Gitlab Community Edition Instance

Commit bb0ff1f4 authored by Gregor Thiem's avatar Gregor Thiem
Browse files

Update to HedgeDoc 1.8.1

parent 1d818999
......@@ -2,8 +2,7 @@
"presets": [
["env", {
"targets": {
"node": "8",
"uglify": true
"browsers": "defaults"
}
}]
],
......
......@@ -47,8 +47,7 @@ if [ ! -f config.json ]; then
fi
echo "Installing packages..."
yarn install --pure-lockfile
yarn install --production=false --pure-lockfile
yarn install --production=true --pure-lockfile
cat << EOF
......
......@@ -8,17 +8,15 @@
},
"development": {
"loglevel": "debug",
"hsts": {
"enable": false
},
"db": {
"dialect": "sqlite",
"storage": "./db.hedgedoc.sqlite"
},
"linkifyHeaderStyle": "gfm"
"domain": "localhost",
"urlAddPort": true
},
"production": {
"domain": "localhost",
"domain": "change this",
"loglevel": "info",
"hsts": {
"enable": true,
......@@ -126,7 +124,6 @@
{
"connectionString": "change this",
"container": "change this"
},
"linkifyHeaderStyle": "gfm"
}
}
}
......@@ -3,7 +3,7 @@ openapi: 3.0.1
info:
title: HedgeDoc
description: HedgeDoc is an open source collaborative note editor. Several tasks of HedgeDoc can be automated through this API.
version: 1.8.0
version: 1.8.1
contact:
name: HedgeDoc on GitHub
url: https://github.com/hedgedoc/hedgedoc
......
......@@ -28,7 +28,7 @@ services:
restart: always
app:
# Make sure to use the latest release from https://hedgedoc.org/latest-release
image: quay.io/hedgedoc/hedgedoc:1.8.0
image: quay.io/hedgedoc/hedgedoc:1.8.1
environment:
- CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc
- CMD_DOMAIN=localhost
......
......@@ -16,7 +16,7 @@
1. Check if you meet the [requirements at the top of this document](#manual-installation).
2. Download the [latest release](https://hedgedoc.org/latest-release/) and extract it.
<small>Alternatively, you can use Git to clone the repository and checkout a release, e.g. with `git clone -b 1.8.0 https://github.com/hedgedoc/hedgedoc.git`.</small>
<small>Alternatively, you can use Git to clone the repository and checkout a release, e.g. with `git clone -b 1.8.1 https://github.com/hedgedoc/hedgedoc.git`.</small>
3. Enter the directory and execute `bin/setup`, which will install the dependencies and create example configs.
4. Configure HedgeDoc: To get started, you can use this minimal `config.json`:
```json
......@@ -58,7 +58,7 @@ If you want to upgrade HedgeDoc from an older version, follow these steps:
and the latest release.
2. Fully stop your old HedgeDoc server.
3. [Download](https://hedgedoc.org/latest-release/) the new release and extract it over the old directory.
<small>If you use Git, you can check out the new tag with e.g. `git fetch origin && git checkout 1.8.0`</small>
<small>If you use Git, you can check out the new tag with e.g. `git fetch origin && git checkout 1.8.1`</small>
5. Run `bin/setup`. This will take care of installing dependencies. It is safe to run on an existing installation.
6. *:octicons-light-bulb-16: If you used the release tarball for 1.7.0 or newer, this step can be skipped.*
Build the frontend bundle by running `yarn run build`.
......
mkdocs==1.1.2
mkdocs-material==7.1.3
mkdocs-material==7.1.4
pymdown-extensions==8.1.1
mdx_truly_sane_lists==1.2
'use strict'
const crypto = require('crypto')
......@@ -31,7 +30,7 @@ const packageConfig = {
}
const configFilePath = path.resolve(appRootPath, process.env.CMD_CONFIG_FILE ||
'config.json')
'config.json')
const fileConfig = fs.existsSync(configFilePath) ? require(configFilePath)[env] : undefined
let config = require('./default')
......@@ -88,6 +87,14 @@ config.isStandardHTTPPort = (function isStandardHTTPPort () {
return !config.useSSL && config.port === 80
})()
// Use HTTPS protocol if the internal TLS server is enabled
if (config.useSSL === true) {
if (config.protocolUseSSL === false) {
logger.warn('Overriding protocolUseSSL to \'true\' as useSSL is enabled.')
