etherpad-lite

mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-22 08:26:16 -04:00

Author	SHA1	Message	Date
muxator	d555b052cb	dependencies: update npm, 6.4.1 -> 6.10.3 This was an arbitrary file overwrite vulnerability in tar. A fix in the library was available, but npm and npm-lifecycle took a while to issue updated versions. Resolves #3598. Previously reported vulnerabilities fixed by this change: $ npm audit === npm audit security report === # Run npm install npm@6.10.3 to resolve 9 vulnerabilities ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Arbitrary File Overwrite │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ tar │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ npm │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ npm > libcipm > npm-lifecycle > node-gyp > tar │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/803 │ └───────────────┴──────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Arbitrary File Overwrite │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ tar │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ npm │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ npm > npm-lifecycle > node-gyp > tar │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/803 │ └───────────────┴──────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Arbitrary File Overwrite │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ tar │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ npm │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ npm > node-gyp > tar │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/803 │ └───────────────┴──────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Arbitrary File Overwrite │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ fstream │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ npm │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ npm > libcipm > npm-lifecycle > node-gyp > fstream │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/886 │ └───────────────┴──────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Arbitrary File Overwrite │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ fstream │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ npm │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ npm > npm-lifecycle > node-gyp > fstream │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/886 │ └───────────────┴──────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Arbitrary File Overwrite │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ fstream │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ npm │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ npm > node-gyp > fstream │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/886 │ └───────────────┴──────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Arbitrary File Overwrite │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ fstream │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ npm │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ npm > libcipm > npm-lifecycle > node-gyp > tar > fstream │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/886 │ └───────────────┴──────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Arbitrary File Overwrite │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ fstream │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ npm │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ npm > npm-lifecycle > node-gyp > tar > fstream │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/886 │ └───────────────┴──────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Arbitrary File Overwrite │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ fstream │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ npm │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ npm > node-gyp > tar > fstream │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/886 │ └───────────────┴──────────────────────────────────────────────────────────────┘	2019-08-08 22:17:53 +02:00
Richlv	2c9383b69e	minor typo fix	2019-08-08 21:58:30 +02:00
translatewiki.net	df03257d9c	Localisation updates from https://translatewiki.net .	2019-08-08 20:05:35 +02:00
translatewiki.net	ea0554d70f	Localisation updates from https://translatewiki.net .	2019-08-05 12:02:28 +02:00
translatewiki.net	4e601dd03b	Localisation updates from https://translatewiki.net .	2019-08-01 18:19:57 +02:00
translatewiki.net	1845e91909	Localisation updates from https://translatewiki.net .	2019-07-29 14:23:20 +02:00
