From f27fd84b4c649cd4dfa20d703004d8768cacebc8 Mon Sep 17 00:00:00 2001 From: Machine User Date: Thu, 4 Sep 2025 10:35:05 +0200 Subject: [PATCH 01/58] fix(main): add patch to main.md with tag v281.4.3 --- content/operations/releases/release-2025-11.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-11.md b/content/operations/releases/release-2025-11.md index 9a5aad186..c3368d887 100644 --- a/content/operations/releases/release-2025-11.md +++ b/content/operations/releases/release-2025-11.md @@ -65,6 +65,7 @@ These are the release notes of the upcoming release (pull requests merged to the - :fire: Integration against the upcoming release (currently `master` branch) is at your own risk ## PRs to Categorize +- [Exclude scheduled publication events from revisions list](https://github.com/livingdocsIO/livingdocs-server/pull/8336) - [fix(deps): update dependency pino from 9.9.0 to v9.9.1 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8343) - [Rename 213-* db migrations](https://github.com/livingdocsIO/livingdocs-server/pull/8339) From 4e05469fa0abbe739a5ff89b3e95c4fdc7bde600 Mon Sep 17 00:00:00 2001 From: Machine User Date: Thu, 4 Sep 2025 10:35:05 +0200 Subject: [PATCH 02/58] fix(main): update release notes overview for main for livingdocs-server with tag v281.4.3 --- data/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/releases.json b/data/releases.json index e32cb3b3e..b16d35353 100644 --- a/data/releases.json +++ b/data/releases.json @@ -9,7 +9,7 @@ "legacy": false, "sortId": 52, "editorVersion": "v119.15.0", - "serverVersion": "v281.4.2" + "serverVersion": "v281.4.3" }, "release-2025-09": { "key": "release-2025-09", From b821c2654c38bf7e4ed4b295fa6ab12b7448fd50 Mon Sep 17 00:00:00 2001 From: Machine User Date: Thu, 4 Sep 2025 13:00:29 +0200 Subject: [PATCH 03/58] fix(release-2025-09): add patch to release-2025-09.md with tag v281.3.4 --- content/operations/releases/release-2025-09.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-09.md b/content/operations/releases/release-2025-09.md index 8d2322775..b0ba62995 100644 --- a/content/operations/releases/release-2025-09.md +++ b/content/operations/releases/release-2025-09.md @@ -355,6 +355,7 @@ We are aware of the following vulnerabilities in the Livingdocs Editor: Here is a list of all patches after the release has been announced. ### Livingdocs Server Patches +- [v281.3.4](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v281.3.4): fix(revisions): Exclude scheduled publication events - [v281.3.3](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v281.3.3): fix(db): Rename 213 migrations - [v281.3.2](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v281.3.2): fix(release-2025-09): Update framework to v32.9.4 (release-2025-09 tag) From 85adbefdaf86bde3dd874d451c18c0a3492fedac Mon Sep 17 00:00:00 2001 From: Machine User Date: Thu, 4 Sep 2025 13:00:29 +0200 Subject: [PATCH 04/58] fix(release-2025-09): update release notes overview for release-2025-09 for livingdocs-server with tag v281.3.4 --- data/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/releases.json b/data/releases.json index b16d35353..89c82c24a 100644 --- a/data/releases.json +++ b/data/releases.json @@ -21,7 +21,7 @@ "legacy": false, "sortId": 51, "editorVersion": "v119.14.3", - "serverVersion": "v281.3.3" + "serverVersion": "v281.3.4" }, "release-2025-07": { "key": "release-2025-07", From 19147b45256ca0f897ec8d8337f259d294ae0ef2 Mon Sep 17 00:00:00 2001 From: Machine User Date: Thu, 4 Sep 2025 13:12:06 +0200 Subject: [PATCH 05/58] fix(main): add patch to main.md with tag v281.4.4 --- content/operations/releases/release-2025-11.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-11.md b/content/operations/releases/release-2025-11.md index c3368d887..5fddc9411 100644 --- a/content/operations/releases/release-2025-11.md +++ b/content/operations/releases/release-2025-11.md @@ -65,6 +65,7 @@ These are the release notes of the upcoming release (pull requests merged to the - :fire: Integration against the upcoming release (currently `master` branch) is at your own risk ## PRs to Categorize +- [Allow `li-rubric-assignment` in creation flows](https://github.com/livingdocsIO/livingdocs-server/pull/8348) - [Exclude scheduled publication events from revisions list](https://github.com/livingdocsIO/livingdocs-server/pull/8336) - [fix(deps): update dependency pino from 9.9.0 to v9.9.1 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8343) - [Rename 213-* db migrations](https://github.com/livingdocsIO/livingdocs-server/pull/8339) From b929dae8b76ba6d35a716805e5adc991bff2eff9 Mon Sep 17 00:00:00 2001 From: Machine User Date: Thu, 4 Sep 2025 13:12:07 +0200 Subject: [PATCH 06/58] fix(main): update release notes overview for main for livingdocs-server with tag v281.4.4 --- data/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/releases.json b/data/releases.json index 89c82c24a..d3b65314a 100644 --- a/data/releases.json +++ b/data/releases.json @@ -9,7 +9,7 @@ "legacy": false, "sortId": 52, "editorVersion": "v119.15.0", - "serverVersion": "v281.4.3" + "serverVersion": "v281.4.4" }, "release-2025-09": { "key": "release-2025-09", From ba04cf9630582f8a185ba02d02abaa5526aa6679 Mon Sep 17 00:00:00 2001 From: Machine User Date: Thu, 4 Sep 2025 13:17:22 +0200 Subject: [PATCH 07/58] fix(release-2025-09): add patch to release-2025-09.md with tag v281.3.5 --- content/operations/releases/release-2025-09.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-09.md b/content/operations/releases/release-2025-09.md index b0ba62995..a29f4fa60 100644 --- a/content/operations/releases/release-2025-09.md +++ b/content/operations/releases/release-2025-09.md @@ -355,6 +355,7 @@ We are aware of the following vulnerabilities in the Livingdocs Editor: Here is a list of all patches after the release has been announced. ### Livingdocs Server Patches +- [v281.3.5](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v281.3.5): fix(rubrics): allow `li-rubric-assignment` in creation flows - [v281.3.4](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v281.3.4): fix(revisions): Exclude scheduled publication events - [v281.3.3](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v281.3.3): fix(db): Rename 213 migrations - [v281.3.2](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v281.3.2): fix(release-2025-09): Update framework to v32.9.4 (release-2025-09 tag) From f99a52296ac6ef3808158057ea153415997a1c23 Mon Sep 17 00:00:00 2001 From: Machine User Date: Thu, 4 Sep 2025 13:17:23 +0200 Subject: [PATCH 08/58] fix(release-2025-09): update release notes overview for release-2025-09 for livingdocs-server with tag v281.3.5 --- data/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/releases.json b/data/releases.json index d3b65314a..52f3eb9e4 100644 --- a/data/releases.json +++ b/data/releases.json @@ -21,7 +21,7 @@ "legacy": false, "sortId": 51, "editorVersion": "v119.14.3", - "serverVersion": "v281.3.4" + "serverVersion": "v281.3.5" }, "release-2025-07": { "key": "release-2025-07", From c09fde7838f992520dc889d457f899f116e92b70 Mon Sep 17 00:00:00 2001 From: Machine User Date: Thu, 4 Sep 2025 13:27:05 +0200 Subject: [PATCH 09/58] fix(main): add patch to main.md with tag v119.15.1 --- content/operations/releases/release-2025-11.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-11.md b/content/operations/releases/release-2025-11.md index 5fddc9411..e25b6b6e8 100644 --- a/content/operations/releases/release-2025-11.md +++ b/content/operations/releases/release-2025-11.md @@ -65,6 +65,7 @@ These are the release notes of the upcoming release (pull requests merged to the - :fire: Integration against the upcoming release (currently `master` branch) is at your own risk ## PRs to Categorize +- [Improve comment to component alignment on load](https://github.com/livingdocsIO/livingdocs-editor/pull/10056) - [Allow `li-rubric-assignment` in creation flows](https://github.com/livingdocsIO/livingdocs-server/pull/8348) - [Exclude scheduled publication events from revisions list](https://github.com/livingdocsIO/livingdocs-server/pull/8336) - [fix(deps): update dependency pino from 9.9.0 to v9.9.1 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8343) From f7867f79bce1b703724c6b59b78c1e35e3228291 Mon Sep 17 00:00:00 2001 From: Machine User Date: Thu, 4 Sep 2025 13:27:05 +0200 Subject: [PATCH 10/58] fix(main): update release notes overview for main for livingdocs-editor with tag v119.15.1 --- data/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/releases.json b/data/releases.json index 52f3eb9e4..46cf0b6f1 100644 --- a/data/releases.json +++ b/data/releases.json @@ -8,7 +8,7 @@ "maintained": false, "legacy": false, "sortId": 52, - "editorVersion": "v119.15.0", + "editorVersion": "v119.15.1", "serverVersion": "v281.4.4" }, "release-2025-09": { From b71cd15bed0aa141888ae04f0e2954251f32d004 Mon Sep 17 00:00:00 2001 From: Machine User Date: Thu, 4 Sep 2025 17:02:08 +0200 Subject: [PATCH 11/58] fix(release-2025-09): add patch to release-2025-09.md with tag v119.14.4 --- content/operations/releases/release-2025-09.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-09.md b/content/operations/releases/release-2025-09.md index a29f4fa60..ac7092994 100644 --- a/content/operations/releases/release-2025-09.md +++ b/content/operations/releases/release-2025-09.md @@ -361,6 +361,7 @@ Here is a list of all patches after the release has been announced. - [v281.3.2](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v281.3.2): fix(release-2025-09): Update framework to v32.9.4 (release-2025-09 tag) ### Livingdocs Editor Patches +- [v119.14.4](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v119.14.4): fix(comments): Improve comment to component alignment on load - [v119.14.3](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v119.14.3): fix(release-2025-09): Update framework to v32.9.4 (release-2025-09 tag) --- From 9a5c051f1acf056d5094ab2878e77b5f1204e902 Mon Sep 17 00:00:00 2001 From: Machine User Date: Thu, 4 Sep 2025 17:02:09 +0200 Subject: [PATCH 12/58] fix(release-2025-09): update release notes overview for release-2025-09 for livingdocs-editor with tag v119.14.4 --- data/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/releases.json b/data/releases.json index 46cf0b6f1..4d59822ac 100644 --- a/data/releases.json +++ b/data/releases.json @@ -20,7 +20,7 @@ "maintained": false, "legacy": false, "sortId": 51, - "editorVersion": "v119.14.3", + "editorVersion": "v119.14.4", "serverVersion": "v281.3.5" }, "release-2025-07": { From 3b811125e875c33b1cd551e61ce8d7c956fa16c2 Mon Sep 17 00:00:00 2001 From: Machine User Date: Thu, 4 Sep 2025 17:14:54 +0200 Subject: [PATCH 13/58] fix(main): add patch to main.md with tag v281.4.5 --- content/operations/releases/release-2025-11.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-11.md b/content/operations/releases/release-2025-11.md index e25b6b6e8..e1e717a4d 100644 --- a/content/operations/releases/release-2025-11.md +++ b/content/operations/releases/release-2025-11.md @@ -65,6 +65,7 @@ These are the release notes of the upcoming release (pull requests merged to the - :fire: Integration against the upcoming release (currently `master` branch) is at your own risk ## PRs to Categorize +- [Trigger Google Vision enrichment on image upload](https://github.com/livingdocsIO/livingdocs-server/pull/8341) - [Improve comment to component alignment on load](https://github.com/livingdocsIO/livingdocs-editor/pull/10056) - [Allow `li-rubric-assignment` in creation flows](https://github.com/livingdocsIO/livingdocs-server/pull/8348) - [Exclude scheduled publication events from revisions list](https://github.com/livingdocsIO/livingdocs-server/pull/8336) From 1331b80c2c701e2a4d085a10e270cc7f799e74cf Mon Sep 17 00:00:00 2001 From: Machine User Date: Thu, 4 Sep 2025 17:14:54 +0200 Subject: [PATCH 14/58] fix(main): update release notes overview for main for livingdocs-server with tag v281.4.5 --- data/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/releases.json b/data/releases.json index 4d59822ac..72a7e8469 100644 --- a/data/releases.json +++ b/data/releases.json @@ -9,7 +9,7 @@ "legacy": false, "sortId": 52, "editorVersion": "v119.15.1", - "serverVersion": "v281.4.4" + "serverVersion": "v281.4.5" }, "release-2025-09": { "key": "release-2025-09", From 00a4c9192b8f0c44bb44b70cff8d7e4e7512a4b8 Mon Sep 17 00:00:00 2001 From: Machine User Date: Thu, 4 Sep 2025 17:16:07 +0200 Subject: [PATCH 15/58] fix(release-2025-07): add patch to release-2025-07.md with tag v119.3.22 --- content/operations/releases/release-2025-07.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-07.md b/content/operations/releases/release-2025-07.md index 4bc4a430c..e04d6c522 100644 --- a/content/operations/releases/release-2025-07.md +++ b/content/operations/releases/release-2025-07.md @@ -641,6 +641,7 @@ Here is a list of all patches after the release has been announced. - [v280.1.1](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v280.1.1): fix(news-agency): Prevent registering news agency report content type multiple times ### Livingdocs Editor Patches +- [v119.3.22](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v119.3.22): fix(comments): Improve comment to component alignment on load - [v119.3.21](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v119.3.21): fix: Patch vulnerable dependencies - [v119.3.20](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v119.3.20): fix(drone): Prepend strip_prefix with '/' - [v119.3.19](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v119.3.19): chore: Make pdf responsive by omitting width and height style attributes From 23842cbe83b84d79cfd60340cf0995bb62dda324 Mon Sep 17 00:00:00 2001 From: Machine User Date: Thu, 4 Sep 2025 17:16:08 +0200 Subject: [PATCH 16/58] fix(release-2025-07): update release notes overview for release-2025-07 for livingdocs-editor with tag v119.3.22 --- data/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/releases.json b/data/releases.json index 72a7e8469..249970a77 100644 --- a/data/releases.json +++ b/data/releases.json @@ -32,7 +32,7 @@ "maintained": true, "legacy": false, "sortId": 50, - "editorVersion": "v119.3.21", + "editorVersion": "v119.3.22", "serverVersion": "v280.1.20" }, "release-2025-05": { From 98f9718c92e134e3520d54172e0b7dbab780113d Mon Sep 17 00:00:00 2001 From: Machine User Date: Thu, 4 Sep 2025 17:25:17 +0200 Subject: [PATCH 17/58] fix(release-2025-09): add patch to release-2025-09.md with tag v281.3.6 --- content/operations/releases/release-2025-09.