csp.allowFraming
config option, which controls whether embedding a HedgeDoc instance in other webpages is allowed.
We strongly recommend disabling this option to reduce the risk of XSS attackscsp.allowPDFEmbed
config option, which controls whether embedding PDFs inside HedgeDoc notes is allowed. We recommend disabling this option if you don’t use the feature, to reduce the attack surface of XSS attacksfilesystem
upload methodsecure
flag, if HedgeDoc is loaded via HTTPS/metrics
and /status
Do you need help with installation or upgrade? Read our docs!
Our docker images are located on quay.io at hedgedoc/hedgedoc.
You can pull our docker image directly with the command below. It is based on Debian Linux.
docker pull quay.io/hedgedoc/hedgedoc:1.9.0
The alpine-based image is much smaller than the debian-based image, but does not contain glibc resulting in some debugging software not working properly in the container.
docker pull quay.io/hedgedoc/hedgedoc:1.9.0-alpine