homelab/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2026-06-23 04:10:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,588 Commits 64 Branches 56 Tags
master
Commit Graph

4588 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Will Hawkins 179719473c Minor Typos in Configuration Documentation 
Fix minor typos in Configuration documentation to improve readability.

Signed-off-by: Will Hawkins <whh8b@obs.cr>
 2026-06-23 00:13:32 +02:00
Philip Molares e0351704c9 docs(release-checklist): add improvments from the 1.11.0 release 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2026-06-19 00:13:47 +02:00
Erik Michelson f115b2d084 fix(views): fail-safe opengraph tag HTML rendering 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
1.11.0 		2026-06-18 23:56:45 +02:00
Erik Michelson 4007201575 chore(deps): update lockfile 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-06-18 23:56:45 +02:00
Erik Michelson fe15adaf31 chore(release): bump version, update release notes, update authors 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-06-18 23:56:45 +02:00
Erik Michelson c489497e45 refactor(frontmatter): constrain frontmatter object after parsing 
This change removes the meta-marked dependency which solely was
used for extracting the frontmatter, which is possible as well
with one function. Furthermore, this introduces constraints to
objects resulting from frontmatter parsing and enforces them in
order to prevent attacks like a yaml bomb (massive alias expansion).
This change should resolve a possible DoS attack.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-06-18 23:56:45 +02:00
Erik Michelson fbd7307f16 fix(gist-export): validate OAuth2 state and redirect URI 
The state of the OAuth2 response was not verified.
In theory an attacker could use this to extract the contents of a note.

Co-authored-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-06-18 23:56:45 +02:00
Erik Michelson dd40a6c04b fix(auth): sanitize email addresses 
Previously, maliciously crafted email addresses
could be used to sneak HTML code into the HedgeDoc
editor, since HedgeDoc uses the local part of the
address as a display name for users.
We're now sanitizing this using DOMPurify.

Co-authored-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-06-18 23:56:45 +02:00
renovate[bot] 291b9d592d chore(deps): update linters to v7.3.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-06-18 23:10:06 +02:00
renovate[bot] 16d426704f chore(deps): update test packages to v11.7.6 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-06-18 23:09:32 +02:00
renovate[bot] 209391c7fc chore(deps): pin dependencies 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-06-18 23:01:54 +02:00
Erik Michelson e9a2c514dd fix(ci): include node version in yarn cache 
The dependency set may differ between node versions.
This fixed caching makes it harder for version-specific deps and
might introduce bugs therefore. We now include the node version
in the cache key.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-06-18 23:00:01 +02:00
Erik Michelson 6676d640ba revert: chore(deps): update yarn monorepo to v4.17.0" 
This reverts commit 71a4d19a83.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-06-18 22:54:54 +02:00
renovate[bot] 71a4d19a83 chore(deps): update yarn monorepo to v4.17.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-06-18 22:13:45 +02:00
renovate[bot] d80f26be9a fix(deps): update dependency helmet to v8.2.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-06-18 22:00:52 +02:00
renovate[bot] 1851f34d3f fix(deps): update dependency body-parser to v2.3.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-06-18 21:58:14 +02:00
renovate[bot] 32b433fa62 chore(deps): update dependency esbuild-loader to v4.5.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-06-18 21:57:16 +02:00
renovate[bot] 865e5b4180 fix(deps): update dependency pg to v8.21.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-06-18 21:51:05 +02:00
renovate[bot] b940b52e71 chore(deps): update actions/checkout action to v7 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-06-18 21:50:25 +02:00
renovate[bot] f443e5bbd4 chore(deps): update dependency pymdown-extensions to v10.21.3 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-06-18 21:50:12 +02:00
renovate[bot] be6273ec8f fix(deps): update dependency dompurify to v3.4.11 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-06-18 21:49:36 +02:00
renovate[bot] 528530ebf3 fix(deps): update dependency morgan to v1.11.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-06-18 21:48:22 +02:00
renovate[bot] 0de5c5c1a9 fix(deps): update dependency express to v4.22.2 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-06-18 21:47:17 +02:00
renovate[bot] 86e20c9c48 fix(deps): update dependency nanoid to v3.3.13 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-06-18 21:44:01 +02:00
renovate[bot] 8046666943 fix(deps): update dependency uuid to v11.1.1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-06-18 21:41:15 +02:00
renovate[bot] 7783aa7cc5 fix(deps): update dependency express-rate-limit to v8.5.2 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-06-18 21:40:46 +02:00
renovate[bot] 8b9463358d chore(deps): update dependency less to v4.6.6 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-06-18 21:36:00 +02:00
renovate[bot] 72b3696af5 chore(deps): update dependency js-cookie to v3.0.8 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-06-18 21:31:06 +02:00
renovate[bot] 07505cdd61 chore(deps): update actions/checkout action to v6.0.3 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-06-18 21:30:19 +02:00
Philip Molares 8891d75baa feat(rate-limit): add more config options 
Allow the admin to specify the rate-limits for user signup / login
Allow the admin to specify if Cloudflare specific rate-limit functionality should be used or not

