Skip to content

Commit

Permalink
Merge branch 'develop'
Browse files Browse the repository at this point in the history
  • Loading branch information
webzwo0i committed Jul 4, 2021
2 parents 5db0c8d + a634bd8 commit 571b37b
Show file tree
Hide file tree
Showing 138 changed files with 4,652 additions and 3,809 deletions.
1 change: 1 addition & 0 deletions .github/stale.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ exemptLabels:
- Black hole bug
- Special case Bug
- Upstream bug
- Feature Request
# Label to use when marking an issue as stale
staleLabel: wontfix
# Comment to post when marking an issue as stale. Set to `false` to disable
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/backend-tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
strategy:
fail-fast: false
matrix:
node: [10, 12, 14, 15]
node: [12, 14, 16]

steps:
- name: Checkout repository
Expand Down Expand Up @@ -50,7 +50,7 @@ jobs:
strategy:
fail-fast: false
matrix:
node: [10, 12, 14, 15]
node: [12, 14, 16]

steps:
- name: Checkout repository
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/frontend-admin-tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jobs:
strategy:
fail-fast: false
matrix:
node: [10, 12, 14, 15]
node: [12, 14, 16]

steps:
- name: Generate Sauce Labs strings
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: "In-place git pull from master"
name: "Upgrade from latest release"

# any branch is useful for testing before a PR is submitted
on: [push, pull_request]
Expand All @@ -16,10 +16,10 @@ jobs:
strategy:
fail-fast: false
matrix:
node: [10, 12, 14, 15]
node: [12, 14, 16]

steps:
- name: Checkout master repository
- name: Check out latest release
uses: actions/checkout@v2
with:
ref: master
Expand Down Expand Up @@ -60,10 +60,18 @@ jobs:
- name: Run the backend tests
run: cd src && npm test

- name: Git fetch
run: git fetch
# Because actions/checkout@v2 is called with "ref: master" and without
# "fetch-depth: 0", the local clone does not have the ${GITHUB_SHA} commit.
# Fetch ${GITHUB_REF} to get the ${GITHUB_SHA} commit. Note that a plain
# "git fetch" only fetches "normal" references (refs/heads/* and
# refs/tags/*), and for pull requests none of the normal references include
# ${GITHUB_SHA}, so we have to explicitly tell Git to fetch ${GITHUB_REF}.
- name: Fetch the new Git commits
run: git fetch --depth=1 origin "${GITHUB_REF}"

- name: Checkout this branch over master
- name: Upgrade to the new Git revision
# For pull requests, ${GITHUB_SHA} is the automatically generated merge
# commit that merges the PR's source branch to its destination branch.
run: git checkout "${GITHUB_SHA}"

- name: Install all dependencies and symlink for ep_etherpad-lite
Expand Down
61 changes: 60 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,9 +1,68 @@
# 1.8.14

### Security fixes

* Fixed a persistent XSS vulnerability in the Chat component. In case you can't
update to 1.8.14 directly, we strongly recommend to cherry-pick
a7968115581e20ef47a533e030f59f830486bdfa. Thanks to sonarsource for the
professional disclosure.

### Compatibility changes

* Node.js v12.13.0 or later is now required.
* The `favicon` setting is now interpreted as a pathname to a favicon file, not
a URL. Please see the documentation comment in `settings.json.template`.
* The undocumented `faviconPad` and `faviconTimeslider` settings have been
removed.
* MySQL/MariaDB now uses connection pooling, which means you will see up to 10
connections to the MySQL/MariaDB server (by default) instead of 1. This might
cause Etherpad to crash with a "ER_CON_COUNT_ERROR: Too many connections"
error if your server is configured with a low connection limit.
* Changes to environment variable substitution in `settings.json` (see the
documentation comments in `settings.json.template` for details):
* An environment variable set to the string "null" now becomes `null` instead
of the string "null". Similarly, if the environment variable is unset and
the default value is "null" (e.g., `"${UNSET_VAR:null}"`), the value now
becomes `null` instead of the string "null". It is no longer possible to
produce the string "null" via environment variable substitution.
* An environment variable set to the string "undefined" now causes the setting
to be removed instead of set to the string "undefined". Similarly, if the
environment variable is unset and the default value is "undefined" (e.g.,
`"${UNSET_VAR:undefined}"`), the setting is now removed instead of set to
the string "undefined". It is no longer possible to produce the string
"undefined" via environment variable substitution.
* Support for unset variables without a default value is now deprecated.
Please change all instances of `"${FOO}"` in your `settings.json` to
`${FOO:null}` to keep the current behavior.
* The `DB_*` variable substitutions in `settings.json.docker` that previously
defaulted to `null` now default to "undefined".
* Calling `next` without argument when using `Changeset.opIterator` does always
return a new Op. See b9753dcc7156d8471a5aa5b6c9b85af47f630aa8 for details.

