For the first time in a VERY long time, we now have exactly 0 vulnerabilities
reported by npm audit.
=====
BEFORE:
$ npm audit
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
[...]
found 4 low severity vulnerabilities in 13796 scanned packages
4 vulnerabilities require manual review. See the full report for details.
=====
AFTER:
$ npm audit
=== npm audit security report ===
found 0 vulnerabilities
in 13796 scanned packages
This is an old bug: after an import there were always two iframes with
duplicated content, and the last one was simply on top of the old one.
This bug was there since forever, and became evident when the layout was
migrated to Flexbox.
Before this change, we simply generated an error.
For example:
- if the browser sent 'ru-RU', but Etherpad has 'ru' available, select 'ru';
- if the browser sent 'zh', but we have 'zh-hans' available, use 'zh-hans'.
Fixes#3882.
"token" is a random token representing the author, of the form
t.randomstring_of_lenght_20. The random string is generated by the client. The
cookie is used for every pad in the web UI, and is not used for HTTP API.
This comes from the discussion at https://github.com/ether/etherpad-lite/issues/3563
This change is needed because in 1.8.3 we are going to introduce Markdown tables
in the documentation (#3873 and #3921), and the old marked version did not
support generating them.
Instead of committing the marked source code here, we live install from npm if
needed via the Makefile.
n.b.: at the time of this change, marked latest version is 1.0.0, released a few
days ago. I am updating to the version immediately before that (0.8.2),
because in 1.0.0 the hyperlinks in the Table of Contents do not work
(probably a bug in that version).
It's not much, but these images will hopefully be downloaded many times. The
smaller they are, the lowest the latency will be.
Command:
optipng {etherpad_basic.png,etherpad_full_features.png}
BEFORE:
$ du -sch *.png
16K etherpad_basic.png
104K etherpad_full_features.png
120K total
AFTER:
$ du -sch *.png
12K etherpad_basic.png
92K etherpad_full_features.png
104K total
Removing git-objects, which are not needed, from final docker image, to make it
smaller. Some files still need to be there, because Etherpad at startup uses
them to discover its version number.
In this way, if the browser sends a list of preferred languages via
Accept-Language HTTP header, Etherpad will honor that.
Before this change, Etherpad always forced on the user the language from
padOptions.lang in settings.json.
This reverts a feature that was introduced in 295672f598.
In this way, we also gain an explicit place for the default setting (still not
filled in).
No functional changes.
This is in preparation of a future commit by Paul Tiedke.
If Etherpad is hosted on Windows the frontend test URI needs to be
/tests/frontend/index.html (docs say .../frontend/), otherwise there is this
error: ERR_TOO_MANY_REDIRECTS.
Fixes#3804.
The server is fine with atext.text being an empty string, but the front end is
not, and crashes.
It is not clear if this is a problem in the server or in the client code, and
this is a client-side hack fix. The underlying problem needs to be
investigated.
See for reference:
- https://github.com/ether/etherpad-lite/issues/3861