docs: update for release 1.10.4

Co-authored-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>

AUTHORS

@@ -1,6 +1,7 @@
 # This file lists all individuals having contributed content to the repository.
 # To regenerate, use `git log --format='%aN <%aE>' | LC_ALL=C.UTF-8 sort -uf`.
 
+Achilleas Pipinellis <axilleas@users.noreply.github.com>
 Adam Hoka <hoka.adam@nexogen.hu>
 Adam Worley <28906234+AdamWorley@users.noreply.github.com>
 alecdwm <alec@owls.io>
@@ -8,6 +9,7 @@ Alex Garcia <alexsebastian.garcia@gmail.com>
 Alexander Hesse <alexander.hesse@sandstorm-media.de>
 Alexander Wellbrock <a.wellbrock@mailbox.org>
 Amolith <amolith@nixnet.xyz>
+Andreas Boesen <618847+Happy86@users.noreply.github.com>
 Antoine Aflalo <antoine@warrantymaster.com>
 aptalca <aptalca@users.noreply.github.com>
 Augustin Trancart <augustin.trancart@oslandia.com>
@@ -31,6 +33,7 @@ Colin Maudry <colin@maudry.com>
 CrazyPython <CrazyPython@users.noreply.github.com>
 Cédric Couralet <cedric.couralet@gmail.com>
 Daan Sprenkels <hello@dsprenkels.com>
+Daniel Koschützki <daniel.koschuetzki@adfinis.com>
 Daniel Lublin <daniel@lublin.se>
 Danilo Bargen <mail@dbrgn.ch>
 Dario Ernst <daddel9@nebuk.de>
@@ -90,9 +93,11 @@ Julian Rother <julian@jrother.eu>
 Jun SAKATA <jun.bj141400@gmail.com>
 Juned Khan <junedkhanc101@gmail.com>
 Kaiyu Shi <skyisno.1@gmail.com>
+Kim Brose <2803622+HarHarLinks@users.noreply.github.com>
 knjcode <knjcode@gmail.com>
 Kotaro Yamamoto <kota.crk@gmail.com>
 Lars Karlsson <lars@kajes.se>
+Lars Kiesow <lkiesow@uos.de>
 Laura Kyle <laura.kyle91@gmail.com>
 Lautaro Alvarez <lautarolalvarez@gmail.com>
 LaysDragon <laysdra7265@gmail.com>
@@ -172,6 +177,7 @@ Stratos Gerakakis <stratosgear@gmail.com>
 Stéphane Guillou <stephane.guillou@member.fsf.org>
 Stéphane Maniaci <stephane.maniaci@beta.gouv.fr>
 Takeaki Matsumoto <takeaki.matsumoto@ntt.com>
+Thary <thary@riseup.net>
 The Gitter Badger <badger@gitter.im>
 Thomas De Backer <thomasisdebacker5@gmail.com>
 Thor77 <thor77@thor77.org>
@@ -196,6 +202,7 @@ xnum <s000032001@gmail.com>
 Yannick Bungers <git@innay.de>
 Yukai Huang <yukaihuangtw@gmail.com>
 zachariast <zachariastraianos@gmail.com>
+Zachery Faria <zacheryfaria@gmail.com>
 Zankio <xxoojoeooxx1@gmail.com>
 Zearin <Zearin@users.noreply.github.com>
 Ádám Hóka <hoka.adam@nexogen.hu>

docs/content/dev/openapi.yml

@@ -3,7 +3,7 @@ openapi: 3.0.1
 info:
   title: HedgeDoc
   description: HedgeDoc is an open source collaborative note editor. Several tasks of HedgeDoc can be automated through this API.
-  version: 1.10.3
+  version: 1.10.4
   contact:
     name: HedgeDoc on GitHub
     url: https://github.com/hedgedoc/hedgedoc

docs/content/setup/docker.md

@@ -18,7 +18,7 @@ The easiest way to get started with HedgeDoc and Docker is to use the following
 version: '3'
 services:
   database:
-    image: postgres:13.4-alpine
+    image: postgres:17.7-alpine
     environment:
       - POSTGRES_USER=hedgedoc
       - POSTGRES_PASSWORD=password
@@ -28,7 +28,7 @@ services:
     restart: always
   app:
     # Make sure to use the latest release from https://hedgedoc.org/latest-release
-    image: quay.io/hedgedoc/hedgedoc:1.10.3
+    image: quay.io/hedgedoc/hedgedoc:1.10.4
     environment:
       - CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc
       - CMD_DOMAIN=localhost

