muxator
d555b052cb
dependencies: update npm, 6.4.1 -> 6.10.3
...
This was an arbitrary file overwrite vulnerability in tar. A fix in the library
was available, but npm and npm-lifecycle took a while to issue updated versions.
Resolves #3598 .
Previously reported vulnerabilities fixed by this change:
$ npm audit
=== npm audit security report ===
# Run npm install npm@6.10.3 to resolve 9 vulnerabilities
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Arbitrary File Overwrite │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ tar │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ npm > libcipm > npm-lifecycle > node-gyp > tar │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/803 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Arbitrary File Overwrite │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ tar │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ npm > npm-lifecycle > node-gyp > tar │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/803 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Arbitrary File Overwrite │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ tar │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ npm > node-gyp > tar │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/803 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Arbitrary File Overwrite │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ fstream │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ npm > libcipm > npm-lifecycle > node-gyp > fstream │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/886 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Arbitrary File Overwrite │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ fstream │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ npm > npm-lifecycle > node-gyp > fstream │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/886 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Arbitrary File Overwrite │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ fstream │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ npm > node-gyp > fstream │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/886 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Arbitrary File Overwrite │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ fstream │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ npm > libcipm > npm-lifecycle > node-gyp > tar > fstream │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/886 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Arbitrary File Overwrite │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ fstream │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ npm > npm-lifecycle > node-gyp > tar > fstream │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/886 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Arbitrary File Overwrite │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ fstream │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ npm > node-gyp > tar > fstream │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/886 │
└───────────────┴──────────────────────────────────────────────────────────────┘
2019-08-08 22:17:53 +02:00
Richlv
2c9383b69e
minor typo fix
2019-08-08 21:58:30 +02:00
Lars Olafsen
1789129b35
NODE_ENV controls run-time behaviour, thus needs to be set by ENV
2019-08-08 21:53:47 +02:00
translatewiki.net
df03257d9c
Localisation updates from https://translatewiki.net .
2019-08-08 20:05:35 +02:00
translatewiki.net
ea0554d70f
Localisation updates from https://translatewiki.net .
2019-08-05 12:02:28 +02:00
translatewiki.net
4e601dd03b
Localisation updates from https://translatewiki.net .
2019-08-01 18:19:57 +02:00
translatewiki.net
1845e91909
Localisation updates from https://translatewiki.net .
2019-07-29 14:23:20 +02:00
muxator
4582f9daeb
docker: support including plugins in custom builds.
...
This commit introduces the support for the ETHERPAD_PLUGINS build parameter,
which contains a list of plugins to be installed while building the container.
EXAMPLE:
docker build --build-arg ETHERPAD_PLUGINS="ep_codepad ep_author_neat" --tag <YOUR_USERNAME>/etherpad .
Resolves #3618 .
2019-07-16 14:14:34 +02:00
muxator
b5ac653cbc
docker: reorganized the README, same infos
...
This is in preparation for the next commit, which will introduce support for
custom builds with plugins.
2019-07-16 14:14:34 +02:00
muxator
e8e2284884
docker: move WORKDIR as on top as possible.
...
WORKDIR is also valid at build time, thus it makes sense to move it as towards
the top as possible.
This will come in hand in the next commits, when we will introduce support for
installing plugins while building the container.
Source: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#workdir
[...] you should use WORKDIR instead of proliferating instructions like
RUN cd … && do-something,
which are hard to read, troubleshoot, and maintain.
2019-07-16 14:14:34 +02:00
translatewiki.net
832e63c691
Localisation updates from https://translatewiki.net .
2019-07-15 20:01:25 +02:00
translatewiki.net
09d89cd74a
Localisation updates from https://translatewiki.net .
2019-07-11 17:21:48 +02:00
translatewiki.net
3d0778d9c9
Localisation updates from https://translatewiki.net .
2019-07-08 20:05:10 +02:00
translatewiki.net
9a5f42450c
Localisation updates from https://translatewiki.net .
