Thank you for downloading HedgeDoc 1.9.0

Back to the release list

Details

Released on 2021-09-13
This is NOT the latest release! Please take a look at the release list
This is a stable release
View on GitHub

Release notes

Security Fixes
- CVE-2021-39175: XSS vector in slide mode speaker-view
- This release removes Google Analytics and Disqus domains from our default Content Security Policy, because they were repeatedly used to exploit security vulnerabilities.
  If you want to continue using Google Analytics or Disqus, you can re-enable them in the config. See the docs for details
Features
- HedgeDoc now automatically retries connecting to the database up to 30 times on startup
- This release introduces the csp.allowFraming config option, which controls whether embedding a HedgeDoc instance in other webpages is allowed. We strongly recommend disabling this option to reduce the risk of XSS attacks
- This release introduces the csp.allowPDFEmbed config option, which controls whether embedding PDFs inside HedgeDoc notes is allowed. We recommend disabling this option if you don’t use the feature, to reduce the attack surface of XSS attacks
- Add additional environment variables to configure the database. This allows easier configuration in containerized environments, such as Kubernetes
Enhancements
- Further improvements to the frontend build process, reducing the initial bundle size by 60%
- Improve the error handling of the filesystem upload method
- Improve the error message of failing migrations
Bugfixes
- Fix crash when trying to read the current Git commit on startup
- Fix endless loop on shutdown when HedgeDoc can’t connect to the database
- Ensure that all cookies are set with the secure flag, if HedgeDoc is loaded via HTTPS
- Fix session cookies being created on calls to /metrics and /status
- Fix incorrect creation of S3 endpoint domain (thanks to @matejc)
- Remove CDN support, fixing inconsistencies in library versions delivered to the client
- Fix font display issues when having some variants of fonts used by HedgeDoc installed locally
- Fix links between slides not working
- Fix Vimeo integration using a deprecated API
Miscellaneous
- Removed MSSQL support, as migrations from 2018 are broken with SQL Server and nobody seems to use it
Contributors
- Bogdan Cuza (translator)
- Heimen Stoffels (translator)
- igg17 (translator)
- Klorophatu (translator)
- Martin (translator)
- Matija (translator)
- Matthieu Devillers (translator)
- Mindaugas (translator)
- Quentin Pagès (translator)

Documentation

Do you need help with installation or upgrade? Read our docs!

Download

Bundled and ready to use
hedgedoc-1.9.0.tar.gz
Just the source code
Source code
Docker
Our docker images are located on quay.io at hedgedoc/hedgedoc.
Debian-based image
You can pull our docker image directly with the command below. It is based on Debian Linux.
```
docker pull quay.io/hedgedoc/hedgedoc:1.9.0
```
Alpine-based image
The alpine-based image is much smaller than the debian-based image, but does not contain glibc resulting in some debugging software not working properly in the container.
```
docker pull quay.io/hedgedoc/hedgedoc:1.9.0-alpine
```