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-09.md b/content/operations/releases/release-2025-09.md index ac7092994..617e65196 100644 --- a/content/operations/releases/release-2025-09.md +++ b/content/operations/releases/release-2025-09.md @@ -355,6 +355,7 @@ We are aware of the following vulnerabilities in the Livingdocs Editor: Here is a list of all patches after the release has been announced. ### Livingdocs Server Patches +- [v281.3.6](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v281.3.6): fix(google-vision): Enrich images on upload - [v281.3.5](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v281.3.5): fix(rubrics): allow `li-rubric-assignment` in creation flows - [v281.3.4](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v281.3.4): fix(revisions): Exclude scheduled publication events - [v281.3.3](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v281.3.3): fix(db): Rename 213 migrations From 7f39eb6caf372ae36d45909f0c69fe1c68426edc Mon Sep 17 00:00:00 2001 From: Machine User Date: Thu, 4 Sep 2025 17:25:18 +0200 Subject: [PATCH 18/58] fix(release-2025-09): update release notes overview for release-2025-09 for livingdocs-server with tag v281.3.6 --- data/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/releases.json b/data/releases.json index 249970a77..59f4eb100 100644 --- a/data/releases.json +++ b/data/releases.json @@ -21,7 +21,7 @@ "legacy": false, "sortId": 51, "editorVersion": "v119.14.4", - "serverVersion": "v281.3.5" + "serverVersion": "v281.3.6" }, "release-2025-07": { "key": "release-2025-07", From 763f66255a674f4a920b1e425979cdb94ddca8ce Mon Sep 17 00:00:00 2001 From: Machine User Date: Thu, 4 Sep 2025 17:32:33 +0200 Subject: [PATCH 19/58] fix(release-2025-05): add patch to release-2025-05.md with tag v117.6.43 --- content/operations/releases/release-2025-05.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-05.md b/content/operations/releases/release-2025-05.md index 4e36d2c1c..362b63316 100644 --- a/content/operations/releases/release-2025-05.md +++ b/content/operations/releases/release-2025-05.md @@ -470,6 +470,7 @@ Here is a list of all patches after the release has been announced. - [v276.3.1](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v276.3.1): fix(peiq-agency): Improve handling of empty property image_ids ### Livingdocs Editor Patches +- [v117.6.43](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v117.6.43): fix(comments): Improve comment to component alignment on load - [v117.6.42](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v117.6.42): fix: Patch vulnerable dependencies - [v117.6.41](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v117.6.41): fix(drone): Prepend strip_prefix with '/' - [v117.6.40](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v117.6.40): fix(v-tooltip): Render strings of v-tooltip as text, not html From afe3c627756eeb9f659356228621fd500d5c605d Mon Sep 17 00:00:00 2001 From: Machine User Date: Thu, 4 Sep 2025 17:32:34 +0200 Subject: [PATCH 20/58] fix(release-2025-05): update release notes overview for release-2025-05 for livingdocs-editor with tag v117.6.43 --- data/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/releases.json b/data/releases.json index 59f4eb100..22971a63f 100644 --- a/data/releases.json +++ b/data/releases.json @@ -44,7 +44,7 @@ "maintained": true, "legacy": false, "sortId": 49, - "editorVersion": "v117.6.42", + "editorVersion": "v117.6.43", "serverVersion": "v276.3.26" }, "release-2025-03": { From f3c30ac471e0c36697c2e652f0b531af49ebb9f8 Mon Sep 17 00:00:00 2001 From: Machine User Date: Thu, 4 Sep 2025 17:37:23 +0200 Subject: [PATCH 21/58] fix(release-2025-07): add patch to release-2025-07.md with tag v280.1.21 --- content/operations/releases/release-2025-07.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-07.md b/content/operations/releases/release-2025-07.md index e04d6c522..842514706 100644 --- a/content/operations/releases/release-2025-07.md +++ b/content/operations/releases/release-2025-07.md @@ -617,6 +617,7 @@ We are aware of the following vulnerabilities in the Livingdocs Editor: Here is a list of all patches after the release has been announced. ### Livingdocs Server Patches +- [v280.1.21](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v280.1.21): fix(google-vision): Enrich images on upload - [v280.1.20](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v280.1.20): fix: Patch vulnerable dependencies - [v280.1.19](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v280.1.19): fix(retresco): Request more rows on entities endpoint - [v280.1.18](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v280.1.18): fix(peiq): Replace '' with '\n' instead of ' ' if newlines are enabled on metadata property From d3e763d27e5ebd9449c84747ad1ffcb32327d692 Mon Sep 17 00:00:00 2001 From: Machine User Date: Thu, 4 Sep 2025 17:37:24 +0200 Subject: [PATCH 22/58] fix(release-2025-07): update release notes overview for release-2025-07 for livingdocs-server with tag v280.1.21 --- data/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/releases.json b/data/releases.json index 22971a63f..59725f273 100644 --- a/data/releases.json +++ b/data/releases.json @@ -33,7 +33,7 @@ "legacy": false, "sortId": 50, "editorVersion": "v119.3.22", - "serverVersion": "v280.1.20" + "serverVersion": "v280.1.21" }, "release-2025-05": { "key": "release-2025-05", From 59f2096ed00294658acf6880f6087e974f1f81ec Mon Sep 17 00:00:00 2001 From: Robin Bisping Date: Tue, 2 Sep 2025 14:25:48 +0200 Subject: [PATCH 23/58] fix: Update patched vulnerabilities --- .../operations/releases/release-2025-03.md | 13 ++++++++--- .../operations/releases/release-2025-05.md | 13 +++++++++-- .../operations/releases/release-2025-07.md | 23 ++++++++++++------- .../operations/releases/release-2025-09.md | 13 ++++++++--- .../operations/releases/release-2025-11.md | 4 +++- 5 files changed, 49 insertions(+), 17 deletions(-) diff --git a/content/operations/releases/release-2025-03.md b/content/operations/releases/release-2025-03.md index f0378ff97..c530d9f7d 100644 --- a/content/operations/releases/release-2025-03.md +++ b/content/operations/releases/release-2025-03.md @@ -489,7 +489,11 @@ This release we have patched the following vulnerabilities in the Livingdocs Ser - [CVE-2025-22150](https://github.com/advisories/GHSA-c76h-2ccp-4975) patched in `undici` v6.21.1 - [CVE-2025-27152](https://github.com/advisories/GHSA-jr5f-v2jv-69x6) patched in `axios` v1.8.2 -- [CVE-2025-27789] https://github.com/advisories/GHSA-968p-4wvh-cqc8 patched `@babel/runtime` & `@babel/helpers` v7.26.10 +- [CVE-2025-27789](https://github.com/advisories/GHSA-968p-4wvh-cqc8) patched `@babel/runtime` & `@babel/helpers` v7.26.10 +- [GHSA-xffm-g5w8-qvg7](https://github.com/advisories/GHSA-xffm-g5w8-qvg7) patched in `@eslint/plugin-kit` v0.3.5 +- [CVE-2025-7783](https://github.com/advisories/GHSA-fjxv-7rqg-78g4) patched in `form-data` v2.5.5 +- [CVE-2025-7339](https://github.com/advisories/GHSA-76c9-3jph-rj3q) patched in `on-headers` v1.1.0 +- [CVE-2025-54798](https://github.com/advisories/GHSA-52f5-9888-hmc6) patched by no longer depending on `tmp` No known vulnerabilities. :tada: @@ -499,12 +503,15 @@ This release we have patched the following vulnerabilities in the Livingdocs Edi - [CVE-2025-22150](https://github.com/advisories/GHSA-c76h-2ccp-4975) patched in `undici` v6.21.1 - [CVE-2025-27152](https://github.com/advisories/GHSA-jr5f-v2jv-69x6) patched in `axios` v1.8.2 -- [CVE-2025-27789] https://github.com/advisories/GHSA-968p-4wvh-cqc8 patched `@babel/runtime` & `@babel/helpers` v7.26.10 +- [CVE-2025-27789](https://github.com/advisories/GHSA-968p-4wvh-cqc8) patched `@babel/runtime` & `@babel/helpers` v7.26.10 +- [GHSA-xffm-g5w8-qvg7](https://github.com/advisories/GHSA-xffm-g5w8-qvg7) patched in `@eslint/plugin-kit` v2.5.5 +- [CVE-2025-7783](https://github.com/advisories/GHSA-fjxv-7rqg-78g4) patched in `form-data` v2.5.5 +- [CVE-2025-9288](https://github.com/advisories/GHSA-95m3-7q98-8xr5) patched in `sha.js` v2.4.12 We are aware of the following vulnerabilities in the Livingdocs Editor: - [CVE-2023-44270](https://github.com/advisories/GHSA-7fh5-64p2-3v2j) vulnerability in `postcss`, it affects linters using PostCSS to parse external Cascading Style Sheets (CSS). It is not exploitable in the editor as we don't load untrusted external CSS at build time. -- [CVE-2023-26116](https://cwe.mitre.org/data/definitions/1333.html), [CVE-2023-26118](https://cwe.mitre.org/data/definitions/1333.html), [CVE-2023-26117](https://cwe.mitre.org/data/definitions/1333.html), [CVE-2022-25869](https://cwe.mitre.org/data/definitions/79.html), [CVE-2022-25844](https://cwe.mitre.org/data/definitions/770.html) are all AngularJS vulnerabilities that don't have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js. +- [CVE-2022-25844](https://github.com/advisories/GHSA-m2h2-264f-f486), [CVE-2022-25869](https://github.com/advisories/GHSA-prc3-vjfx-vhm9), [CVE-2023-26116](https://github.com/advisories/GHSA-2vrf-hf26-jrp5), [CVE-2023-26117](https://github.com/advisories/GHSA-2qqx-w9hr-q5gx), [CVE-2023-26118](https://github.com/advisories/GHSA-qwqh-hm9m-p5hr), [CVE-2024-8372](https://github.com/advisories/GHSA-m9gf-397r-hwpg), [CVE-2024-8373](https://github.com/advisories/GHSA-mqm9-c95h-x2p6), [CVE-2024-21490](https://github.com/advisories/GHSA-4w4v-5hc9-xrr2), [CVE-2025-0716](https://github.com/advisories/GHSA-j58c-ww9w-pwp5), [CVE-2025-2336](https://github.com/advisories/GHSA-4p4w-6hg8-63wx) are all AngularJS vulnerabilities that don't have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js. - [CVE-2024-6783](https://github.com/advisories/GHSA-g3ch-rx76-35fx) vulnerability in `vue-template-compiler` it allows malicious users to perform XSS via prototype pollution. Editor build is always done in a trusted environment and the vulnerability is not exploitable. - [CVE-2024-9506](https://github.com/advisories/GHSA-5j4c-8p2g-v4jx) vulnerability in `vue`, an ReDoS vulnerability exploitable through inefficient regex evaluation in parseHTML function. The issue can cause excessive CPU usage but is not exploitable in the editor as we don't load untrusted HTML at runtime. diff --git a/content/operations/releases/release-2025-05.md b/content/operations/releases/release-2025-05.md index 362b63316..20a2bc7cb 100644 --- a/content/operations/releases/release-2025-05.md +++ b/content/operations/releases/release-2025-05.md @@ -419,7 +419,11 @@ We are constantly patching module vulnerabilities for the Livingdocs Server and This release we have patched the following vulnerabilities in the Livingdocs Server: - [CVE-2025-32442](https://github.com/fastify/fastify/security/advisories/GHSA-mg2h-6x62-wpwc) patched in `fastify` v5.3.2 -- [CVE-2025-27789] https://github.com/advisories/GHSA-968p-4wvh-cqc8 patched `@babel/runtime` & `@babel/helpers` v7.26.10 +- [CVE-2025-27789](https://github.com/advisories/GHSA-968p-4wvh-cqc8) patched `@babel/runtime` & `@babel/helpers` v7.26.10 +- [GHSA-xffm-g5w8-qvg7](https://github.com/advisories/GHSA-xffm-g5w8-qvg7) patched in `@eslint/plugin-kit` v0.3.5 +- [CVE-2025-7783](https://github.com/advisories/GHSA-fjxv-7rqg-78g4) patched in `form-data` v2.5.5 +- [CVE-2025-7339](https://github.com/advisories/GHSA-76c9-3jph-rj3q) patched in `on-headers` v1.1.0 +- [CVE-2025-54798](https://github.com/advisories/GHSA-52f5-9888-hmc6) patched by no longer depending on `tmp` No known vulnerabilities. :tada: @@ -429,11 +433,16 @@ This release we have patched the following vulnerabilities in the Livingdocs Edi - [CVE-2025-32442](https://github.com/fastify/fastify/security/advisories/GHSA-mg2h-6x62-wpwc) patched in `fastify` v5.3.2 - [CVE-2025-27789](https://github.com/advisories/GHSA-968p-4wvh-cqc8) patched `@babel/runtime` & `@babel/helpers` v7.26.10 +- [GHSA-xffm-g5w8-qvg7](https://github.com/advisories/GHSA-xffm-g5w8-qvg7) patched in `@eslint/plugin-kit` v2.5.5 +- [CVE-2025-7783](https://github.com/advisories/GHSA-fjxv-7rqg-78g4) patched in `form-data` v2.5.5 +- [CVE-2025-9288](https://github.com/advisories/GHSA-95m3-7q98-8xr5) patched in `sha.js` v2.4.12 We are aware of the following vulnerabilities in the Livingdocs Editor: - [CVE-2023-44270](https://github.com/advisories/GHSA-7fh5-64p2-3v2j) vulnerability in `postcss`, it affects linters using PostCSS to parse external Cascading Style Sheets (CSS). It is not exploitable in the editor as we don't load untrusted external CSS at build time. -- [CVE-2023-26116](https://cwe.mitre.org/data/definitions/1333.html), [CVE-2023-26118](https://cwe.mitre.org/data/definitions/1333.html), [CVE-2023-26117](https://cwe.mitre.org/data/definitions/1333.html), [CVE-2022-25869](https://cwe.mitre.org/data/definitions/79.html), [CVE-2022-25844](https://cwe.mitre.org/data/definitions/770.html) are all AngularJS vulnerabilities that don't have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js. +- [CVE-2022-25844](https://github.com/advisories/GHSA-m2h2-264f-f486), [CVE-2022-25869](https://github.com/advisories/GHSA-prc3-vjfx-vhm9), [CVE-2023-26116](https://github.com/advisories/GHSA-2vrf-hf26-jrp5), [CVE-2023-26117](https://github.com/advisories/GHSA-2qqx-w9hr-q5gx), [CVE-2023-26118](https://github.com/advisories/GHSA-qwqh-hm9m-p5hr), [CVE-2024-8372](https://github.com/advisories/GHSA-m9gf-397r-hwpg), [CVE-2024-8373](https://github.com/advisories/GHSA-mqm9-c95h-x2p6), [CVE-2024-21490](https://github.com/advisories/GHSA-4w4v-5hc9-xrr2), [CVE-2025-0716](https://github.com/advisories/GHSA-j58c-ww9w-pwp5), [CVE-2025-2336](https://github.com/advisories/GHSA-4p4w-6hg8-63wx) are all AngularJS vulnerabilities that don't have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js. +- [CVE-2024-6783](https://github.com/advisories/GHSA-g3ch-rx76-35fx) vulnerability in `vue-template-compiler` it allows malicious users to perform XSS via prototype pollution. Editor build is always done in a trusted environment and the vulnerability is not exploitable. +- [CVE-2024-9506](https://github.com/advisories/GHSA-5j4c-8p2g-v4jx) vulnerability in `vue`, an ReDoS vulnerability exploitable through inefficient regex evaluation in parseHTML function. The issue can cause excessive CPU usage but is not exploitable in the editor as we don't load untrusted HTML at runtime. ## Patches diff --git a/content/operations/releases/release-2025-07.md b/content/operations/releases/release-2025-07.md index 842514706..c51065096 100644 --- a/content/operations/releases/release-2025-07.md +++ b/content/operations/releases/release-2025-07.md @@ -590,8 +590,12 @@ We are constantly patching module vulnerabilities for the Livingdocs Server and This release we have patched the following vulnerabilities in the Livingdocs Server: -- [CVE-2025-47279](https://github.com/advisories/GHSA-cxrh-j4jr-qwg3) Patch vulnerability `undici` to v6.21.3 -- [CVE-2025-5889](https://github.com/advisories/GHSA-v6h2-p8h4-qcjw) Patch vulnerability `brace-expansion` to v1.1.12 +- [CVE-2025-47279](https://github.com/advisories/GHSA-cxrh-j4jr-qwg3) patched in `undici` v6.21.3 +- [CVE-2025-5889](https://github.com/advisories/GHSA-v6h2-p8h4-qcjw) patched in `brace-expansion` v1.1.12 +- [GHSA-xffm-g5w8-qvg7](https://github.com/advisories/GHSA-xffm-g5w8-qvg7) patched in `@eslint/plugin-kit` v0.3.5 +- [CVE-2025-7783](https://github.com/advisories/GHSA-fjxv-7rqg-78g4) patched in `form-data` v2.5.5 +- [CVE-2025-7339](https://github.com/advisories/GHSA-76c9-3jph-rj3q) patched in `on-headers` v1.1.0 +- [CVE-2025-54798](https://github.com/advisories/GHSA-52f5-9888-hmc6) patched by no longer depending on `tmp` No known vulnerabilities. :tada: @@ -599,16 +603,19 @@ No known vulnerabilities. :tada: This release we have patched the following vulnerabilities in the Livingdocs Editor: -- [CVE-2025-47279](https://github.com/advisories/GHSA-cxrh-j4jr-qwg3) Patch vulnerability `undici` to v6.21.3 -- [CVE-2025-5889](https://github.com/advisories/GHSA-v6h2-p8h4-qcjw) Patch vulnerability `brace-expansion` to v1.1.12 -- [CVE-2025-6547](https://github.com/advisories/GHSA-v62p-rq8g-8h59) Patch vulnerability `pbkdf2` to v3.1.3 -- [CVE-2025-48387](https://github.com/advisories/GHSA-8cj5-5rvv-wf4v) Patch vulnerability `tar-fs` to v3.1.0 -- [CVE-2025-27789](https://github.com/advisories/GHSA-968p-4wvh-cqc8) Patch vulnerability `@babel/helpers` and `@babel/runtime` to v7.27.6 +- [CVE-2025-47279](https://github.com/advisories/GHSA-cxrh-j4jr-qwg3) patched in `undici` v6.21.3 +- [CVE-2025-5889](https://github.com/advisories/GHSA-v6h2-p8h4-qcjw) patched in `brace-expansion` v1.1.12 +- [CVE-2025-6547](https://github.com/advisories/GHSA-v62p-rq8g-8h59) patched in `pbkdf2` v3.1.3 +- [CVE-2025-48387](https://github.com/advisories/GHSA-8cj5-5rvv-wf4v) patched in `tar-fs` v3.1.0 +- [CVE-2025-27789](https://github.com/advisories/GHSA-968p-4wvh-cqc8) patched in `@babel/helpers` and `@babel/runtime` v7.27.6 +- [GHSA-xffm-g5w8-qvg7](https://github.com/advisories/GHSA-xffm-g5w8-qvg7) patched in `@eslint/plugin-kit` v2.5.5 +- [CVE-2025-7783](https://github.com/advisories/GHSA-fjxv-7rqg-78g4) patched in `form-data` v2.5.5 +- [CVE-2025-9288](https://github.com/advisories/GHSA-95m3-7q98-8xr5) patched in `sha.js` v2.4.12 We are aware of the following vulnerabilities in the Livingdocs Editor: - [CVE-2023-44270](https://github.com/advisories/GHSA-7fh5-64p2-3v2j) vulnerability in `postcss`, it affects linters using PostCSS to parse external Cascading Style Sheets (CSS). It is not exploitable in the editor as we don't load untrusted external CSS at build time. -- [CVE-2023-26116](https://cwe.mitre.org/data/definitions/1333.html), [CVE-2023-26118](https://cwe.mitre.org/data/definitions/1333.html), [CVE-2023-26117](https://cwe.mitre.org/data/definitions/1333.html), [CVE-2022-25869](https://cwe.mitre.org/data/definitions/79.html), [CVE-2022-25844](https://cwe.mitre.org/data/definitions/770.html) are all AngularJS vulnerabilities that don't have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js. +- [CVE-2022-25844](https://github.com/advisories/GHSA-m2h2-264f-f486), [CVE-2022-25869](https://github.com/advisories/GHSA-prc3-vjfx-vhm9), [CVE-2023-26116](https://github.com/advisories/GHSA-2vrf-hf26-jrp5), [CVE-2023-26117](https://github.com/advisories/GHSA-2qqx-w9hr-q5gx), [CVE-2023-26118](https://github.com/advisories/GHSA-qwqh-hm9m-p5hr), [CVE-2024-8372](https://github.com/advisories/GHSA-m9gf-397r-hwpg), [CVE-2024-8373](https://github.com/advisories/GHSA-mqm9-c95h-x2p6), [CVE-2024-21490](https://github.com/advisories/GHSA-4w4v-5hc9-xrr2), [CVE-2025-0716](https://github.com/advisories/GHSA-j58c-ww9w-pwp5), [CVE-2025-2336](https://github.com/advisories/GHSA-4p4w-6hg8-63wx) are all AngularJS vulnerabilities that don't have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js. - [CVE-2024-6783](https://github.com/advisories/GHSA-g3ch-rx76-35fx) vulnerability in `vue-template-compiler` it allows malicious users to perform XSS via prototype pollution. Editor build is always done in a trusted environment and the vulnerability is not exploitable. - [CVE-2024-9506](https://github.com/advisories/GHSA-5j4c-8p2g-v4jx) vulnerability in `vue`, an ReDoS vulnerability exploitable through inefficient regex evaluation in parseHTML function. The issue can cause excessive CPU usage but is not exploitable in the editor as we don't load untrusted HTML at runtime. diff --git a/content/operations/releases/release-2025-09.md b/content/operations/releases/release-2025-09.md index 617e65196..546fc9d7a 100644 --- a/content/operations/releases/release-2025-09.md +++ b/content/operations/releases/release-2025-09.md @@ -335,7 +335,10 @@ We are constantly patching module vulnerabilities for the Livingdocs Server and This release we have patched the following vulnerabilities in the Livingdocs Server: -- TBD +- [GHSA-xffm-g5w8-qvg7](https://github.com/advisories/GHSA-xffm-g5w8-qvg7) patched in `@eslint/plugin-kit` v0.3.5 +- [CVE-2025-7783](https://github.com/advisories/GHSA-fjxv-7rqg-78g4) patched in `form-data` v2.5.5 +- [CVE-2025-7339](https://github.com/advisories/GHSA-76c9-3jph-rj3q) patched in `on-headers` v1.1.0 +- [CVE-2025-54798](https://github.com/advisories/GHSA-52f5-9888-hmc6) patched by no longer depending on `tmp` No known vulnerabilities. :tada: @@ -343,12 +346,16 @@ No known vulnerabilities. :tada: This release we have patched the following vulnerabilities in the Livingdocs Editor: -- TBD +- [GHSA-xffm-g5w8-qvg7](https://github.com/advisories/GHSA-xffm-g5w8-qvg7) patched in `@eslint/plugin-kit` v2.5.5 +- [CVE-2025-7783](https://github.com/advisories/GHSA-fjxv-7rqg-78g4) patched in `form-data` v2.5.5 +- [CVE-2025-9288](https://github.com/advisories/GHSA-95m3-7q98-8xr5) patched in `sha.js` v2.4.12 We are aware of the following vulnerabilities in the Livingdocs Editor: - [CVE-2023-44270](https://github.com/advisories/GHSA-7fh5-64p2-3v2j) vulnerability in `postcss`, it affects linters using PostCSS to parse external Cascading Style Sheets (CSS). It is not exploitable in the editor as we don't load untrusted external CSS at build time. -- [CVE-2023-26116](https://cwe.mitre.org/data/definitions/1333.html), [CVE-2023-26118](https://cwe.mitre.org/data/definitions/1333.html), [CVE-2023-26117](https://cwe.mitre.org/data/definitions/1333.html), [CVE-2022-25869](https://cwe.mitre.org/data/definitions/79.html), [CVE-2022-25844](https://cwe.mitre.org/data/definitions/770.html) are all AngularJS vulnerabilities that don't have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js. +- [CVE-2022-25844](https://github.com/advisories/GHSA-m2h2-264f-f486), [CVE-2022-25869](https://github.com/advisories/GHSA-prc3-vjfx-vhm9), [CVE-2023-26116](https://github.com/advisories/GHSA-2vrf-hf26-jrp5), [CVE-2023-26117](https://github.com/advisories/GHSA-2qqx-w9hr-q5gx), [CVE-2023-26118](https://github.com/advisories/GHSA-qwqh-hm9m-p5hr), [CVE-2024-8372](https://github.com/advisories/GHSA-m9gf-397r-hwpg), [CVE-2024-8373](https://github.com/advisories/GHSA-mqm9-c95h-x2p6), [CVE-2024-21490](https://github.com/advisories/GHSA-4w4v-5hc9-xrr2), [CVE-2025-0716](https://github.com/advisories/GHSA-j58c-ww9w-pwp5), [CVE-2025-2336](https://github.com/advisories/GHSA-4p4w-6hg8-63wx) are all AngularJS vulnerabilities that don't have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js. +- [CVE-2024-6783](https://github.com/advisories/GHSA-g3ch-rx76-35fx) vulnerability in `vue-template-compiler` it allows malicious users to perform XSS via prototype pollution. Editor build is always done in a trusted environment and the vulnerability is not exploitable. +- [CVE-2024-9506](https://github.com/advisories/GHSA-5j4c-8p2g-v4jx) vulnerability in `vue`, an ReDoS vulnerability exploitable through inefficient regex evaluation in parseHTML function. The issue can cause excessive CPU usage but is not exploitable in the editor as we don't load untrusted HTML at runtime. ## Patches diff --git a/content/operations/releases/release-2025-11.md b/content/operations/releases/release-2025-11.md index e1e717a4d..996574b05 100644 --- a/content/operations/releases/release-2025-11.md +++ b/content/operations/releases/release-2025-11.md @@ -159,7 +159,9 @@ This release we have patched the following vulnerabilities in the Livingdocs Edi We are aware of the following vulnerabilities in the Livingdocs Editor: - [CVE-2023-44270](https://github.com/advisories/GHSA-7fh5-64p2-3v2j) vulnerability in `postcss`, it affects linters using PostCSS to parse external Cascading Style Sheets (CSS). It is not exploitable in the editor as we don't load untrusted external CSS at build time. -- [CVE-2023-26116](https://cwe.mitre.org/data/definitions/1333.html), [CVE-2023-26118](https://cwe.mitre.org/data/definitions/1333.html), [CVE-2023-26117](https://cwe.mitre.org/data/definitions/1333.html), [CVE-2022-25869](https://cwe.mitre.org/data/definitions/79.html), [CVE-2022-25844](https://cwe.mitre.org/data/definitions/770.html) are all AngularJS vulnerabilities that don't have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js. +- [CVE-2022-25844](https://github.com/advisories/GHSA-m2h2-264f-f486), [CVE-2022-25869](https://github.com/advisories/GHSA-prc3-vjfx-vhm9), [CVE-2023-26116](https://github.com/advisories/GHSA-2vrf-hf26-jrp5), [CVE-2023-26117](https://github.com/advisories/GHSA-2qqx-w9hr-q5gx), [CVE-2023-26118](https://github.com/advisories/GHSA-qwqh-hm9m-p5hr), [CVE-2024-8372](https://github.com/advisories/GHSA-m9gf-397r-hwpg), [CVE-2024-8373](https://github.com/advisories/GHSA-mqm9-c95h-x2p6), [CVE-2024-21490](https://github.com/advisories/GHSA-4w4v-5hc9-xrr2), [CVE-2025-0716](https://github.com/advisories/GHSA-j58c-ww9w-pwp5), [CVE-2025-2336](https://github.com/advisories/GHSA-4p4w-6hg8-63wx) are all AngularJS vulnerabilities that don't have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js. +- [CVE-2024-6783](https://github.com/advisories/GHSA-g3ch-rx76-35fx) vulnerability in `vue-template-compiler` it allows malicious users to perform XSS via prototype pollution. Editor build is always done in a trusted environment and the vulnerability is not exploitable. +- [CVE-2024-9506](https://github.com/advisories/GHSA-5j4c-8p2g-v4jx) vulnerability in `vue`, an ReDoS vulnerability exploitable through inefficient regex evaluation in parseHTML function. The issue can cause excessive CPU usage but is not exploitable in the editor as we don't load untrusted HTML at runtime. ## Patches From 9fd8502840ce5249d3849082f60917f2ab52c2c9 Mon Sep 17 00:00:00 2001 From: Machine User Date: Fri, 5 Sep 2025 00:21:55 +0200 Subject: [PATCH 24/58] fix(main): add patch to main.md with tag v281.4.6 --- content/operations/releases/release-2025-11.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-11.md b/content/operations/releases/release-2025-11.md index 996574b05..fddca8e5e 100644 --- a/content/operations/releases/release-2025-11.md +++ b/content/operations/releases/release-2025-11.md @@ -65,6 +65,7 @@ These are the release notes of the upcoming release (pull requests merged to the - :fire: Integration against the upcoming release (currently `master` branch) is at your own risk ## PRs to Categorize +- [fix(deps): update dependency pino from 9.9.1 to v9.9.2 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8352) - [Trigger Google Vision enrichment on image upload](https://github.com/livingdocsIO/livingdocs-server/pull/8341) - [Improve comment to component alignment on load](https://github.com/livingdocsIO/livingdocs-editor/pull/10056) - [Allow `li-rubric-assignment` in creation flows](https://github.com/livingdocsIO/livingdocs-server/pull/8348) From 715369d188fb7f4d4a37fe33931585b2adcf7594 Mon Sep 17 00:00:00 2001 From: Machine User Date: Fri, 5 Sep 2025 00:21:55 +0200 Subject: [PATCH 25/58] fix(main): update release notes overview for main for livingdocs-server with tag v281.4.6 --- data/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/releases.json b/data/releases.json index 59725f273..838f9aa69 100644 --- a/data/releases.json +++ b/data/releases.json @@ -9,7 +9,7 @@ "legacy": false, "sortId": 52, "editorVersion": "v119.15.1", - "serverVersion": "v281.4.5" + "serverVersion": "v281.4.6" }, "release-2025-09": { "key": "release-2025-09", From c8c49f240caa56b9110c1ca6d7964ae45f3ed86f Mon Sep 17 00:00:00 2001 From: Machine User Date: Fri, 5 Sep 2025 06:10:40 +0200 Subject: [PATCH 26/58] fix(main): add patch to main.md with tag v281.4.7 --- content/operations/releases/release-2025-11.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-11.md b/content/operations/releases/release-2025-11.md index fddca8e5e..26054e252 100644 --- a/content/operations/releases/release-2025-11.md +++ b/content/operations/releases/release-2025-11.md @@ -65,6 +65,7 @@ These are the release notes of the upcoming release (pull requests merged to the - :fire: Integration against the upcoming release (currently `master` branch) is at your own risk ## PRs to Categorize +- [fix(deps): update dependency posthog-node from 5.8.1 to v5.8.2 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8354) - [fix(deps): update dependency pino from 9.9.1 to v9.9.2 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8352) - [Trigger Google Vision enrichment on image upload](https://github.com/livingdocsIO/livingdocs-server/pull/8341) - [Improve comment to component alignment on load](https://github.com/livingdocsIO/livingdocs-editor/pull/10056) From cd611b5ee7d234e194b5924e11a11e3804303279 Mon Sep 17 00:00:00 2001 From: Machine User Date: Fri, 5 Sep 2025 06:10:41 +0200 Subject: [PATCH 27/58] fix(main): update release notes overview for main for livingdocs-server with tag v281.4.7 --- data/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/releases.json b/data/releases.json index 838f9aa69..7607fc8b3 100644 --- a/data/releases.json +++ b/data/releases.json @@ -9,7 +9,7 @@ "legacy": false, "sortId": 52, "editorVersion": "v119.15.1", - "serverVersion": "v281.4.6" + "serverVersion": "v281.4.7" }, "release-2025-09": { "key": "release-2025-09", From 88d5b2e2255d97d2d27376ab6419601aec29e88b Mon Sep 17 00:00:00 2001 From: Machine User Date: Fri, 5 Sep 2025 07:36:02 +0200 Subject: [PATCH 28/58] fix(release-2025-07): add patch to release-2025-07.md with tag v280.1.22 --- content/operations/releases/release-2025-07.