SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for etherpad-lite-2.1.1-lp156.3.1.x86_64.rpm :

* Thu Jul 25 2024 Georg Pfuetzenreuter - Facilitate AbiWord in AppArmor profile
* Wed Jul 24 2024 Georg Pfuetzenreuter - Add AppArmor profile (confine application)- Set PrivateTmp (avoid user uploads in system wide /tmp)- Restart service on failure (5 attempts, useful if a remote database is not ready)
* Fri Jul 19 2024 Georg Pfuetzenreuter - Update to 2.1.1:
* Fixed: Fallback to websocket and polling when unknown(old) config is present for socket io
* Fixed: Next page disabled if zero page by AATTsamyakj023
* On CTRL+CLICK bring the window back to focus by Helder Sepulveda
* Fixed random websocket disconnects!
* Sat Jul 06 2024 Georg Pfuetzenreuter - Refactor setup logic
* Sat Jul 06 2024 Georg Pfuetzenreuter - Bundle new admin panel
* Sat Jun 22 2024 Georg Pfuetzenreuter - Update to 2.1.0:
* Added PWA support. You can now add your Etherpad instance to your home screen on your mobile device or desktop.
* Fixed live plugin manager versions clashing. Thanks to AATTyacchin1205
* Fixed a bug in the pad panel where pagination was not working correctly when sorting by pad name
* Reintroduced APIKey.txt support. You can now switch between APIKey and OAuth2.0 authentication. This can be toggled with the setting authenticationMethod. The default is OAuth2. If you want to use the APIKey method you can set that to apikey.- From 2.0.3:
* Added documentation for replacing apikeys with oauth2
* Bumped live plugin manager to 0.20.0. Thanks to AATTfgreinacher
* Added better documentation for using docker-compose with Etherpad- From 2.0.2:
* Fixed the locale loading in the admin panel
* Added OAuth2.0 support for the Etherpad API. You can now log in into the Etherpad API with your admin user using OAuth2- From 2.0.1:
* Fixed a bug where a plugin depending on a scoped dependency would not install successfully.- From 2.0.0:
* Socket io has been updated to 4.7.5. This means that the json.send function won\'t work anymore and needs to be changed to .emit(\'message\', myObj)
* Deprecating npm version 6 in favor of pnpm: We have made the decision to switch to the well established pnpm (https://pnpm.io/). It works by symlinking dependencies into a global directory allowing you to have a cleaner and more reliable environment.
* Introducing Typescript to the Etherpad core: Etherpad core logic has been rewritten in Typescript allowing for compiler checking of errors.
* Rewritten Admin Panel: The Admin panel has been rewritten in React and now features a more pleasant user experience. It now also features an integrated pad searching with sorting functionality.
* Live Plugin Manager: The live plugin manager caused problems when a plugin had depdendencies defined. This issue is now resolved.- Refactor patches:
* etherpad-lite_default_config.patch
* etherpad-lite_move_autogenerated_key_files_to_var.patch (+ cover more APIKEY.txt occurrences)
* etherpad-lite_avoid_getGitCommit_call.patch- Consolidate and update packaging instructions- No longer rebuild NodeJS (unsatisfied dependencies)- Require pnpm (required for plugins)- Run in production mode
* Wed Feb 21 2024 ecsos - Comment out: - Environment=NODE_PG_FORCE_NATIVE=1 With enabled etherpad does not start. - Restart=always When exist an error, etherpad restarts in a continuous loop.- Add %{buildroot}%{install_dir}/var. Without that etherpad does not run.- Add and %{install_dir}/plugin_packages Without that etherpad will break when add plugins.
* Sun Feb 11 2024 Georg Pfuetzenreuter - Switch user/group handling to sysusers
* Tue Feb 06 2024 Lars Vogdt - update to 1.9.7 + Added Live Plugin Manager: Plugins are now installed into a separate folder on the host system. This folder is called plugin_packages. + That way the plugins are separated from the normal etherpad installation. + Make repairPad.js more verbose + Fixed favicon not being loaded correctly- update vendor tarball
* Tue Dec 26 2023 Lars Vogdt - update to 1.9.6 + Prevent etherpad crash when update server is not reachable + Use npmAATT6 in Docker build + Fix setting the log level in settings.json- update vendor tarball
* Wed Dec 13 2023 Lars Vogdt - update to 1.9.5 Compability changes
* This version deprecates NodeJS16 as it reached its end of life and won\'t receive any updates. So to get started with Etherpad v1.9.5 you need NodeJS 18 and above. + The bundled windows NodeJS version has been bumped to the current LTS version 20. Notable enhancements and fixes
* The support for the tidy program to tidy up HTML files has been removed. This decision was made because it hasn\'t been updated for years and also caused an incompability when exporting a pad with Abiword.
