HedgeDoc - Ideas grow better together
Find a file
Sheogorath a2522888b2
Remove PDF export
As we already decleared in earlier versions, this patch removes PDF
export entirely. It's a not acceptable security risk for every CodiMD
instance.

The current implementation allowed to extract arbitary files from the
CodiMD host and therefore leaking secrets from a `/etc/passwd` to
CodiMD's own config files and all secrets contained in it.

Thanks to Joona for finding this vulnerability in August last year,
which lead to an emergency disabling of PDF exports in 1.5.0.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-26 15:05:54 +01:00
bin heroku complains about dialect 2020-01-11 23:51:52 +01:00
docs Remove PDF export 2020-02-26 15:05:54 +01:00
lib Remove PDF export 2020-02-26 15:05:54 +01:00
locales Update sv.json (POEditor.com) 2020-02-17 00:01:08 +01:00
public Remove PDF export 2020-02-26 15:05:54 +01:00
test Update RevealJS to version 3.9.2 2020-02-01 12:53:15 +01:00
.babelrc drop node 6 support 2019-05-13 19:37:21 +02:00
.editorconfig specifying the locale jsons to be in the exact style of poeditor should cut down on unneccessary changes ('churn') 2019-04-04 12:31:38 +02:00
.eslintignore switching to eslint for code checking 2018-11-14 23:15:36 +01:00
.eslintrc.js Add no-console as a warning 2019-05-12 20:15:46 +02:00
.gitignore Ignore the build directory from git 2020-02-24 15:46:22 +01:00
.mailmap
.sequelizerc.example
.travis.yml Remove Tests for EOL node version 8 2020-02-16 23:41:28 +01:00
app.json Remove PDF export 2020-02-26 15:05:54 +01:00
AUTHORS
CHANGELOG.md integrating information from the old wiki 2019-04-01 01:03:36 +02:00
CODE_OF_CONDUCT.md moving code of conduct into its own file for better discoverability 2019-04-01 01:26:42 +02:00
config.json.example Remove mattermost integration 2020-02-25 14:33:30 +01:00
CONTRIBUTING.md Move DCO into docs section 2019-06-10 17:35:36 +02:00
LICENSE Fix LICENSE content 2019-03-31 03:27:12 +02:00
package.json Remove PDF export 2020-02-26 15:05:54 +01:00
README.md Remove mattermost integration 2020-02-25 14:33:30 +01:00
SECURITY.md Add security note to repository 2019-09-10 14:11:23 +02:00
tsconfig.json TypeScript: Tighten configs to improve type validation 2020-02-24 16:19:17 +01:00
webpack.common.js Add typescript dependency & tsconfig.json 2020-02-24 15:08:20 +01:00
webpack.dev.js Use webpack-merge. 2018-10-10 22:09:46 +02:00
webpack.htmlexport.js Fix urlPath support, let CodiMD be served from a subpath correctly 2019-12-20 12:03:16 +01:00
webpack.prod.js Fix urlPath support, let CodiMD be served from a subpath correctly 2019-12-20 12:03:16 +01:00
yarn.lock Update yarn.lock 2020-02-24 15:10:14 +01:00

CodiMD

#CodiMD on matrix.org build status version POEditor Mastodon

CodiMD lets you create real-time collaborative markdown notes. You can test-drive it by visiting our CodiMD demo server.

It is inspired by Hackpad, Etherpad and similar collaborative editors. This project originated with the team at HackMD and now forked into its own organisation. A longer writeup can be read in the history doc.

CodiMD 1.3.2 with its feature demonstration page open

Community and Contributions

We welcome contributions! There's a lot to do: If you would like to report bugs, the issue tracker is the right place. If you can help translating, find us on POEditor. To get started developing, take a look at the docs/dev directory. In any case: come talk to us, we'll be delighted to help you with the first steps.

To stay up to date with our work or get support it's recommended to join our Matrix channel, stop by our community forums or subscribe to the release feed. We also engage in regular community calls (RSS) which you are very welcome to join.

Installation / Upgrading

You can run CodiMD in a number of ways, and we created setup instructions for all of these:

If you do not wish to run your own setup, you can find a commercial offering at https://hackmd.io. This is not the same codebase as this one, but it is a very similar project.

Configuration

Theres two main ways to configure your CodiMD instance: Config file or environment variables. You can choose what works best for you.

CodiMD can integrate with

  • facebook, twitter, github, gitlab, dropbox, google, ldap, saml and oauth2 for login
  • imgur, s3, minio, azure for image/attachment storage (files can also be local!)
  • dropbox for export and import

More info about that can be found in the configuration docs above.

Browser support

To use CodiMD, your browser should match or exceed these versions:

  • Chrome Chrome >= 47, Chrome Chrome for Android >= 47
  • Safari Safari >= 9, iOS Safarai iOS Safari >= 8.4
  • Firefox Firefox >= 44
  • IE IE >= 9, Edge Edge >= 12
  • Opera Opera >= 34, Opera Mini Opera Mini not supported
  • Android Browser Android Browser >= 4.4

Our community has created related tools, we'd like to highlight codimd-cli which lets you use CodiMD from the comfort of your command line.

License

Licensed under AGPLv3. For our list of contributors, see AUTHORS.