etherpad-lite

Author	SHA1	Message	Date
muxator	4e758a9f4a	settings: better explain that no default value is very different from '' If environment variable PASSW is not defined, the following would be very different: "password": "${PASSW}" // would result in password === null "password": "${PASSW:}" // would result in password === '' This characteristic will be used in the next commit, when we will use it to discard a user if his password were null (and in turn use it for docker containerization). No functional changes.	2019-10-19 00:34:00 +02:00
muxator	1cc6838772	settings: reformat settings.json.template, in preparation for next commits No functional changes.	2019-10-10 20:25:34 +02:00
aaron-costello	5879037ddc	security: support for clean & safe error handling on IE 11 Added pad_utils sanitization for clean and safe error handling on browsers that do not encode the path of the URL. Edited by muxator based on https://github.com/ether/etherpad-lite/pull/3647, to be able to apply the patch on develop (the PR was for master), and perform minor cleanups (mainly spurious statements). Closes #3647.	2019-10-18 21:00:11 +01:00
translatewiki.net	c65c5f17aa	Localisation updates from https://translatewiki.net .	2019-10-14 17:20:29 +02:00
Stefan Schwarz	070a5fd74f	remove npm cache from image	2019-10-08 19:51:11 +02:00
Stefan Schwarz	a9a3bf9bd2	use buster slim	2019-10-08 19:51:11 +02:00
muxator	5eb60cef01	jQuery: update vendored version (1.9.1 -> 1.12.4) The vendored jquery version was 1.9.1 from 2013-02-04. Let's replace it with the most recent one from the 1.x branch (1.12.4 from 2016-05-20). The modification in rjquery.js is needed because recent jQuery versions changed their behaviour, and do not set themselves on the global window object. See: https://github.com/parcel-bundler/parcel/issues/333#issuecomment-357882648 This will be the lastest jQuery 1.x version ever, because 1.x branch is definitively EOLed (see https://github.com/jquery/jquery.com/issues/162). This is a stopgap measure to get the latest security fixes. Going forward, another strategy will be needed. Closes #3640	2019-09-16 22:55:53 +02:00
translatewiki.net	b3d8f857b7	Localisation updates from https://translatewiki.net .	2019-09-16 18:48:33 +02:00
translatewiki.net	506f4775cc	Localisation updates from https://translatewiki.net .	2019-09-12 15:55:45 +02:00
translatewiki.net	a98cfe33de	Localisation updates from https://translatewiki.net .	2019-09-06 06:47:40 +02:00
Moritz Jordan	0a8e32563b	Fix Unicode bug in HTML export	2019-08-12 00:41:17 +02:00
muxator	161a38efd2	dependencies: update wd, 1.11.1 -> 1.11.3 This is a dev dependency, so no real risks, but it's better not to scare users. Previously reported vulnerabilities fixed by this change: $ npm audit === npm audit security report === # Run npm install --save-dev wd@1.11.3 to resolve 1 vulnerability ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Prototype Pollution │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ lodash │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ wd [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ wd > lodash │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/1065 │ └───────────────┴──────────────────────────────────────────────────────────────┘ # Run npm update lodash --depth 3 to resolve 1 vulnerability ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Prototype Pollution │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ lodash │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ wd [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ wd > async > lodash │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/1065 │ └───────────────┴──────────────────────────────────────────────────────────────┘	2019-08-08 22:29:58 +02:00
muxator	d555b052cb	dependencies: update npm, 6.4.1 -> 6.10.3 This was an arbitrary file overwrite vulnerability in tar. A fix in the library was available, but npm and npm-lifecycle took a while to issue updated versions. Resolves #3598. Previously reported vulnerabilities fixed by this change: $ npm audit === npm audit security report === # Run npm install npm@6.10.3 to resolve 9 vulnerabilities ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Arbitrary File Overwrite │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ tar │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ npm │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ npm > libcipm > npm-lifecycle > node-gyp > tar │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/803 │ └───────────────┴──────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Arbitrary File Overwrite │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ tar │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ npm │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ npm > npm-lifecycle > node-gyp > tar │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/803 │ └───────────────┴──────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Arbitrary File Overwrite │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ tar │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ npm │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ npm > node-gyp > tar │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/803 │ └───────────────┴──────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Arbitrary File Overwrite │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ fstream │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ npm │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ npm > libcipm > npm-lifecycle > node-gyp > fstream │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/886 │ └───────────────┴──────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Arbitrary File Overwrite │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ fstream │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ npm │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ npm > npm-lifecycle > node-gyp > fstream │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/886 │ └───────────────┴──────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Arbitrary File Overwrite │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ fstream │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ npm │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ npm > node-gyp > fstream │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/886 │ └───────────────┴──────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Arbitrary File Overwrite │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ fstream │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ npm │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ npm > libcipm > npm-lifecycle > node-gyp > tar > fstream │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/886 │ └───────────────┴──────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Arbitrary File Overwrite │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ fstream │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ npm │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ npm > npm-lifecycle > node-gyp > tar > fstream │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/886 │ └───────────────┴──────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Arbitrary File Overwrite │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ fstream │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ npm │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ npm > node-gyp > tar > fstream │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/886 │ └───────────────┴──────────────────────────────────────────────────────────────┘	2019-08-08 22:17:53 +02:00
Richlv	2c9383b69e	minor typo fix	2019-08-08 21:58:30 +02:00
Lars Olafsen	1789129b35	NODE_ENV controls run-time behaviour, thus needs to be set by ENV	2019-08-08 21:53:47 +02:00
translatewiki.net	df03257d9c	Localisation updates from https://translatewiki.net .	2019-08-08 20:05:35 +02:00
translatewiki.net	ea0554d70f	Localisation updates from https://translatewiki.net .	2019-08-05 12:02:28 +02:00
translatewiki.net	4e601dd03b	Localisation updates from https://translatewiki.net .	2019-08-01 18:19:57 +02:00
translatewiki.net	1845e91909	Localisation updates from https://translatewiki.net .	2019-07-29 14:23:20 +02:00
muxator	4582f9daeb	docker: support including plugins in custom builds. This commit introduces the support for the ETHERPAD_PLUGINS build parameter, which contains a list of plugins to be installed while building the container. EXAMPLE: docker build --build-arg ETHERPAD_PLUGINS="ep_codepad ep_author_neat" --tag <YOUR_USERNAME>/etherpad . Resolves #3618.	2019-07-16 14:14:34 +02:00
muxator	b5ac653cbc	docker: reorganized the README, same infos This is in preparation for the next commit, which will introduce support for custom builds with plugins.	2019-07-16 14:14:34 +02:00
muxator	e8e2284884	docker: move WORKDIR as on top as possible. WORKDIR is also valid at build time, thus it makes sense to move it as towards the top as possible. This will come in hand in the next commits, when we will introduce support for installing plugins while building the container. Source: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#workdir [...] you should use WORKDIR instead of proliferating instructions like RUN cd … && do-something, which are hard to read, troubleshoot, and maintain.	2019-07-16 14:14:34 +02:00
translatewiki.net	832e63c691	Localisation updates from https://translatewiki.net .	2019-07-15 20:01:25 +02:00
translatewiki.net	09d89cd74a	Localisation updates from https://translatewiki.net .	2019-07-11 17:21:48 +02:00
translatewiki.net	3d0778d9c9	Localisation updates from https://translatewiki.net .	2019-07-08 20:05:10 +02:00
translatewiki.net	9a5f42450c	Localisation updates from https://translatewiki.net .	2019-07-05 07:05:14 +02:00
translatewiki.net	04a45fbe46	Localisation updates from https://translatewiki.net .	2019-06-13 20:05:10 +02:00
translatewiki.net	2a78dcfc38	Localisation updates from https://translatewiki.net .	2019-05-27 16:37:10 +02:00