### Notable enhancements and fixes

* MySQL/MariaDB now uses connection pooling, which should improve stability and
reduce latency.
* Bulk database writes are now retried individually on write failure.
* Minify: Avoid crash due to unhandled Promise rejection if stat fails.
* padIds are now included in /socket.io query string, e.g.
`https://video.etherpad.com/socket.io/?padId=AWESOME&EIO=3&transport=websocket&t=...&sid=...`.
This is useful for directing pads to separate socket.io nodes.
* <script> elements added via aceInitInnerdocbodyHead hook are now executed.
* Fix read only pad access with authentication.
* Await more db writes.
* Disabled wtfnode dump by default.
* Send `USER_NEWINFO` messages on reconnect.
* Fixed loading in a hidden iframe.
* Fixed a race condition with composition. (Thanks @ingoncalves for an exceptionally
detailed analysis and @rhansen for the fix.)

# 1.8.13

### Notable fixes

* Fixed a bug in the safeRun.sh script (#4935)
* Don't create sessions on some static resources (#4921)
* Add more endpoints that do not need authentication/authorization (#4921)
* Fixed issue with non-opening device keyboard on smartphones (#4929)
* Add version string to iframe_editor.css to prevent stale cache entry (#4964)

Expand Down
36 changes: 25 additions & 11 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -55,24 +55,38 @@ RUN groupadd --system ${EP_GID:+--gid "${EP_GID}" --non-unique} etherpad && \
ARG EP_DIR=/opt/etherpad-lite
RUN mkdir -p "${EP_DIR}" && chown etherpad:etherpad "${EP_DIR}"

# install abiword for DOC/PDF/ODT export
RUN [ -z "${INSTALL_ABIWORD}" ] || (apt update && apt -y install abiword && apt clean && rm -rf /var/lib/apt/lists/*)

# install libreoffice for DOC/PDF/ODT export
# the mkdir is needed for configuration of openjdk-11-jre-headless, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863199
RUN [ -z "${INSTALL_SOFFICE}" ] || (apt update && mkdir -p /usr/share/man/man1 && apt -y install libreoffice && apt clean && rm -rf /var/lib/apt/lists/*)
# the mkdir is needed for configuration of openjdk-11-jre-headless, see
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863199
RUN export DEBIAN_FRONTEND=noninteractive; \
mkdir -p /usr/share/man/man1 && \
apt-get -qq update && \
apt-get -qq --no-install-recommends install \
ca-certificates \
git \
${INSTALL_ABIWORD:+abiword} \
${INSTALL_SOFFICE:+libreoffice} \
&& \
apt-get -qq clean && \
rm -rf /var/lib/apt/lists/*

USER etherpad

WORKDIR "${EP_DIR}"

COPY --chown=etherpad:etherpad ./ ./

# install node dependencies for Etherpad
RUN src/bin/installDeps.sh && \
rm -rf ~/.npm/_cacache

RUN [ -z "${ETHERPAD_PLUGINS}" ] || npm install ${ETHERPAD_PLUGINS}
# Plugins must be installed before installing Etherpad's dependencies, otherwise
# npm will try to hoist common dependencies by removing them from
# src/node_modules and installing them in the top-level node_modules. As of
# v6.14.10, npm's hoist logic appears to be buggy, because it sometimes removes
# dependencies from src/node_modules but fails to add them to the top-level
# node_modules. Even if npm correctly hoists the dependencies, the hoisting
# seems to confuse tools such as `npm outdated`, `npm update`, and some ESLint
# rules.
RUN { [ -z "${ETHERPAD_PLUGINS}" ] || \
npm install --no-save ${ETHERPAD_PLUGINS}; } && \
src/bin/installDeps.sh && \
rm -rf ~/.npm

# Copy the configuration file.
COPY --chown=etherpad:etherpad ./settings.json.docker "${EP_DIR}"/settings.json
Expand Down
5 changes: 3 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ Etherpad is extremely flexible providing you the means to modify it to solve wha
# Installation