2019-07-05 07:05:14 +02:00
translatewiki.net
04a45fbe46
Localisation updates from https://translatewiki.net .
2019-06-13 20:05:10 +02:00
translatewiki.net
2a78dcfc38
Localisation updates from https://translatewiki.net .
2019-05-27 16:37:10 +02:00
translatewiki.net
033c6a8b7a
Localisation updates from https://translatewiki.net .
2019-05-17 12:15:48 +02:00
cupcakearmy
d88726b58d
colibris: the "ok" button was misaligned in Chrome
...
When visiting Etherpad's home page with Chrome the "ok" button was not on the
same line as the pad name text box. On Firefox & Safari there was no problem.
Tested on Chrome 74.
Fixes #3604 .
2019-05-10 09:50:25 +02:00
translatewiki.net
f2b888e3ff
Localisation updates from https://translatewiki.net .
2019-05-06 16:39:54 +02:00
muxator
fc7d639f84
dependencies: update express-session, 1.15.6 -> 1.16.1
...
This is a non breaking change.
From the changelog (https://github.com/expressjs/session/blob/v1.16.1/HISTORY.md#1161--2019-04-11 ):
# 1.16.1 / 2019-04-11
- Fix error passing data option to Cookie constructor
- Fix uncaught error from bad session data
# 1.16.0 / 2019-04-10
- Catch invalid cookie.maxAge value earlier
- Deprecate setting cookie.maxAge to a Date object
- Fix issue where resave: false may not save altered sessions
- Remove utils-merge dependency
- Use safe-buffer for improved Buffer API
- Use Set-Cookie as cookie header name for compatibility
- deps: depd@~2.0.0
- Replace internal eval usage with Function constructor
- Use instance methods on process to check for listeners
- perf: remove argument reassignment
- deps: on-headers@~1.0.2
- Fix res.writeHead patch missing return value
2019-05-04 17:15:36 +02:00
muxator
1435e203a8
dependencies: update graceful-fs, 4.1.11 -> 4.11.15
...
Minor change, but could not easily find a changelog on
https://github.com/isaacs/node-graceful-fs
2019-05-04 16:56:03 +02:00
muxator
47ad347fac
dependencies: update cookie-parser, 1.4.3 -> 1.4.4
...
This is a non breaking change.
From the changelog (https://github.com/expressjs/cookie-parser/blob/1.4.4/HISTORY.md#144--2019-02-12 ):
# 1.4.4 / 2019-02-12
- perf: normalize secret argument only once
2019-05-04 16:49:33 +02:00
muxator
90b288b576
dependencies: update nyc, 12.0.1 -> 14.1.0
...
This is just a dev dependency, so no real risks, but it's better not to scare
users.
Reported vulnerability before this change:
$ npm audit
=== npm audit security report ===
# Run npm install --save-dev nyc@14.1.0 to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ handlebars │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ nyc [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ nyc > istanbul-reports > handlebars │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/755 │
└───────────────┴──────────────────────────────────────────────────────────────┘
2019-05-03 23:27:35 +02:00
translatewiki.net
a7220558d2
Localisation updates from https://translatewiki.net .
2019-05-02 18:00:18 +02:00
translatewiki.net
c9664804f1
Localisation updates from https://translatewiki.net .
2019-04-29 17:28:56 +02:00
translatewiki.net
ba9b9c9931
Localisation updates from https://translatewiki.net .
2019-04-18 16:59:41 +02:00
Tristram Gräbener
357780d573
Display the version in the web interface
...
In the settings drop-down this adds an “About” section that also shows
the commit if "exposeVersion" is set to true.
Fixes #2968
2019-04-15 23:17:34 +00:00
Tristram Gräbener
28a6f505c5
Parameters: the version is exposed in http header only when configured
...
Currently the version is exposed in a 'Server' http headers.
This commit allows to parameterize it in the settings. By defaults it is
not exposed.
Fixes #3423
2019-04-15 23:17:34 +00:00
Tristram Gräbener
8453f07205
Chat bubble: by default hide in CSS
...
