Skip to content

1.8.16
Compare
Choose a tag to compare
@rhansen rhansen released this 29 Nov 05:01
· 1371 commits to develop since this release
1.8.16
This tag was signed with the committer’s verified signature. The key has expired.
rhansen Richard Hansen
GPG key ID: D06BEB45AD57E214
Expired
Learn about vigilant mode.
142a47c

Security fixes

This release includes fixes for GHSA-w3g3-qf3g-2mqc (CVE-2021-43802).

If you cannot upgrade to v1.8.16 for some reason, you are encouraged to try cherry-picking the fixes to the version you are running:

git cherry-pick b7065eb9a0ec..77bcb507b30e
  • Maliciously crafted .etherpad files can no longer overwrite arbitrary non-pad database records when imported.
  • Imported .etherpad files are now subject to numerous consistency checks before any records are written to the database. This should help avoid denial-of-service attacks via imports of malformed .etherpad files.

Notable enhancements and fixes

  • Fixed several .etherpad import bugs.
  • Improved support for large .etherpad imports.
Assets 3
Loading