Hedgedoc Hedgedoc Versions Save

Alpha 2 contains many fixes. The most notable ones are

• Fixed the loading of the markdown renderer in chromium based browsers
• Show an alert when a permission is overridden by another permission
• Guest Users are explicitly marked in the user list
• Code suggestions don't default to abc anymore
• Fixed the "maximum length exceeded" dialog not showing the maximal length
• Revision Viewer does not show a bug on the initial opening anymore
• Fixed text color on "note doesn't exist" screen in light mode
• Prevent automatic reload tries when a user looses permissions to access a note

Updating from Alpha 1 to Alpha 2 should be safe. To update your setup, change the image tag for the frontend and the backend container in your docker-compose.yml to "2.0.0-alpha.2"

If you're interested in the actual commits then take a look at https://github.com/hedgedoc/hedgedoc/compare//v2.0.0-alpha.1.../v2.0.0-alpha.2

The HedgeDoc Team is proud to announce that the first alpha release of HedgeDoc 2 is now available! HedgeDoc 2 is a complete rewrite of the collaborative markdown editor, which aims to make the codebase more maintainable and adds often-requested features.

You can read more about this release in our blog post.

HedgeDoc has a new slogan! See our announcement for the details.

This release fixes a security issue. We recommend upgrading as soon as possible.

Security Fixes

• CVE-2023-38487: API allows to hide existing notes

Enhancements

• Docker secrets can now be used to provide OAuth2 client secrets (#4196 by @DennisGaida)
• Document how to set up Azure Active Directory authentication (#4413 by @pramitsingh0)
• Add YAML metadata to documentation page (#4371 by @JunedKhan101)

Bugfixes

• Fix non-existing notes being created in some cases, instead of returning a 404 error

Contributors

• Jordi Mallach (translator)
• sujade (translator)

Please note: This release dropped support for Node 14, which is end-of-life since May 2023. You now need at least Node 16 to run HedgeDoc. We recommend to use the latest LTS release of Node.js.

This release switches to Yarn 3 for dependency management, as Yarn 1 has bugs preventing us from upgrading some dependencies. If you install HedgeDoc manually, run bin/setup again for instructions. Other installation methods should not require special actions.

Enhancements

• Extend boolean environment variable parsing with other positive answers and case insensitivity
• Allow setting of documentMaxLength via CMD_DOCUMENT_MAX_LENGTH environment variable (contributed by @jmallach)
• Add dedicated healthcheck endpoint at /_health that is less resource intensive than /status
• Compatibility with Node.js 18 and later
• Add support for the arm64 architecture in the docker image
• Add a config option to disable the /status and /metrics endpoints

Bugfixes

• Fix that permission errors can break existing connections to a note, causing inconsistent note content and changes not being saved (contributed by @julianrother)
• Fix speaker notes not showing up in the presentation view
• Fix issues with upgrading some dependencies by upgrading to Yarn 3
• Fix macOS compatibility of bin/setup script

Contributors

• UwYFmLpoKtYn (translator)
• Pub (translator)
• SnowCode (translator)

Bugfixes

• Fix note titles with special characters producing invalid file names in user export zip file
• Fix night-mode toggle not working when page is loaded with night-mode enabled

Contributors

• Francesco (translator)
• Gabriel Santiago Macedo (translator)

Bugfixes

• Fix migrations deleting all notes when SQLite is used

🚨 This release has a bug that leads to data-loss when using SQLite. We advise users of SQLite databases to skip this release and use 1.9.6. 🚨

Enhancements

• Add dark mode toggle in mobile view
• Replace embedding shortcode regexes with more specific ones to safeguard against XSS attacks

Bugfixes

• Fix a crash when using LDAP authentication with custom search attributes (thanks to @aboettger-tuhh for reporting)
• Fix a crash caused by a long note history when the MySQL database is used
• Fix breaks option not being respected in the publish-view
• Fix missing syntax highlighting in the markdown editor

Contributors

• Bateausurleau (translator)
• Goncalo (translator)
• Ívarr Vinter (translator)
• Oein0219 (translator)
• Pol Dellaiera

Please note: This release dropped support for Node 12, which is end-of-life since April 2022. You now need at least Node 14.13.1 or Node 16 to run HedgeDoc. We don't support more recent versions of Node.

Enhancements

• Remove unexpected shell call during migrations
• More S3 config options: upload folder & public ACL (thanks to @lautaroalvarez)

Contributors

• Al_x (translator)
• Emmanuel Courreges (translator)
• paranic (translator)
• Quentin PAGÈS (translator)

This release fixes a security issue. We recommend upgrading as soon as possible.

⚠️ Warning: If you deploy HedgeDoc and MariaDB with docker-compose using a checkout of our container repo, you will need to manually convert the character set of the database to utf8mb4 when updating. See the corresponding PR for more information.

Security Fixes

• CVE-2022-24837: Enumerable upload file names

Enhancements

• Libravatar avatars render as ident-icons when no avatar image was uploaded to Libravatar or Gravatar
• Add database connection error message to log output
• Allow SAML authentication provider to be named
• Suppress error message when git binary is not found

Bugfixes

• Fix error that Libravatar user avatars were not shown when using OAuth2 login
• Fix bin/manage_users not accepting numeric passwords (thanks to @carr0t2 for reporting)
• Fix visibility of modals for screen readers
• Fix GitLab snippet export (thanks to @semjongeist for reporting)
• Fix missing inline authorship colors (thanks to @EBendinelli for reporting)

Contributors

• ced (translator)
• deluxghost (translator)
• Dennis Gaida
• Michael Hauer (translator)
• Moritz Schlarb
• Mostafa Ahangarha (translator)
• Sandro
• Sergio Varela (translator)
• Tạ Quang Khôi (translator)
• Tiago Triques (translator)
• tmpod (translator)
• Uchiha Kakashi

Bugfixes

• Fix error in the session handler when requesting /metrics or /status