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-07.md b/content/operations/releases/release-2025-07.md index c51065096..22af02513 100644 --- a/content/operations/releases/release-2025-07.md +++ b/content/operations/releases/release-2025-07.md @@ -624,6 +624,7 @@ We are aware of the following vulnerabilities in the Livingdocs Editor: Here is a list of all patches after the release has been announced. ### Livingdocs Server Patches +- [v280.1.22](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v280.1.22): fix(rubrics): allow `li-rubric-assignment` in creation flows - [v280.1.21](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v280.1.21): fix(google-vision): Enrich images on upload - [v280.1.20](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v280.1.20): fix: Patch vulnerable dependencies - [v280.1.19](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v280.1.19): fix(retresco): Request more rows on entities endpoint From 53874b87e5c706d97859f92df610a8a8868a606e Mon Sep 17 00:00:00 2001 From: Machine User Date: Fri, 5 Sep 2025 07:36:03 +0200 Subject: [PATCH 29/58] fix(release-2025-07): update release notes overview for release-2025-07 for livingdocs-server with tag v280.1.22 --- data/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/releases.json b/data/releases.json index 7607fc8b3..aeef9062b 100644 --- a/data/releases.json +++ b/data/releases.json @@ -33,7 +33,7 @@ "legacy": false, "sortId": 50, "editorVersion": "v119.3.22", - "serverVersion": "v280.1.21" + "serverVersion": "v280.1.22" }, "release-2025-05": { "key": "release-2025-05", From 35194af9154171ca877cb69d9e9b22725243ea0b Mon Sep 17 00:00:00 2001 From: Machine User Date: Fri, 5 Sep 2025 10:13:15 +0200 Subject: [PATCH 30/58] fix(main): add patch to main.md with tag v119.15.2 --- content/operations/releases/release-2025-11.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-11.md b/content/operations/releases/release-2025-11.md index 26054e252..09147b29f 100644 --- a/content/operations/releases/release-2025-11.md +++ b/content/operations/releases/release-2025-11.md @@ -65,6 +65,7 @@ These are the release notes of the upcoming release (pull requests merged to the - :fire: Integration against the upcoming release (currently `master` branch) is at your own risk ## PRs to Categorize +- [fix(deps): update dependency dedent from 1.6.0 to v1.7.0 (main)](https://github.com/livingdocsIO/livingdocs-editor/pull/10255) - [fix(deps): update dependency posthog-node from 5.8.1 to v5.8.2 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8354) - [fix(deps): update dependency pino from 9.9.1 to v9.9.2 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8352) - [Trigger Google Vision enrichment on image upload](https://github.com/livingdocsIO/livingdocs-server/pull/8341) From 9ef7b198f32ce8e4b9d405a867f6ba0eb8817c13 Mon Sep 17 00:00:00 2001 From: Machine User Date: Fri, 5 Sep 2025 10:13:16 +0200 Subject: [PATCH 31/58] fix(main): update release notes overview for main for livingdocs-editor with tag v119.15.2 --- data/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/releases.json b/data/releases.json index aeef9062b..76cb00345 100644 --- a/data/releases.json +++ b/data/releases.json @@ -8,7 +8,7 @@ "maintained": false, "legacy": false, "sortId": 52, - "editorVersion": "v119.15.1", + "editorVersion": "v119.15.2", "serverVersion": "v281.4.7" }, "release-2025-09": { From e5c24b1d7042870ec1d32a8dbd94f123a0e2d37a Mon Sep 17 00:00:00 2001 From: Machine User Date: Fri, 5 Sep 2025 10:25:16 +0200 Subject: [PATCH 32/58] fix(release-2025-09): add patch to release-2025-09.md with tag v119.14.5 --- content/operations/releases/release-2025-09.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-09.md b/content/operations/releases/release-2025-09.md index 546fc9d7a..19ba92228 100644 --- a/content/operations/releases/release-2025-09.md +++ b/content/operations/releases/release-2025-09.md @@ -369,6 +369,7 @@ Here is a list of all patches after the release has been announced. - [v281.3.2](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v281.3.2): fix(release-2025-09): Update framework to v32.9.4 (release-2025-09 tag) ### Livingdocs Editor Patches +- [v119.14.5](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v119.14.5): fix: Remove angular-sanitize - [v119.14.4](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v119.14.4): fix(comments): Improve comment to component alignment on load - [v119.14.3](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v119.14.3): fix(release-2025-09): Update framework to v32.9.4 (release-2025-09 tag) From d3fc31feeef9e08d41d91b171a3ae30a79fa3663 Mon Sep 17 00:00:00 2001 From: Machine User Date: Fri, 5 Sep 2025 10:25:16 +0200 Subject: [PATCH 33/58] fix(release-2025-09): update release notes overview for release-2025-09 for livingdocs-editor with tag v119.14.5 --- data/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/releases.json b/data/releases.json index 76cb00345..70829c1d4 100644 --- a/data/releases.json +++ b/data/releases.json @@ -20,7 +20,7 @@ "maintained": false, "legacy": false, "sortId": 51, - "editorVersion": "v119.14.4", + "editorVersion": "v119.14.5", "serverVersion": "v281.3.6" }, "release-2025-07": { From 0f3e924c7b1b523555a4aea8c805ec7a90d06647 Mon Sep 17 00:00:00 2001 From: Machine User Date: Fri, 5 Sep 2025 10:25:23 +0200 Subject: [PATCH 34/58] fix(main): add patch to main.md with tag v281.4.8 --- content/operations/releases/release-2025-11.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-11.md b/content/operations/releases/release-2025-11.md index 09147b29f..346f2f213 100644 --- a/content/operations/releases/release-2025-11.md +++ b/content/operations/releases/release-2025-11.md @@ -65,6 +65,7 @@ These are the release notes of the upcoming release (pull requests merged to the - :fire: Integration against the upcoming release (currently `master` branch) is at your own risk ## PRs to Categorize +- [Support setting migration sequence to 0 with documentApi.createV2](https://github.com/livingdocsIO/livingdocs-server/pull/8356) - [fix(deps): update dependency dedent from 1.6.0 to v1.7.0 (main)](https://github.com/livingdocsIO/livingdocs-editor/pull/10255) - [fix(deps): update dependency posthog-node from 5.8.1 to v5.8.2 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8354) - [fix(deps): update dependency pino from 9.9.1 to v9.9.2 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8352) From b6ecbb86230fef25ce56b3cd1aab151b64ff6dd9 Mon Sep 17 00:00:00 2001 From: Machine User Date: Fri, 5 Sep 2025 10:25:24 +0200 Subject: [PATCH 35/58] fix(main): update release notes overview for main for livingdocs-server with tag v281.4.8 --- data/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/releases.json b/data/releases.json index 70829c1d4..d7c1b1964 100644 --- a/data/releases.json +++ b/data/releases.json @@ -9,7 +9,7 @@ "legacy": false, "sortId": 52, "editorVersion": "v119.15.2", - "serverVersion": "v281.4.7" + "serverVersion": "v281.4.8" }, "release-2025-09": { "key": "release-2025-09", From b8313d4f6bb31f4232b0cb683b16e5a25c319e28 Mon Sep 17 00:00:00 2001 From: Machine User Date: Fri, 5 Sep 2025 10:35:07 +0200 Subject: [PATCH 36/58] fix(release-2025-07): add patch to release-2025-07.md with tag v119.3.23 --- content/operations/releases/release-2025-07.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-07.md b/content/operations/releases/release-2025-07.md index 22af02513..f7310e207 100644 --- a/content/operations/releases/release-2025-07.md +++ b/content/operations/releases/release-2025-07.md @@ -650,6 +650,7 @@ Here is a list of all patches after the release has been announced. - [v280.1.1](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v280.1.1): fix(news-agency): Prevent registering news agency report content type multiple times ### Livingdocs Editor Patches +- [v119.3.23](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v119.3.23): fix: Remove angular-sanitize - [v119.3.22](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v119.3.22): fix(comments): Improve comment to component alignment on load - [v119.3.21](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v119.3.21): fix: Patch vulnerable dependencies - [v119.3.20](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v119.3.20): fix(drone): Prepend strip_prefix with '/' From fb06eef76aab87309ee048046fb2b193807b39a5 Mon Sep 17 00:00:00 2001 From: Machine User Date: Fri, 5 Sep 2025 10:35:08 +0200 Subject: [PATCH 37/58] fix(release-2025-07): update release notes overview for release-2025-07 for livingdocs-editor with tag v119.3.23 --- data/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/releases.json b/data/releases.json index d7c1b1964..c26915cbd 100644 --- a/data/releases.json +++ b/data/releases.json @@ -32,7 +32,7 @@ "maintained": true, "legacy": false, "sortId": 50, - "editorVersion": "v119.3.22", + "editorVersion": "v119.3.23", "serverVersion": "v280.1.22" }, "release-2025-05": { From f4ce0292531e23bb905969bac09ec8004a0fcd48 Mon Sep 17 00:00:00 2001 From: Machine User Date: Fri, 5 Sep 2025 10:42:01 +0200 Subject: [PATCH 38/58] fix(release-2025-05): add patch to release-2025-05.md with tag v117.6.44 --- content/operations/releases/release-2025-05.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-05.md b/content/operations/releases/release-2025-05.md index 20a2bc7cb..de0cac126 100644 --- a/content/operations/releases/release-2025-05.md +++ b/content/operations/releases/release-2025-05.md @@ -479,6 +479,7 @@ Here is a list of all patches after the release has been announced. - [v276.3.1](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v276.3.1): fix(peiq-agency): Improve handling of empty property image_ids ### Livingdocs Editor Patches +- [v117.6.44](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v117.6.44): fix: Remove angular-sanitize - [v117.6.43](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v117.6.43): fix(comments): Improve comment to component alignment on load - [v117.6.42](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v117.6.42): fix: Patch vulnerable dependencies - [v117.6.41](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v117.6.41): fix(drone): Prepend strip_prefix with '/' From ed50d6eca8ef4af9c07332cfa27074f1ac4a77e9 Mon Sep 17 00:00:00 2001 From: Machine User Date: Fri, 5 Sep 2025 10:42:01 +0200 Subject: [PATCH 39/58] fix(release-2025-05): update release notes overview for release-2025-05 for livingdocs-editor with tag v117.6.44 --- data/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/releases.json b/data/releases.json index c26915cbd..223c8e111 100644 --- a/data/releases.json +++ b/data/releases.json @@ -44,7 +44,7 @@ "maintained": true, "legacy": false, "sortId": 49, - "editorVersion": "v117.6.43", + "editorVersion": "v117.6.44", "serverVersion": "v276.3.26" }, "release-2025-03": { From 7149a543bef84b718846c4ef4a118e4ed319cfe4 Mon Sep 17 00:00:00 2001 From: Machine User Date: Fri, 5 Sep 2025 10:51:05 +0200 Subject: [PATCH 40/58] fix(release-2025-09): add patch to release-2025-09.md with tag v281.3.7 --- content/operations/releases/release-2025-09.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-09.md b/content/operations/releases/release-2025-09.md index 19ba92228..48f17bf62 100644 --- a/content/operations/releases/release-2025-09.md +++ b/content/operations/releases/release-2025-09.md @@ -362,6 +362,7 @@ We are aware of the following vulnerabilities in the Livingdocs Editor: Here is a list of all patches after the release has been announced. ### Livingdocs Server Patches +- [v281.3.7](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v281.3.7): fix: Support setting migration sequence to 0 with documentApi.create - [v281.3.6](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v281.3.6): fix(google-vision): Enrich images on upload - [v281.3.5](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v281.3.5): fix(rubrics): allow `li-rubric-assignment` in creation flows - [v281.3.4](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v281.3.4): fix(revisions): Exclude scheduled publication events From 79281a6ecaa7b58a222c860af38208e1371d69e2 Mon Sep 17 00:00:00 2001 From: Machine User Date: Fri, 5 Sep 2025 10:51:06 +0200 Subject: [PATCH 41/58] fix(release-2025-09): update release notes overview for release-2025-09 for livingdocs-server with tag v281.3.7 --- data/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/releases.json b/data/releases.json index 223c8e111..b50a237a3 100644 --- a/data/releases.json +++ b/data/releases.json @@ -21,7 +21,7 @@ "legacy": false, "sortId": 51, "editorVersion": "v119.14.5", - "serverVersion": "v281.3.6" + "serverVersion": "v281.3.7" }, "release-2025-07": { "key": "release-2025-07", From bc74a0b823ce53cb5a4af795bb588cba05c63f12 Mon Sep 17 00:00:00 2001 From: Robin Bisping Date: Fri, 5 Sep 2025 10:46:13 +0200 Subject: [PATCH 42/58] fix: Replace angular-sanitize --- content/operations/releases/release-2025-03.md | 3 ++- content/operations/releases/release-2025-05.md | 3 ++- content/operations/releases/release-2025-07.md | 3 ++- content/operations/releases/release-2025-09.md | 3 ++- content/operations/releases/release-2025-11.md | 2 +- 5 files changed, 9 insertions(+), 5 deletions(-) diff --git a/content/operations/releases/release-2025-03.md b/content/operations/releases/release-2025-03.md index c530d9f7d..0ff848c92 100644 --- a/content/operations/releases/release-2025-03.md +++ b/content/operations/releases/release-2025-03.md @@ -507,11 +507,12 @@ This release we have patched the following vulnerabilities in the Livingdocs Edi - [GHSA-xffm-g5w8-qvg7](https://github.com/advisories/GHSA-xffm-g5w8-qvg7) patched in `@eslint/plugin-kit` v2.5.5 - [CVE-2025-7783](https://github.com/advisories/GHSA-fjxv-7rqg-78g4) patched in `form-data` v2.5.5 - [CVE-2025-9288](https://github.com/advisories/GHSA-95m3-7q98-8xr5) patched in `sha.js` v2.4.12 +- [CVE-2025-2336](https://github.com/advisories/GHSA-4p4w-6hg8-63wx) patched by replacing `angular-sanitize` with `sanitize-html` We are aware of the following vulnerabilities in the Livingdocs Editor: - [CVE-2023-44270](https://github.com/advisories/GHSA-7fh5-64p2-3v2j) vulnerability in `postcss`, it affects linters using PostCSS to parse external Cascading Style Sheets (CSS). It is not exploitable in the editor as we