Releases: linuxserver/docker-hedgedoc
1.7.2-ls10
LinuxServer Changes:
Initial release
hedgedoc Changes:
This release fixes a security issue. We recommend upgrading as soon as possible.
Security Fixes
- CVE-2021-21259: Stored XSS in slide mode
An attacker can inject arbitrary JavaScript into a HedgeDoc note.
Bugfixes
- Ensure the last line of the markdown editor is not covered by the status bar (thanks to @mhdrone for reporting!)
1.7.2-ls9
LinuxServer Changes:
Initial release
hedgedoc Changes:
This release fixes a security issue. We recommend upgrading as soon as possible.
Security Fixes
- CVE-2021-21259: Stored XSS in slide mode
An attacker can inject arbitrary JavaScript into a HedgeDoc note.
Bugfixes
- Ensure the last line of the markdown editor is not covered by the status bar (thanks to @mhdrone for reporting!)
1.7.2-ls8
LinuxServer Changes:
Initial release
hedgedoc Changes:
This release fixes a security issue. We recommend upgrading as soon as possible.
Security Fixes
- CVE-2021-21259: Stored XSS in slide mode
An attacker can inject arbitrary JavaScript into a HedgeDoc note.
Bugfixes
- Ensure the last line of the markdown editor is not covered by the status bar (thanks to @mhdrone for reporting!)
1.7.2-ls7
LinuxServer Changes:
Initial release
hedgedoc Changes:
This release fixes a security issue. We recommend upgrading as soon as possible.
Security Fixes
- CVE-2021-21259: Stored XSS in slide mode
An attacker can inject arbitrary JavaScript into a HedgeDoc note.
Bugfixes
- Ensure the last line of the markdown editor is not covered by the status bar (thanks to @mhdrone for reporting!)
1.7.2-ls6
LinuxServer Changes:
Initial release
hedgedoc Changes:
This release fixes a security issue. We recommend upgrading as soon as possible.
Security Fixes
- CVE-2021-21259: Stored XSS in slide mode
An attacker can inject arbitrary JavaScript into a HedgeDoc note.
Bugfixes
- Ensure the last line of the markdown editor is not covered by the status bar (thanks to @mhdrone for reporting!)
1.7.2-ls5
LinuxServer Changes:
Initial release
hedgedoc Changes:
This release fixes a security issue. We recommend upgrading as soon as possible.
Security Fixes
- CVE-2021-21259: Stored XSS in slide mode
An attacker can inject arbitrary JavaScript into a HedgeDoc note.
Bugfixes
- Ensure the last line of the markdown editor is not covered by the status bar (thanks to @mhdrone for reporting!)
1.7.2-ls4
LinuxServer Changes:
Initial release
hedgedoc Changes:
This release fixes a security issue. We recommend upgrading as soon as possible.
Security Fixes
- CVE-2021-21259: Stored XSS in slide mode
An attacker can inject arbitrary JavaScript into a HedgeDoc note.
Bugfixes
- Ensure the last line of the markdown editor is not covered by the status bar (thanks to @mhdrone for reporting!)
1.7.2-ls3
LinuxServer Changes:
Initial release
hedgedoc Changes:
This release fixes a security issue. We recommend upgrading as soon as possible.
Security Fixes
- CVE-2021-21259: Stored XSS in slide mode
An attacker can inject arbitrary JavaScript into a HedgeDoc note.
Bugfixes
- Ensure the last line of the markdown editor is not covered by the status bar (thanks to @mhdrone for reporting!)
1.7.1-ls2
LinuxServer Changes:
Initial release
hedgedoc Changes:
This release fixes two security issues. We recommend upgrading as soon as possible.
Security Fixes
- CVE-2020-26286: Arbitrary file upload
An unauthenticated attacker can upload arbitrary files to the upload storage backend. - CVE-2020-26287: Stored XSS in mermaid diagrams
An attacker can inject arbitrary script tags in HedgeDoc notes using mermaid diagrams.
1.7.1-ls1
LinuxServer Changes:
Initial release
hedgedoc Changes:
This release fixes two security issues. We recommend upgrading as soon as possible.
Security Fixes
- CVE-2020-26286: Arbitrary file upload
An unauthenticated attacker can upload arbitrary files to the upload storage backend. - CVE-2020-26287: Stored XSS in mermaid diagrams
An attacker can inject arbitrary script tags in HedgeDoc notes using mermaid diagrams.