140d5c4b41
This fixes some security vulnerabilites, among them an arbitrary file overwrite.
The output of `npm audit` goes from this:
found 17 vulnerabilities (15 low, 2 high) in 13344 scanned packages
run `npm audit fix` to fix 6 of them.
1 vulnerability requires semver-major dependency updates.
10 vulnerabilities require manual review. See the full report for details.
To this:
found 5 vulnerabilities (3 low, 2 high) in 13370 scanned packages
1 vulnerability requires semver-major dependency updates.
4 vulnerabilities require manual review. See the full report for details.
Changelog:
- https://github.com/npm/cli/releases
6.13.4 (2019-12-11)
BUGFIXES
320ac9aee npm/bin-links#12 npm/gentle-fs#7 Do not remove global bin/man links inappropriately (@isaacs)
DEPENDENCIES
52fd21061 gentle-fs@2.3.0 (@isaacs)
d06f5c0b0 bin-links@1.1.6 (@isaacs)
6.13.3 (2019-12-09)
DEPENDENCIES
19ce061a2 bin-links@1.1.5 Properly normalize, sanitize, and verify bin entries in package.json.
59c836aae npm-packlist@1.4.7
fb4ecd7d2 pacote@9.5.11
5f33040 #476 npm/pacote#22 npm/pacote#14 fix: Do not drop perms in git when not root (isaacs, @darcyclarke)
6f229f7 sanitize and normalize package bin field (isaacs)
1743cb339 read-package-json@2.1.1
6.13.2 (2019-12-03)
BUG FIXES
4429645b3 #546 fix docs target typo (@richardlau)
867642942 #142 fix(packageRelativePath): fix 'where' for file deps (@larsgw)
d480f2c17 #527 Revert "windows: Add preliminary WSL support for npm and npx" (@craigloewen-msft)
e4b97962e #504 remove unnecessary package.json read when reading shrinkwrap (@Lighting-Jack)
1c65d26ac #501 fix(fund): open url for string shorthand (@ruyadorno)
ae7afe565 #263 Don't log error message if git tagging is disabled (@woppa684)
4c1b16f6a #182 Warn the user that it is uninstalling npm-install (@Hoidberg)
|
||
|---|---|---|
| bin | ||
| doc | ||
| src | ||
| tests | ||
| var | ||
| .dockerignore | ||
| .gitignore | ||
| .travis.yml | ||
| CHANGELOG.md | ||
| CONTRIBUTING.md | ||
| Dockerfile | ||
| LICENSE | ||
| Makefile | ||
| README.md | ||
| settings.json.docker | ||
| settings.json.template | ||
| start.bat | ||
A real-time collaborative editor for the web
About
Etherpad is a real-time collaborative editor scalable to thousands of simultaneous real time users. It provides full data export capabilities, and runs on your server, under your control.
Installation
Requirements
nodejs>= 8.9.0 (preferred:nodejs>= 10.13.0). Please note that starting Jan 1st, 2020, nodejs 8.x is deprecated.
GNU/Linux and other UNIX-like systems
Quick install on Debian/Ubuntu
curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
sudo apt install -y nodejs
git clone --branch master https://github.com/ether/etherpad-lite.git && cd etherpad-lite && bin/run.sh
Manual install
You'll need git and node.js installed (minimum required Node version: 8.9.0, preferred: >= 10.13.0).
As any user (we recommend creating a separate user called etherpad):
- Move to a folder where you want to install Etherpad. Clone the git repository:
git clone --branch master git://github.com/ether/etherpad-lite.git - Change into the new directory containing the cloned source code:
cd etherpad-lite - run
bin/run.shand open http://127.0.0.1:9001 in your browser.
To update to the latest released version, execute git pull origin. The next start with bin/run.sh will update the dependencies.
Windows
Prebuilt Windows package
This package runs on any Windows machine, but for development purposes, please do a manual install.
- Download the latest Windows package
- Extract the folder
Run start.bat and open http://localhost:9001 in your browser. You like it? Next steps.
Manually install on Windows
You'll need node.js and (optionally, though recommended) git.
- Grab the source, either
- download https://github.com/ether/etherpad-lite/zipball/master
- or
git clone --branch master https://github.com/ether/etherpad-lite.git
- start
bin\installOnWindows.bat
Now, run start.bat and open http://localhost:9001 in your browser.
Update to the latest version with git pull origin, then run bin\installOnWindows.bat, again.
If cloning to a subdirectory within another project, you may need to do the following:
- Start the server manually (e.g.
node/node_modules/ep_etherpad-lite/node/server.js) - Edit the db
filenameinsettings.jsonto the relative directory with the file (e.g.application/lib/etherpad-lite/var/dirty.db) - Add auto-generated files to the main project
.gitignore
Docker container
Find here information on running Etherpad in a container.
Next Steps
Tweak the settings
You can modify the settings in settings.json.
If you need to handle multiple settings files, you can pass the path to a settings file to bin/run.sh using the -s|--settings option: this allows you to run multiple Etherpad instances from the same installation.
Similarly, --credentials can be used to give a settings override file, --apikey to give a different APIKEY.txt file and --sessionkey to give a non-default SESSIONKEY.txt.
Each configuration parameter can also be set via an environment variable, using the syntax "${ENV_VAR}" or "${ENV_VAR:default_value}". For details, refer to settings.json.template.
Once you have access to your /admin section settings can be modified through the web browser.
If you are planning to use Etherpad in a production environment, you should use a dedicated database such as mysql, since the dirtyDB database driver is only for testing and/or development purposes.
Secure your installation
If you have enabled authentication in users section in settings.json, it is a good security practice to store hashes instead of plain text passwords in that file. This is especially advised if you are running a production installation.
Please install ep_hash_auth plugin and configure it.
If you prefer, ep_hash_auth also gives you the option of storing the users in a custom directory in the file system, without having to edit settings.json and restart Etherpad each time.
Plugins and themes
Etherpad is very customizable through plugins. Instructions for installing themes and plugins can be found in the plugin wiki article.
Helpful resources
The wiki is your one-stop resource for Tutorials and How-to's.
Documentation can be found in doc/.
Development
Things you should know
You can debug Etherpad using bin/debugRun.sh.
If you want to find out how Etherpad's Easysync works (the library that makes it really realtime), start with this PDF (complex, but worth reading).
Contributing
Read our Developer Guidelines
Get in touch
The official channel for contacting the development team is via the Github issues.
For responsible disclosure of vulnerabilities, please write a mail to the maintainer (a.mux@inwind.it).
HTTP API
Etherpad is designed to be easily embeddable and provides a HTTP API that allows your web application to manage pads, users and groups. It is recommended to use the available client implementations in order to interact with this API.
jQuery plugin
There is a jQuery plugin that helps you to embed Pads into your website.
Plugin Framework
Etherpad offers a plugin framework, allowing you to easily add your own features. By default your Etherpad is extremely light-weight and it's up to you to customize your experience. Once you have Etherpad installed you should visit the plugin page and take control.
Translations / Localizations (i18n / l10n)
Etherpad comes with translations into all languages thanks to the team at TranslateWiki.
FAQ
Visit the FAQ.