From 0a5f4ccefd3c2b5826552d10f32778e657d0f3b8 Mon Sep 17 00:00:00 2001 From: Erik Michelson Date: Fri, 5 Dec 2025 22:26:14 +0100 Subject: [PATCH] docs: update for release 1.10.4 Co-authored-by: Philip Molares Signed-off-by: Philip Molares Signed-off-by: Erik Michelson --- AUTHORS | 7 +++++++ docs/content/dev/openapi.yml | 2 +- docs/content/setup/docker.md | 4 ++-- docs/content/setup/manual-setup.md | 4 ++-- package.json | 2 +- public/docs/release-notes.md | 23 ++++++++++++++++++++++- 6 files changed, 35 insertions(+), 7 deletions(-) diff --git a/AUTHORS b/AUTHORS index eef3d72d..97d05ef9 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,6 +1,7 @@ # This file lists all individuals having contributed content to the repository. # To regenerate, use `git log --format='%aN <%aE>' | LC_ALL=C.UTF-8 sort -uf`. +Achilleas Pipinellis Adam Hoka Adam Worley <28906234+AdamWorley@users.noreply.github.com> alecdwm @@ -8,6 +9,7 @@ Alex Garcia Alexander Hesse Alexander Wellbrock Amolith +Andreas Boesen <618847+Happy86@users.noreply.github.com> Antoine Aflalo aptalca Augustin Trancart @@ -31,6 +33,7 @@ Colin Maudry CrazyPython Cédric Couralet Daan Sprenkels +Daniel Koschützki Daniel Lublin Danilo Bargen Dario Ernst @@ -90,9 +93,11 @@ Julian Rother Jun SAKATA Juned Khan Kaiyu Shi +Kim Brose <2803622+HarHarLinks@users.noreply.github.com> knjcode Kotaro Yamamoto Lars Karlsson +Lars Kiesow Laura Kyle Lautaro Alvarez LaysDragon @@ -172,6 +177,7 @@ Stratos Gerakakis Stéphane Guillou Stéphane Maniaci Takeaki Matsumoto +Thary The Gitter Badger Thomas De Backer Thor77 @@ -196,6 +202,7 @@ xnum Yannick Bungers Yukai Huang zachariast +Zachery Faria Zankio Zearin Ádám Hóka diff --git a/docs/content/dev/openapi.yml b/docs/content/dev/openapi.yml index b09e46fc..52a0fe9c 100644 --- a/docs/content/dev/openapi.yml +++ b/docs/content/dev/openapi.yml @@ -3,7 +3,7 @@ openapi: 3.0.1 info: title: HedgeDoc description: HedgeDoc is an open source collaborative note editor. Several tasks of HedgeDoc can be automated through this API. - version: 1.10.3 + version: 1.10.4 contact: name: HedgeDoc on GitHub url: https://github.com/hedgedoc/hedgedoc diff --git a/docs/content/setup/docker.md b/docs/content/setup/docker.md index 068ec61c..2465c97b 100644 --- a/docs/content/setup/docker.md +++ b/docs/content/setup/docker.md @@ -18,7 +18,7 @@ The easiest way to get started with HedgeDoc and Docker is to use the following version: '3' services: database: - image: postgres:13.4-alpine + image: postgres:17.7-alpine environment: - POSTGRES_USER=hedgedoc - POSTGRES_PASSWORD=password @@ -28,7 +28,7 @@ services: restart: always app: # Make sure to use the latest release from https://hedgedoc.org/latest-release - image: quay.io/hedgedoc/hedgedoc:1.10.3 + image: quay.io/hedgedoc/hedgedoc:1.10.4 environment: - CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc - CMD_DOMAIN=localhost diff --git a/docs/content/setup/manual-setup.md b/docs/content/setup/manual-setup.md index dba77447..29ed0572 100644 --- a/docs/content/setup/manual-setup.md +++ b/docs/content/setup/manual-setup.md @@ -19,7 +19,7 @@ 1. Check if you meet the [requirements at the top of this document](#manual-installation). 2. Download the [latest release](https://hedgedoc.org/latest-release/) and extract it. - Alternatively, you can use Git to clone the repository and checkout a release, e.g. with `git clone -b 1.10.3 https://github.com/hedgedoc/hedgedoc.git`. + Alternatively, you can use Git to clone the repository and checkout a release, e.g. with `git clone -b 1.10.4 https://github.com/hedgedoc/hedgedoc.git`. 