libre-service.eu/pad.libre-service.eu-etherpad
libre-service.eu/pad.libre-service.eu-etherpad
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-02-01 03:12:42 +01:00
Code Issues Projects Releases Wiki Activity
5393 commits 207 branches 105 tags 124 MiB
Commit graph

2899 commits

Author SHA1 Message Date
translatewiki.net
c65c5f17aa Localisation updates from https://translatewiki.net. 2019-10-14 17:20:29 +02:00
muxator
5eb60cef01 jQuery: update vendored version (1.9.1 -> 1.12.4) 
The vendored jquery version was 1.9.1 from 2013-02-04. Let's replace it with the
most recent one from the 1.x branch (1.12.4 from 2016-05-20).

The modification in rjquery.js is needed because recent jQuery versions changed
their behaviour, and do not set themselves on the global window object.
See: https://github.com/parcel-bundler/parcel/issues/333#issuecomment-357882648

This will be the lastest jQuery 1.x version ever, because 1.x branch is
definitively EOLed (see https://github.com/jquery/jquery.com/issues/162).

This is a stopgap measure to get the latest security fixes. Going forward,
another strategy will be needed.

Closes #3640
 2019-09-16 22:55:53 +02:00
translatewiki.net
b3d8f857b7 Localisation updates from https://translatewiki.net. 2019-09-16 18:48:33 +02:00
translatewiki.net
506f4775cc Localisation updates from https://translatewiki.net. 2019-09-12 15:55:45 +02:00
translatewiki.net
a98cfe33de Localisation updates from https://translatewiki.net. 2019-09-06 06:47:40 +02:00
Moritz Jordan
0a8e32563b Fix Unicode bug in HTML export 2019-08-12 00:41:17 +02:00
muxator
161a38efd2 dependencies: update wd, 1.11.1 -> 1.11.3 
This is a dev dependency, so no real risks, but it's better not to scare users.

Previously reported vulnerabilities fixed by this change:

$ npm audit
                       === npm audit security report ===

# Run  npm install --save-dev wd@1.11.3  to resolve 1 vulnerability
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ wd [dev]                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ wd > lodash                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/1065                      │
└───────────────┴──────────────────────────────────────────────────────────────┘


# Run  npm update lodash --depth 3  to resolve 1 vulnerability
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ wd [dev]                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ wd > async > lodash                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/1065                      │
└───────────────┴──────────────────────────────────────────────────────────────┘
 2019-08-08 22:29:58 +02:00
muxator
d555b052cb dependencies: update npm, 6.4.1 -> 6.10.3 
This was an arbitrary file overwrite vulnerability in tar. A fix in the library
was available, but npm and npm-lifecycle took a while to issue updated versions.

Resolves #3598.

Previously reported vulnerabilities fixed by this change:

