libretic/etherpad-lite
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
5438 commits 2 branches 0 tags 24 MiB
Commit graph

65 commits

Author SHA1 Message Date
ahmadine
0a0b90c4d0 referer: change referrer policy. Stop sending referers as much as possible 
Pull request with discussion: https://github.com/ether/etherpad-lite/pull/3636

What's already there:
* `meta name=referrer`: already done in 1.6.1:
  https://github.com/ether/etherpad-lite/pull/3044

  https://caniuse.com/#feat=referrer-policy
  https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-delivery-meta
  (Chrome>=78, Firefox>=70, Safari>=13, Opera>=64, ~IE[1], ~Edge[1])

The previous two commits (by @joelpurra) I backported in this batch:
* `<a rel=noreferrer>`: a pull request denied before:
  https://github.com/ether/etherpad-lite/pull/2498

  https://html.spec.whatwg.org/multipage/links.html#link-type-noreferrer
  https://developer.mozilla.org/en-US/docs/Web/HTML/Link_types
  (Firefox>=37, I can't find more info about support)

This commit adds the following:
* `<a rel="noopener">`: fixing a not-so-well-known way to extract referer
  https://html.spec.whatwg.org/multipage/links.html#link-type-noopener
  (Chrome>=49, Firefox>=52, Safari>=10.1, Opera>=36, !IE, !Edge)

* `Referrer-Policy: same-origin`: the last bastion of referrer security
  https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
  (Chrome>=61, Firefox>=52, Safari>=11.1, Opera>=48, !IE, !Edge)

meta name=referrer wasn't enough. I happened to leak a few referrers with my
Firefox browser, though for some browsers it could have been enough.

[1] IE>=11, Edge>=18 use a different syntax for meta name=referrer, making it
    most probably incompatible (but I may be wrong on that, they may support
    both, but I have no way to test it currently). The next Edge release will be
    based on Chromium, so for that the Chrome version applies.
 2019-11-25 00:05:40 +01:00
muxator
7e44dc569b changelog: mention the conditional user creation feature (now that it's fixed) 2019-11-02 23:37:59 +01:00
muxator
4f53b35bcb changelog: reflect the fact that next release will be 1.8-beta.1 
This change should have been part of 84479851fe.
 2019-11-02 23:37:01 +01:00
muxator
55fb10c685 release: prepare for 1.8.0 2019-10-19 03:42:13 +02:00
muxator
705cc6f5e4 Change everywhere the link to https://etherpad.org (it was plain http) 2019-04-16 00:54:54 +02:00
muxator
a6656102d8 CHANGELOG.md: link to https://translatewiki.net instead of plain http 2019-04-16 00:53:00 +02:00
muxator
4f0a2785da release: prepare for 1.7.5 
Written the changelog and updated package.json.
 2019-01-26 00:16:03 +01:00
muxator
4408a1e505 release: prepare for 1.7.0 
Written the changelog and updated package.json.

From now on, releases will be cut from develop, and merged directly into master.

Each release will be a tag on the master branch (e.g. 1.7.0).
A "release/1.7.0" branch will eventually be created only if/when a hotfix will
be needed.
 2018-08-17 00:18:31 +02:00
muxator
60c1036ecb
changelog: put <ol> in backticks 
Github's Markdown renderer broke the layout of the readme file.
Putting `<ol>` in backticks keeps it happy.
 2018-07-20 12:33:45 +02:00
muxator
bfec44e346 Release version 1.6.6 2018-05-05 00:53:59 +02:00
muxator
e13ae0aec5 changelog: better specified CVE description 
Previous commit was wrong.
Fixes #3372, really.
 2018-05-04 23:24:58 +02:00
muxator
10d555bc91 changelog: better specified CVE description 
fixes #3372
 2018-05-04 23:15:22 +02:00
muxator
3eb3e301a2 manually updated CHANGELOG.md 
due to createRelease.sh not catching an error from sed and continuing:
   sed: -e expression #1, char 66: unterminated `s' command
 2018-04-10 00:50:28 +02:00
John McLear
0132f4d1da Include CVE # 2018-04-07 10:13:09 +01:00
John McLear
c34350f307 Beginning to make release 2018-04-07 09:22:13 +01:00
Stefan
1e25e7fc77 Release version 1.6.3 2018-02-03 12:57:22 +01:00
Stefan (Gared)
e84c696225 Updated CHANGELOG.md 2017-11-04 17:38:59 +01:00
Jonah Duckles
fcde66050e Fix markdown H1 2017-05-30 13:34:07 +12:00
Stefan
9f51432175 Update CHANGELOG.md 2016-12-23 22:12:18 +01:00
Stefan
5ed9f2736a Add version 1.6.0 changelogs 2016-04-24 21:32:21 +02:00
Stefan
6fae670476 Release version 1.5.7 (changelog) 2015-08-05 19:25:11 +02:00
Stefan
2393ea01f0 Release version 1.5.6 2015-04-16 23:06:24 +02:00
Stefan
64d94cb346 Release version 1.5.5 2015-04-13 17:27:14 +02:00
Stefan
1b9a51c879 Release version 1.5.4 2015-04-11 10:19:02 +02:00
John McLear
fc60ddded1 changelog 2015-04-10 22:23:07 +01:00
Stefan
c0260bcc40 Add changelog for v1.5.2 2015-03-15 14:28:47 +01:00
Stefan
c80a64a379 Update CHANGELOG.md 2015-01-24 19:24:20 +01:00
John McLear
af7cd91a82 formatting 2015-01-24 15:14:19 +00:00
John McLear
e41b3ae0a3 updated CL 2015-01-24 15:13:26 +00:00
John McLear
95af55992a changelog 2015-01-01 17:13:50 +00:00
John McLear
2530bf0a86 add changelog and bump v number 2014-09-06 17:25:09 +01:00
John McLear
e23af7e439 changelog, package file and fix for redo 2014-03-26 15:44:04 +00:00
Marcel Klehr
e8c69a5474 Update changelog and bump version 2013-10-21 20:18:16 +02:00
Marcel Klehr
b9cc91e6ad Update CHANGELOG 2013-10-12 20:35:23 +02:00
Marcel Klehr
74bc2bd761 Prepare release 2013-10-12 14:16:06 +02:00
John McLear
ba1a5da76d bump and changelog 2013-06-24 13:35:17 +01:00
John McLear
4989f56673 undo avoid changeset spam as it breaks functionality 2013-04-15 14:36:25 +01:00
John McLear
2c8699506d push express back as it breaks sessions 2013-04-15 12:21:10 +01:00
John McLear
b137f301e2 MAGIQ 2013-04-11 18:34:40 +01:00
John McLear
f4123d2904 bump v and readme 2013-04-11 17:04:54 +01:00
John McLear
35d84144db changelog and package file 2013-04-04 00:59:51 +01:00
John McLear
af80e37ac7 missed this one.. 2013-03-23 15:03:56 +00:00
John McLear
ab2e805aa0 changelog 2013-03-23 14:50:00 +00:00
Marcel Klehr
54433db47f release v1.2.9 2013-03-15 21:43:29 +01:00
John McLear
0c9214bb27 bump v and changelog 2013-03-06 15:08:27 +00:00
John McLear
7f9a51e614 changelog 2013-03-05 13:33:09 +00:00
John McLear
c37875e09a update changelog 2013-02-18 19:33:31 +00:00
John McLear
fb97920163 update changelog 2013-02-18 19:32:07 +00:00
John McLear
3325aa8468 bit of info about deps 2013-02-10 21:15:00 +00:00
John McLear
d7992a1366 begin putting files together for a release 2013-02-10 21:13:51 +00:00