don't load untrusted external CSS at build time. -- [CVE-2022-25844](https://github.com/advisories/GHSA-m2h2-264f-f486), [CVE-2022-25869](https://github.com/advisories/GHSA-prc3-vjfx-vhm9), [CVE-2023-26116](https://github.com/advisories/GHSA-2vrf-hf26-jrp5), [CVE-2023-26117](https://github.com/advisories/GHSA-2qqx-w9hr-q5gx), [CVE-2023-26118](https://github.com/advisories/GHSA-qwqh-hm9m-p5hr), [CVE-2024-8372](https://github.com/advisories/GHSA-m9gf-397r-hwpg), [CVE-2024-8373](https://github.com/advisories/GHSA-mqm9-c95h-x2p6), [CVE-2024-21490](https://github.com/advisories/GHSA-4w4v-5hc9-xrr2), [CVE-2025-0716](https://github.com/advisories/GHSA-j58c-ww9w-pwp5), [CVE-2025-2336](https://github.com/advisories/GHSA-4p4w-6hg8-63wx) are all AngularJS vulnerabilities that don't have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js. +- [CVE-2022-25844](https://github.com/advisories/GHSA-m2h2-264f-f486), [CVE-2022-25869](https://github.com/advisories/GHSA-prc3-vjfx-vhm9), [CVE-2023-26116](https://github.com/advisories/GHSA-2vrf-hf26-jrp5), [CVE-2023-26117](https://github.com/advisories/GHSA-2qqx-w9hr-q5gx), [CVE-2023-26118](https://github.com/advisories/GHSA-qwqh-hm9m-p5hr), [CVE-2024-8372](https://github.com/advisories/GHSA-m9gf-397r-hwpg), [CVE-2024-8373](https://github.com/advisories/GHSA-mqm9-c95h-x2p6), [CVE-2024-21490](https://github.com/advisories/GHSA-4w4v-5hc9-xrr2), [CVE-2025-0716](https://github.com/advisories/GHSA-j58c-ww9w-pwp5) are all AngularJS vulnerabilities that don't have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js. - [CVE-2024-6783](https://github.com/advisories/GHSA-g3ch-rx76-35fx) vulnerability in `vue-template-compiler` it allows malicious users to perform XSS via prototype pollution. Editor build is always done in a trusted environment and the vulnerability is not exploitable. - [CVE-2024-9506](https://github.com/advisories/GHSA-5j4c-8p2g-v4jx) vulnerability in `vue`, an ReDoS vulnerability exploitable through inefficient regex evaluation in parseHTML function. The issue can cause excessive CPU usage but is not exploitable in the editor as we don't load untrusted HTML at runtime. diff --git a/content/operations/releases/release-2025-05.md b/content/operations/releases/release-2025-05.md index de0cac126..4c2747707 100644 --- a/content/operations/releases/release-2025-05.md +++ b/content/operations/releases/release-2025-05.md @@ -436,11 +436,12 @@ This release we have patched the following vulnerabilities in the Livingdocs Edi - [GHSA-xffm-g5w8-qvg7](https://github.com/advisories/GHSA-xffm-g5w8-qvg7) patched in `@eslint/plugin-kit` v2.5.5 - [CVE-2025-7783](https://github.com/advisories/GHSA-fjxv-7rqg-78g4) patched in `form-data` v2.5.5 - [CVE-2025-9288](https://github.com/advisories/GHSA-95m3-7q98-8xr5) patched in `sha.js` v2.4.12 +- [CVE-2025-2336](https://github.com/advisories/GHSA-4p4w-6hg8-63wx) patched by replacing `angular-sanitize` with `sanitize-html` We are aware of the following vulnerabilities in the Livingdocs Editor: - [CVE-2023-44270](https://github.com/advisories/GHSA-7fh5-64p2-3v2j) vulnerability in `postcss`, it affects linters using PostCSS to parse external Cascading Style Sheets (CSS). It is not exploitable in the editor as we don't load untrusted external CSS at build time. -- [CVE-2022-25844](https://github.com/advisories/GHSA-m2h2-264f-f486), [CVE-2022-25869](https://github.com/advisories/GHSA-prc3-vjfx-vhm9), [CVE-2023-26116](https://github.com/advisories/GHSA-2vrf-hf26-jrp5), [CVE-2023-26117](https://github.com/advisories/GHSA-2qqx-w9hr-q5gx), [CVE-2023-26118](https://github.com/advisories/GHSA-qwqh-hm9m-p5hr), [CVE-2024-8372](https://github.com/advisories/GHSA-m9gf-397r-hwpg), [CVE-2024-8373](https://github.com/advisories/GHSA-mqm9-c95h-x2p6), [CVE-2024-21490](https://github.com/advisories/GHSA-4w4v-5hc9-xrr2), [CVE-2025-0716](https://github.com/advisories/GHSA-j58c-ww9w-pwp5), [CVE-2025-2336](https://github.com/advisories/GHSA-4p4w-6hg8-63wx) are all AngularJS vulnerabilities that don't have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js. +- [CVE-2022-25844](https://github.com/advisories/GHSA-m2h2-264f-f486), [CVE-2022-25869](https://github.com/advisories/GHSA-prc3-vjfx-vhm9), [CVE-2023-26116](https://github.com/advisories/GHSA-2vrf-hf26-jrp5), [CVE-2023-26117](https://github.com/advisories/GHSA-2qqx-w9hr-q5gx), [CVE-2023-26118](https://github.com/advisories/GHSA-qwqh-hm9m-p5hr), [CVE-2024-8372](https://github.com/advisories/GHSA-m9gf-397r-hwpg), [CVE-2024-8373](https://github.com/advisories/GHSA-mqm9-c95h-x2p6), [CVE-2024-21490](https://github.com/advisories/GHSA-4w4v-5hc9-xrr2), [CVE-2025-0716](https://github.com/advisories/GHSA-j58c-ww9w-pwp5) are all AngularJS vulnerabilities that don't have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js. - [CVE-2024-6783](https://github.com/advisories/GHSA-g3ch-rx76-35fx) vulnerability in `vue-template-compiler` it allows malicious users to perform XSS via prototype pollution. Editor build is always done in a trusted environment and the vulnerability is not exploitable. - [CVE-2024-9506](https://github.com/advisories/GHSA-5j4c-8p2g-v4jx) vulnerability in `vue`, an ReDoS vulnerability exploitable through inefficient regex evaluation in parseHTML function. The issue can cause excessive CPU usage but is not exploitable in the editor as we don't load untrusted HTML at runtime. diff --git a/content/operations/releases/release-2025-07.md b/content/operations/releases/release-2025-07.md index f7310e207..3d2b29176 100644 --- a/content/operations/releases/release-2025-07.md +++ b/content/operations/releases/release-2025-07.md @@ -611,11 +611,12 @@ This release we have patched the following vulnerabilities in the Livingdocs Edi - [GHSA-xffm-g5w8-qvg7](https://github.com/advisories/GHSA-xffm-g5w8-qvg7) patched in `@eslint/plugin-kit` v2.5.5 - [CVE-2025-7783](https://github.com/advisories/GHSA-fjxv-7rqg-78g4) patched in `form-data` v2.5.5 - [CVE-2025-9288](https://github.com/advisories/GHSA-95m3-7q98-8xr5) patched in `sha.js` v2.4.12 +- [CVE-2025-2336](https://github.com/advisories/GHSA-4p4w-6hg8-63wx) patched by replacing `angular-sanitize` with `sanitize-html` We are aware of the following vulnerabilities in the Livingdocs Editor: - [CVE-2023-44270](https://github.com/advisories/GHSA-7fh5-64p2-3v2j) vulnerability in `postcss`, it affects linters using PostCSS to parse external Cascading Style Sheets (CSS). It is not exploitable in the editor as we don't load untrusted external CSS at build time. -- [CVE-2022-25844](https://github.com/advisories/GHSA-m2h2-264f-f486), [CVE-2022-25869](https://github.com/advisories/GHSA-prc3-vjfx-vhm9), [CVE-2023-26116](https://github.com/advisories/GHSA-2vrf-hf26-jrp5), [CVE-2023-26117](https://github.com/advisories/GHSA-2qqx-w9hr-q5gx), [CVE-2023-26118](https://github.com/advisories/GHSA-qwqh-hm9m-p5hr), [CVE-2024-8372](https://github.com/advisories/GHSA-m9gf-397r-hwpg), [CVE-2024-8373](https://github.com/advisories/GHSA-mqm9-c95h-x2p6), [CVE-2024-21490](https://github.com/advisories/GHSA-4w4v-5hc9-xrr2), [CVE-2025-0716](https://github.com/advisories/GHSA-j58c-ww9w-pwp5), [CVE-2025-2336](https://github.com/advisories/GHSA-4p4w-6hg8-63wx) are all AngularJS vulnerabilities that don't have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js. +- [CVE-2022-25844](https://github.com/advisories/GHSA-m2h2-264f-f486), [CVE-2022-25869](https://github.com/advisories/GHSA-prc3-vjfx-vhm9), [CVE-2023-26116](https://github.com/advisories/GHSA-2vrf-hf26-jrp5), [CVE-2023-26117](https://github.com/advisories/GHSA-2qqx-w9hr-q5gx), [CVE-2023-26118](https://github.com/advisories/GHSA-qwqh-hm9m-p5hr), [CVE-2024-8372](https://github.com/advisories/GHSA-m9gf-397r-hwpg), [CVE-2024-8373](https://github.com/advisories/GHSA-mqm9-c95h-x2p6), [CVE-2024-21490](https://github.com/advisories/GHSA-4w4v-5hc9-xrr2), [CVE-2025-0716](https://github.com/advisories/GHSA-j58c-ww9w-pwp5) are all AngularJS vulnerabilities that don't have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js. - [CVE-2024-6783](https://github.com/advisories/GHSA-g3ch-rx76-35fx) vulnerability in `vue-template-compiler` it allows malicious users to perform XSS via prototype pollution. Editor build is always done in a trusted environment and the vulnerability is not exploitable. - [CVE-2024-9506](https://github.com/advisories/GHSA-5j4c-8p2g-v4jx) vulnerability in `vue`, an ReDoS vulnerability exploitable through inefficient regex evaluation in parseHTML function. The issue can cause excessive CPU usage but is not exploitable in the editor as we don't load untrusted HTML at runtime. diff --git a/content/operations/releases/release-2025-09.md b/content/operations/releases/release-2025-09.md index 48f17bf62..c39254d38 100644 --- a/content/operations/releases/release-2025-09.md +++ b/content/operations/releases/release-2025-09.md @@ -339,6 +339,7 @@ This release we have patched the following vulnerabilities in the Livingdocs Ser - [CVE-2025-7783](https://github.com/advisories/GHSA-fjxv-7rqg-78g4) patched in `form-data` v2.5.5 - [CVE-2025-7339](https://github.com/advisories/GHSA-76c9-3jph-rj3q) patched in `on-headers` v1.1.0 - [CVE-2025-54798](https://github.com/advisories/GHSA-52f5-9888-hmc6) patched by no longer depending on `tmp` +- [CVE-2025-2336](https://github.com/advisories/GHSA-4p4w-6hg8-63wx) patched by replacing `angular-sanitize` with `sanitize-html` No known vulnerabilities. :tada: @@ -353,7 +354,7 @@ This release we have patched the following vulnerabilities in the Livingdocs Edi We are aware of the following vulnerabilities in the Livingdocs Editor: - [CVE-2023-44270](https://github.com/advisories/GHSA-7fh5-64p2-3v2j) vulnerability in `postcss`, it affects linters using PostCSS to parse external Cascading Style Sheets (CSS). It is not exploitable in the editor as we don't load untrusted external CSS at build time. -- [CVE-2022-25844](https://github.com/advisories/GHSA-m2h2-264f-f486), [CVE-2022-25869](https://github.com/advisories/GHSA-prc3-vjfx-vhm9), [CVE-2023-26116](https://github.com/advisories/GHSA-2vrf-hf26-jrp5), [CVE-2023-26117](https://github.com/advisories/GHSA-2qqx-w9hr-q5gx), [CVE-2023-26118](https://github.com/advisories/GHSA-qwqh-hm9m-p5hr), [CVE-2024-8372](https://github.com/advisories/GHSA-m9gf-397r-hwpg), [CVE-2024-8373](https://github.com/advisories/GHSA-mqm9-c95h-x2p6), [CVE-2024-21490](https://github.com/advisories/GHSA-4w4v-5hc9-xrr2), [CVE-2025-0716](https://github.com/advisories/GHSA-j58c-ww9w-pwp5), [CVE-2025-2336](https://github.com/advisories/GHSA-4p4w-6hg8-63wx) are all AngularJS vulnerabilities that don't have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js. +- [CVE-2022-25844](https://github.com/advisories/GHSA-m2h2-264f-f486), [CVE-2022-25869](https://github.com/advisories/GHSA-prc3-vjfx-vhm9), [CVE-2023-26116](https://github.com/advisories/GHSA-2vrf-hf26-jrp5), [CVE-2023-26117](https://github.com/advisories/GHSA-2qqx-w9hr-q5gx), [CVE-2023-26118](https://github.com/advisories/GHSA-qwqh-hm9m-p5hr), [CVE-2024-8372](https://github.com/advisories/GHSA-m9gf-397r-hwpg), [CVE-2024-8373](https://github.com/advisories/GHSA-mqm9-c95h-x2p6), [CVE-2024-21490](https://github.com/advisories/GHSA-4w4v-5hc9-xrr2), [CVE-2025-0716](https://github.com/advisories/GHSA-j58c-ww9w-pwp5) are all AngularJS vulnerabilities that don't have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js. - [CVE-2024-6783](https://github.com/advisories/GHSA-g3ch-rx76-35fx) vulnerability in `vue-template-compiler` it allows malicious users to perform XSS via prototype pollution. Editor build is always done in a trusted environment and the vulnerability is not exploitable. - [CVE-2024-9506](https://github.com/advisories/GHSA-5j4c-8p2g-v4jx) vulnerability in `vue`, an ReDoS vulnerability exploitable through inefficient regex evaluation in parseHTML function. The issue can cause excessive CPU usage but is not exploitable in the editor as we don't load untrusted HTML at runtime. diff --git a/content/operations/releases/release-2025-11.md b/content/operations/releases/release-2025-11.md index 346f2f213..f6cc9200c 100644 --- a/content/operations/releases/release-2025-11.md +++ b/content/operations/releases/release-2025-11.md @@ -163,7 +163,7 @@ This release we have patched the following vulnerabilities in the Livingdocs Edi We are aware of the following vulnerabilities in the Livingdocs Editor: - [CVE-2023-44270](https://github.com/advisories/GHSA-7fh5-64p2-3v2j) vulnerability in `postcss`, it affects linters using PostCSS to parse external Cascading Style Sheets (CSS). It is not exploitable in the editor as we don't load untrusted external CSS at build time. -- [CVE-2022-25844](https://github.com/advisories/GHSA-m2h2-264f-f486), [CVE-2022-25869](https://github.com/advisories/GHSA-prc3-vjfx-vhm9), [CVE-2023-26116](https://github.com/advisories/GHSA-2vrf-hf26-jrp5), [CVE-2023-26117](https://github.com/advisories/GHSA-2qqx-w9hr-q5gx), [CVE-2023-26118](https://github.com/advisories/GHSA-qwqh-hm9m-p5hr), [CVE-2024-8372](https://github.com/advisories/GHSA-m9gf-397r-hwpg), [CVE-2024-8373](https://github.com/advisories/GHSA-mqm9-c95h-x2p6), [CVE-2024-21490](https://github.com/advisories/GHSA-4w4v-5hc9-xrr2), [CVE-2025-0716](https://github.com/advisories/GHSA-j58c-ww9w-pwp5), [CVE-2025-2336](https://github.com/advisories/GHSA-4p4w-6hg8-63wx) are all AngularJS vulnerabilities that don't have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js. +- [CVE-2022-25844](https://github.com/advisories/GHSA-m2h2-264f-f486), [CVE-2022-25869](https://github.com/advisories/GHSA-prc3-vjfx-vhm9), [CVE-2023-26116](https://github.com/advisories/GHSA-2vrf-hf26-jrp5), [CVE-2023-26117](https://github.com/advisories/GHSA-2qqx-w9hr-q5gx), [CVE-2023-26118](https://github.com/advisories/GHSA-qwqh-hm9m-p5hr), [CVE-2024-8372](https://github.com/advisories/GHSA-m9gf-397r-hwpg), [CVE-2024-8373](https://github.com/advisories/GHSA-mqm9-c95h-x2p6), [CVE-2024-21490](https://github.com/advisories/GHSA-4w4v-5hc9-xrr2), [CVE-2025-0716](https://github.com/advisories/GHSA-j58c-ww9w-pwp5) are all AngularJS vulnerabilities that don't have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js. - [CVE-2024-6783](https://github.com/advisories/GHSA-g3ch-rx76-35fx) vulnerability in `vue-template-compiler` it allows malicious users to perform XSS via prototype pollution. Editor build is always done in a trusted environment and the vulnerability is not exploitable. - [CVE-2024-9506](https://github.com/advisories/GHSA-5j4c-8p2g-v4jx) vulnerability in `vue`, an ReDoS vulnerability exploitable through inefficient regex evaluation in parseHTML function. The issue can cause excessive CPU usage but is not exploitable in the editor as we don't load untrusted HTML at runtime. From eca78b19b06679ba613f794834bdc678e3cbd816 Mon Sep 17 00:00:00 2001 From: Machine User Date: Fri, 5 Sep 2025 10:54:50 +0200 Subject: [PATCH 43/58] fix(release-2025-03): add patch to release-2025-03.md with tag v115.22.80 --- content/operations/releases/release-2025-03.