translatewiki.net	033c6a8b7a	Localisation updates from https://translatewiki.net .	2019-05-17 12:15:48 +02:00
cupcakearmy	d88726b58d	colibris: the "ok" button was misaligned in Chrome When visiting Etherpad's home page with Chrome the "ok" button was not on the same line as the pad name text box. On Firefox & Safari there was no problem. Tested on Chrome 74. Fixes #3604.	2019-05-10 09:50:25 +02:00
translatewiki.net	f2b888e3ff	Localisation updates from https://translatewiki.net .	2019-05-06 16:39:54 +02:00
muxator	fc7d639f84	dependencies: update express-session, 1.15.6 -> 1.16.1 This is a non breaking change. From the changelog (https://github.com/expressjs/session/blob/v1.16.1/HISTORY.md#1161--2019-04-11): # 1.16.1 / 2019-04-11 - Fix error passing data option to Cookie constructor - Fix uncaught error from bad session data # 1.16.0 / 2019-04-10 - Catch invalid cookie.maxAge value earlier - Deprecate setting cookie.maxAge to a Date object - Fix issue where resave: false may not save altered sessions - Remove utils-merge dependency - Use safe-buffer for improved Buffer API - Use Set-Cookie as cookie header name for compatibility - deps: depd@~2.0.0 - Replace internal eval usage with Function constructor - Use instance methods on process to check for listeners - perf: remove argument reassignment - deps: on-headers@~1.0.2 - Fix res.writeHead patch missing return value	2019-05-04 17:15:36 +02:00
muxator	1435e203a8	dependencies: update graceful-fs, 4.1.11 -> 4.11.15 Minor change, but could not easily find a changelog on https://github.com/isaacs/node-graceful-fs	2019-05-04 16:56:03 +02:00
muxator	47ad347fac	dependencies: update cookie-parser, 1.4.3 -> 1.4.4 This is a non breaking change. From the changelog (https://github.com/expressjs/cookie-parser/blob/1.4.4/HISTORY.md#144--2019-02-12): # 1.4.4 / 2019-02-12 - perf: normalize secret argument only once	2019-05-04 16:49:33 +02:00
muxator	90b288b576	dependencies: update nyc, 12.0.1 -> 14.1.0 This is just a dev dependency, so no real risks, but it's better not to scare users. Reported vulnerability before this change: $ npm audit === npm audit security report === # Run npm install --save-dev nyc@14.1.0 to resolve 1 vulnerability SEMVER WARNING: Recommended action is a potentially breaking change ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Prototype Pollution │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ handlebars │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ nyc [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ nyc > istanbul-reports > handlebars │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/755 │ └───────────────┴──────────────────────────────────────────────────────────────┘	2019-05-03 23:27:35 +02:00
translatewiki.net	a7220558d2	Localisation updates from https://translatewiki.net .	2019-05-02 18:00:18 +02:00
translatewiki.net	c9664804f1	Localisation updates from https://translatewiki.net .	2019-04-29 17:28:56 +02:00
translatewiki.net	ba9b9c9931	Localisation updates from https://translatewiki.net .	2019-04-18 16:59:41 +02:00
Tristram Gräbener	357780d573	Display the version in the web interface In the settings drop-down this adds an “About” section that also shows the commit if "exposeVersion" is set to true. Fixes #2968	2019-04-15 23:17:34 +00:00
Tristram Gräbener	28a6f505c5	Parameters: the version is exposed in http header only when configured Currently the version is exposed in a 'Server' http headers. This commit allows to parameterize it in the settings. By defaults it is not exposed. Fixes #3423	2019-04-15 23:17:34 +00:00
Tristram Gräbener	8453f07205	Chat bubble: by default hide in CSS The current behaviour is to show the chat bubble and hide if chat is disabled. Because of this, the bubble appears wrongfully for a short time. With this PR, by default it is hidden and displayed only if chat is enabled. Fixes: #3088	2019-04-15 23:14:47 +00:00
muxator	705cc6f5e4	Change everywhere the link to https://etherpad.org (it was plain http)	2019-04-16 00:54:54 +02:00
muxator	a6656102d8	CHANGELOG.md: link to https://translatewiki.net instead of plain http	2019-04-16 00:53:00 +02:00
muxator	75a0f339e1	Settings.js, express.js: trivial reformatting Future commits by Tristram Gräbener will modify them.	2019-04-16 00:17:56 +02:00
muxator	dc7e49f89d	Remove trailing whitespaces Hoping to minimize future diffs. Not touching vendorized libraries.	2019-04-16 00:34:29 +02:00
translatewiki.net	1cb9c3e1ce	Localisation updates from https://translatewiki.net .	2019-04-15 17:36:10 +02:00
translatewiki.net	e3cc21e477	Localisation updates from https://translatewiki.net .	2019-04-08 16:43:29 +02:00
translatewiki.net	ae3ecf54d5	Localisation updates from https://translatewiki.net .	2019-04-04 19:59:52 +02:00
translatewiki.net	dc338c4e48	Localisation updates from https://translatewiki.net .	2019-04-01 20:26:39 +02:00
Samuel Lelièvre	aca1640fdf	Fix typos in docker/Dockerfile Fix "one" -> "done", and add missing closing parenthesis.	2019-04-01 12:28:14 +02:00

1 2 3 4 5 ...

5396 commits