Commit graph

73 commits

Author SHA1 Message Date
Sheogorath
dd539273fb fix(migrations): Remove unexpected shell call
This patch removes the call of `/usr/bin/env` when calling the migration
script in favour of using the processes own nodejs invocation path.

This should drop the requirement for `/usr/bin/env` to exist on a
system/in a container that runs hedgedoc.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2022-05-17 14:04:02 +02:00
David Mehren
e222225866 Drop support for Node.js 12
Signed-off-by: David Mehren <git@herrmehren.de>
2022-05-01 21:03:19 +02:00
David Mehren
680e6917af
Add warning about MariaDB charset changes to changelog
Signed-off-by: David Mehren <git@herrmehren.de>
2022-04-10 21:49:35 +02:00
David Mehren
5154598557
Update changelog for 1.9.3
Signed-off-by: David Mehren <git@herrmehren.de>
2022-04-10 21:49:23 +02:00
Erik Michelson
0093aa4783 Fix GitLab snippet export
The snippet export broke due to two reasons.
First of all, the request to GitLab fail in the
default configuration due to the CSP not being
set properly. This commit adds the configured
GitLab base url to the connect-src directives.
The second problem is a change in the GitLab API
spec. Instead of `code` and `file_name` the
GitLab API now requires an `files` array with
`content` and `file_path` entries per snippet.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2022-04-10 21:24:30 +02:00
David Mehren
e0021036ae
Fix missing inline authorship colors
The hex2rgb function seems to previously have been available globally.
It probably got lost in the great Webpack refactoring and nobody noticed
 that.

 This copies the function into its own file (to make importing it easy)
 and adds an import in index.js.

 Fixes https://github.com/hedgedoc/hedgedoc/issues/2248

Signed-off-by: David Mehren <git@herrmehren.de>
2022-04-08 12:13:37 +02:00
Tilman Vatteroth
61e092e8af Force change of aria-hidden when modal shows or hides
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2022-04-03 22:52:53 +02:00
David Mehren
101bedaecd bin/manage_users: Always treat pass argument as string
Fixes #1945

Signed-off-by: David Mehren <git@herrmehren.de>
2022-04-03 22:14:27 +02:00
Moritz Schlarb
e6fc9f01a3 Allow SAML authentication provider to be named
Using `CMD_SAML_PROVIDERNAME` and the respective auth provider objects
in the configuration structures.

Signed-off-by: Moritz Schlarb <schlarbm@uni-mainz.de>
2022-03-20 19:59:53 +01:00
Tilman Vatteroth
cc0c469c2d
Add error message to log if database cannot be reached
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2022-02-04 11:49:51 +01:00
Erik Michelson
8705c4abd1
Update tests and changelog
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2022-01-07 18:21:33 +01:00
David Mehren
a72f2455ca
Add release notes for 1.9.2
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-03 20:31:17 +01:00
David Mehren
1baf7db914
Add changelog entry
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-03 10:35:01 +01:00
Tilman Vatteroth
22ecc7bb0d
Add release notes for 1.9.1
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-02 22:14:31 +01:00
Tilman Vatteroth
d7986b1920
Refactor existing code to add the configured domain to connect-src
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2021-09-16 19:43:20 +02:00
David Mehren
ebc58a71cf
Add translators to release notes
Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-13 22:11:33 +02:00
David Mehren
07d447757a
Update release notes for 1.9.0
Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-13 22:11:33 +02:00
David Mehren
30722503c5
Update release notes for 1.9.0-rc1
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 17:55:19 +02:00
David Mehren
7729cc49a7
Drop support for MS SQL Server
Sequelize generates invalid SQL for the 'fix-enum' migration from 2018.
Since nobody has complained about this issue since then, we can just
drop support for SQL Server.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-23 17:45:45 +02:00
Erik Michelson
2c180517fd
Add changelog snippet
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2021-08-18 22:59:13 +02:00
David Mehren
a865ed0822
Merge pull request #1538 from hedgedoc/fix/secure_cookies 2021-08-15 00:42:52 +02:00
David Mehren
832f3522b3
Add new CSP config options to release notes
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-15 00:22:31 +02:00
David Mehren
7b00a59661
Set secure flag for non-session cookies
This adds the secure flag to all cookies that are set
in the frontend for storing various settings.
If `SameSite=none` is set (like when embedding the instance is allowed),
 the `secure` flag is necessary to set any cookie.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-15 00:08:31 +02:00
David Mehren
b8c3703c2f
Fix endless loop on shutdown when DB can't be reached
The shutdown handler calls `checkAllNotesRevision` on a 100 ms
interval. If the database connection is broken, this will return
an error. Previously, this error was effectively ignored and resulted
in an endless loop printing out the error message every 100 ms.