* Wed Nov 08 2023 Lars Vogdt - update to 1.9.4
* Log4js has been updated to the latest version. As it involved a bump of 6 major version a lot has changed since then. Most notably the console appender has been deprecated.
* Fix for MySQL: The logger calls were incorrectly configured leading to a crash when e.g. somebody uses a different encoding than standard MySQL encoding.- recompile node-gyp python code to avoid inconsistent mtimes in the bytecode- update vendor tarball
* Fri Oct 06 2023 larsAATTlinux-schulserver.de - 1.9.3- update to 1.9.3 Compability changes
* express-rate-limit has been bumped to 7.0.0: This involves the breaking change that \"max: 0\" in the importExportRateLimiting is set to always trigger. So set it to your desired value. If you haven\'t changed that value in the settings.json you are all set. Notable enhancements and fixes
* Bugfixes + Fix etherpad crashing with mongodb database
* Enhancements + Add surrealdb database support. You can find out more about this database here. + Make sqlite faster: The sqlite library has been switched to better-sqlite3. This should lead to better performance.
* Tue Aug 22 2023 larsAATTlinux-schulserver.de - 1.9.2- Update to 1.9.2 Notable enhancements and fixes + Security o Enable session key rotation: This setting can be enabled in the settings.json. It changes the signing key for the cookie authentication in a fixed interval. + Bugfixes o Fix appendRevision when creating a new pad via the API without a text. + Enhancements o Bump JQuery to version 3.7 o Update elasticsearch connector to version 8 Compatibility changes + No compability changes as JQuery maintains excellent backwards compatibility. For plugin authors + Please update to JQuery 3.7. There is an excellent deprecation guide over here. Version 3.1 to 3.7 are relevant for the upgrade.- refreshed patches: + etherpad-lite_avoid_getGitCommit_call.patch + etherpad-lite_default_config.patch + etherpad-lite_move_autogenerated_key_files_to_var.patch- adjusted rpmlintrc (removed unused entries): + devel-file-in-non-devel-package + files-duplicated-waste + pem-certificate
* Mon Jul 03 2023 larsAATTlinux-schulserver.de - 1.9.1- Update to 1.9.1 Notable enhancements and fixes + Security o Limit requested revisions in timeslider and export to head revision. + Bugfixes o revisions in CHANGESET_REQ (timeslider) and export (txt, html, custom) are now checked to be numbers. o bump sql for audit fix + Enhancements o Add keybinding meta-backspace to delete to beginning of line o Fix automatic Windows build via GitHub Actions o Enable docs to be build cross platform thanks to asciidoctor Compatibility changes + tests: drop windows 7 test coverage & use chrome latest for admin tests + Require Node 16 for Etherpad and target Node 20 for testing
* Thu Jun 22 2023 larsAATTlinux-schulserver.de - 1.9.0- Update to 1.9.0 + Improvements to login session management: o express_sid cookies and sessionstorage:
* database records are no longer created unless requireAuthentication is true (or a plugin causes them to be created). o Login sessions now have a finite lifetime by default (10 days after leaving). o sessionstorage:
* database records are automatically deleted when the login session expires (with some exceptions that will be fixed in the future). o Requests for static content (e.g., /robots.txt) and special pages (e.g., the HTTP API, /stats) no longer create login session state. + The following settings from settings.json are now applied as expected (they were unintentionally ignored before): o padOptions.lang o padOptions.showChat o padOptions.userColor o padOptions.userName + HTTP API: o Fixed the return value of getText when called with a specific revision. o Fixed a potential attribute pool corruption bug with copyPadWithoutHistory. o Mappings created by createGroupIfNotExistsFor are now removed from the database when the group is deleted. o Fixed race conditions in the setText, appendText, and restoreRevision functions. o Added an optional authorId parameter to appendText, copyPadWithoutHistory, createGroupPad, createPad, restoreRevision, setHTML, and setText, and bumped the latest API version to 1.3.0. + Fixed a crash if the database is busy enough to cause a query timeout. + New /health endpoint for getting information about Etherpad\'s health (see draft-inadarei-api-health-check-06). + Docker now uses the new /health endpoint for health checks, which avoids issues when authentication is