The current behaviour is to show the chat bubble and hide if chat is
disabled.
Because of this, the bubble appears wrongfully for a short time.
With this PR, by default it is hidden and displayed only if chat is
enabled.
Fixes : #3088
2019-04-15 23:14:47 +00:00
muxator
705cc6f5e4
Change everywhere the link to https://etherpad.org (it was plain http)
2019-04-16 00:54:54 +02:00
muxator
a6656102d8
CHANGELOG.md: link to https://translatewiki.net instead of plain http
2019-04-16 00:53:00 +02:00
muxator
75a0f339e1
Settings.js, express.js: trivial reformatting
...
Future commits by Tristram Gräbener will modify them.
2019-04-16 00:17:56 +02:00
muxator
dc7e49f89d
Remove trailing whitespaces
...
Hoping to minimize future diffs. Not touching vendorized libraries.
2019-04-16 00:34:29 +02:00
translatewiki.net
1cb9c3e1ce
Localisation updates from https://translatewiki.net .
2019-04-15 17:36:10 +02:00
translatewiki.net
e3cc21e477
Localisation updates from https://translatewiki.net .
2019-04-08 16:43:29 +02:00
translatewiki.net
ae3ecf54d5
Localisation updates from https://translatewiki.net .
2019-04-04 19:59:52 +02:00
translatewiki.net
dc338c4e48
Localisation updates from https://translatewiki.net .
2019-04-01 20:26:39 +02:00
Samuel Lelièvre
aca1640fdf
Fix typos in docker/Dockerfile
...
Fix "one" -> "done", and add missing closing parenthesis.
2019-04-01 12:28:14 +02:00
Adrien le Maire
c1321f5b14
remove devdeps from prod builds
2019-03-29 17:52:06 +01:00
muxator
cbd393d56b
handler/PadMessageHandler.js: handleMessage() got the wrong padId for read only pads
...
This was almost guaranteed to be broken.
Found by the Typescript compiler when doing an experimental conversion.
2019-03-27 18:29:12 +01:00
muxator
c2d8ca212b
utils/Minify.js: always call statFile() with an explicit value for "dirStatLimit"
...
In this way the only external call to statFile() provides an explicit value for
"dirStatLimit", and thus the initial check on "undefined" at the start of the
function could be removed (just added a comment for now).
2019-03-27 18:29:12 +01:00
muxator
cdd4978973
utils/Minify.js: removed unused parameter "next" in minify()
...
Found by the Typescript compiler when doing an experimental conversion.
2019-03-27 18:29:12 +01:00
muxator
5d067406b1
utils/Minify.js: removed unused parameter "redirectCount" in requestURI()
...
Found by the Typescript compiler when doing an experimental conversion.
2019-03-27 18:29:12 +01:00
muxator
b2d00ae071
db/API.js: customeError -> customError
...
Found by the Typescript compiler when doing an experimental conversion.
2019-03-27 18:29:12 +01:00
muxator
aa5e302d99
db/API.js: missing "let"
...
Found by the Typescript compiler when doing an experimental conversion.
2019-03-27 18:29:12 +01:00
muxator
b9e537ca4f
db/Pad.js: removed unreachable return statement
...
Found by the Typescript compiler when doing an experimental conversion.
2019-03-27 18:29:12 +01:00
muxator
4040813447
db/Pad.js: prototype.copy(), removed redundant callback argument
...
This would cause a crash when calling pad.remove().
Found by the Typescript compiler when doing an experimental conversion.
2019-03-27 18:29:12 +01:00
muxator
53b3328b5f
express/padreadonly.js: missing "let"
...
Found by the Typescript compiler when doing an experimental conversion.
2019-03-27 18:29:12 +01:00
muxator
b8df6ca60c
handler/PadMessageHandler.js: shuffle around some comments
...
No functional changes
2019-03-27 18:29:12 +01:00
translatewiki.net
7a5470c7bd
Localisation updates from https://translatewiki.net .
2019-03-25 18:58:35 +01:00