This improves the error handling by terminating the process with a
nonzero exit code when an error was encountered 30 times. The loop
interval is also increased to 200 ms, giving the database 6 seconds
total time to recover in case of intermittent issues.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-14 23:47:26 +02:00
David Mehren
4ad5c705c4
Add changelog entry for DB auto-reconnect
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-14 22:23:26 +02:00
David Mehren
b719ce79db
Fix crash while getting current git commit
HedgeDoc crashed with
`uncaughtException: ENOENT: no such file or directory`
on startup, when `.git/ref/heads` did not contain
a file for the current branch. This seems to happen
regularly with current Git versions.

This fixes the crash by first trying to use the `git` executable for
getting the current commit SHA (before running our own parsing code)
and introducing a separate check to prevent accessing a nonexistent
file in `.git/ref/heads`.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-14 16:08:55 +02:00
David Mehren
0c6482abc5
Add release notes for CSP changes
Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 22:57:12 +02:00
David Mehren
81d73b2db9
Add release notes for 1.8.2
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-11 21:28:10 +02:00
David Mehren
3e836d815b
Fix typo in release notes
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-06 22:37:47 +02:00
David Mehren
1b1b328d49
Add release notes for 1.8.1
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-06 22:24:02 +02:00
David Mehren
2c12feb127
Fix 1.8.0 changelog
CVE-2021-29475 has been fixed since
HedgeDoc 1.5.0, instead of 1.6.0

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-06 21:34:30 +02:00
David Mehren
30a91b6fd7
Add release notes for 1.8.0
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-03 22:26:08 +02:00
David Mehren
0bf97f30c4
Add changelog for 1.8.0-rc1
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-26 21:45:31 +02:00
David Mehren
e4c8f869f0
Add translators to the list of contributors for 1.8.0-rc1
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-26 21:42:06 +02:00
David Mehren
2faf5b6974
Merge pull request #1150 from hedgedoc/feature/prometheus_metrics 2021-04-25 20:34:03 +02:00
David Mehren
c8e2117452
Merge pull request #1167 from hedgedoc/maintenance/master/remove_node_10 2021-04-25 20:10:46 +02:00
David Mehren
cbe7b03b59
Document new Prometheus endpoint
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-25 20:06:56 +02:00
David Mehren
e1df30bd5c
Raise minimum required Node.js version to 12
As Node 10 will be EOL at April 30th, we should stop supporting
and/or promoting the usage of that version.

See also https://endoflife.date/nodejs

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-22 22:52:38 +02:00
Philip Molares
049ac32cc9 Changelog: Mention removal of node-imgur
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-22 22:51:41 +02:00
David Mehren
73a83f3ed6
Add release notes entry for #969
Signed-off-by: David Mehren <git@herrmehren.de>
2021-03-06 10:35:34 +01:00
David Mehren
e9d4587344
Bump version to 1.7.2
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-15 20:37:30 +01:00
David Mehren
5b3d62e494
Fix typo in release notes
Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-27 21:21:12 +01:00
David Mehren
7d2c433b1b
Bump version to 1.7.1
Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-27 20:54:39 +01:00
David Mehren
687fdf20cd
Add note about X-Forwarded-Proto to 1.7.0 release notes
This header needs to be set correctly if the reverse proxy terminates TLS, otherwise we don't send cookies.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-21 21:35:49 +01:00
David Mehren
e7409b265c
Merge release notes of 1.7.0-rc1 and rc2 into 1.7.0
Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-21 21:28:53 +01:00
David Mehren
81e463250d
Release 1.7.0-rc2
Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-02 23:15:56 +01:00
David Mehren
461e48e25b
Changelog for 1.7.0-rc1
Signed-off-by: David Mehren <git@herrmehren.de>
2020-11-29 17:23:30 +01:00
oupala
2f462f90d4 style: linting markdown files
Linting markdown files according to default remark-lint configuration.

Files inside the `public` directory were not linted.

Signed-off-by: oupala <oupala@users.noreply.github.com>
2020-07-10 18:57:59 +02:00
Sheogorath
8ce7b28563
Release version 1.6.0
Thanks for all contributions, this community is awesome.
2020-02-18 00:17:48 +01:00
Sheogorath
9c1665ae5b
Release version 1.5.0 2019-08-15 23:30:37 +02:00