docs/content/setup/manual-setup.md

@@ -19,7 +19,7 @@
 
 1. Check if you meet the [requirements at the top of this document](#manual-installation).
 2. Download the [latest release](https://hedgedoc.org/latest-release/) and extract it.  
-   <small>Alternatively, you can use Git to clone the repository and checkout a release, e.g. with `git clone -b 1.10.3 https://github.com/hedgedoc/hedgedoc.git`.</small>
+   <small>Alternatively, you can use Git to clone the repository and checkout a release, e.g. with `git clone -b 1.10.4 https://github.com/hedgedoc/hedgedoc.git`.</small>
 3. Enter the directory and execute `bin/setup`, which will install the dependencies and create example configs.
 4. Configure HedgeDoc: To get started, you can use this minimal `config.json`:
    ```json
@@ -61,7 +61,7 @@ If you want to upgrade HedgeDoc from an older version, follow these steps:
    and the latest release.
 2. Fully stop your old HedgeDoc server.
 3. [Download](https://hedgedoc.org/latest-release/) the new release and extract it over the old directory.  
-   <small>If you use Git, you can check out the new tag with e.g. `git fetch origin && git checkout 1.10.3`</small>
+   <small>If you use Git, you can check out the new tag with e.g. `git fetch origin && git checkout 1.10.4`</small>
 5. Run `bin/setup`. This will take care of installing dependencies. It is safe to run on an existing installation.
 6. *:octicons-light-bulb-16: If you used the release tarball for 1.7.0 or newer, this step can be skipped.*  
    Build the frontend bundle by running `yarn install --immutable` and `yarn build`. The extra `yarn install --immutable` is necessary as `bin/setup` does not install the       build dependencies.

package.json

@@ -1,6 +1,6 @@
 {
   "name": "HedgeDoc",
-  "version": "1.10.3",
+  "version": "1.10.4",
   "description": "The best platform to write and share markdown.",
   "main": "app.js",
   "license": "AGPL-3.0",

public/docs/release-notes.md

@@ -1,6 +1,12 @@
 # Release Notes
 
-## <i class="fa fa-tag"></i> 1.x.x <i class="fa fa-calendar-o"></i> UNRELEASED
+## <i class="fa fa-tag"></i> 1.10.4 <i class="fa fa-calendar-o"></i> 2025-12-05
+
+### Security fixes
+
+This release contains two low severity security fixes:
+- [GHSA-gmgw-rcmh-7x47](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-gmgw-rcmh-7x47) reports potential cross-site side-effects due to not applying sandboxing to iframes.
+- [GHSA-6wm6-3vpq-6qvv](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-6wm6-3vpq-6qvv) reports a possible CSRF vulnerability when using certain social login providers because the `state` parameter is not used and checked.
 
 ### Enhancements
 - Add `enableUploads` (`CMD_ENABLE_UPLOADS`) config option to restrict uploads to `registered` users, `all` users or
@@ -9,6 +15,7 @@
 - Switch from deprecated shortid to nanoid module, with 10 character long aliases in "public" links
 - Ensure compatibility with Node 24
 - Protect user history from accidental or malicious deletion by adding a CSRF-like token
+- Many enhancements in the documentation at [docs.hedgedoc.org](https://docs.hedgedoc.org)
 
 ### Bugfixes
 - Ignore the healthcheck endpoint in the "too busy" limiter
@@ -18,6 +25,20 @@
 - Fix regexes for `[time=...]`, `[name=...]` and `[color=...]` shortcodes in lists
 - Use `state` parameter for OAuth2 flows and PKCE where applicable
 
+### Node compatibility
+- Support for Node 24 was verified. The docker image now uses Node 24 as its base image.
+
+### Contributors
+- [Nora Matthias Schiffer](https://github.com/neocturne) (#6096)
+- [4censord](https://github.com/4censord) (#6102)
+- [Zachery Faria](https://github.com/ZacheryFaria) (#6105)
+- [pl7ofit](https://github.com/pl7ofit) (#6106)
+- [Lars Kiesow](https://github.com/lkiesow) (#6107)
+- [Kim Brose](https://github.com/HarHarLinks) (#6114)
+- [Achilleas Pipinellis](https://github.com/axilleas) (#6119)
+- [Andreas Boesen](https://github.com/Happy86) (#6148, #6149)
+- [Thary](https://github.com/tharynot) (#6155)
+
 ## <i class="fa fa-tag"></i> 1.10.3 <i class="fa fa-calendar-o"></i> 2025-04-09
 
 ### Security fixes