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2026-06-17 21:08:07 +02:00
Philip Molares d7c1e45814 refactor(docs): fix links 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2026-06-17 19:35:24 +02:00
Philip Molares 523cb8ea1f chore(changelog): changes to config.json.example 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2026-06-17 19:35:24 +02:00
Philip Molares 1fb904a137 feat(docs): add production ready page 
This page explains what you need to consider and configure to make your HedgeDoc instance production ready.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2026-06-17 19:35:24 +02:00
Philip Molares c77676faee refactor(config): improve config.json.example 
Remove all the unnecessary config options, we know have a docs website for quite some time, we don't need this to document options.
Add some sane defaults in regard to anonymous usage and stats

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2026-06-17 19:35:24 +02:00
Philip Molares f1070734b1 refactor(docs): move media guides 
The media guides should also live in their own folder like the auth guides do as well

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2026-06-17 19:35:24 +02:00
Erik Michelson 814271dc0b feat(editor): add external link warning page 
A malicious user could modify a valid looking link (for example of the editor UI)
to point to a malicous site, by using overlays and CSS. Since CSS should stay
enabled, we need to make the user aware of possible risks when leaving the
HedgeDoc instance, in order to protect them from credential-theft.

This commit adds a new interstitial page for external links, that shows the
target URL and asks the user, whether they really want to continue.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-06-10 20:15:09 +02:00
renovate[bot] fa00e34635 chore(deps): update dependency abcjs to v6.6.3 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-06-09 19:30:55 +02:00
renovate[bot] c145549af4 fix(deps): update dependency mysql2 to v3.22.5 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-06-09 11:41:01 +02:00
지지 ᚠד (Jiji Freya Daniel) Maslowski 193446daed docs(setup): note that the FreeBSD port is unmaintained 
Signed-off-by: 지지 ᚠד (Jiji Freya Daniel) Maslowski <info@orangecms.org>
 2026-05-30 11:10:30 +02:00
renovate[bot] cc9194bfca fix(deps): update dependency dompurify to v3.4.2
Build & run tests / Node 18 (push) Has been cancelled
Build & run tests / Node 20 (push) Has been cancelled
Build & run tests / Node 22 (push) Has been cancelled
Build & run tests / Node 24 (push) Has been cancelled
Lint / Lint files (push) Has been cancelled
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-05-05 14:15:41 +02:00
renovate[bot] 2abfdb9628 chore(deps): update actions/setup-node action to v6.4.0
Build & run tests / Node 18 (push) Has been cancelled
Build & run tests / Node 20 (push) Has been cancelled
Build & run tests / Node 22 (push) Has been cancelled
Build & run tests / Node 24 (push) Has been cancelled
Lint / Lint files (push) Has been cancelled
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-04-29 19:12:50 +02:00
Mathias Kende 03775f0f80 docs(auth): update authelia configuration guide (#6465)
Build & run tests / Node 18 (push) Has been cancelled
Build & run tests / Node 20 (push) Has been cancelled
Build & run tests / Node 22 (push) Has been cancelled
Build & run tests / Node 24 (push) Has been cancelled
Lint / Lint files (push) Has been cancelled
 2026-04-16 10:24:58 +02:00
Erik Michelson f0f0b3a3b4 docs(release): update checklist with minor fixes 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-04-16 10:21:45 +02:00
Erik Michelson b09975a3ba chore(build): success message + executable bit for ot build script
Build & run tests / Node 18 (push) Has been cancelled
Build & run tests / Node 20 (push) Has been cancelled
Build & run tests / Node 22 (push) Has been cancelled
Build & run tests / Node 24 (push) Has been cancelled
Lint / Lint files (push) Has been cancelled
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
1.10.8 		2026-04-15 21:35:05 +02:00
Erik Michelson 8b00b6419c chore(release): update AUTHORS and release notes 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-04-15 21:35:05 +02:00
Erik Michelson 20de73bb65 chore(release): bump version to 1.10.8 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-04-15 21:35:05 +02:00
renovate[bot] bb32d61a7e chore(deps): lock file maintenance
Build & run tests / Node 18 (push) Has been cancelled
Build & run tests / Node 20 (push) Has been cancelled
Build & run tests / Node 22 (push) Has been cancelled
Build & run tests / Node 24 (push) Has been cancelled
Lint / Lint files (push) Has been cancelled
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-04-15 20:32:54 +02:00
renovate[bot] 325c659e4b chore(deps): update actions/cache action to v5.0.5 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-04-15 20:23:40 +02:00
renovate[bot] 0b27277612 chore(deps): update dependency turndown to v7.2.4 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-04-15 20:23:29 +02:00
renovate[bot] 5123f3b57d fix(deps): update dependency connect-session-sequelize to v8.0.6 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-04-15 20:22:01 +02:00