translatewiki.net	832e63c691	Localisation updates from https://translatewiki.net .	2019-07-15 20:01:25 +02:00
translatewiki.net	09d89cd74a	Localisation updates from https://translatewiki.net .	2019-07-11 17:21:48 +02:00
translatewiki.net	3d0778d9c9	Localisation updates from https://translatewiki.net .	2019-07-08 20:05:10 +02:00
translatewiki.net	9a5f42450c	Localisation updates from https://translatewiki.net .	2019-07-05 07:05:14 +02:00
translatewiki.net	04a45fbe46	Localisation updates from https://translatewiki.net .	2019-06-13 20:05:10 +02:00
translatewiki.net	2a78dcfc38	Localisation updates from https://translatewiki.net .	2019-05-27 16:37:10 +02:00
translatewiki.net	033c6a8b7a	Localisation updates from https://translatewiki.net .	2019-05-17 12:15:48 +02:00
cupcakearmy	d88726b58d	colibris: the "ok" button was misaligned in Chrome When visiting Etherpad's home page with Chrome the "ok" button was not on the same line as the pad name text box. On Firefox & Safari there was no problem. Tested on Chrome 74. Fixes #3604.	2019-05-10 09:50:25 +02:00
translatewiki.net	f2b888e3ff	Localisation updates from https://translatewiki.net .	2019-05-06 16:39:54 +02:00
muxator	fc7d639f84	dependencies: update express-session, 1.15.6 -> 1.16.1 This is a non breaking change. From the changelog (https://github.com/expressjs/session/blob/v1.16.1/HISTORY.md#1161--2019-04-11): # 1.16.1 / 2019-04-11 - Fix error passing data option to Cookie constructor - Fix uncaught error from bad session data # 1.16.0 / 2019-04-10 - Catch invalid cookie.maxAge value earlier - Deprecate setting cookie.maxAge to a Date object - Fix issue where resave: false may not save altered sessions - Remove utils-merge dependency - Use safe-buffer for improved Buffer API - Use Set-Cookie as cookie header name for compatibility - deps: depd@~2.0.0 - Replace internal eval usage with Function constructor - Use instance methods on process to check for listeners - perf: remove argument reassignment - deps: on-headers@~1.0.2 - Fix res.writeHead patch missing return value	2019-05-04 17:15:36 +02:00
muxator	1435e203a8	dependencies: update graceful-fs, 4.1.11 -> 4.11.15 Minor change, but could not easily find a changelog on https://github.com/isaacs/node-graceful-fs	2019-05-04 16:56:03 +02:00
muxator	47ad347fac	dependencies: update cookie-parser, 1.4.3 -> 1.4.4 This is a non breaking change. From the changelog (https://github.com/expressjs/cookie-parser/blob/1.4.4/HISTORY.md#144--2019-02-12): # 1.4.4 / 2019-02-12 - perf: normalize secret argument only once	2019-05-04 16:49:33 +02:00
muxator	90b288b576	dependencies: update nyc, 12.0.1 -> 14.1.0 This is just a dev dependency, so no real risks, but it's better not to scare users. Reported vulnerability before this change: $ npm audit === npm audit security report === # Run npm install --save-dev nyc@14.1.0 to resolve 1 vulnerability SEMVER WARNING: Recommended action is a potentially breaking change ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Prototype Pollution │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ handlebars │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ nyc [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ nyc > istanbul-reports > handlebars │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/755 │ └───────────────┴──────────────────────────────────────────────────────────────┘	2019-05-03 23:27:35 +02:00
translatewiki.net	a7220558d2	Localisation updates from https://translatewiki.net .	2019-05-02 18:00:18 +02:00
translatewiki.net	c9664804f1	Localisation updates from https://translatewiki.net .	2019-04-29 17:28:56 +02:00
translatewiki.net	ba9b9c9931	Localisation updates from https://translatewiki.net .	2019-04-18 16:59:41 +02:00
Tristram Gräbener	357780d573	Display the version in the web interface In the settings drop-down this adds an “About” section that also shows the commit if "exposeVersion" is set to true. Fixes #2968	2019-04-15 23:17:34 +00:00
Tristram Gräbener	28a6f505c5	Parameters: the version is exposed in http header only when configured Currently the version is exposed in a 'Server' http headers. This commit allows to parameterize it in the settings. By defaults it is not exposed. Fixes #3423	2019-04-15 23:17:34 +00:00
Tristram Gräbener	8453f07205	Chat bubble: by default hide in CSS The current behaviour is to show the chat bubble and hide if chat is disabled. Because of this, the bubble appears wrongfully for a short time. With this PR, by default it is hidden and displayed only if chat is enabled. Fixes: #3088	2019-04-15 23:14:47 +00:00
