mirror of
https://github.com/ether/etherpad-lite.git
synced 2025-01-21 23:09:51 +01:00
22 KiB
22 KiB
1.6.4
- SECURITY: exploitable /admin access - CVE-2018-9845
- SECURITY: DoS with pad exports - CVE-2018-9327
- SECURITY: Remote Code Execution - CVE-2018-9326
- SECURITY: Pad data leak - CVE-2018-9325
- Fix: Admin redirect URL
- Fix: Various script Fixes
- Fix: Various CSS/Style/Layout fixes
- NEW: Improved Pad contents readability
- NEW: Hook: onAccessCheck
- NEW: SESSIONKEY and APIKey customizable path
- NEW: checkPads script
- NEW: Support "cluster mode"
1.6.3
- SECURITY: Update ejs
- SECURITY: xss vulnerability when reading window.location.href
- SECURITY: sanitize jsonp
- NEW: Catch SIGTERM for graceful shutdown
- NEW: Show actual applied text formatting for caret position
- NEW: Add settings to improve scrolling of viewport on line changes
1.6.2
- NEW: Added pad shortcut disabling feature
- NEW: Create option to automatically reconnect after a few seconds
- Update: socket.io to 1.7.3
- Update: l10n lib
- Update: request to 2.83.0
- Update: Node for windows to 8.9.0
- Fix: minification of code
1.6.1
- NEW: Hook aceRegisterNonScrollableEditEvents to register events that shouldn't scroll
- NEW: Added 'item' parameter to registerAceCommand Hook
- NEW: Added LibreJS support
- Fix: Crash on malformed export url
- Fix: Re-enable editor after user is reconnected to server
- Fix: minification
- Other: Added 'no-referrer' for all pads
- Other: Improved cookie security
- Other: Fixed compatibility with nodejs 7
- Other: Updates
- socket.io to 1.6.0
- express to 4.13.4
- express-session to 1.13.0
- clean-css to 3.4.12
- uglify-js to 2.6.2
- log4js to 0.6.35
- cheerio to 0.20.0
- ejs to 2.4.1
- graceful-fs to 4.1.3
- semver to 5.1.0
- unorm to 1.4.1
- jsonminify to 0.4.1
- measured to 1.1.0
- mocha to 2.4.5
- supertest to 1.2.0
- npm to 4.0.2
- Node.js for Windows to 6.9.2
1.6.0
- SECURITY: Fix a possible xss attack in iframe link
- NEW: Add a aceSelectionChanged hook to allow plugins to react when the cursor location changes.
- NEW: Accepting Arrays on 'exportHtmlAdditionalTags' to handle attributes stored as ['key', 'value']
- NEW: Allow admin to run on a sub-directory
- NEW: Support version 5 of node.js
- NEW: Update windows build to node version 4.4.3
- NEW: Create setting to control if a new line will be indented or not
- NEW: Add an appendText API
- NEW: Allow LibreOffice to be used when exporting a pad
- NEW: Create hook exportHtmlAdditionalTagsWithData
- NEW: Improve DB migration performance
- NEW: allow settings to be applied from the filesystem
- NEW: remove applySettings hook and allow credentials.json to be part of core
- NEW: Use exec to switch to node process
- NEW: Validate incoming color codes
- Fix: Avoid space removal when pasting text from word processor.
- Fix: Removing style that makes editor scroll to the top on iOS without any action from the user
- Fix: Fix API call appendChatMessage to send new message to all connected clients
- Fix: Timeslider "Return to pad" button
- Fix: Generating pad HTML with tags like instead of TAG:VALUE
- Fix: Get git commit hash even if the repo only points to a bare repo.
