de', 'ja', 'es', 'ca', 'el', 'pt', 'it', 'tr', 'ru', 'nl', 'hr', 'pl', - 'uk', 'hi', 'sv', 'eo', 'da', 'ko', 'id', 'sr', 'vi', 'ar', 'cs', 'sk', 'ml', 'bg', 'fa', 'gl', 'he', 'hu', 'oc', 'pt-br'] +const supportedLanguages = require('../../locales/_supported.json') function detectLang () { if (Cookies.get('locale')) { @@ -14,9 +12,10 @@ function detectLang () { } const userLang = navigator.language || navigator.userLanguage const userLangCode = userLang.split('-')[0] - if (supported.includes(userLangCode)) { + const supportedLanguagesList = Object.keys(supportedLanguages) + if (supportedLanguagesList.includes(userLangCode)) { return userLangCode - } else if (supported.includes(userLang)) { + } else if (supportedLanguagesList.includes(userLang)) { return userLang } return 'en' @@ -24,6 +23,9 @@ function detectLang () { const lang = detectLang() const localeSelector = $('.ui-locale') +Object.entries(supportedLanguages).forEach(function ([isoCode, nativeName]) { + localeSelector.append(``) +}) // the following condition is needed as the selector is only available in the intro/history page if (localeSelector.length > 0) { diff --git a/public/views/index/body.ejs b/public/views/index/body.ejs index 54d2b32f..ca6204b1 100644 --- a/public/views/index/body.ejs +++ b/public/views/index/body.ejs @@ -127,44 +127,7 @@

- +

<%- __('Powered by %s', 'HedgeDoc') %> | <%= __('Releases') %> | <%= __('Source Code') %><% if(imprint) { %> | <%= __('Imprint') %><% } %><% if(privacyStatement) { %> | <%= __('Privacy') %><% } %><% if(termsOfUse) { %> | <%= __('Terms of Use') %><% } %>

-- cgit v1.2.3