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-03.md b/content/operations/releases/release-2025-03.md index 0ff848c92..3e8a64f52 100644 --- a/content/operations/releases/release-2025-03.md +++ b/content/operations/releases/release-2025-03.md @@ -575,6 +575,7 @@ Here is a list of all patches after the release has been announced. - [v271.0.2](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v271.0.2): fix(api-version): Keep supporting beta routes ### Livingdocs Editor Patches +- [v115.22.80](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v115.22.80): fix: Remove angular-sanitize - [v115.22.79](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v115.22.79): fix: Patch vulnerable dependencies - [v115.22.78](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v115.22.78): fix(drone): Prepend strip_prefix with '/' - [v115.22.77](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v115.22.77): fix(v-tooltip): Render strings of v-tooltip as text, not html From 173147820683635fa26ef2226b0f4718317c9b51 Mon Sep 17 00:00:00 2001 From: Machine User Date: Fri, 5 Sep 2025 10:54:50 +0200 Subject: [PATCH 44/58] fix(release-2025-03): update release notes overview for release-2025-03 for livingdocs-editor with tag v115.22.80 --- data/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/releases.json b/data/releases.json index b50a237a3..c85bed421 100644 --- a/data/releases.json +++ b/data/releases.json @@ -56,7 +56,7 @@ "maintained": true, "legacy": false, "sortId": 48, - "editorVersion": "v115.22.79", + "editorVersion": "v115.22.80", "serverVersion": "v271.0.51" }, "release-2025-01": { From caa8f7f60b86324ea8fb8f36240d1ed83b97fe85 Mon Sep 17 00:00:00 2001 From: Machine User Date: Fri, 5 Sep 2025 10:57:55 +0200 Subject: [PATCH 45/58] fix(release-2025-05): add patch to release-2025-05.md with tag v276.3.27 --- content/operations/releases/release-2025-05.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-05.md b/content/operations/releases/release-2025-05.md index 4c2747707..803bd1de1 100644 --- a/content/operations/releases/release-2025-05.md +++ b/content/operations/releases/release-2025-05.md @@ -450,6 +450,7 @@ We are aware of the following vulnerabilities in the Livingdocs Editor: Here is a list of all patches after the release has been announced. ### Livingdocs Server Patches +- [v276.3.27](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v276.3.27): fix: Support setting migration sequence to 0 with documentApi.create - [v276.3.26](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v276.3.26): fix: Patch vulnerable dependencies - [v276.3.25](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v276.3.25): fix(retresco): Request more rows on entities endpoint - [v276.3.24](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v276.3.24): fix(peiq): Replace '' with '\n' instead of ' ' if newlines are enabled on metadata property From a30ded75ad50c470f840027757d69354dcb822b8 Mon Sep 17 00:00:00 2001 From: Machine User Date: Fri, 5 Sep 2025 10:57:56 +0200 Subject: [PATCH 46/58] fix(release-2025-05): update release notes overview for release-2025-05 for livingdocs-server with tag v276.3.27 --- data/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/releases.json b/data/releases.json index c85bed421..6f68b5f1e 100644 --- a/data/releases.json +++ b/data/releases.json @@ -45,7 +45,7 @@ "legacy": false, "sortId": 49, "editorVersion": "v117.6.44", - "serverVersion": "v276.3.26" + "serverVersion": "v276.3.27" }, "release-2025-03": { "key": "release-2025-03", From 00fc944df913bbfab0275e45c441edcced7d05d7 Mon Sep 17 00:00:00 2001 From: Machine User Date: Fri, 5 Sep 2025 11:07:32 +0200 Subject: [PATCH 47/58] fix(release-2025-07): add patch to release-2025-07.md with tag v280.1.23 --- content/operations/releases/release-2025-07.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-07.md b/content/operations/releases/release-2025-07.md index 3d2b29176..3af38d996 100644 --- a/content/operations/releases/release-2025-07.md +++ b/content/operations/releases/release-2025-07.md @@ -625,6 +625,7 @@ We are aware of the following vulnerabilities in the Livingdocs Editor: Here is a list of all patches after the release has been announced. ### Livingdocs Server Patches +- [v280.1.23](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v280.1.23): fix: Support setting migration sequence to 0 with documentApi.create - [v280.1.22](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v280.1.22): fix(rubrics): allow `li-rubric-assignment` in creation flows - [v280.1.21](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v280.1.21): fix(google-vision): Enrich images on upload - [v280.1.20](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v280.1.20): fix: Patch vulnerable dependencies From d882bbd3f70314337208c524f10aa4f1e81db550 Mon Sep 17 00:00:00 2001 From: Machine User Date: Fri, 5 Sep 2025 11:07:33 +0200 Subject: [PATCH 48/58] fix(release-2025-07): update release notes overview for release-2025-07 for livingdocs-server with tag v280.1.23 --- data/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/releases.json b/data/releases.json index 6f68b5f1e..77b3d96f6 100644 --- a/data/releases.json +++ b/data/releases.json @@ -33,7 +33,7 @@ "legacy": false, "sortId": 50, "editorVersion": "v119.3.23", - "serverVersion": "v280.1.22" + "serverVersion": "v280.1.23" }, "release-2025-05": { "key": "release-2025-05", From 6fcb59ca0fcd1309f56df48d563ecab451105559 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 5 Sep 2025 14:29:17 +0000 Subject: [PATCH 49/58] fix(deps): update dependency serve from 14.2.4 to v14.2.5 --- package-lock.json | 92 ++++++++++++++++++++++++----------------------- 1 file changed, 48 insertions(+), 44 deletions(-) diff --git a/package-lock.json b/package-lock.json index 0e16132d1..9d508950e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -64,18 +64,6 @@ "resolved": "https://registry.npmjs.org/@zeit/schemas/-/schemas-2.36.0.tgz", "integrity": "sha512-7kjMwcChYEzMKjeex9ZFXkt1AyNov9R5HZtjBKVsmVpw7pa7ZtlCGvCBC2vnnXctaYN+aRI61HjIqeetZW5ROg==" }, - "node_modules/accepts": { - "version": "1.3.8", - "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", - "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==", - "dependencies": { - "mime-types": "~2.1.34", - "negotiator": "0.6.3" - }, - "engines": { - "node": ">= 0.6" - } - }, "node_modules/ajv": { "version": "8.12.0", "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz", @@ -357,22 +345,32 @@ } }, "node_modules/compression": { - "version": "1.7.4", - "resolved": "https://registry.npmjs.org/compression/-/compression-1.7.4.tgz", - "integrity": "sha512-jaSIDzP9pZVS4ZfQ+TzvtiWhdpFhE2RDHz8QJkpX9SIpLq88VueF5jJw6t+6CUQcAoA6t+x89MLrWAqpfDE8iQ==", + "version": "1.8.1", + "resolved": "https://registry.npmjs.org/compression/-/compression-1.8.1.tgz", + "integrity": "sha512-9mAqGPHLakhCLeNyxPkK4xVo746zQ/czLH1Ky+vkitMnWfWZps8r0qXuwhwizagCRttsL4lfG4pIOvaWLpAP0w==", + "license": "MIT", "dependencies": { - "accepts": "~1.3.5", - "bytes": "3.0.0", - "compressible": "~2.0.16", + "bytes": "3.1.2", + "compressible": "~2.0.18", "debug": "2.6.9", - "on-headers": "~1.0.2", - "safe-buffer": "5.1.2", + "negotiator": "~0.6.4", + "on-headers": "~1.1.0", + "safe-buffer": "5.2.1", "vary": "~1.1.2" }, "engines": { "node": ">= 0.8.0" } }, + "node_modules/compression/node_modules/bytes": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, "node_modules/concat-map": { "version": "0.0.1", "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", @@ -744,17 +742,6 @@ "node": ">= 0.6" } }, - "node_modules/mime-types": { - "version": "2.1.35", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", - "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", - "dependencies": { - "mime-db": "1.52.0" - }, - "engines": { - "node": ">= 0.6" - } - }, "node_modules/mimic-fn": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", @@ -801,9 +788,10 @@ "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" }, "node_modules/negotiator": { - "version": "0.6.3", - "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", - "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==", + "version": "0.6.4", + "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.4.tgz", + "integrity": "sha512-myRT3DiWPHqho5PrJaIRyaMv2kgYf0mUVgBNOYMuCH5Ki1yEiQaf/ZJuQ62nvpc44wL5WDbTX7yGJi1Neevw8w==", + "license": "MIT", "engines": { "node": ">= 0.6" } @@ -820,9 +808,10 @@ } }, "node_modules/on-headers": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.0.2.tgz", - "integrity": "sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA==", + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.1.0.tgz", + "integrity": "sha512-737ZY3yNnXy37FHkQxPzt4UZ2UWPWiCZWLvFZ4fu5cueciegX0zGPnrlY6bwRg4FdQOe9YU8MkmJwGhoMybl8A==", + "license": "MIT", "engines": { "node": ">= 0.8" } @@ -965,9 +954,24 @@ } }, "node_modules/safe-buffer": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT" }, "node_modules/select": { "version": "1.1.2", @@ -975,9 +979,9 @@ "integrity": "sha512-OwpTSOfy6xSs1+pwcNrv0RBMOzI39Lp3qQKUTPVVPRjCdNa5JH/oPRiqsesIskK8TVgmRiHwO4KXlV2Li9dANA==" }, "node_modules/serve": { - "version": "14.2.4", - "resolved": "https://registry.npmjs.org/serve/-/serve-14.2.4.tgz", - "integrity": "sha512-qy1S34PJ/fcY8gjVGszDB3EXiPSk5FKhUa7tQe0UPRddxRidc2V6cNHPNewbE1D7MAkgLuWEt3Vw56vYy73tzQ==", + "version": "14.2.5", + "resolved": "https://registry.npmjs.org/serve/-/serve-14.2.5.tgz", + "integrity": "sha512-Qn/qMkzCcMFVPb60E/hQy+iRLpiU8PamOfOSYoAHmmF+fFFmpPpqa6Oci2iWYpTdOUM3VF+TINud7CfbQnsZbA==", "license": "MIT", "dependencies": { "@zeit/schemas": "2.36.0", @@ -987,7 +991,7 @@ "chalk": "5.0.1", "chalk-template": "0.4.0", "clipboardy": "3.0.0", - "compression": "1.7.4", + "compression": "1.8.1", "is-port-reachable": "4.0.0", "serve-handler": "6.1.6", "update-check": "1.5.4" From 909dd626d14d3ed6f41b9957a41a77718fb44d64 Mon Sep 17 00:00:00 2001 From: Machine User Date: Mon, 8 Sep 2025 00:40:21 +0200 Subject: [PATCH 50/58] fix(main): add patch to main.md with tag v281.4.9 --- content/operations/releases/release-2025-11.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-11.md b/content/operations/releases/release-2025-11.md index f6cc9200c..f4b46a718 100644 --- a/content/operations/releases/release-2025-11.md +++ b/content/operations/releases/release-2025-11.md @@ -65,6 +65,7 @@ These are the release notes of the upcoming release (pull requests merged to the - :fire: Integration against the upcoming release (currently `master` branch) is at your own risk ## PRs to Categorize +- [fix(deps): update dependency pino from 9.9.2 to v9.9.4 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8361) - [Support setting migration sequence to 0 with documentApi.createV2](https://github.com/livingdocsIO/livingdocs-server/pull/8356) - [fix(deps): update dependency dedent from 1.6.0 to v1.7.0 (main)](https://github.com/livingdocsIO/livingdocs-editor/pull/10255) - [fix(deps): update dependency posthog-node from 5.8.1 to v5.8.2 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8354) From 08ca2c665197cedec7f38c013a72be125db74088 Mon Sep 17 00:00:00 2001 From: Machine User Date: Mon, 8 Sep 2025 00:40:22 +0200 Subject: [PATCH 51/58] fix(main): update release notes overview for main for livingdocs-server with tag v281.4.9 --- data/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/releases.json b/data/releases.json index 77b3d96f6..ea82a544e 100644 --- a/data/releases.json +++ b/data/releases.json @@ -9,7 +9,7 @@ "legacy": false, "sortId": 52, "editorVersion": "v119.15.2", - "serverVersion": "v281.4.8" + "serverVersion": "v281.4.9" }, "release-2025-09": { "key": "release-2025-09", From 96fb4603c7e136d0559a14e9d6fe7a0dbc47f06b Mon Sep 17 00:00:00 2001 From: Machine User Date: Mon, 8 Sep 2025 00:54:46 +0200 Subject: [PATCH 52/58] fix(main): add patch to main.md with tag v119.15.3 --- content/operations/releases/release-2025-11.