}
config.protocolUseSSL = true
}
// cache serverURL
config.serverURL = (function getserverurl () {
let url = ''
......@@ -147,8 +154,8 @@ for (let i = keys.length; i--;) {
// and the config with uppercase is not set
// we set the new config using the old key.
if (uppercase.test(keys[i]) &&
config[lowercaseKey] !== undefined &&
fileConfig[keys[i]] === undefined) {
config[lowercaseKey] !== undefined &&
fileConfig[keys[i]] === undefined) {
logger.warn('config.json contains deprecated lowercase setting for ' + keys[i] + '. Please change your config.json file to replace ' + lowercaseKey + ' with ' + keys[i])
config[keys[i]] = config[lowercaseKey]
}
......
......@@ -85,9 +85,9 @@ function getCspNonce (req, res) {
function addUpgradeUnsafeRequestsOptionTo (directives) {
if (config.csp.upgradeInsecureRequests === 'auto' && config.useSSL) {
directives.upgradeInsecureRequests = true
directives.upgradeInsecureRequests = []
} else if (config.csp.upgradeInsecureRequests === true) {
directives.upgradeInsecureRequests = true
directives.upgradeInsecureRequests = []
}
}
......
{
"name": "HedgeDoc",
"version": "1.8.0",
"version": "1.8.1",
"description": "The best platform to write and share markdown.",
"main": "app.js",
"license": "AGPL-3.0",
......@@ -25,11 +25,8 @@
"azure-storage": "^2.7.0",
"base64url": "^3.0.0",
"body-parser": "^1.15.2",
"bootstrap": "^3.4.0",
"bootstrap-validator": "^0.11.8",
"chance": "^1.0.4",
"cheerio": "^0.22.0",
"codemirror": "git+https://github.com/hedgedoc/CodeMirror.git",
"compression": "^1.6.2",
"connect-flash": "^0.1.1",
"connect-session-sequelize": "^7.0.0",
......@@ -38,32 +35,16 @@
"deep-freeze": "^0.0.1",
"diff-match-patch": "git+https://github.com/hackmdio/diff-match-patch.git",
"ejs": "^3.0.0",
"emojify.js": "^1.1.0",
"escape-html": "^1.0.3",
"express": ">=4.14",
"express-session": "^1.14.2",
"file-saver": "^2.0.0",
"file-type": "^16.1.0",
"flowchart.js": "^1.6.4",
"fork-awesome": "^1.1.3",
"formidable": "^1.0.17",
"gist-embed": "^2.6.0",
"graceful-fs": "^4.1.11",
"handlebars": "^4.5.2",
"helmet": "^4.5.0",
"highlight.js": "^10.0.0",
"i18n": "^0.13.0",
"ionicons": "^2.0.1",
"is-svg": "^4.3.1",
"jquery": "^3.5.1",
"jquery-mousewheel": "^3.1.13",
"jquery-ui": "^1.12.1",
"js-cookie": "^2.1.3",
"js-sequence-diagrams": "git+https://github.com/hedgedoc/js-sequence-diagrams.git",
"js-yaml": "^3.13.1",
"jsdom-nogyp": "^0.8.3",
"keymaster": "^1.6.2",
"list.js": "^2.0.0",
"lodash": "^4.17.20",
"lutim": "^1.0.2",
"lz-string": "git+https://github.com/hackmdio/lz-string.git",
......@@ -81,9 +62,7 @@
"markdown-it-regexp": "^0.4.0",
"markdown-it-sub": "^1.0.0",
"markdown-it-sup": "^1.0.0",
"mathjax": "^2.7.6",
"mattermost": "^3.4.0",
"mermaid": "^8.5.1",
"meta-marked": "git+https://github.com/hedgedoc/meta-marked",
"method-override": "^3.0.0",
"minimist": "^1.2.0",
......@@ -107,36 +86,25 @@
"pdfobject": "^2.0.201604172",
"pg": "^8.2.1",
"pg-hstore": "^2.3.3",
"prismjs": "^1.21.0",
"prom-client": "^13.1.0",
"prometheus-api-metrics": "^3.2.0",
"randomcolor": "^0.6.0",
"raphael": "^2.3.0",
"readline-sync": "^1.4.7",
"reveal.js": "^3.9.2",
"rimraf": "^3.0.2",
"scrypt-kdf": "^2.0.1",
"select2": "^3.5.2-browserify",
"sequelize": "^5.21.1",
"shortid": "2.2.16",
"socket.io": "^2.1.1",
"socket.io-client": "^2.1.1",
"spin.js": "^4.0.0",
"sqlite3": "^5.0.0",
"store": "^2.0.12",
"string": "^3.3.3",
"tedious": "^6.6.0",
"toobusy-js": "^0.5.1",
"turndown": "^7.0.0",
"umzug": "^2.3.0",
"uuid": "^8.0.0",
"validator": "^13.0.0",
"velocity-animate": "^1.4.0",
"visibilityjs": "^2.0.0",
