Releases: linuxserver/docker-hedgedoc
1.11.0-ls192
c2f39ff
LinuxServer-CI
LinuxServer.io CI
CI Report:
https://ci-tests.linuxserver.io/linuxserver/hedgedoc/1.11.0-ls192/index.html
LinuxServer Changes:
Full Changelog: 1.10.8-ls191...1.11.0-ls192
Remote Changes:
Security fixes
This release contains four security fixes:
- GHSA-6c2w-8w96-3pcv reports a possible HTML injection via the localpart of an email address.
- GHSA-qj78-mjch-wwrv reports a possible Denial-of-Service attack using the YAML frontmatter parsing.
- GHSA-8v9p-5j95-826j reports a possible CSRF attack vector in the GitHub Gist export.
- GHSA-2f9f-w8xq-276v reports a rate-limiting bypass by abusing the CF-Connecting-IP header.
Thanks to Chandler Johnson, taylorodell and alanturing881 for reporting!
Important notices
- When using Cloudflare in front of HedgeDoc, you should set
rateLimitUsingCloudflarein the config.json orCMD_RATE_LIMIT_USING_CLOUDFLAREas environment variable totrue.
Enhancements
- Added a warning page when clicking external links
- Improve the config.json.example file, which is used by
bin/setup - Allow configuration of login / signup rate-limits
- Allow configuration of Cloudflare usage in regards of rate-limits
- Several improvements in the documentation at https://docs.hedgedoc.org
1.10.8-ls191
a6311e3
LinuxServer-CI
LinuxServer.io CI
CI Report:
https://ci-tests.linuxserver.io/linuxserver/hedgedoc/1.10.8-ls191/index.html
LinuxServer Changes:
Full Changelog: 1.10.8-ls190...1.10.8-ls191
Remote Changes:
Bugfixes
- Fix data loss when 5+ users edit a document concurrently, caused by the OT client discarding operations during revision gap recovery (#6342)
- Add defensive null checks to
hex2rgbto prevent crashes from non-hex color values
Maintenance
- Dependency updates
Contributors
1.10.8-ls190
206042a
LinuxServer-CI
LinuxServer.io CI
CI Report:
https://ci-tests.linuxserver.io/linuxserver/hedgedoc/1.10.8-ls190/index.html
LinuxServer Changes:
Full Changelog: 1.10.8-ls189...1.10.8-ls190
Remote Changes:
Bugfixes
- Fix data loss when 5+ users edit a document concurrently, caused by the OT client discarding operations during revision gap recovery (#6342)
- Add defensive null checks to
hex2rgbto prevent crashes from non-hex color values
Maintenance
- Dependency updates
Contributors
1.10.8-ls189
e0841c8
LinuxServer-CI
LinuxServer.io CI
CI Report:
https://ci-tests.linuxserver.io/linuxserver/hedgedoc/1.10.8-ls189/index.html
LinuxServer Changes:
Full Changelog: 1.10.8-ls188...1.10.8-ls189
Remote Changes:
Bugfixes
- Fix data loss when 5+ users edit a document concurrently, caused by the OT client discarding operations during revision gap recovery (#6342)
- Add defensive null checks to
hex2rgbto prevent crashes from non-hex color values
Maintenance
- Dependency updates
Contributors
1.10.8-ls188
c900c75
LinuxServer-CI
LinuxServer.io CI
CI Report:
https://ci-tests.linuxserver.io/linuxserver/hedgedoc/1.10.8-ls188/index.html
LinuxServer Changes:
Full Changelog: 1.10.7-ls187...1.10.8-ls188
Remote Changes:
Bugfixes
- Fix data loss when 5+ users edit a document concurrently, caused by the OT client discarding operations during revision gap recovery (#6342)
- Add defensive null checks to
hex2rgbto prevent crashes from non-hex color values
Maintenance
- Dependency updates
Contributors
1.10.7-ls187
e6ec1ff
LinuxServer-CI
LinuxServer.io CI
CI Report:
https://ci-tests.linuxserver.io/linuxserver/hedgedoc/1.10.7-ls187/index.html
LinuxServer Changes:
Full Changelog: 1.10.7-ls186...1.10.7-ls187
Remote Changes:
Bugfixes
- Random colors for user's cursors and selections are now always in hex format to avoid conversion errors
- Correctly close realtime connections if they disconnect during connection creation
- manage_users CLI does not silently drop errors
1.10.7-ls186
52c4391
LinuxServer-CI
LinuxServer.io CI
CI Report:
https://ci-tests.linuxserver.io/linuxserver/hedgedoc/1.10.7-ls186/index.html
LinuxServer Changes:
Full Changelog: 1.10.7-ls185...1.10.7-ls186
Remote Changes:
Bugfixes
- Random colors for user's cursors and selections are now always in hex format to avoid conversion errors
- Correctly close realtime connections if they disconnect during connection creation
- manage_users CLI does not silently drop errors
1.10.7-ls185
e726900
LinuxServer-CI
LinuxServer.io CI
CI Report:
https://ci-tests.linuxserver.io/linuxserver/hedgedoc/1.10.7-ls185/index.html
LinuxServer Changes:
Full Changelog: 1.10.7-ls184...1.10.7-ls185
Remote Changes:
Bugfixes
- Random colors for user's cursors and selections are now always in hex format to avoid conversion errors
- Correctly close realtime connections if they disconnect during connection creation
- manage_users CLI does not silently drop errors
1.10.7-ls184
f5ea085
LinuxServer-CI
LinuxServer.io CI
CI Report:
https://ci-tests.linuxserver.io/linuxserver/hedgedoc/1.10.7-ls184/index.html
LinuxServer Changes:
Full Changelog: 1.10.7-ls183...1.10.7-ls184
Remote Changes:
Bugfixes
- Random colors for user's cursors and selections are now always in hex format to avoid conversion errors
- Correctly close realtime connections if they disconnect during connection creation
- manage_users CLI does not silently drop errors
1.10.7-ls183
e41182b
LinuxServer-CI
LinuxServer.io CI
CI Report:
https://ci-tests.linuxserver.io/linuxserver/hedgedoc/1.10.7-ls183/index.html
LinuxServer Changes:
Full Changelog: 1.10.6-ls182...1.10.7-ls183
Remote Changes:
Bugfixes
- Random colors for user's cursors and selections are now always in hex format to avoid conversion errors
- Correctly close realtime connections if they disconnect during connection creation
- manage_users CLI does not silently drop errors