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-11.md b/content/operations/releases/release-2025-11.md index f4b46a718..6c66cc01e 100644 --- a/content/operations/releases/release-2025-11.md +++ b/content/operations/releases/release-2025-11.md @@ -65,6 +65,7 @@ These are the release notes of the upcoming release (pull requests merged to the - :fire: Integration against the upcoming release (currently `master` branch) is at your own risk ## PRs to Categorize +- [chore(deps): update dependency eslint from 9.34.0 to v9.35.0 (main)](https://github.com/livingdocsIO/livingdocs-editor/pull/10271) - [fix(deps): update dependency pino from 9.9.2 to v9.9.4 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8361) - [Support setting migration sequence to 0 with documentApi.createV2](https://github.com/livingdocsIO/livingdocs-server/pull/8356) - [fix(deps): update dependency dedent from 1.6.0 to v1.7.0 (main)](https://github.com/livingdocsIO/livingdocs-editor/pull/10255) From 32c1310df672dfe9bce3f81779b251cef821a739 Mon Sep 17 00:00:00 2001 From: Machine User Date: Mon, 8 Sep 2025 00:54:46 +0200 Subject: [PATCH 53/58] fix(main): update release notes overview for main for livingdocs-editor with tag v119.15.3 --- data/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/releases.json b/data/releases.json index ea82a544e..b1b5f656f 100644 --- a/data/releases.json +++ b/data/releases.json @@ -8,7 +8,7 @@ "maintained": false, "legacy": false, "sortId": 52, - "editorVersion": "v119.15.2", + "editorVersion": "v119.15.3", "serverVersion": "v281.4.9" }, "release-2025-09": { From 97c14fcab7ba3ac4897202c2e9a32a3e2aa99a8a Mon Sep 17 00:00:00 2001 From: eileenoo Date: Wed, 3 Sep 2025 15:24:42 +0200 Subject: [PATCH 54/58] fix(release-2025-09): update release notes and adjust template --- .../operations/releases/_release-template.md | 24 +- .../operations/releases/release-2025-09.md | 205 ++++++------------ .../operations/releases/release-2025-11.md | 21 +- 3 files changed, 73 insertions(+), 177 deletions(-) diff --git a/content/operations/releases/_release-template.md b/content/operations/releases/_release-template.md index abbe67ed9..bebe8178c 100644 --- a/content/operations/releases/_release-template.md +++ b/content/operations/releases/_release-template.md @@ -12,7 +12,6 @@ header: maintained: false branchHandle: boilerplate-release - systemRequirements: suggested: - name: Node @@ -62,11 +61,10 @@ These are the release notes of the upcoming release (pull requests merged to the - :information_source: this document is updated automatically by a bot (pr's to categorize section) - :information_source: this document will be roughly updated manually once a week (put PRs + description to the right section) - :fire: We don't guarantee stable APIs. They can still change until the official release -- :fire: Integration against the upcoming release (currently `master` branch) is at your own risk +- :fire: Integration against the upcoming release (currently `main` branch) is at your own risk ## PRs to Categorize - To get an overview about new functionality, read the [Release Notes](TODO). To learn about the necessary actions to update Livingdocs to `boilerplate-release`, read on. @@ -112,26 +110,10 @@ No rollback steps are required for this release. ## Breaking Changes 🔥 -{{< feature-info "Operations" "server" >}} - -### Migrate the Postgres Database :fire: - -It's a simple/fast migration with no expected data losses. - -```sh -# run `livingdocs-server migrate up` to update to the newest database schema -livingdocs-server migrate up -``` - -TODO: check migration - - ## Deprecations ## Features - - ## Vulnerability Patches We are constantly patching module vulnerabilities for the Livingdocs Server and Livingdocs Editor as module fixes are available. Below is a list of all patched vulnerabilities included in the release. @@ -153,7 +135,9 @@ This release we have patched the following vulnerabilities in the Livingdocs Edi We are aware of the following vulnerabilities in the Livingdocs Editor: - [CVE-2023-44270](https://github.com/advisories/GHSA-7fh5-64p2-3v2j) vulnerability in `postcss`, it affects linters using PostCSS to parse external Cascading Style Sheets (CSS). It is not exploitable in the editor as we don't load untrusted external CSS at build time. -- [CVE-2023-26116](https://cwe.mitre.org/data/definitions/1333.html), [CVE-2023-26118](https://cwe.mitre.org/data/definitions/1333.html), [CVE-2023-26117](https://cwe.mitre.org/data/definitions/1333.html), [CVE-2022-25869](https://cwe.mitre.org/data/definitions/79.html), [CVE-2022-25844](https://cwe.mitre.org/data/definitions/770.html) are all AngularJS vulnerabilities that don't have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js. +- [CVE-2022-25844](https://github.com/advisories/GHSA-m2h2-264f-f486), [CVE-2022-25869](https://github.com/advisories/GHSA-prc3-vjfx-vhm9), [CVE-2023-26116](https://github.com/advisories/GHSA-2vrf-hf26-jrp5), [CVE-2023-26117](https://github.com/advisories/GHSA-2qqx-w9hr-q5gx), [CVE-2023-26118](https://github.com/advisories/GHSA-qwqh-hm9m-p5hr), [CVE-2024-8372](https://github.com/advisories/GHSA-m9gf-397r-hwpg), [CVE-2024-8373](https://github.com/advisories/GHSA-mqm9-c95h-x2p6), [CVE-2024-21490](https://github.com/advisories/GHSA-4w4v-5hc9-xrr2), [CVE-2025-0716](https://github.com/advisories/GHSA-j58c-ww9w-pwp5) are all AngularJS vulnerabilities that don't have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js. +- [CVE-2024-6783](https://github.com/advisories/GHSA-g3ch-rx76-35fx) vulnerability in `vue-template-compiler` it allows malicious users to perform XSS via prototype pollution. Editor build is always done in a trusted environment and the vulnerability is not exploitable. +- [CVE-2024-9506](https://github.com/advisories/GHSA-5j4c-8p2g-v4jx) vulnerability in `vue`, an ReDoS vulnerability exploitable through inefficient regex evaluation in parseHTML function. The issue can cause excessive CPU usage but is not exploitable in the editor as we don't load untrusted HTML at runtime. ## Patches diff --git a/content/operations/releases/release-2025-09.md b/content/operations/releases/release-2025-09.md index c39254d38..b49274f68 100644 --- a/content/operations/releases/release-2025-09.md +++ b/content/operations/releases/release-2025-09.md @@ -54,125 +54,16 @@ systemRequirements: version: Edge >= 92, Firefox >= 90, Chrome >= 92, Safari >= 15.4, iOS Safari >= 15.4, Opera >= 78 --- -## Caveat :fire: - -These are the release notes of the upcoming release (pull requests merged to the main branch). +## PRs to Categorize -- :information_source: this document is updated automatically by a bot (pr's to categorize section) -- :information_source: this document will be roughly updated manually once a week (put PRs + description to the right section) -- :fire: We don't guarantee stable APIs. They can still change until the official release -- :fire: Integration against the upcoming release (currently `master` branch) is at your own risk +- -> Marc B. (No Backport) [Fix indexes of documents, support legacy channel and archived content type deletion](https://github.com/livingdocsIO/livingdocs-server/pull/8298) +- -> Marc B. (No Backport) [Add publicApi.minimumApiVersion to server configuration to allow serving only newer api versions](https://github.com/livingdocsIO/livingdocs-server/pull/8290) +- -> Marc B. (No Backport)[ESM example](https://github.com/livingdocsIO/livingdocs-server/pull/8293) +- -> Marc B.(No Backport) [Remove lock routes & controller & other small maintenance](https://github.com/livingdocsIO/livingdocs-server/pull/8187) +- -> Robin (No Backport) [Authenticate /media-library/:id/download editing API endpoint](https://github.com/livingdocsIO/livingdocs-server/pull/7981) +- -> Alex (No Backport) [Set media as `publishedInDocument` when scheduling a publication](https://github.com/livingdocsIO/livingdocs-server/pull/8194) -## PRs to Categorize -- [Bump minor version for release management](https://github.com/livingdocsIO/livingdocs-editor/pull/10242) -- [Bump minor version for release management](https://github.com/livingdocsIO/livingdocs-server/pull/8331) -- [Prepend drone strip_prefix with '/'](https://github.com/livingdocsIO/livingdocs-editor/pull/10240) -- [Patch vulnerabilities [main]](https://github.com/livingdocsIO/livingdocs-editor/pull/10232) -- [fix: target-length allow multiple units to support switching for allowAnyNumber](https://github.com/livingdocsIO/livingdocs-server/pull/8323) -- [Feat: add different media type support](https://github.com/livingdocsIO/livingdocs-editor/pull/10228) -- [Feat: add different media type support](https://github.com/livingdocsIO/livingdocs-server/pull/8316) -- [Handle pods and podcastTranscription with Retresco live analysis](https://github.com/livingdocsIO/livingdocs-editor/pull/10236) -- [Store pods in li-retresco and add li-retresco-podcast-transcription](https://github.com/livingdocsIO/livingdocs-server/pull/8319) -- [feat(rubrics): support archived rubrics](https://github.com/livingdocsIO/livingdocs-server/pull/8325) -- [Archive rubrics](https://github.com/livingdocsIO/livingdocs-editor/pull/10235) -- [Fix indexes of documents, support legacy channel and archived content type deletion](https://github.com/livingdocsIO/livingdocs-server/pull/8298) -- [fix(deps): update dependency @opentelemetry/instrumentation-pg from 0.56.0 to v0.56.1 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8330) -- [Update opentelemetry to v2](https://github.com/livingdocsIO/livingdocs-server/pull/7853) -- [fix(deps): update dependency mocha from 11.7.1 to v11.7.2 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8329) -- [Request more rows on Retresco entities endpoint](https://github.com/livingdocsIO/livingdocs-server/pull/8324) -- [Add publicApi.minimumApiVersion to server configuration to allow serving only newer api versions](https://github.com/livingdocsIO/livingdocs-server/pull/8290) -- [ESM example](https://github.com/livingdocsIO/livingdocs-server/pull/8293) -- [Editor - F.A.Z. Media Library Improvements](https://github.com/livingdocsIO/livingdocs-editor/pull/10226) -- [Server - F.A.Z. Media Library Improvements](https://github.com/livingdocsIO/livingdocs-server/pull/8314) -- [fix(deps): update dependency jose from 6.0.13 to v6.1.0 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8318) -- [fix(deps): update dependency pdfjs-dist from 5.4.54 to v5.4.149 (main)](https://github.com/livingdocsIO/livingdocs-editor/pull/10233) -- [fix(deps): update dependency nodemailer from 7.0.5 to v7.0.6 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8321) -- [fix(deps): update dependency posthog-node from 5.8.0 to v5.8.1 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8317) -- [Show unpublish information in history view](https://github.com/livingdocsIO/livingdocs-editor/pull/10217) -- [Show unpublish information in history view](https://github.com/livingdocsIO/livingdocs-server/pull/8300) -- [News agency notifications](https://github.com/livingdocsIO/livingdocs-editor/pull/10200) -- [News agency notifications](https://github.com/livingdocsIO/livingdocs-server/pull/8297) -- [fix(deps): update dependency @fastify/busboy from 3.1.1 to v3.2.0 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8287) -- [fix(deps): update dependency @google-cloud/storage from 7.16.0 to v7.17.0 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8296) -- [fix(deps): update playwright monorepo from 1.54.2 to v1.55.0 (main) (minor)](https://github.com/livingdocsIO/livingdocs-editor/pull/10219) -- [feat: add media library permissions](https://github.com/livingdocsIO/livingdocs-editor/pull/10211) -- [feat: add media library permissions](https://github.com/livingdocsIO/livingdocs-server/pull/8289) -- [Index news agency report title and lead to make them searchable on news agency screens](https://github.com/livingdocsIO/livingdocs-server/pull/8313) -- [Strip PEIQs newline characters from extracted metadata properties](https://github.com/livingdocsIO/livingdocs-server/pull/8291) -- [fix(deps): update dependency inquirer from 12.9.3 to v12.9.4 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8306) -- [chore(deps): update dependency chai from 5.3.1 to v5.3.3 (main)](https://github.com/livingdocsIO/livingdocs-editor/pull/10221) -- [feat(target-length): also store the currently selected unit](https://github.com/livingdocsIO/livingdocs-server/pull/8247) -- [fix(deps): update dependency jose from 6.0.12 to v6.0.13 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8302) -- [fix(deps): update dependency webpack from 5.101.2 to v5.101.3 (main)](https://github.com/livingdocsIO/livingdocs-editor/pull/10214) -- [fix(deps): update pintura [main]](https://github.com/livingdocsIO/livingdocs-editor/pull/10207) -- [Polish Package Release-2025-09](https://github.com/livingdocsIO/livingdocs-editor/pull/10202) -- [fix(deps): update dependency @fastify/reply-from from 12.3.0 to v12.3.1 (main)](https://github.com/livingdocsIO/livingdocs-editor/pull/10208) -- [fix(deps): update dependency inquirer from 12.9.2 to v12.9.3 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8286) -- [Add multiple states to media library entries in `populateMissingStates` function](https://github.com/livingdocsIO/livingdocs-server/pull/8274) -- [fix(deps): update webpack (main) (minor)](https://github.com/livingdocsIO/livingdocs-editor/pull/10174) -- [fix(deps): update babel from 7.28.0 to v7.28.3 (main) (patch)](https://github.com/livingdocsIO/livingdocs-editor/pull/10205) -- [Render rubrics tree collapsed initially](https://github.com/livingdocsIO/livingdocs-editor/pull/10201) -- [fix(deps): update dependency inquirer from 12.9.1 to v12.9.2 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8273) -- [fix(deps): update dependency copy-webpack-plugin from 13.0.0 to v13.0.1 (main)](https://github.com/livingdocsIO/livingdocs-editor/pull/10199) -- [fix(deps): update dependency mini-css-extract-plugin from 2.9.3 to v2.9.4 (main)](https://github.com/livingdocsIO/livingdocs-editor/pull/10198) -- [chore(deps): update dependency eslint from 9.32.0 to v9.33.0 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8264) -- [Reinstantiate and deprecate unpublishing documents with publicationApi.\_scheduledPublish](https://github.com/livingdocsIO/livingdocs-server/pull/8254) -- [Force index use when getting assets by key to improve serve-image endpoint performance](https://github.com/livingdocsIO/livingdocs-server/pull/8253) -- [fix(deps): update aws-sdk from 3.850.0 to v3.859.0 (main) (minor)](https://github.com/livingdocsIO/livingdocs-server/pull/8234) -- [fix(deps): update dependency mini-css-extract-plugin from 2.9.2 to v2.9.3 (main)](https://github.com/livingdocsIO/livingdocs-editor/pull/10191) -- [Render strings of v-tooltip as text to prevent script injection](https://github.com/livingdocsIO/livingdocs-editor/pull/10185) -- [fix(deps): update playwright monorepo from 1.54.1 to v1.54.2 (main) (patch)](https://github.com/livingdocsIO/livingdocs-editor/pull/10184) -- [Index media library entry after document publish state change](https://github.com/livingdocsIO/livingdocs-server/pull/7763) -- [Clear session cache on user device revoke](https://github.com/livingdocsIO/livingdocs-server/pull/8237) -- [Fix unsetting system metadata plugins](https://github.com/livingdocsIO/livingdocs-editor/pull/10151) -- [Remove lock routes & controller & other small maintenance](https://github.com/livingdocsIO/livingdocs-server/pull/8187) -- [fix(deps): update dependency webpack-assets-manifest from 6.2.1 to v6.2.2 (main)](https://github.com/livingdocsIO/livingdocs-editor/pull/10173) -- [fix(deps): update dependency axios from 1.10.0 to v1.11.0 (main)](https://github.com/livingdocsIO/livingdocs-editor/pull/10155) -- [Prevent error loading display filters in some older browsers](https://github.com/livingdocsIO/livingdocs-editor/pull/10171) -- [Compute `publishedInDocument` in populate-reference-ids script](https://github.com/livingdocsIO/livingdocs-server/pull/8224) -- [Ensure that display filter popups are visible in dialogs when there is a dashboard in the background](https://github.com/livingdocsIO/livingdocs-editor/pull/10060) -- [Disable scrolling when session expires and login overlay appears](https://github.com/livingdocsIO/livingdocs-editor/pull/10156) -- [Do not close open dialogs when attempting to close an already closed one](https://github.com/livingdocsIO/livingdocs-editor/pull/10154) -- [Fix return value of li-system-enum's validateOnUpdate](https://github.com/livingdocsIO/livingdocs-server/pull/8219) -- [fix(deps): update