- Fix: Fix decode error if pad name contains special characters and is sanitized
- Fix: Fix handleClientMessage_USER_* payloads not containing user info
- Fix: Set language cookie on initial load
- Fix: Timeslider Not Translated
- Other: set charset for mysql connection in settings.json
- Other: Dropped support for io.js
- Other: Add support to store credentials in credentials.json
- Other: Support node version 4 or higher
- Other: Update uberDB to version 0.3.0
1.5.7
- NEW: Add support for intermediate CA certificates for ssl
- NEW: Provide a script to clean up before running etherpad
- NEW: Use ctrl+shift+1 to do a ordered list
- NEW: Show versions of plugins on startup
- NEW: Add author on padCreate and padUpdate hook
- Fix: switchToPad method
- Fix: Dead keys
- Fix: Preserve new lines in copy-pasted text
- Fix: Compatibility mode on IE
- Fix: Content Collector to get the class of the DOM-node
- Fix: Timeslider export links
- Fix: Double prompt on file upload
- Fix: setText() replaces the entire pad text
- Fix: Accessibility features on embedded pads
- Fix: Tidy HTML before abiword conversion
- Fix: Remove edit buttons in read-only view
- Fix: Disable user input in read-only view
- Fix: Pads end with a single newline, rather than two newlines
- Fix: Toolbar and chat for mobile devices
1.5.6
- Fix: Error on windows installations
1.5.5
- SECURITY: Also don't allow read files on directory traversal on minify paths
- NEW: padOptions can be set in settings.json now
- Fix: Add check for special characters in createPad API function
- Fix: Middle click on a link in firefox don't paste text anymore
- Fix: Made setPadRaw async to import larger etherpad files
- Fix: rtl
- Fix: Problem in older IEs
- Other: Update to express 4.x
- Other: Dropped support for node 0.8
- Other: Update ejs to version 2.x
- Other: Moved sessionKey from settings.json to a new auto-generated SESSIONKEY.txt file
1.5.4
- SECURITY: Also don't allow read files on directory traversal on frontend tests path
1.5.3
- NEW: Accessibility support for Screen readers, includes new fonts and keyboard shortcuts
- NEW: API endpoint for Append Chat Message and Chat Backend Tests
- NEW: Error messages displayed on load are included in Default Pad Text (can be supressed)
- NEW: Content Collector can handle key values
- NEW: getAttributesOnPosition Method
- FIX: Firefox keeps attributes (bold etc) on cut/copy -> paste
- Fix: showControls=false now works
- Fix: Cut and Paste works...
- SECURITY: Don't allow read files on directory traversal
1.5.2
- NEW: Support for node version 0.12.x
- NEW: API endpoint saveRevision, getSavedRevisionCount and listSavedRevisions
- NEW: setting to allow load testing
- Fix: Rare scroll issue
- Fix: Handling of custom pad path
- Fix: Better error handling of imports and exports of type "etherpad"
- Fix: Walking caret in chrome
- Fix: Better handling for changeset problems
- SECURITY Fix: Information leak for etherpad exports (CVE-2015-2298)
1.5.1
- NEW: High resolution Icon
- NEW: Use HTTPS for plugins.json download
- NEW: Add 'last update' column
- NEW: Show users and chat at the same time
- NEW: Support io.js
- Fix: removeAttributeOnLine now works properly
- Fix: Plugin search and list
- Fix: Issue where unauthed request could cause error
- Fix: Privacy issue with .etherpad export
- Fix: Freeze deps to improve bisectability
- Fix: IE, everything. IE is so broken.
- Fix: Timeslider proxy
- Fix: All backend tests pass
- Fix: Better support for Export into HTML
- Fix: Timeslider stars
- Fix: Translation update
- Fix: Check filesystem if Abiword exists
- Fix: Docs formatting
- Fix: Move Save Revision notification to a gritter message
- Fix: UeberDB MySQL Timeout issue
- Fix: Indented +9 list items
- Fix: Don't paste on middle click of link
- SECURITY Fix: Issue where a malformed URL could cause EP to disclose installation location
1.5.0
- NEW: Lots of performance improvements for page load times
- NEW: Hook for adding CSS to Exports
- NEW: Allow shardable socket io
- NEW: Allow UI to show when attr/prop is applied (CSS)
- NEW: Various scripts
- NEW: Export full fidelity pads (including authors etc.)
