Collaborative office suite, end-to-end encrypted and open-source.
This release is aimed at instance administrators with new features and changes in the way CryptPad is installed. This marks a major release and we are also taking the opportunity to change the way we number CryptPad versions, moving to a date-based format (from semver to calver). For full details on the reasons behind this change please read our March 2024 status blog post. The short version is that this is our Spring 2024 release with number 2024.3.0 and that we are aiming for the following schedule going forward, sticking to the YYYY.MM.micro format:
2024.3.0
2024.6.0 end June 20242024.9.0 end September 20242024.12.0 end December 2024.editorconfig and updated .gitignore filesStarting with this version, OnlyOffice applications (Sheets, Document, Presentation) are not bundled with CryptPad anymore. You can install/update them by running the installation script we provide:
./install-onlyoffice.sh
# press q to close the license screen
# and Y ā to accept the OnlyOffice license
For Docker users that want to use OnlyOffice, please read our updated Docker installation guide.
If you are upgrading from a version older than 5.7 please read the upgrade notes of all versions between yours and 5.7 to avoid configuration issues.
To upgrade:
git fetch origin --tags
git checkout 2024.3.0
npm ci
npm run install:components
./install-onlyoffice.sh
# press q to close the license screen
# and Y ā to accept the OnlyOffice license
This release includes some features that could not be included into 5.6.0, namely instance invitations and support for images in diagrams. It also includes bug fixes in the drive, calendar and many other places.
If you are upgrading from a version older than 5.6.0 please read the upgrade notes of all versions between yours and 5.6.0 to avoid configuration issues.
ā ļø Before proceeding note that this upgrade requires changes to the Nginx configuration, please see full diff below.
To upgrade:
git fetch origin --tags
git checkout 5.7.0
npm ci
npm run install:components
diff --git a/docs/example-advanced.nginx.conf b/docs/example-advanced.nginx.conf
index cb827b4b0..f2b32e959 100644
--- a/docs/example-advanced.nginx.conf
+++ b/docs/example-advanced.nginx.conf
@@ -14,6 +14,8 @@ server {
# Let's Encrypt webroot
include letsencrypt-webroot;
+ # Include mime.types to be able to support .mjs files (see "types" below)
+ include mime.types;
# CryptPad serves static assets over these two domains.
# `main_domain` is what users will enter in their address bar.
@@ -166,11 +168,6 @@ server {
# We've applied other sandboxing techniques to mitigate the risk of running WebAssembly in this privileged scope
if ($uri ~ ^\/unsafeiframe\/inner\.html.*$) { set $unsafe 1; }
- # draw.io uses inline script tags in it's index.html. The hashes are added here.
- if ($uri ~ ^\/components\/drawio\/src\/main\/webapp\/index.html.*$) {
- set $scriptSrc "'self' 'sha256-dLMFD7ijAw6AVaqecS7kbPcFFzkxQ+yeZSsKpOdLxps=' 'sha256-6g514VrT/cZFZltSaKxIVNFF46+MFaTSDTPB8WfYK+c=' resource: https://${main_domain}";
- }
-
# privileged contexts allow a few more rights than unprivileged contexts, though limits are still applied
if ($unsafe) {
set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: https://${main_domain}";
@@ -179,6 +176,11 @@ server {
# Finally, set all the rules you composed above.
add_header Content-Security-Policy "default-src 'none'; child-src $childSrc; worker-src $workerSrc; media-src $mediaSrc; style-src $styleSrc; script-src $scriptSrc; connect-src $connectSrc; font-src $fontSrc; img-src $imgSrc; frame-src $frameSrc; frame-ancestors $frameAncestors";
+ # Add support for .mjs files used by pdfjs
+ types {
+ application/javascript mjs;
+ }
+
# The nodejs process can handle all traffic whether accessed over websocket or as static assets
# We prefer to serve static content from nginx directly and to leave the API server to handle
# the dynamic content that only it can manage. This is primarily an optimization
This release introduces support for integrating CryptPad instances with Single-Sign On authentication. It brings a lot of improvements and fixes to Form, Calendar, and other parts of CryptPad. This release begins to improve the accessibility of the toolbar towards full WCAG compliance which we hope to achieve in the near future.
