Skip to content

HedgeDoc 1.8.0
Compare
Choose a tag to compare
@davidmehren davidmehren released this 03 May 20:53
· 1146 commits to master since this release
1.8.0
f48e36d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This release fixes multiple security issues. We recommend upgrading as soon as possible.

Please note: This release dropped support for Node 10, which is end-of-life since April 2021. You now need at least Node 12 to run HedgeDoc, but we recommend running the latest LTS release.

Security Fixes

We also published an advisory for CVE-2021-29475: PDF export allows arbitrary file reads,
which has already been fixed since HedgeDoc 1.5.0.

Features

  • Database migrations are now automatically applied on application startup
    The separate .sequelizerc configuration file is no longer necessary and can be safely deleted
  • A Prometheus-endpoint is now available at /metrics, exposing the same stats as /status
    in addition to various Node.js performance figures
  • Add a config option to require authentication in FreeURL mode (#755 by @nidico)

Enhancements

  • Removed dependency on external imgur library
  • HTML language tags are now set up in a way that stops Google Translate from translating note contents while editing
  • Removed yahoo.com from the default content security policy
  • New translations for Bulgarian, Persian, Galician, Hebrew, Hungarian, Occitan and Brazilian Portuguese
    Updated translations for Arabic, English, Esperanto, Spanish, Hindi, Japanese, Korean, Polish, Portuguese, Turkish and Traditional Chinese
    Thanks to all translators!
  • Various dependency updates

Bugfixes

  • Improve readability of diagrams & embeddings in night-mode
  • Use the default template for new notes in FreeURL mode
  • Fix frontend-crash in slide-mode if no slideOptions are present in the frontmatter
  • Return 404 on the /download route for non-existent notes in FreeURL mode
  • Properly clean up the UNIX socket on application exit
  • Don't overwrite existing notes on POST-requests to /new/<alias> in FreeURL mode

Contributors

  • Amit Upadhyay (translator)
  • Atef Ben Ali (translator)
  • Edi Feschiyan (translator)
  • Gabriel Santiago Macedo (translator)
  • Longyklee (translator)
  • Nika. zhenya (translator)
  • Nicolas Dietrich
  • Nis (translator)
  • rogerio-ar-costa (translator)
  • sanami (translator)
  • Tom Dereszynski (translator)
  • 상규 (translator)
  • uıʞǝʇuɐϽ (translator)
  • UwYFmLpoKtYn (translator)
Assets 3