- NEW: Various front end tests
- NEW: Backend tests
- NEW: switchPad hook to instantly switch between pads
- NEW: Various translations
- NEW: Icon sets instead of images to provide quality high DPI experience
- Fix: HTML Import blocking / hanging server
- Fix: Export Bullet / Numbered lists HTML
- Fix: Swagger deprecated warning
- Fix: Bad session from crashing server
- Fix: Allow relative settings path
- Fix: Stop attributes being improperly assigned between 2 lines
- Fix: Copy / Move Pad API race condition
- Fix: Save all user preferences
- Fix: Upgrade majority of dependency inc upgrade to SocketIO1+
- Fix: Provide UI button to restore maximized chat window
- Fix: Timeslider UI Fix
- Fix: Remove Dokuwiki
- Fix: Remove long paths from windows build (stops error during extract)
- Fix: Various globals remvoed
- Fix: Move all scripts into bin/
- Fix: Various CSS bugfixes for Mobile devices
- Fix: Overflow Toolbar
- Fix: Line Attribute management
1.4.1
- NEW: Translations
- NEW: userLeave Hook
- NEW: Script to reinsert all DB values of a Pad
- NEW: Allow for absolute settings paths
- NEW: API: Get Pad ID from read Only Pad ID
- NEW: Huge improvement on MySQL database read/write (InnoDB to MyISAM)
- NEW: Hook for Export File Name
- NEW: Preprocessor Hook for DOMLine attributes (allows plugins to wrap entire line contents)
- Fix: Exception on Plugin Search and fix for plugins not being fetched
- Fix: Font on innerdoc body can be arial on paste
- Fix: Fix Dropping of messages in handleMessage
- Fix: Don't use Abiword for HTML exports
- Fix: Color issues with user Icon
- Fix: Timeslider Button
- Fix: Session Deletion error
- Fix: Allow browser tabs to be cycled when focus is in editor
- Fix: Various Editor issues with Easysync potentially entering forever loop on bad changeset
1.4
- NEW: Disable toolbar items through settings.json
- NEW: Internal stats/metrics engine
- NEW: Copy/Move Pad API functions
- NEW: getAttributeOnSelection method
- NEW: CSS function when an attribute is active on caret location
- NEW: Various new eejs blocks
- NEW: Ace afterEditHook
- NEW: Import hook to introduce alternative export methods
- NEW: preProcessDomLine allows Domline attributes to be processed before native attributes
- Fix: Allow for lighter author colors
- Fix: Improved randomness of session tokens
- Fix: Don't panic if an author2session/group2session no longer exists
- Fix: Gracefully fallback to related languages if chosen language is unavailable
- Fix: Various changeset/stability bugs
- Fix: Re-enable import buttons after failed import
- Fix: Allow browser tabs to be cycled when in editor
- Fix: Better Protocol detection
- Fix: padList API Fix
- Fix: Caret walking issue
- Fix: Better settings.json parsing
- Fix: Improved import/export handling
- Other: Various whitespace/code clean-up
- Other: .deb packaging creator
- Other: More API Documentation
- Other: Lots more translations
- Other: Support Node 0.11
1.3
- NEW: We now follow the semantic versioning scheme!
- NEW: Option to disable IP logging
- NEW: Localisation updates from http://translatewiki.net.
- Fix: Fix readOnly group pads
- Fix: don't fetch padList on every request
1.2.12
- NEW: Add explanations for more disconnect scenarios
- NEW: export sessioninfos so plugins can access it
- NEW: pass pad in postAceInit hook
- NEW: Add trustProxy setting. ALlows to make ep use X-forwarded-for as remoteAddress
- NEW: userLeave hook (UNDOCUMENTED)
- NEW: Plural macro for translations
- NEW: backlinks to main page in Admin pages
- NEW: New translations from translatewiki.net
- SECURITY FIX: Filter author data sent to clients
- FIX: Never keep processing a changeset if it's corrupted
- FIX: Some client-side performance fixes for webkit browsers
- FIX: Only execute listAllPads query on demand (not on start-up)
- FIX: HTML import (don't crash on malformed or blank HTML input; strip title out of html during import)
- FIX: check if uploaded file only contains ascii chars when abiword disabled
- FIX: Plugin search in /admin/plugins
- FIX: Don't create new pad if a non-existant read-only pad is accessed
- FIX: Drop messages from unknown connections (would lead to a crash after a restart)
- FIX: API: fix createGroupFor endpoint, if mapped group is deleted
- FIX: Import form for other locales
- FIX: Don't stop processing changeset queue if there is an error
- FIX: Caret movement. Chrome detects blank rows line heights as incorrect
- FIX: allow colons in password
- FIX: Polish logging of client-side errors on the server
- FIX: Username url param
- FIX: Make start script POSIX ompatible
1.2.11
- NEW: New Hook for outer_ace dynamic css manager and author style hook
- NEW: Bump log4js for improved logging
- Fix: Remove URL schemes which don't have RFC standard
- Fix: Fix safeRun subsequent restarts issue
- Fix: Allow safeRun to pass arguements to run.sh
- Fix: Include script for more efficient import
- Fix: Fix sysv comptibile script
- Fix: Fix client side changeset spamming
- Fix: Don't crash on no-auth
- Fix: Fix some IE8 errors
- Fix: Fix authorship sanitation
1.2.10
- NEW: Broadcast slider is exposed in timeslider so plugins can interact with it
- Fix: IE issue where pads wouldn't load due to missing console from i18n
- Fix: console issue in collab client would error on cross domain embeds in IE
- Fix: Only Restart Etherpad once plugin is installed
- Fix: Only redraw lines that exist after drag and drop
- Fix: Pasting into ordered list
- Fix: Import browser detection
- Fix: 2 Part Locale Specs
- Fix: Remove language string from chat element
- Fix: Make Saved revision Star fade back out on non Top frames
- Other: Remove some cruft legacy JS from old Etherpad
- Other: Express 3.1.2 breaks sessions, set Express to 3.1.0
1.2.91
- NEW: Authors can now send custom object messages to other Authors making 3 way conversations possible. This introduces WebRTC plugin support.
