Revisions of etherpad-lite
Marcus Rueckert (darix)
committed
(revision 15)
- switch node_modules tarball to vendor.tar.xz - minor cleanup of the spec file
Lars Vogdt (lrupp)
committed
(revision 14)
fix it, baby
Lars Vogdt (lrupp)
committed
(revision 13)
- refreshed patches: + etherpad-lite_abiword_missing_AbiCommand.patch + etherpad-lite_avoid_getGitCommit_call.patch + etherpad-lite_default_config.patch + etherpad-lite_move_autogenerated_key_files_to_var.patch
Lars Vogdt (lrupp)
committed
(revision 12)
- update to 1.8.7 Compatibility-breaking changes * IMPORTANT: It is no longer possible to protect a group pad with a password. All API calls to setPassword or isPasswordProtected will fail. Existing group pads that were previously password protected will no longer be password protected. If you need fine-grained access control, you can restrict API session creation in your frontend service, or you can use plugins. * All workarounds for Microsoft Internet Explorer have been removed. IE might still work, but it is untested. * Plugin hook functions are now subject to new sanity checks. Buggy hook functions will cause an error message to be logged * Authorization failures now return 403 by default instead of 401 * The authorize hook is now only called after successful authentication. Use the new preAuthorize hook if you need to bypass authentication * The authFailure hook is deprecated; use the new authnFailure and authzFailure hooks instead * The indexCustomInlineScripts hook was removed * The client context property for the handleMessage and handleMessageSecurity hooks has been renamed to socket (the old name is still usable but deprecated) * The aceAttribClasses hook functions are now called synchronously * The format of ENTER, CREATE, and LEAVE log messages has changed * Strings passed to $.gritter.add() are now expected to be plain text, not HTML. Use jQuery or DOM objects if you need formatting Notable new features * Users can now import without creating and editing the pad first * Added a new readOnly user setting that makes it possible to create users in settings.json that can read pads but not create or modify them * Added a new canCreate user setting that makes it possible to create users in settings.json that can modify pads but not create them
Lars Vogdt (lrupp)
committed
(revision 11)
- update to 1.8.6 IMPORTANT: This fixes a severe problem with postgresql in 1.8.5 SECURITY: Fix authentication bypass vulnerability API: Update version to 1.2.15 FEATURE: Add copyPadWithoutHistory API (#4295) FEATURE: Package more asset files to save http requests (#4286) MINOR: Improve UI when reconnecting TESTS: Improve tests - refreshed/renamed all patches - refreshed node_modules tarball
Lars Vogdt (lrupp)
committed
(revision 10)
fix module package
Lars Vogdt (lrupp)
committed
(revision 9)
- update to 1.8.5 IMPORTANT DROP OF SUPPORT: Drop support for IE. Browsers now need async/await. IMPORTANT SECURITY: Rate limit Commits when env=production SECURITY: Non completed uploads no longer crash Etherpad SECURITY: Log authentication requests FEATURE: Support ES6 (migrate from Uglify-JS to Terser) FEATURE: Improve support for non-cookie enabled browsers FEATURE: New hooks for index.html FEATURE: New script to delete sessions. FEATURE: New setting to allow import withing an author session on a pad FEATURE: Checks Etherpad version on startup and notifies if update is available. Also available in /admin interface. FEATURE: Timeslider updates pad location to most recent edit MINOR: Outdent UL/LI items on removal of list item MINOR: Various UL/LI import/export bugs MINOR: PDF export fix MINOR: Front end tests no longer run (and subsequently error) on pull requests MINOR: Fix issue with closing a list before it opens MINOR: Fix bug where large pads would fire a console error in timeslider MINOR: Fix ?showChat URL param issue MINOR: Issue where timeslider URI fails to be correct if padID is numeric MINOR: Include prompt for clear authorship when entire document is selected MINOR: Include full document aText every 100 revisions to make pad restoration on database curruption achievable MINOR: Several Colibris CSS fixes MINOR: Use mime library for mime types instead of hard-coded. MINOR: Don't show "new pad button" if instance is read only MINOR: Use latest NodeJS when doing Windows build MINOR: Change disconnect logic to reconnect instead of silently failing
Lars Vogdt (lrupp)
committed
(revision 8)
remove old sources
Lars Vogdt (lrupp)
committed
(revision 7)
- added etherpad-lite-1.8.4-abiword_missing_AbiCommand.patch: + looks like the latest abiword 3.0.2 on Leap 15.1 does not work together with etherpad-lite: "Plugin AbiCommand not found or loaded" => this patch simply falls back to the '--to' commandline option of abiword to get the export done
Lars Vogdt (lrupp)
committed
(revision 6)
- added etherpad-lite-1.8.4_avoid_getGitCommit_call.patch to avoid "ENOENT: no such file or directory, lstat '/srv/www/etherpad-lite/.git'" messages at server start - rebased A etherpad-lite-*_default_config.patch and etherpad-lite-*_move_autogenerated_key_files_to_var.patch
Lars Vogdt (lrupp)
committed
(revision 5)
- update to 1.8.4 This is a maintenance release after 1.8.3. Users relying on MySQL are particularly encouraged to upgrade. FIX: fix a performance regression on MySQL introduced in 1.8.3 FIX: when running behind a reverse proxy and exposed in an inner directory, fonts and toolbar icons should now be visible. This is a regression introduced in 1.8.3 FIX: cleanups in the UI after the CSS rehaul of 1.8.3 MINOR: protect against bugged/stale UI elements after updates. An explicit cache busting via random query string is performed at each start. This needs to be replaced with hashed names in static assets. MINOR: improved some tests MINOR: fixed long-standing bugs in the maintenance tools in /bin (migrateDirtyDBtoRealDB, rebuildPad, convert, importSqlFile) from 1.8.3: FEATURE: colibris is now the default skin for new installs FEATURE: improved colibris visuals, and migrated to Flexbox layout FEATURE: skin variants: colibris skin colors can be easily customized. Visit http://127.0.0.1:9001/p/test#skinvariantsbuilder REQUIREMENTS: minimum required Node version is 10.13.0 LTS. MINOR: stability fixes for the async migration in 1.8.0 (fixed many UnhandledPromiseRejectionWarning and the few remaining crashes) MINOR: improved stability of import/export functionality MINOR: fixed many small UI quirks (timeslider, import/export, chat) MINOR: Docker images are now built & run in production mode by default MINOR: reduced the size of the Docker images MINOR: better documented cookies and configuration parameters of the Docker image MINOR: better database support (especially MySQL) MINOR: additional test coverage MINOR: restored compatibility with ep_hash_auth
Lars Vogdt (lrupp)
committed
(revision 4)
- update to 1.8.0 SECURITY: change referrer policy so that Etherpad addresses aren't leaked when links are clicked (discussion: #3636) SECURITY: set the "secure" flag for the session cookies when served over SSL. From now on it will not be possible to serve the same instance both in cleartext and over SSL FEATURE: code was migrated to async/await, getting rid of a lot of callbacks (see #3540) FEATURE: support configuration via environment variables FEATURE: include an official Dockerfile in the main repository FEATURE: support including plugins in custom Docker builds FEATURE: conditional creation of users: when its password is null, a user is not created. This helps, for example, in advanced configuration of Docker images. REQUIREMENTS: minimum required Node version is 8.9.0 LTS. Release 1.8.3 will require at least Node 10.13.0 LTS MINOR: in the HTTP API, allow URL parameters and POST bodies to co-exist MINOR: fix Unicode bug in HTML export MINOR: bugfixes to colibris chat window MINOR: code simplification (avoided double negations, introduced early exits, ...) MINOR: reduced the size of the Windows package MINOR: upgraded the nodejs runtime to 10.16.3 in the Windows package SECURITY: avoided XSS in IE11 SECURITY: the version is exposed in http header only when configured SECURITY: updated vendored jQuery version SECURITY: bumped dependencies - refreshed modules tarball - added README.openSUSE - rebased A etherpad-lite-*_default_config.patch and
Lars Vogdt (lrupp)
committed
(revision 3)
add missing commatas
Lars Vogdt (lrupp)
committed
(revision 2)
- update to 1.7.5 NEW: Catch SIGTERM for graceful shutdown NEW: Show actual applied text formatting for caret position NEW: Add settings to improve scrolling of viewport on line changes NEW: Added pad shortcut disabling feature NEW: Create option to automatically reconnect after a few seconds FEATURE: introduced support for multiple skins. See http://etherpad.org/doc/v1.7.5/#index_skins FEATURE: added a new, optional skin. It can be activated choosing skinName: "colibris" in settings.json FEATURE: allow file import using LibreOffice SECURITY: updated many dependencies. No known high or moderate risk dependencies remain. SECURITY: generate better random pad names SECURITY: updated MySQL, Elasticsearch and PostgreSQL drivers SECURITY: started updating deprecated code and packages SECURITY: Escape data when listing available plugins SECURITY: Update ejs SECURITY: xss vulnerability when reading window.location.href SECURITY: sanitize jsonp FIX: don't nuke all installed plugins if npm install fails FIX: improved LibreOffice export FIX: allow debug mode on node versions >= 6.3 FIX: getLineHTMLForExport() no longer produces multiple copies of a line. WARNING: this could potentially break some plugins FIX: authorship of bullet points no longer changes when a second author edits them FIX: improved Firefox compatibility (non printable keys) FIX: getPadPlainText() was not working FIX: line numbers are aligned with text again (broken in 1.6.4)
Theo Chatzimichos (tampakrap)
committed
(revision 1)
- update to 1.6.1 - install pg-native and force usage - update to 1.6.0: - SECURITY: Fix a possible xss attack in iframe link - NEW: Add a aceSelectionChanged hook to allow plugins to react when the cursor location changes. - NEW: Accepting Arrays on 'exportHtmlAdditionalTags' to handle attributes stored as ['key', 'value'] - NEW: Allow admin to run on a sub-directory - NEW: Support version 5 of node.js - NEW: Update windows build to node version 4.4.3 - NEW: Create setting to control if a new line will be indented or not - NEW: Add an appendText API - NEW: Allow LibreOffice to be used when exporting a pad - NEW: Create hook exportHtmlAdditionalTagsWithData - NEW: Improve DB migration performance - NEW: allow settings to be applied from the filesystem - NEW: remove applySettings hook and allow credentials.json to be part of core - NEW: Use exec to switch to node process - NEW: Validate incoming color codes - Fix: Avoid space removal when pasting text from word processor. - Fix: Removing style that makes editor scroll to the top on iOS without any action from the user - Fix: Fix API call appendChatMessage to send new message to all connected clients - Fix: Timeslider "Return to pad" button - Fix: Generating pad HTML with tags like instead of TAG:VALUE
Displaying revisions 21 - 35 of 35