$ npm audit
                       === npm audit security report ===

# Run  npm install npm@6.10.3  to resolve 9 vulnerabilities
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Arbitrary File Overwrite                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ tar                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ npm > libcipm > npm-lifecycle > node-gyp > tar               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/803                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Arbitrary File Overwrite                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ tar                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ npm > npm-lifecycle > node-gyp > tar                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/803                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Arbitrary File Overwrite                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ tar                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ npm > node-gyp > tar                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/803                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Arbitrary File Overwrite                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ fstream                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ npm > libcipm > npm-lifecycle > node-gyp > fstream           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/886                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Arbitrary File Overwrite                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ fstream                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ npm > npm-lifecycle > node-gyp > fstream                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/886                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Arbitrary File Overwrite                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ fstream                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ npm > node-gyp > fstream                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/886                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Arbitrary File Overwrite                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ fstream                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ npm > libcipm > npm-lifecycle > node-gyp > tar > fstream     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/886                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Arbitrary File Overwrite                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ fstream                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ npm > npm-lifecycle > node-gyp > tar > fstream               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/886                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Arbitrary File Overwrite                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ fstream                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ npm > node-gyp > tar > fstream                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/886                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
 2019-08-08 22:17:53 +02:00
Richlv
2c9383b69e minor typo fix 2019-08-08 21:58:30 +02:00
translatewiki.net
df03257d9c Localisation updates from https://translatewiki.net. 2019-08-08 20:05:35 +02:00
translatewiki.net
ea0554d70f Localisation updates from https://translatewiki.net. 2019-08-05 12:02:28 +02:00
translatewiki.net
4e601dd03b Localisation updates from https://translatewiki.net. 2019-08-01 18:19:57 +02:00
translatewiki.net
1845e91909 Localisation updates from https://translatewiki.net. 2019-07-29 14:23:20 +02:00
translatewiki.net
832e63c691 Localisation updates from https://translatewiki.net. 2019-07-15 20:01:25 +02:00
translatewiki.net
09d89cd74a Localisation updates from https://translatewiki.net. 2019-07-11 17:21:48 +02:00
translatewiki.net
3d0778d9c9 Localisation updates from https://translatewiki.net. 2019-07-08 20:05:10 +02:00
translatewiki.net
9a5f42450c Localisation updates from https://translatewiki.net. 2019-07-05 07:05:14 +02:00
translatewiki.net
04a45fbe46 Localisation updates from https://translatewiki.net. 2019-06-13 20:05:10 +02:00
translatewiki.net
2a78dcfc38 Localisation updates from https://translatewiki.net. 2019-05-27 16:37:10 +02:00
translatewiki.net
033c6a8b7a Localisation updates from https://translatewiki.net. 2019-05-17 12:15:48 +02:00
cupcakearmy
d88726b58d colibris: the "ok" button was misaligned in Chrome 
When visiting Etherpad's home page with Chrome the "ok" button was not on the
same line as the pad name text box. On Firefox & Safari there was no problem.
Tested on Chrome 74.

Fixes #3604.
 2019-05-10 09:50:25 +02:00
translatewiki.net
f2b888e3ff Localisation updates from https://translatewiki.net. 2019-05-06 16:39:54 +02:00
muxator
fc7d639f84 dependencies: update express-session, 1.15.6 -> 1.16.1 
This is a non breaking change.

From the changelog (https://github.com/expressjs/session/blob/v1.16.1/HISTORY.md#1161--2019-04-11):
# 1.16.1 / 2019-04-11
- Fix error passing data option to Cookie constructor
- Fix uncaught error from bad session data

# 1.16.0 / 2019-04-10
- Catch invalid cookie.maxAge value earlier
- Deprecate setting cookie.maxAge to a Date object
- Fix issue where resave: false may not save altered sessions
- Remove utils-merge dependency
- Use safe-buffer for improved Buffer API
- Use Set-Cookie as cookie header name for compatibility
- deps: depd@~2.0.0
  - Replace internal eval usage with Function constructor
  - Use instance methods on process to check for listeners
  - perf: remove argument reassignment
- deps: on-headers@~1.0.2
  - Fix res.writeHead patch missing return value
 2019-05-04 17:15:36 +02:00
muxator
1435e203a8 dependencies: update graceful-fs, 4.1.11 -> 4.11.15 
Minor change, but could not easily find a changelog on
https://github.com/isaacs/node-graceful-fs
 2019-05-04 16:56:03 +02:00
muxator
47ad347fac dependencies: update cookie-parser, 1.4.3 -> 1.4.4 
This is a non breaking change.

From the changelog (https://github.com/expressjs/cookie-parser/blob/1.4.4/HISTORY.md#144--2019-02-12):
  # 1.4.4 / 2019-02-12
  - perf: normalize secret argument only once
 2019-05-04 16:49:33 +02:00
muxator
90b288b576 dependencies: update nyc, 12.0.1 -> 14.1.0 
This is just a dev dependency, so no real risks, but it's better not to scare
users.

Reported vulnerability before this change:

$ npm audit
                       === npm audit security report ===

# Run  npm install --save-dev nyc@14.1.0  to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ handlebars                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ nyc [dev]                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ nyc > istanbul-reports > handlebars                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/755                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
 2019-05-03 23:27:35 +02:00
translatewiki.net
a7220558d2 Localisation updates from https://translatewiki.net. 2019-05-02 18:00:18 +02:00
translatewiki.net
c9664804f1 Localisation updates from https://translatewiki.net. 2019-04-29 17:28:56 +02:00
translatewiki.net
ba9b9c9931 Localisation updates from https://translatewiki.net. 2019-04-18 16:59:41 +02:00
Tristram Gräbener
357780d573 Display the version in the web interface 
In the settings drop-down this adds an “About” section that also shows
the commit if "exposeVersion" is set to true.