- NEW: Hook for Chat Messages Allows for Desktop Notification support
- NEW: FreeBSD installation docs
- NEW: Ctrl S for save revision makes the Icon glow for a few sconds.
- NEW: Various hooks and expose the document ACE object
- NEW: Plugin page revamp makes finding and installing plugins more sane.
- NEW: Icon to enable sticky chat from the Chat box
- Fix: Cookies inside of plugins
- Fix: Don't leak event emitters when accessing admin/plugins
- Fix: Don't allow user to send messages after they have been "kicked" from a pad
- Fix: Refactor Caret navigation with Arrow and Pageup/down keys stops cursor being lost
- Fix: Long lines in Firefox now wrap properly
- Fix: Session Disconnect limit is increased from 10 to 20 to support slower restarts
- Fix: Support Node 0.10
- Fix: Log HTTP on DEBUG log level
- Fix: Server wont crash on import fails on 0 file import.
- Fix: Import no longer fails consistantly
- Fix: Language support for non existing languages
- Fix: Mobile support for chat notifications are now usable
- Fix: Re-Enable Editbar buttons on reconnect
- Fix: Clearing authorship colors no longer disconnects all clients
- Other: New debug information for sessions
1.2.9
- Fix: MAJOR Security issue, where a hacker could submit content as another user
- Fix: security issue due to unescaped user input
- Fix: Admin page at /admin redirects to /admin/ now to prevent breaking relative links
- Fix: indentation in chrome on linux
- Fix: PadUsers API endpoint
- NEW: A script to import data to all dbms
- NEW: Add authorId to chat and userlist as a data attribute
- NEW: Refactor and fix our frontend tests
- NEW: Localisation updates
1.2.81
- Fix: CtrlZ-Y for Undo Redo
- Fix: RTL functionality on contents & fix RTL/LTR tests and RTL in Safari
- Fix: Various other tests fixed in Android
1.2.8
! IMPORTANT: New setting.json value is required to automatically reconnect clients on disconnect
- NEW: Use Socket IO for rooms (allows for pads to be load balanced with sticky rooms)
- NEW: Plugins can now provide their own frontend tests
- NEW: Improved server-side logging
- NEW: Admin dashboard mobile device support and new hooks for Admin dashboard
- NEW: Get current API version from API
- NEW: CLI script to delete pads
- Fix: Automatic client reconnection on disonnect
- Fix: Text Export indentation now supports multiple indentations
- Fix: Bugfix getChatHistory API method
- Fix: Stop Chrome losing caret after paste is texted
- Fix: Make colons on end of line create 4 spaces on indent
- Fix: Stop the client disconnecting if a rev is in the wrong order
- Fix: Various server crash issues based on rev in wrong order
- Fix: Various tests
- Fix: Make indent when on middle of the line stop creating list
- Fix: Stop long strings breaking the UX by moving focus away from beginning of line
- Fix: Redis findKeys support
- Fix: padUsersCount no longer hangs server
- Fix: Issue with two part locale specs not working
- Fix: Make plugin search case insensitive
- Fix: Indentation and bullets on text export
- Fix: Resolve various warnings on dependencies during install
- Fix: Page up / Page down now works in all browsers
- Fix: Stop Opera browser inserting two new lines on enter keypress
- Fix: Stop timeslider from showing NaN on pads with only one revision
- Other: Allow timeslider tests to run and provide & fix various other frontend-tests
- Other: Begin dropping referene to Lite. Etherpad Lite is now named "Etherpad"
- Other: Update to latest jQuery
- Other: Change loading message asking user to please wait on first build
- Other: Allow etherpad to use global npm installation (Safe since node 6.3)
- Other: Better documentation for log rotation and log message handling
1.2.7
- NEW: notifications are now modularized and can be stacked
- NEW: Visit a specific revision in the timeslider by suffixing #%revNumber% IE http://localhost/p/test/timeslider#12
- NEW: Link to plugin on Admin page allows admins to easily see plugin details in a new window by clicking on the plugin name
- NEW: Automatically see plugins that require update and be able to one click update
- NEW: API endpoints for Chat .. getChatHistory, getChatHead
- NEW: API endpoint to see a pad diff in HTML format from revision x to revision y .. createPadDiffHTML
- NEW: Real time plugin search & unified menu UI for admin pages
- Fix: MAJOR issue where server could be crashed by malformed client message
- Fix: AuthorID is now included in padUsers API response
- Fix: make docs
- Fix: Timeslider UI bug with slider not being in position
- Fix: IE8 language issue where it wouldn't load pads due to IE8 suckling on the bussum of hatrid
- Fix: Import timeout issue
- Fix: Import now works if Params are set in pad URL
- Fix: Convert script
- Other: Various new language strings and update/bugfixes of others
- Other: Clean up the getParams functionality
- Other: Various new EEJS blocks: index, timeslider, html etc.