Ctrl + e modal #1192zh #1329 thanks @toomoreWe fixed an issue with the Systemd service file and logging, you'll need to add the following lines to your cryptpad.service before continuing by following the upgrade notes below.
# Restart service after 10 seconds if node service crashes
RestartSec=2
+ # Proper logging to journald
+ StandardOutput=journal
+ StandardError=journal+console
User=cryptpad
Group=cryptpad
If you are upgrading from a version older than 5.5.0 please read the upgrade notes of all versions between yours and 5.5.0 to avoid configuration issues.
To upgrade:
sudo systemctl daemon-reload
git fetch origin --tags
git checkout 5.6.0
npm ci
npm run install:components
Accessibility
Mobile usage
Instance admin
Replace the "sign up" button on the log-in page with a link #1164
Add support for Webp images [#1008] thanks @lukasdotcom
improvements and bug fixes for the archival of inactive documents
We now support Nginx with two configurations (find more information in our administrator guide):
example.nginx.conf
example-advanced.nginx.conf
# Requests for blobs and blocks are now proxied to the API server
# This simplifies NGINX path configuration in the event they are being hosted in a non-standard location
# or with odd unexpected permissions. Serving blobs in this manner also means that it will be possible to
# enforce access control for them, though this is not yet implemented.
# Access control (via TOTP 2FA) has been added to blocks, so they can be handled with the same directives.
location ~ ^/(blob|block)/.*$ {
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' "${allowed_origins}";
add_header 'Access-Control-Allow-Credentials' true;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'application/octet-stream; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
# Since we are proxying to the API server these headers can get duplicated
# so we hide them
proxy_hide_header 'X-Content-Type-Options';
proxy_hide_header 'Access-Control-Allow-Origin';
proxy_hide_header 'Permissions-Policy';
proxy_hide_header 'X-XSS-Protection';
+ proxy_hide_header 'Cross-Origin-Resource-Policy';
+ proxy_hide_header 'Cross-Origin-Embedder-Policy';
proxy_pass http://localhost:3000;
}
# draw.io uses inline script tags in it's index.html. The hashes are added here.
if ($uri ~ ^\/components\/drawio\/src\/main\/webapp\/index.html.*$) {
- set $scriptSrc "'self' 'sha256-6zAB96lsBZREqf0sT44BhH1T69sm7HrN34rpMOcWbNo=' 'sha256-6g514VrT/cZFZltSaKxIVNFF46+MFaTSDTPB8WfYK+c=' resource: https://${main_domain}";
+ set $scriptSrc "'self' 'sha256-dLMFD7ijAw6AVaqecS7kbPcFFzkxQ+yeZSsKpOdLxps=' 'sha256-6g514VrT/cZFZltSaKxIVNFF46+MFaTSDTPB8WfYK+c=' resource: https://${main_domain}";
}
If you are upgrading from a version older than 5.4.1 please read the upgrade notes of all versions between yours and 5.4.1 to avoid configuration issues.
To upgrade:
git fetch origin --tags
git checkout 5.5.0
npm ci
npm run install:components
Restart your server
Review your instance's checkup page to ensure that you are passing all tests
This point release aims to fix some deployment related issues that were identified with 5.4.0
httpAddress setting [#1182 #1186]If you are upgrading from a version older than 5.4.0 please read the upgrade notes of all versions between yours and 5.4.0 to avoid configuration issues.
To upgrade:
git fetch origin --tags
git checkout 5.4.1
This release introduces two major new features:
Also included are some improvements, dependency updates, and bug fixes
ā ļø Please read upgrade notes carefully as this version introduces breaking changes
If you are upgrading from a version older than 5.3.0 please read the upgrade notes of all versions between yours and 5.4.0 to avoid configuration issues.