enabled. It also avoids the unnecessary creation of database records for managing browser sessions. + When copying a pad, the pad\'s records are copied in batches to avoid database timeouts with large pads. + Exporting a large pad to .etherpad format should be faster thanks to bulk database record fetches. + When importing an .etherpad file, records are now saved to the database in batches to avoid database timeouts with large pads. For plugin authors + New expressPreSession server-side hook. + Pad server-side hook changes: o padCheck: New hook. o padCopy: New srcPad and dstPad context properties. o padDefaultContent: New hook. o padRemove: New pad context property. + The db property on Pad objects is now public. + New getAuthorId server-side hook. + New APIs for processing attributes: ep_etherpad-lite/static/js/attributes (low-level API) and ep_etherpad-lite/static/js/AttributeMap (high-level API). + The import server-side hook has a new ImportError context property. + New exportEtherpad and importEtherpad server-side hooks. + The handleMessageSecurity and handleMessage server-side hooks have a new sessionInfo context property that includes the user\'s author ID, the pad ID, and whether the user only has read-only access. + The handleMessageSecurity server-side hook can now be used to grant write access for the current message only. + The init_ server-side hooks have a new logger context property that plugins can use to log messages. + Prevent infinite loop when exiting the server Bump dependencies Compatibility changes + Node.js v14.15.0 or later is now required. + The default login session expiration (applicable if requireAuthentication is true) changed from never to 10 days after the user leaves. For plugin authors + The client context property for the handleMessageSecurity and handleMessage server-side hooks is deprecated; use the socket context property instead. + Pad server-side hook changes: o padCopy: The originalPad context property is deprecated; use srcPad instead. The destinationID context property is deprecated; use dstPad.id instead. o padCreate: The author context property is deprecated; use the new authorId context property instead. Also, the hook now runs asynchronously. o padLoad: Now runs when a temporary Pad object is created during import. Also, it now runs asynchronously. o padRemove: The padID context property is deprecated; use pad.id instead. o padUpdate: The author context property is deprecated; use the new authorId context property instead. Also, the hook now runs asynchronously. + Returning true from a handleMessageSecurity hook function is deprecated; return \'permitOnce\' instead. + Changes to the src/static/js/Changeset.js library: o The following attribute processing functions are deprecated (use the new attribute APIs instead): - attribsAttributeValue() - eachAttribNumber() - makeAttribsString() - opAttributeValue() - opIterator(): Deprecated in favor of the new deserializeOps() generator function. - appendATextToAssembler(): Deprecated in favor of the new opsFromAText() generator function. - newOp(): Deprecated in favor of the new Op class. + The AuthorManager.getAuthor4Token() function is deprecated; use the new AuthorManager.getAuthorId() function instead. + The exported database records covered by the exportEtherpadAdditionalContent server-side hook now include keys like ${customPrefix}:${padId}:
*, not just ${customPrefix}:${padId}. + Plugin locales should overwrite core\'s locales Stale + Plugin locales overwrite core locales- updated vendor tarball
* Mon May 09 2022 larsAATTlinux-schulserver.de - 1.8.18- Update to 1.8.18 + Upgraded ueberDB to fix a regression with CouchDB (#5532)- updated vendor tarball
* Mon Mar 14 2022 ecsos - Update to 1.8.17
* Security fixes - Fixed a vunlerability in the CHANGESET_REQ message handler that allowed a user with any access to read any pad if the pad ID is known.
* Notable enhancements and fixes - Fixed a bug that caused all pad edit messages received at the server to go through a single queue. Now there is a separate queue per pad as intended, which should reduce message processing latency when many pads are active at the same time.
* Mon Dec 20 2021 ecsos - Enable patch0, patch1, patch2 angain. Without patch0 etherpad-lite can not be start.- Refresh,fix and extend patch0: default_config.patch- Fix some rpmlint errors.- Add filter in rpmlintrc and delete unused filter suse-
*, because of Tumbleweed build error.