"viz.js": "^1.7.0",
"winston": "^3.1.0",
"ws": "^7.4.4",
"wurl": "^2.5.3",
"xss": "^1.0.3"
},
"resolutions": {
......@@ -163,6 +131,10 @@
"name": "Christoph (Sheogorath) Kern",
"email": "codimd@sheogorath.shivering-isles.com",
"url": "https://shivering-isles.com"
},
{
"name":"David Mehren",
"email": "hedgedoc@herrmehren.de"
}
],
"repository": {
......@@ -177,8 +149,14 @@
"babel-polyfill": "6.26.0",
"babel-preset-env": "1.7.0",
"babel-runtime": "6.26.0",
"bootstrap": "3.4.1",
"bootstrap-validator": "0.11.9",
"codemirror": "git+https://github.com/hedgedoc/CodeMirror.git",
"copy-webpack-plugin": "6.4.1",
"css-loader": "5.2.4",
"emojify.js": "1.1.0",
"esbuild-loader": "2.13.0",
"escape-html": "1.0.3",
"eslint": "7.25.0",
"eslint-config-standard": "16.0.2",
"eslint-plugin-import": "2.22.1",
......@@ -187,23 +165,50 @@
"eslint-plugin-standard": "4.1.0",
"expose-loader": "1.0.3",
"file-loader": "6.2.0",
"file-saver": "2.0.5",
"flowchart.js": "1.15.0",
"fork-awesome": "1.1.7",
"gist-embed": "2.6.0",
"highlight.js": "10.7.2",
"html-webpack-plugin": "4.5.2",
"imports-loader": "1.2.0",
"ionicons": "2.0.1",
"jquery": "3.6.0",
"jquery-mousewheel": "3.1.13",
"jquery-ui": "1.12.1",
"js-cookie": "2.2.1",
"js-sequence-diagrams": "git+https://github.com/hedgedoc/js-sequence-diagrams.git",
"js-yaml": "3.14.1",
"jsonlint": "1.6.3",
"keymaster": "1.6.2",
"less": "4.1.1",
"less-loader": "7.3.0",
"list.js": "2.3.1",
"mathjax": "2.7.9",
"mermaid": "8.9.3",
"mini-css-extract-plugin": "1.6.0",
"mocha": "8.3.2",
"mock-require": "3.0.3",
"optimize-css-assets-webpack-plugin": "5.0.4",
"prismjs": "1.23.0",
"raphael": "2.3.0",
"remark-cli": "9.0.0",
"remark-preset-lint-markdown-style-guide": "4.0.0",
"reveal.js": "3.9.2",
"script-loader": "0.7.2",
"select2": "3.5.2-browserify",
"socket.io-client": "2.4.0",
"spin.js": "4.1.0",
"string-loader": "0.0.1",
"turndown": "7.0.0",
"url-loader": "4.1.1",
"velocity-animate": "1.5.2",
"visibilityjs": "2.0.2",
"viz.js": "1.8.2",
"webpack": "4.46.0",
"webpack-cli": "4.6.0",
"webpack-merge": "5.7.3"
"webpack-cli": "4.7.0",
"webpack-merge": "5.7.3",
"wurl": "2.5.4"
},
"optionalDependencies": {
"bufferutil": "^4.0.0",
......
# Release Notes
## <i class="fa fa-tag"></i> 1.8.1 <i class="fa fa-calendar-o"></i> 2021-05-06
### Enhancements
- Speed up `yarn install` in production mode (as performed by `bin/setup`) by marking frontend-only dependencies as dev-dependencies.
This also reduces the size of the docker container
- Speed up the frontend-build by using `esbuild` instead of `terser` to minify JavaScript
- Improve behavior of the 'Quote', 'List', 'Unordered List' and 'Check List' buttons in the editor to automatically
apply to the complete first and last line of the selection
### Bugfixes
- Correct the 1.8.0 release notes to state that CVE-2021-29475 has been fixed since HedgeDoc 1.5.0.
- Fix crash on startup when `useSSL` or `csp.upgradeInsecureRequests` is enabled (thanks to [@mdegat01](https://github.com/mdegat01) for reporting)
- Automatically enable `protocolUseSSL` when `useSSL` is also enabled
- Fix the 'Quote', 'List', 'Unordered List' and 'Check List' buttons in the editor to not duplicate content
when only parts of a line are selected (thanks to [@AnomalRoil](https://github.com/AnomalRoil) for reporting)
- Fix click handler for numbered task lists (thanks to [@xoriade](https://github.com/xoriade) for reporting)
## <i class="fa fa-tag"></i> 1.8.0 <i class="fa fa-calendar-o"></i> 2021-05-03
This release fixes multiple security issues. We recommend upgrading as soon as possible.
