Etherpad: A modern really-real-time collaborative document editor.
Node.js 10.17.0 or newer is now required.
The bin/
and tests/
directories were moved under src/
. Symlinks were
added at the old locations to hopefully avoid breaking user scripts and other
tools.
Dependencies are now installed with the --no-optional
flag to speed
installation. Optional dependencies such as sqlite3
must now be manually
installed (e.g., (cd src && npm i sqlite3)
).
Socket.IO messages are now limited to 10K bytes to make denial of service
attacks more difficult. This may cause issues when pasting large amounts of
text or with plugins that send large messages (e.g., ep_image_upload
). You
can change the limit via settings.json
; see socketIo.maxHttpBufferSize
.
The top-level package.json
file, added in v1.8.7, has been removed due to
problematic npm behavior. Whenever you install a plugin you will see the
following benign warnings that can be safely ignored:
npm WARN saveError ENOENT: no such file or directory, open '.../package.json'
npm WARN enoent ENOENT: no such file or directory, open '.../package.json'
npm WARN develop No description
npm WARN develop No repository field.
npm WARN develop No README data
npm WARN develop No license field.
#L10
to a pad URL will cause your browser to scroll down to line 10.settings.json
.)activePads
, httpStartTime
, lastDisconnected
,
memoryUsageHeap
.#fff
) as their color.settings.json
template used for Docker images has new variables for
controlling rate limiting.settings.json
.)callAllSerial()
function that invokes hook functions like callAll()
except it supports asynchronous hook functions.callFirst()
and aCallFirst()
now support the same wide range of hook
function behaviors that callAll()
, aCallAll()
, and callAllSerial()
support. Also, they now warn when a hook function misbehaves.expressConfigure
, expressCreateServer
, padCopy
, padRemove
ep_etherpad-lite/tests/backend/common
module to start the server and simplify API access.checkPlugins.js
script now automatically adds GitHub CI test coverage
badges for backend tests and npm publish./admin
actions is more robust.collectContentLineText
return value handling.setPassword
or isPasswordProtected
will fail.
Existing group pads that were previously password protected will no longer be
password protected. If you need fine-grained access control, you can restrict
API session creation in your frontend service, or you can use plugins.authorize
hook is now only called after successful authentication. Use
the new preAuthorize
hook if you need to bypass authenticationauthFailure
hook is deprecated; use the new authnFailure
and
authzFailure
hooks insteadindexCustomInlineScripts
hook was removedclient
context property for the handleMessage
and
handleMessageSecurity
hooks has been renamed to socket
(the old name is
still usable but deprecated)aceAttribClasses
hook functions are now called synchronouslyENTER
, CREATE
, and LEAVE
log messages has changed$.gritter.add()
are now expected to be plain text, not
HTML. Use jQuery or DOM objects if you need formattingreadOnly
user setting that makes it possible to create users in
settings.json
that can read pads but not create or modify themcanCreate
user setting that makes it possible to create users in
settings.json
that can modify pads but not create themauthorize
hook now accepts readOnly
to grant read-only access to a padauthorize
hook now accepts modify
to grant modify-only (creation
prohibited) access to a padcookie.sameSite
setting that makes it possible to enable
authentication when Etherpad is embedded in an iframe from another siteexportHTMLAdditionalContent
hook to include additional HTML contentexportEtherpadAdditionalContent
hook to include additional database
content in .etherpad
exportsexpressCloseServer
hook to close Express when requiredpadUpdate
hook context now includes revs
and changeset
checkPlugins.js
has various improvements to help plugin developerseejsBlock_*
hookspassword
or hash
property in settings.json
are no longer
ignored, so they can now be used by authentication pluginspermissionDenied
--experimental-worker
flagcreateDiffHTML
incorrect call of getInternalRevisionAText
clientVars
(ip
and userAgent
)SameSite
cookie attribute for the language
, token
, and pref
cookiespackage-lock.json
is now lint checked on commitindex.html
/admin
interface.bin
scripts to use more modern syntaxThis is a maintenance release after 1.8.3. Users relying on MySQL are particularly encouraged to upgrade.
BREAKING CHANGE: undoing the "clear authorship colors" command is no longer supported (see https://github.com/ether/etherpad-lite/issues/2802) BREAKING CHANGE: the visuals and CSS structure of the page was updated. Plugins may need a CSS rehaul
Changes introduced in 1.8.0-beta.1 (compared to 1.7.5):
async
/await
, getting rid of a lot of callbacks (see https://github.com/ether/etherpad-lite/issues/3540)async
/await
, getting rid of a lot of callbacks (see https://github.com/ether/etherpad-lite/issues/3540)