muxator	705cc6f5e4	Change everywhere the link to https://etherpad.org (it was plain http)	2019-04-16 00:54:54 +02:00
muxator	75a0f339e1	Settings.js, express.js: trivial reformatting Future commits by Tristram Gräbener will modify them.	2019-04-16 00:17:56 +02:00
muxator	dc7e49f89d	Remove trailing whitespaces Hoping to minimize future diffs. Not touching vendorized libraries.	2019-04-16 00:34:29 +02:00
translatewiki.net	1cb9c3e1ce	Localisation updates from https://translatewiki.net .	2019-04-15 17:36:10 +02:00
translatewiki.net	e3cc21e477	Localisation updates from https://translatewiki.net .	2019-04-08 16:43:29 +02:00
translatewiki.net	ae3ecf54d5	Localisation updates from https://translatewiki.net .	2019-04-04 19:59:52 +02:00
translatewiki.net	dc338c4e48	Localisation updates from https://translatewiki.net .	2019-04-01 20:26:39 +02:00
muxator	cbd393d56b	handler/PadMessageHandler.js: handleMessage() got the wrong padId for read only pads This was almost guaranteed to be broken. Found by the Typescript compiler when doing an experimental conversion.	2019-03-27 18:29:12 +01:00
muxator	c2d8ca212b	utils/Minify.js: always call statFile() with an explicit value for "dirStatLimit" In this way the only external call to statFile() provides an explicit value for "dirStatLimit", and thus the initial check on "undefined" at the start of the function could be removed (just added a comment for now).	2019-03-27 18:29:12 +01:00
muxator	cdd4978973	utils/Minify.js: removed unused parameter "next" in minify() Found by the Typescript compiler when doing an experimental conversion.	2019-03-27 18:29:12 +01:00
muxator	5d067406b1	utils/Minify.js: removed unused parameter "redirectCount" in requestURI() Found by the Typescript compiler when doing an experimental conversion.	2019-03-27 18:29:12 +01:00
muxator	b2d00ae071	db/API.js: customeError -> customError Found by the Typescript compiler when doing an experimental conversion.	2019-03-27 18:29:12 +01:00
muxator	aa5e302d99	db/API.js: missing "let" Found by the Typescript compiler when doing an experimental conversion.	2019-03-27 18:29:12 +01:00
muxator	b9e537ca4f	db/Pad.js: removed unreachable return statement Found by the Typescript compiler when doing an experimental conversion.	2019-03-27 18:29:12 +01:00
muxator	4040813447	db/Pad.js: prototype.copy(), removed redundant callback argument This would cause a crash when calling pad.remove(). Found by the Typescript compiler when doing an experimental conversion.	2019-03-27 18:29:12 +01:00
muxator	53b3328b5f	express/padreadonly.js: missing "let" Found by the Typescript compiler when doing an experimental conversion.	2019-03-27 18:29:12 +01:00
muxator	b8df6ca60c	handler/PadMessageHandler.js: shuffle around some comments No functional changes	2019-03-27 18:29:12 +01:00
translatewiki.net	7a5470c7bd	Localisation updates from https://translatewiki.net .	2019-03-25 18:58:35 +01:00
muxator	2955740a6e	Settings.js: support syntax for default values +---------------------------+---------------+------------------+ \| Configuration string in \| Value of \| Resulting confi- \| \| settings.json \| ENV_VAR \| guration value \| \|---------------------------\|---------------\|------------------\| \| "${ENV_VAR}" \| "some_string" \| "some_string" \| \| "${ENV_VAR}" \| "9001" \| 9001 \| \| "${ENV_VAR}" \| undefined \| null \| \| "${ENV_VAR:some_default}" \| "some_string" \| "some_string" \| \| "${ENV_VAR:some_default}" \| undefined \| "some_default" \| +---------------------------+---------------+------------------+ Mention this briefly in the main README.md, also. Closes #3578.	2019-03-21 23:32:08 +01:00
muxator	c3bca6506e	Settings.js: extracted into coerceValue() the logic for string -> number\|bool conversion This will be user in a later commit for implementing support for default values	2019-03-21 23:32:08 +01:00
muxator	59b1eed4a8	Settings.js: rephrased a log message	2019-03-21 23:32:08 +01:00
muxator	21ac37170e	doc: rephrase settings.json.template and Settings.js Better document current behaviour. In this revision, ENV_VAR are supported, default values are not.	2019-03-21 23:32:08 +01:00
translatewiki.net	346d823279	Localisation updates from https://translatewiki.net .	2019-03-21 10:57:28 +01:00
translatewiki.net	e4db905f3c	Localisation updates from https://translatewiki.net .	2019-03-18 08:46:50 +01:00
David Mehren	43c4fa9c2e	Await padManager.getPad in getPadLines	2019-03-16 09:07:06 +01:00

... 8 9 10 11 12 ...

3342 commits