1.2.6
- Fix: Package file UeberDB reference
- New #users EEJS block for plugins
1.2.5
- Create timeslider EEJS blocks for plugins
- Allow for "more messages" to be loaded in chat
- Introduce better logging
- API endpoint for "listAllPads"
- Fix: Stop highlight of timeslider when dragging mouse
- Fix: Time Delta on Timeslider make date update properly
- Fix: Prevent empty chat messages from being sent
- Fix: checkPad script
- Fix: IE onLoad listener for i18n
1.2.4
- Fix IE console issue created in 1.2.3
- Allow CI Tests to pass by ignoring timeslider test
- Fix broken placeholders in locales
- Fix extractPadData script
- Fix documentation for checkToken
- Fix hitting enter on form in admin/plugins
1.2.3
- Fix #1307: Chrome needs console.log to be called on console obj
- Fix #1309: We had broken support for node v0.6 in the last release
1.2.2
- More translations and better language support. See https://translatewiki.net/wiki/Translating:Etherpad_lite for more details
- Add a checkToken Method to the API
- Bugfix for Internal Caching issue that was causing some 404s on images.
- Bugfix for IE Import
- Bugfix for Node 0.6 compatibility
- Bugfix for multiple cookie support
- Bugfix for API when requireAuth is enabled.
- Plugin page now shows plugin version #
- Show color of Author in Chat messages
- Allow plugin search by description
- Allow for different socket IO transports
- Allow for custom favicon path
- Control S now does Create new Revision functionality
- Focus on password when required
- Frontend Timeslider test
- Allow for basic HTML etc. import without abiword
- Native HTTPS support
1.2.1
- Allow ! in urls inside the editor (Not Pad urls)
- Allow comments in language files
- More languages (Finish, Spanish, Bengali, Dutch) Thanks to TranslateWiki.net team. See https://translatewiki.net/w/i.php?title=Special:MessageGroupStats&group=out-etherpad-lite for more details
- Bugfix for IE7/8 issue with a JS error #1186
- Bugfix windows package extraction issue and make the .zip file smaller
- Bugfix group pad API export
- Kristen Stewart is a terrible actress and Twilight sucks.
v1.2
- Internationalization / Language / Translation support (i18n) with support for German/French
- A frontend/client side testing framework and backend build tests
- Customizable robots.txt
- Customizable app title (finally you can name your epl instance!)
- eejs render arguments are now passed on to eejs hooks through the newly introduced
renderContext
argument. - Plugin-specific settings in settings.json (finally allowing for things like a google analytics plugin)
- Serve admin dashboard at /admin (still very limited, though)
- Modify your settings.json through the newly created UI at /admin/settings
- Fix: Import
- 's as
- Added solaris compatibility (bin/installDeps.sh was broken on solaris)
- Fix a bug with IE9 and Password Protected Pads using HTTPS
- We updated to express v3 (please make sure your plugin works under express v3)
userColor
URL parameter which sets the initial author color- Hooks for "padCreate", "padRemove", "padUpdate" and "padLoad" events
- Security patches concerning the handling of messages originating from clients
- Our database abstraction layer now natively supports couchDB, levelDB, mongoDB, postgres, and redis!
- We now provide a script helping you to migrate from dirtyDB to MySQL
- Support running Etherpad Lite behind IIS, using iisnode
- LibreJS Licensing information in headers of HTML templates
- Default port number to PORT env var, if port isn't specified in settings
- Fix for
convert.js
- Raise upper char limit in chat to 999 characters
- Fixes for mobile layout
- Fixes for usage behind reverse proxy
- Improved documentation
- Fixed some opera style bugs
- Update npm and fix some bugs, this introduces
- Introduced Plugin framework
- Many bugfixes
- Faster page loading
- Various UI polishes
- Saved Revisions
- Read only Real time view
- More API functionality
- Updated MySQL driver, this fixes some problems with mysql
- Fixed export,import and timeslider link when embed parameters are used
- 's and not as
- 's!
v1.1.5
v1.1
v 1.0.1