Fixes #2968
 2019-04-15 23:17:34 +00:00
Tristram Gräbener
28a6f505c5 Parameters: the version is exposed in http header only when configured 
Currently the version is exposed in a 'Server' http headers.

This commit allows to parameterize it in the settings. By defaults it is
not exposed.

Fixes #3423
 2019-04-15 23:17:34 +00:00
Tristram Gräbener
8453f07205 Chat bubble: by default hide in CSS 
The current behaviour is to show the chat bubble and hide if chat is
disabled.

Because of this, the bubble appears wrongfully for a short time.

With this PR, by default it is hidden and displayed only if chat is
enabled.

Fixes: #3088
 2019-04-15 23:14:47 +00:00
muxator
705cc6f5e4 Change everywhere the link to https://etherpad.org (it was plain http) 2019-04-16 00:54:54 +02:00
muxator
75a0f339e1 Settings.js, express.js: trivial reformatting 
Future commits by Tristram Gräbener will modify them.
 2019-04-16 00:17:56 +02:00
muxator
dc7e49f89d Remove trailing whitespaces 
Hoping to minimize future diffs. Not touching vendorized libraries.
 2019-04-16 00:34:29 +02:00
translatewiki.net
1cb9c3e1ce Localisation updates from https://translatewiki.net. 2019-04-15 17:36:10 +02:00
translatewiki.net
e3cc21e477 Localisation updates from https://translatewiki.net. 2019-04-08 16:43:29 +02:00
translatewiki.net
ae3ecf54d5 Localisation updates from https://translatewiki.net. 2019-04-04 19:59:52 +02:00
translatewiki.net
dc338c4e48 Localisation updates from https://translatewiki.net. 2019-04-01 20:26:39 +02:00
muxator
cbd393d56b handler/PadMessageHandler.js: handleMessage() got the wrong padId for read only pads 
This was almost guaranteed to be broken.
Found by the Typescript compiler when doing an experimental conversion.
 2019-03-27 18:29:12 +01:00
muxator
c2d8ca212b utils/Minify.js: always call statFile() with an explicit value for "dirStatLimit" 
In this way the only external call to statFile() provides an explicit value for
"dirStatLimit", and thus the initial check on "undefined" at the start of the
function could be removed (just added a comment for now).
 2019-03-27 18:29:12 +01:00
muxator
cdd4978973 utils/Minify.js: removed unused parameter "next" in minify() 
Found by the Typescript compiler when doing an experimental conversion.
 2019-03-27 18:29:12 +01:00
muxator
5d067406b1 utils/Minify.js: removed unused parameter "redirectCount" in requestURI() 
Found by the Typescript compiler when doing an experimental conversion.
 2019-03-27 18:29:12 +01:00
muxator
b2d00ae071 db/API.js: customeError -> customError 
Found by the Typescript compiler when doing an experimental conversion.
 2019-03-27 18:29:12 +01:00
muxator
aa5e302d99 db/API.js: missing "let" 
Found by the Typescript compiler when doing an experimental conversion.
 2019-03-27 18:29:12 +01:00
muxator
b9e537ca4f db/Pad.js: removed unreachable return statement 
Found by the Typescript compiler when doing an experimental conversion.
 2019-03-27 18:29:12 +01:00
muxator
4040813447 db/Pad.js: prototype.copy(), removed redundant callback argument 
This would cause a crash when calling pad.remove().
Found by the Typescript compiler when doing an experimental conversion.
 2019-03-27 18:29:12 +01:00
muxator
53b3328b5f express/padreadonly.js: missing "let" 
Found by the Typescript compiler when doing an experimental conversion.
 2019-03-27 18:29:12 +01:00
muxator
b8df6ca60c handler/PadMessageHandler.js: shuffle around some comments 
No functional changes
 2019-03-27 18:29:12 +01:00
translatewiki.net
7a5470c7bd Localisation updates from https://translatewiki.net. 2019-03-25 18:58:35 +01:00