## Requirements
- `nodejs` >= **10.17.0**.
- [Node.js](https://nodejs.org/) >= **12.13.0**.

## GNU/Linux and other UNIX-like systems

Expand All @@ -46,7 +46,8 @@ src/bin/run.sh
```

### Manual install
You'll need git and [node.js](https://nodejs.org) installed (minimum required Node version: **10.17.0**).

You'll need Git and [Node.js](https://nodejs.org/) installed.

**As any user (we recommend creating a separate user called etherpad):**

Expand Down
7 changes: 6 additions & 1 deletion doc/api/changeset_library.md
Original file line number Diff line number Diff line change
Expand Up @@ -148,4 +148,9 @@ This is an atext. An atext has two parts: text and attribs. The text is just the

The attribs are again a bunch of operators like .ops in the changeset was. But these operators are only + operators. They describe which part of the text has which attributes

For more information see /doc/easysync/easysync-notes.txt in the source.
## Resources / further reading

Detailed information about the changesets & Easysync protocol:

* Easysync Protocol - [/doc/easysync/easysync-notes.pdf](https://github.com/ether/etherpad-lite/blob/develop/doc/easysync/easysync-notes.pdf)
* Etherpad and EasySync Technical Manual - [/doc/easysync/easysync-full-description.pdf](https://github.com/ether/etherpad-lite/blob/develop/doc/easysync/easysync-full-description.pdf)
5 changes: 5 additions & 0 deletions doc/api/hooks_client-side.md
Original file line number Diff line number Diff line change
Expand Up @@ -294,6 +294,11 @@ Things in context:

This hook is called on the client side whenever a chat message is received from
the server. It can be used to create different notifications for chat messages.
Hoook functions can modify the `author`, `authorName`, `duration`, `sticky`,
`text`, and `timeStr` context properties to change how the message is processed.
The `text` and `timeStr` properties may contain HTML, but plugins should be
careful to sanitize any added user input to avoid introducing an XSS
vulnerability.

## collectContentPre

Expand Down
24 changes: 12 additions & 12 deletions doc/api/hooks_server-side.md
Original file line number Diff line number Diff line change
Expand Up @@ -156,11 +156,13 @@ Called from: src/node/db/SecurityManager.js

Things in context:

1. padID - the pad the user wants to access
1. padID - the real ID (never the read-only ID) of the pad the user wants to
access
2. token - the token of the author
3. sessionCookie - the session the use has

This hook gets called when the access to the concrete pad is being checked. Return `false` to deny access.
This hook gets called when the access to the concrete pad is being checked.
Return `false` to deny access.

## padCreate
Called from: src/node/db/Pad.js
Expand Down Expand Up @@ -615,14 +617,14 @@ is sent to the client. Plugins can use this hook to manipulate the
configuration. (Example: Add a tracking ID for an external analytics tool that
is used client-side.)

The clientVars function must return a Promise that resolves to an object (or
null/undefined) whose properties will be merged into `context.clientVars`.
Returning `callback(value)` will return a Promise that is resolved to `value`.

You can modify `context.clientVars` to change the values sent to the client, but
beware: async functions from other clientVars plugins might also be reading or
manipulating the same `context.clientVars` object. For this reason it is
recommended you return an object rather than modify `context.clientVars`.
You can manipulate `clientVars` in two different ways:
* Return an object. The object will be merged into `clientVars` via
`Object.assign()`, so any keys that already exist in `clientVars` will be
overwritten by the values in the returned object.
* Modify `context.clientVars`. Beware: Other plugins might also be reading or
manipulating the same `context.clientVars` object. To avoid race conditions,
you are encouraged to return an object rather than modify
`context.clientVars`.

If needed, you can access the user's account information (if authenticated) via
`context.socket.client.request.session.user`.
Expand All @@ -643,8 +645,6 @@ exports.clientVars = (hookName, context, callback) => {
};
```

This can be accessed on the client-side using `clientVars.currentYear`.

## getLineHTMLForExport
Called from: src/node/utils/ExportHtml.js

Expand Down
27 changes: 21 additions & 6 deletions doc/assets/style.css
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
body{
body {
border-top: solid #44b492 5pt;
line-height:150%;
font-family: 'Quicksand',sans-serif;
Expand All @@ -8,28 +8,43 @@ body{
padding: 20px;
}

a{
a {
color: #555;
}

h1{
h1 {
color: #44b492;
line-height:100%;
}

a:hover{
a:hover {
color: #44b492;
}

pre{
pre {
background-color: #e0e0e0;
padding:20px;
}

code{
code {
background-color: #e0e0e0;
}

img {
max-width: 100%;
}

table, th, td {
text-align: left;
border: 1px solid gray;
border-collapse: collapse;
}

th {
padding: 0.5em;
background: #EEE;
}

td {
padding: 0.5em;
}
2 changes: 1 addition & 1 deletion doc/docker.md
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ The `settings.json.docker` available by default allows to control almost every s
| `DB_USER` | a database user with sufficient permissions to create tables | |
| `DB_PASS` | the password for the database username | |
| `DB_CHARSET` | the character set for the tables (only required for MySQL) | |
| `DB_FILENAME` | in case `DB_TYPE` is `DirtyDB`, the database filename. | `var/dirty.db` |
| `DB_FILENAME` | in case `DB_TYPE` is `DirtyDB` or `sqlite`, the database file. | `var/dirty.db`, `var/etherpad.sq3` |

If your database needs additional settings, you will have to use a personalized `settings.json.docker` and rebuild the container (or otherwise put the updated `settings.json` inside your image).

Expand Down
2 changes: 1 addition & 1 deletion doc/plugins.md
Original file line number Diff line number Diff line change
Expand Up @@ -225,7 +225,7 @@ publish your plugin.
"author": "USERNAME (REAL NAME) <[email protected]>",
"contributors": [],
"dependencies": {"MODULE": "0.3.20"},
"engines": { "node": "^10.17.0 || >=11.14.0"}
"engines": {"node": ">=12.13.0"}
}
```

Expand Down
Loading

0 comments on commit 571b37b

Please sign in to comment.