......@@ -11,7 +28,7 @@ This release fixes multiple security issues. We recommend upgrading as soon as p
This issue allowed an attacker to hang HedgeDoc by inserting a malicious string into a note. Thanks to Ralph Krimmel for reporting!
We also published an advisory for [CVE-2021-29475: PDF export allows arbitrary file reads](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-pxxg-px9v-6qf3),
which has already been fixed since HedgeDoc 1.6.0.
which has already been fixed since HedgeDoc 1.5.0.
### Features
- Database migrations are now automatically applied on application startup
......
......@@ -266,9 +266,9 @@ export function finishView (view) {
li.innerHTML = html
let disabled = 'disabled'
if (typeof editor !== 'undefined' && window.havePermission()) { disabled = '' }
if (/^\s*\[[x ]\]\s*/.test(html)) {
li.innerHTML = html.replace(/^\s*\[ \]\s*/, `<input type="checkbox" class="task-list-item-checkbox "${disabled}><label></label>`)
.replace(/^\s*\[x\]\s*/, `<input type="checkbox" class="task-list-item-checkbox" checked ${disabled}><label></label>`)
if (/^\s*\[[xX ]]\s*/.test(html)) {
li.innerHTML = html.replace(/^\s*\[ ]\s*/, `<input type="checkbox" class="task-list-item-checkbox" ${disabled}><label></label>`)
.replace(/^\s*\[[xX]]\s*/, `<input type="checkbox" class="task-list-item-checkbox" checked ${disabled}><label></label>`)
if (li.tagName.toLowerCase() !== 'li') {
li.parentElement.setAttribute('class', 'task-list-item')
} else {
......@@ -705,11 +705,11 @@ $.fn.sortByDepth = function () {
function toggleTodoEvent (e) {
const startline = $(this).closest('li').attr('data-startline') - 1
const line = window.editor.getLine(startline)
const matches = line.match(/^[>\s-]*[-+*]\s\[([x ])\]/)
const matches = line.match(/^[>\s-]*(?:[-+*]|\d+[.)])\s\[([xX ])]/)
if (matches && matches.length >= 2) {
let checked = null
if (matches[1] === 'x') { checked = true } else if (matches[1] === ' ') { checked = false }
const replacements = matches[0].match(/(^[>\s-]*[-+*]\s\[)([x ])(\])/)
if (matches[1].toLowerCase() === 'x') { checked = true } else if (matches[1] === ' ') { checked = false }
const replacements = matches[0].match(/(^[>\s-]*(?:[-+*]|\d+[.)])\s\[)([xX ])(])/)
window.editor.replaceRange(checked ? ' ' : 'x', {
line: startline,
ch: replacements[1].length
......
const wrapSymbols = ['*', '_', '~', '^', '+', '=']
export function wrapTextWith (editor, cm, symbol) {
if (!cm.getSelection()) {
return CodeMirror.Pass
......@@ -106,12 +107,14 @@ export function insertOnStartOfLines (cm, symbol) {
for (let i = 0; i < ranges.length; i++) {
const range = ranges[i]
if (!range.empty()) {
const from = range.from()
const to = range.to()
let selection = cm.getRange({ line: from.line, ch: 0 }, to)
const cursorFrom = range.from()
const cursorTo = range.to()
const firstLineStart = { line: cursorFrom.line, ch: 0 }
const lastLineEnd = { line: cursorTo.line, ch: cm.getLine(cursorTo.line).length }
let selection = cm.getRange(firstLineStart, lastLineEnd)
selection = selection.replace(/\n/g, '\n' + symbol)
selection = symbol + selection
cm.replaceRange(selection, from, to)
cm.replaceRange(selection, firstLineStart, lastLineEnd)
} else {
cm.replaceRange(symbol, { line: cursor.line, ch: 0 }, { line: cursor.line, ch: 0 })
}
......
const common = require('./webpack.common.js')
const htmlexport = require('./webpack.htmlexport')
const { merge } = require('webpack-merge');
const { merge } = require('webpack-merge')
const path = require('path')
const OptimizeCSSAssetsPlugin = require('optimize-css-assets-webpack-plugin')
const { ESBuildMinifyPlugin } = require('esbuild-loader')
module.exports = [
merge(common, {
......@@ -11,6 +12,13 @@ module.exports = [
path: path.join(__dirname, 'public/build'),
publicPath: 'build/',
filename: '[name].[contenthash].js'
},
optimization: {
minimizer: [
new ESBuildMinifyPlugin({
target: 'es2015'
})
]
}
}),
merge(htmlexport, {
......
This diff is collapsed.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment