- update to 1.8.16
  Security fixes 
  + Maliciously crafted .etherpad files can no longer overwrite arbitrary
    non-pad database records when imported.
  + Imported .etherpad files are now subject to numerous consistency checks 
    before any records are written to the database. This should help avoid 
    denial-of-service attacks via imports of malformed .etherpad files.
  + Fixed leak of the writable pad ID when exporting from the pad's 
    read-only ID. This only matters if you treat the writeable pad IDs 
    as secret (e.g., you are not using ep_padlist2) and you share the 
    pad's read-only ID with untrusted users. 
    Instead of treating writeable pad IDs as secret, you are encouraged
    to take advantage of Etherpad's authentication and authorization 
    mechanisms (e.g., use ep_openid_connect with ep_readonly_guest, 
    or write your own authentication and authorization plugins).
  + Updated dependencies.
  Notable enhancements and fixes
  + Fixed several .etherpad import bugs.
  + Improved support for large .etherpad imports.
  + Accessibility fix for JAWS screen readers.
  + Fixed "clear authorship" error (see issue #5128).
  + Etherpad now considers square brackets to be valid URL characters.
  + The server no longer crashes if an exception is thrown while processing 
    a message from a client.
  + The useMonospaceFontGlobal setting now works (thanks @Lastpixl!).
  + Chat improvements:
    - The message input field is now a text area, allowing multi-line 
      messages (use shift-enter to insert a newline).
    - Whitespace in chat messages is now preserved.
  + Worked around a Firefox Content Security Policy bug that caused CSP

• Files Changed
• Browse Source