Etherpad logo

Etherpad

Etherpad: A modern really-real-time collaborative document editor.

Alternative to: google docs, hackmd, quip


About Versions (79)

1.8.8

2021-02-15

Security patches

  • EJS has been updated to 3.1.6 to mitigate an Arbitrary Code Injection

Compatibility changes

  • Node.js 10.17.0 or newer is now required.

  • The bin/ and tests/ directories were moved under src/. Symlinks were added at the old locations to hopefully avoid breaking user scripts and other tools.

  • Dependencies are now installed with the --no-optional flag to speed installation. Optional dependencies such as sqlite3 must now be manually installed (e.g., (cd src && npm i sqlite3)).

  • Socket.IO messages are now limited to 10K bytes to make denial of service attacks more difficult. This may cause issues when pasting large amounts of text or with plugins that send large messages (e.g., ep_image_upload). You can change the limit via settings.json; see socketIo.maxHttpBufferSize.

  • The top-level package.json file, added in v1.8.7, has been removed due to problematic npm behavior. Whenever you install a plugin you will see the following benign warnings that can be safely ignored:

    npm WARN saveError ENOENT: no such file or directory, open '.../package.json'
    npm WARN enoent ENOENT: no such file or directory, open '.../package.json'
    npm WARN develop No description
    npm WARN develop No repository field.
    npm WARN develop No README data
    npm WARN develop No license field.

Notable enhancements

  • You can now generate a link to a specific line number in a pad. Appending #L10 to a pad URL will cause your browser to scroll down to line 10.
  • Database performance is significantly improved.
  • Admin UI now has test coverage in CI. (The tests are not enabled by default; see settings.json.)
  • New stats/metrics: activePads, httpStartTime, lastDisconnected, memoryUsageHeap.
  • Improved import UX.
  • Browser caching improvements.
  • Users can now pick absolute white (#fff) as their color.
  • The settings.json template used for Docker images has new variables for controlling rate limiting.
  • Admin UI now has test coverage in CI. (The tests are not enabled by default because the admin password is required; see settings.json.)
  • For plugin authors:
    • New callAllSerial() function that invokes hook functions like callAll() except it supports asynchronous hook functions.
    • callFirst() and aCallFirst() now support the same wide range of hook function behaviors that callAll(), aCallAll(), and callAllSerial() support. Also, they now warn when a hook function misbehaves.
    • The following server-side hooks now support asynchronous hook functions: expressConfigure, expressCreateServer, padCopy, padRemove
    • Backend tests for plugins can now use the ep_etherpad-lite/tests/backend/common module to start the server and simplify API access.
    • The checkPlugins.js script now automatically adds GitHub CI test coverage badges for backend tests and npm publish.

Notable fixes

  • Enter key now stays in focus when inserted at bottom of viewport.
  • Numbering for ordered list items now properly increments when exported to text.
  • Suppressed benign socket.io connection errors
  • Interface no longer loses color variants on disconnect/reconnect event.
  • General code quality is further significantly improved.
  • Restarting Etherpad via /admin actions is more robust.
  • Improved reliability of server shutdown and restart.
  • No longer error if no buttons are visible.
  • For plugin authors:
    • Fixed collectContentLineText return value handling.