* Fri Dec 03 2021 larsAATTlinux-schulserver.de - 1.8.16- update to 1.8.16 Security fixes + Maliciously crafted .etherpad files can no longer overwrite arbitrary non-pad database records when imported. + Imported .etherpad files are now subject to numerous consistency checks before any records are written to the database. This should help avoid denial-of-service attacks via imports of malformed .etherpad files. + Fixed leak of the writable pad ID when exporting from the pad\'s read-only ID. This only matters if you treat the writeable pad IDs as secret (e.g., you are not using ep_padlist2) and you share the pad\'s read-only ID with untrusted users. Instead of treating writeable pad IDs as secret, you are encouraged to take advantage of Etherpad\'s authentication and authorization mechanisms (e.g., use ep_openid_connect with ep_readonly_guest, or write your own authentication and authorization plugins). + Updated dependencies. Notable enhancements and fixes + Fixed several .etherpad import bugs. + Improved support for large .etherpad imports. + Accessibility fix for JAWS screen readers. + Fixed \"clear authorship\" error (see issue #5128). + Etherpad now considers square brackets to be valid URL characters. + The server no longer crashes if an exception is thrown while processing a message from a client. + The useMonospaceFontGlobal setting now works (thanks AATTLastpixl!). + Chat improvements: - The message input field is now a text area, allowing multi-line messages (use shift-enter to insert a newline). - Whitespace in chat messages is now preserved. + Worked around a Firefox Content Security Policy bug that caused CSP failures when \'self\' was in the CSP header. See issue #4975 for details. + UeberDB upgraded from v1.4.10 to v1.4.18. For details, see the ueberDB changelog. Highlights: - The postgrespool driver was renamed to postgres, replacing the old driver of that name. If you used the old postgres driver, you may see an increase in the number of database connections. - For postgres, you can now set the dbSettings value in settings.json to a connection string (e.g., \"postgres://user:passwordAATThost/dbname\") instead of an object. - For mongodb, the dbName setting was renamed to database (but dbName still works for backwards compatibility) and is now optional (if unset, the database name in url is used). + /admin/settings now honors the --settings command-line argument. + Fixed \"Author X tried to submit changes as author Y\" detection. + Error message display improvements. + Simplified pad reload after importing an .etherpad file. Compatibility changes + The logconfig setting is deprecated.- refreshed the following patches: + etherpad-lite_avoid_getGitCommit_call.patch + etherpad-lite_default_config.patch + etherpad-lite_move_autogenerated_key_files_to_var.patch
* Mon Jul 05 2021 larsAATTlinux-schulserver.de - 1.8.14- update to 1.8.14 Security fixes + Fixed a persistent XSS vulnerability in the Chat component. Compatibility changes + Node.js v12.13.0 or later is now required. + The favicon setting is now interpreted as a pathname to a favicon file, not a URL. Please see the documentation comment in settings.json.template. + The undocumented faviconPad and faviconTimeslider settings have been removed. + MySQL/MariaDB now uses connection pooling, which means you will see up to 10 connections to the MySQL/MariaDB server (by default) instead of 1. This might cause Etherpad to crash with a \"ER_CON_COUNT_ERROR: Too many connections\" error if your server is configured with a low connection limit. + Changes to environment variable substitution in settings.json (see the documentation comments in settings.json.template for details) + An environment variable set to the string \"null\" now becomes null instead of the string \"null\". Similarly, if the environment variable is unset and the default value is \"null\" (e.g., \"${UNSET_VAR:null}\"), the value now becomes null instead of the string \"null\". It is no longer possible to produce the string \"null\" via environment variable substitution. + An environment variable set to the string \"undefined\" now causes the setting to be removed instead of set to the string \"undefined\". Similarly, if the environment variable is unset and the default value is \"undefined\" (e.g., \"${UNSET_VAR:undefined}\"), the setting is now removed instead of set to the string \"undefined\". It is no longer possible to produce the string \"undefined\" via environment variable substitution. + Support for unset variables without a default value is now deprecated. Please change all instances of \"${FOO}\" in your settings.json to ${FOO:null} to keep the current behavior. + The DB_
* variable substitutions in settings.json.docker that previously defaulted to null now default to \"undefined\". + Calling next without argument when using Changeset.opIterator does always return a new Op. See b9753dc for details. Notable enhancements and fixes + MySQL/MariaDB now uses connection pooling, which should improve stability and reduce latency. + Bulk database writes are now retried individually on write failure. + Minify: Avoid crash due to unhandled Promise rejection if stat fails. + padIds are now included in /socket.io query string, e.g. https://video.etherpad.com/socket.io/?padId=AWESOME&EIO=3&transport=websocket&t=...&sid=.... This is useful for directing pads to separate socket.io nodes. +