3. Enter the directory and execute `bin/setup`, which will install the dependencies and create example configs. 4. Configure HedgeDoc: To get started, you can use this minimal `config.json`: ```json @@ -61,7 +61,7 @@ If you want to upgrade HedgeDoc from an older version, follow these steps: and the latest release. 2. Fully stop your old HedgeDoc server. 3. [Download](https://hedgedoc.org/latest-release/) the new release and extract it over the old directory. - If you use Git, you can check out the new tag with e.g. `git fetch origin && git checkout 1.10.3` + If you use Git, you can check out the new tag with e.g. `git fetch origin && git checkout 1.10.4` 5. Run `bin/setup`. This will take care of installing dependencies. It is safe to run on an existing installation. 6. *:octicons-light-bulb-16: If you used the release tarball for 1.7.0 or newer, this step can be skipped.* Build the frontend bundle by running `yarn install --immutable` and `yarn build`. The extra `yarn install --immutable` is necessary as `bin/setup` does not install the build dependencies. diff --git a/package.json b/package.json index 87efdd31..5eb8f2da 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "HedgeDoc", - "version": "1.10.3", + "version": "1.10.4", "description": "The best platform to write and share markdown.", "main": "app.js", "license": "AGPL-3.0", diff --git a/public/docs/release-notes.md b/public/docs/release-notes.md index dcca9b55..f865aab6 100644 --- a/public/docs/release-notes.md +++ b/public/docs/release-notes.md @@ -1,6 +1,12 @@ # Release Notes -## 1.x.x UNRELEASED +## 1.10.4 2025-12-05 + +### Security fixes + +This release contains two low severity security fixes: +- [GHSA-gmgw-rcmh-7x47](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-gmgw-rcmh-7x47) reports potential cross-site side-effects due to not applying sandboxing to iframes. +- [GHSA-6wm6-3vpq-6qvv](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-6wm6-3vpq-6qvv) reports a possible CSRF vulnerability when using certain social login providers because the `state` parameter is not used and checked. ### Enhancements - Add `enableUploads` (`CMD_ENABLE_UPLOADS`) config option to restrict uploads to `registered` users, `all` users or @@ -9,6 +15,7 @@ - Switch from deprecated shortid to nanoid module, with 10 character long aliases in "public" links - Ensure compatibility with Node 24 - Protect user history from accidental or malicious deletion by adding a CSRF-like token +- Many enhancements in the documentation at [docs.hedgedoc.org](https://docs.hedgedoc.org) ### Bugfixes - Ignore the healthcheck endpoint in the "too busy" limiter @@ -18,6 +25,20 @@ - Fix regexes for `[time=...]`, `[name=...]` and `[color=...]` shortcodes in lists - Use `state` parameter for OAuth2 flows and PKCE where applicable +### Node compatibility +- Support for Node 24 was verified. The docker image now uses Node 24 as its base image. + +### Contributors +- [Nora Matthias Schiffer](https://github.com/neocturne) (#6096) +- [4censord](https://github.com/4censord) (#6102) +- [Zachery Faria](https://github.com/ZacheryFaria) (#6105) +- [pl7ofit](https://github.com/pl7ofit) (#6106) +- [Lars Kiesow](https://github.com/lkiesow) (#6107) +- [Kim Brose](https://github.com/HarHarLinks) (#6114) +- [Achilleas Pipinellis](https://github.com/axilleas) (#6119) +- [Andreas Boesen](https://github.com/Happy86) (#6148, #6149) +- [Thary](https://github.com/tharynot) (#6155) + ## 1.10.3 2025-04-09 ### Security fixes