To upgrade:
git fetch origin --tags
git checkout 5.4.0
npm install
npm run install:components
www/bower_components can be removedbuild command to enable opengraph preview images
npm run build again after upgradingThis release updates OnlyOffice applications to version 7.1 It improves the Form application and other areas of CryptPad with minor features and bug fixes.
Upgrade OnlyOffice applications (Sheet, Document, Presentation) to version 7.1
Forms
Default dark theme switch [#759]: set dark theme as the default for the instance in application_config.js
New FreeBSD rc.d init script
Auto-select document name on edit if it's still the default [thanks to piemonkey]
Forms
Rich Text
Deployment
Removed unused dev dependencies
Forms and Kanban
Forms
Rich Text
Fix issues with deprecated cache
Fix bug that kept certain documents from being "pinned" to the drive. This could lead them to be deleted for inactivity even though they were stored in the drive. Note that storage quotas may increase as a result
If you are upgrading from a version older than 5.2.0 please read the upgrade notes of all versions between yours and 5.3.0 to avoid configuration issues.
To upgrade:
git fetch origin --tags
git checkout 5.3.0
This minor releases fixes a bug with one of the Form features introduced in 5.2.0.
We took the opportunity to include two other fixes for older issues.
The option to delete all responses to a form was not available to form authors when the form had been created in a drive (user or team) using the + NEW button
Drag & drop from a shared folder into the Templates folder made documents "disappear". They would reappear in the root of the drive when using a new worker (after all CryptPad tabs had been closed)
Clicking a link in a Calendar event location field failed to open
Our 5.2.0 release introduced some changes to the Nginx configuration. If you are not already running 5.2.0 we recommend following the upgrade notes for that version first, and then updating to 5.2.1
To do so:
git fetch origin --tags
git checkout 5.2.1
bower update
This release is focused on addressing long-standing user feedback with new features. The most requested are improvements to Formsāmultiple submissions and the ability to delete responsesāas well as recurring events in Calendar.
Forms
Calendar
Drive
Teams
Code
/checkup/
To update from 5.1.0 to 5.2.0:
./docs/example.nginx.conf
bower update and npm i
We added some directives that may cause issues with older versions of Nginx. We now recommend and only support Nginx stable. Please note that if you are running below v1.14.2, applying this update will likely result in breakage.
We had two new members join our team in the time since our previous release.
Mathilde joined us as an administrator of CryptPad.fr, so we decided to put some unplanned time towards the platform's administrative tooling to simplify some common workflows.
Maxime joined us for a summer internship as a front-end developer, and took initiative on a number of popular issues from our tracker on GitHub.
We applied a minor optimization to CryptPad's caching rules which should result in a slight decrease of many pages' loading times, thanks to some helpful profiling by one of our users.
We have started implementing a very basic build system for CryptPad which, at the moment, is only responsible for generating a few static HTML pages.
config/config.js (for example: preferredLanguage: 'de',). We intend to improve this in the future.<noscript> tag, which is displayed in the event that the user has disabled JavaScript in their browser. The build system includes every translation of this message that is available, rather than just the English and French translations that were displayed previously.npm run build).In order for the above changes to be effective, you'll need to update your NGINX configuration file. You can use git to see what has changed since v5.0.0 by running git diff 5.0.0...main ./docs in the root of your CryptPad repository.
We've updated the home page to use a distinct version of the CryptPad logo for its main image. This makes it easier to customize the home page itself without impacting the rest of the platform. To override the default image, include your own at /customize/CryptPad_logo_hero.svg.
Finally, a number of admins had opted into inclusion in our public instance directory but had not configured pages for their privacy policy or terms of service, which caused the checkup page to display an error. We've updated this error message to point directly to the relevant documentation, since the previous values were not sufficiently clear.
To update from 5.0.0 to 5.1.0:
./docs/example.nginx.conf and reload its configurationbower update and npm i
npm run build to generate the new static pages