dependency webpack-assets-manifest from 5.2.1 to v6 (main)](https://github.com/livingdocsIO/livingdocs-editor/pull/9766) -- [Fix clearing input in li-system-text metadata property with data provider](https://github.com/livingdocsIO/livingdocs-editor/pull/10142) -- [Show embed settings of focused component](https://github.com/livingdocsIO/livingdocs-editor/pull/10141) -- [Patch vulnerabilities [main]](https://github.com/livingdocsIO/livingdocs-server/pull/8209) -- [Patch vulnerabilities [main]](https://github.com/livingdocsIO/livingdocs-editor/pull/10143) -- [fix(deps): update dependency form-data from 4.0.3 to v4.0.4 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8208) -- [Authenticate /media-library/:id/download editing API endpoint](https://github.com/livingdocsIO/livingdocs-server/pull/7981) -- [Hide lightbox trigger for videos](https://github.com/livingdocsIO/livingdocs-editor/pull/10136) -- [Fix downloading images with Cloudinary image service if use2025Behavior is not enabled](https://github.com/livingdocsIO/livingdocs-server/pull/8199) -- [Fix Dataloader maxBatchSize](https://github.com/livingdocsIO/livingdocs-editor/pull/10137) -- [Move populate-reference-ids script to CLI one-time tasks](https://github.com/livingdocsIO/livingdocs-server/pull/8193) -- [Check Postgres references when deleting media](https://github.com/livingdocsIO/livingdocs-server/pull/8195) -- [chore(deps): update dependency puppeteer-core from 24.12.1 to v24.13.0 (main)](https://github.com/livingdocsIO/livingdocs-editor/pull/10134) -- [Rename news agency category labels](https://github.com/livingdocsIO/livingdocs-server/pull/8176) -- [Rename news agency category labels](https://github.com/livingdocsIO/livingdocs-editor/pull/10112) -- [fix(deps): update dependency open from 10.1.2 to v10.2.0 (main)](https://github.com/livingdocsIO/livingdocs-editor/pull/10131) -- [fix(deps): update aws-sdk (main) (minor)](https://github.com/livingdocsIO/livingdocs-server/pull/8178) -- [Set media as `publishedInDocument` when scheduling a publication](https://github.com/livingdocsIO/livingdocs-server/pull/8194) -- [Only enable deletion routines with `use2025Behavior`](https://github.com/livingdocsIO/livingdocs-server/pull/8188) -- [fix(deps): update playwright monorepo from 1.53.2 to v1.54.1 (main) (minor)](https://github.com/livingdocsIO/livingdocs-editor/pull/10121) -- [fix: show li-system-target-length on table dashboards](https://github.com/livingdocsIO/livingdocs-editor/pull/10125) -- [chore(deps): update dependency eslint from 9.30.1 to v9.31.0 (main)](https://github.com/livingdocsIO/livingdocs-editor/pull/10127) -- [fix(deps): update dependency sharp from 0.34.2 to v0.34.3 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8181) -- [fix(deps): update dependency @livingdocs/framework from 32.9.2 to v32.9.3 (main)](https://github.com/livingdocsIO/livingdocs-editor/pull/10120) -- [chore(deps): update dependency @google-cloud/vision from 5.2.0 to v5.3.0 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8183) -- [Disable newlines in li-unique-id](https://github.com/livingdocsIO/livingdocs-editor/pull/10114) -- [fix(deps): update dependency @livingdocs/framework from 32.8.8 to v32.9.2 (main)](https://github.com/livingdocsIO/livingdocs-editor/pull/10105) -- [chore(deps): update dependency chai from 5.2.0 to v5.2.1 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8177) -- [Rename index-reference-ids migration to avoid number conflict](https://github.com/livingdocsIO/livingdocs-server/pull/8171) -- [fix(deps): update dependency @livingdocs/framework from 32.8.8 to v32.9.2 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8151) -- [Fix kordiam global es query](https://github.com/livingdocsIO/livingdocs-server/pull/8164) -- [Support cmd+click on back button to open in new window](https://github.com/livingdocsIO/livingdocs-editor/pull/10110) -- [Li-Tree improvements for Rubrics](https://github.com/livingdocsIO/livingdocs-editor/pull/10106) -- [Fix deletion routine reference extraction](https://github.com/livingdocsIO/livingdocs-server/pull/8155) -- [Prevent configuring news agency report content type multiple times](https://github.com/livingdocsIO/livingdocs-server/pull/8159) -- [fix(deps): update dependency @elastic/elasticsearch from 9.0.2 to v9.0.3 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8154) -- [fix(deps): update aws-sdk from 3.837.0 to v3.840.0 (main) (minor)](https://github.com/livingdocsIO/livingdocs-server/pull/8139) - -To get an overview about new functionality, read the [Release Notes](TODO). +To get an overview about new functionality, read the [Release Notes](https://livingdocs.io/en/release-september-2025). To learn about the necessary actions to update Livingdocs to `release-2025-09`, read on. **Attention:** If you skipped one or more releases, please also check the release-notes of the skipped ones. @@ -197,6 +88,8 @@ To learn about the necessary actions to update Livingdocs to `release-2025-09`, ## Deployment +TODO: Check Migrations + ### Before the deployment No pre-deployment steps are required before rolling out this release. @@ -205,18 +98,45 @@ No pre-deployment steps are required before rolling out this release. #### Migrate the Postgres Database -No migrations are required for this release. +When you upgrade to this new release, please make sure to migrate your database first. +At livingdocs we're running those two commands directly in an initContainer on kubernetes. + +```sh +# 213-add-media-library-permissions.js +# TODO: explanation +# 214-remove-unused-tables-and-improve-document-deletion.js +# TODO: explanation +# 215-update-document-publications-columns.js +# TODO: explanation + +# run `livingdocs-server migrate up` to update to the newest database schema +livingdocs-server migrate up +``` ### After the deployment -No post-deployment steps are required after rolling out this release. +No post-deployment steps are required after rolling out this release. // TODO ### Rollback -No rollback steps are required for this release. +If you encounter any issues after the deployment, you can rollback to the previous release. If you have already run the migrations and they have completed, you can rollback to the previous release by running the commands below. The processes will continue to run even if those down migrations are not executed, but to ensure consistency, please run those after doing a rollback. + +```sh +livingdocs-server migrate down 213-add-media-library-permissions.js +livingdocs-server migrate down 214-remove-unused-tables-and-improve-document-deletion.js +livingdocs-server migrate down 215-update-document-publications-columns.js +``` ## Breaking Changes 🔥 +### Renditions + +Renditions have been deprecated in Public API versions older than `2025-09`. In API version `2025-09` support for the following APIs has been dropped: + +- `/api/2025-09/documents/:documentId/latestPublication/renditions/:renditionHandles` +- Query parameter `?renditions` in `/api/2025-09/documents/:documentId/latestDraft` +- Query parameter `?renditions` in `/api/2025-09/documents/:documentId/latestPublication` + ### Renaming of Table Dashboard Cells Since the following dashboard cells are now exclusive to the News Agency module, we have renamed them accordingly. They were first introduced in `release-2025-07` to support the needs of the News Agency module. @@ -227,20 +147,12 @@ Since the following dashboard cells are now exclusive to the News Agency module, If you are using any of these dashboard cells, please update their names accordingly. -{{< feature-info "Operations" "server" >}} - -### Migrate the Postgres Database :fire: - -It's a simple/fast migration with no expected data losses. - -```sh -# run `livingdocs-server migrate up` to update to the newest database schema -livingdocs-server migrate up -``` +## Deprecations -TODO: check migration +### Open Telemetry -## Deprecations +- Property `jaegerExporter` has been deprecated. Please use properties `serviceName` and `tracing.exporter`. +- Properties `metrics.enableCollectorMetricExporter` and `collectorMetricExporter` have been deprecated. Please use property `metrics.exporter`. ## Features @@ -327,6 +239,22 @@ The browser notification itself contains only the title of the incoming news age Note: if system notifications are disabled, or when sharing your screen in a video call, browser notifications may not be displayed at all. +### Media Center: Improved Image Overview & Display of Metadata + +### Media Center: Access Control per Media Type + +### Media Center: Support Several Image Media Types + +### Target Length + +### History View: Add unpublish Info + +### Support Archived Rubrics + +### Restreco Plugin Extension + +TODO: Include “pods” but not “transcription” + ## Vulnerability Patches We are constantly patching module vulnerabilities for the Livingdocs Server and Livingdocs Editor as module fixes are available. Below is a list of all patched vulnerabilities included in the release. @@ -335,13 +263,12 @@ We are constantly patching module vulnerabilities for the Livingdocs Server and This release we have patched the following vulnerabilities in the Livingdocs Server: -- [GHSA-xffm-g5w8-qvg7](https://github.com/advisories/GHSA-xffm-g5w8-qvg7) patched in `@eslint/plugin-kit` v0.3.5 -- [CVE-2025-7783](https://github.com/advisories/GHSA-fjxv-7rqg-78g4) patched in `form-data` v2.5.5 -- [CVE-2025-7339](https://github.com/advisories/GHSA-76c9-3jph-rj3q) patched in `on-headers` v1.1.0 -- [CVE-2025-54798](https://github.com/advisories/GHSA-52f5-9888-hmc6) patched by no longer depending on `tmp` -- [CVE-2025-2336](https://github.com/advisories/GHSA-4p4w-6hg8-63wx) patched by replacing `angular-sanitize` with `sanitize-html` +- [GHSA-xffm-g5w8-qvg7](https://github.com/advisories/GHSA-xffm-g5w8-qvg7) in `@eslint/plugin-kit` +- [CVE-2025-7783](https://github.com/advisories/GHSA-fjxv-7rqg-78g4) in `form-data` +- [CVE-2025-7339](https://github.com/advisories/GHSA-76c9-3jph-rj3q) in `on-headers` +- [CVE-2025-54798](https://github.com/advisories/GHSA-52f5-9888-hmc6) in `tmp` -No known vulnerabilities. :tada: + No known vulnerabilities. :tada: ### Livingdocs Editor @@ -363,6 +290,7 @@ We are aware of the following vulnerabilities in the Livingdocs Editor: Here is a list of all patches after the release has been announced. ### Livingdocs Server Patches + - [v281.3.7](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v281.3.7): fix: Support setting migration sequence to 0 with documentApi.create - [v281.3.6](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v281.3.6): fix(google-vision): Enrich images on upload - [v281.3.5](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v281.3.5): fix(rubrics): allow `li-rubric-assignment` in creation flows @@ -371,6 +299,7 @@ Here is a list of all patches after the release has been announced. - [v281.3.2](https://github.com/livingdocsIO/livingdocs-server/releases/tag/v281.3.2): fix(release-2025-09): Update framework to v32.9.4 (release-2025-09 tag) ### Livingdocs Editor Patches + - [v119.14.5](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v119.14.5): fix: Remove angular-sanitize - [v119.14.4](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v119.14.4): fix(comments): Improve comment to component alignment on load - [v119.14.3](https://github.com/livingdocsIO/livingdocs-editor/releases/tag/v119.14.3): fix(release-2025-09): Update framework to v32.9.4 (release-2025-09 tag) diff --git a/content/operations/releases/release-2025-11.md b/content/operations/releases/release-2025-11.md index 6c66cc01e..d0293aff0 100644 --- a/content/operations/releases/release-2025-11.md +++ b/content/operations/releases/release-2025-11.md @@ -12,7 +12,6 @@ header: maintained: false branchHandle: release-2025-11 - systemRequirements: suggested: - name: Node @@ -65,6 +64,7 @@ These are the release notes of the upcoming release (pull requests merged to the - :fire: Integration against the upcoming release (currently `master` branch) is at your own risk ## PRs to Categorize + - [chore(deps): update dependency eslint from 9.34.0 to v9.35.0 (main)](https://github.com/livingdocsIO/livingdocs-editor/pull/10271) - [fix(deps): update dependency pino from 9.9.2 to v9.9.4 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8361) - [Support setting migration sequence to 0 with documentApi.createV2](https://github.com/livingdocsIO/livingdocs-server/pull/8356) @@ -76,8 +76,7 @@ These are the release notes of the upcoming release (pull requests merged to the - [Allow `li-rubric-assignment` in creation flows](https://github.com/livingdocsIO/livingdocs-server/pull/8348) - [Exclude scheduled publication events from revisions list](https://github.com/livingdocsIO/livingdocs-server/pull/8336) - [fix(deps): update dependency pino from 9.9.0 to v9.9.1 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8343) -- [Rename 213-* db migrations](https://github.com/livingdocsIO/livingdocs-server/pull/8339) - +- [Rename 213-\* db migrations](https://github.com/livingdocsIO/livingdocs-server/pull/8339) To get an overview about new functionality, read the [Release Notes](TODO). To learn about the necessary actions to update Livingdocs to `release-2025-11`, read on. @@ -124,26 +123,10 @@ No rollback steps are required for this release. ## Breaking Changes 🔥 -{{< feature-info "Operations" "server" >}} - -### Migrate the Postgres Database :fire: - -It's a simple/fast migration with no expected data losses. - -```sh -# run `livingdocs-server migrate up` to update to the newest database schema -livingdocs-server migrate up -``` - -TODO: check migration - - ## Deprecations ## Features - - ## Vulnerability Patches We are constantly patching module vulnerabilities for the Livingdocs Server and Livingdocs Editor as module fixes are available. Below is a list of all patched vulnerabilities included in the release. From cfe81324abe58a48c3b276e8c9343a40e729ac9a Mon Sep 17 00:00:00 2001 From: eileenoo Date: Mon, 8 Sep 2025 13:39:12 +0200 Subject: [PATCH 55/58] fix(release-2025-09): add comment to rollback steps --- content/operations/releases/release-2025-09.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-09.md b/content/operations/releases/release-2025-09.md index b49274f68..fe4216263 100644 --- a/content/operations/releases/release-2025-09.md +++ b/content/operations/releases/release-2025-09.md @@ -122,6 +122,7 @@ No post-deployment steps are required after rolling out this release. // TODO If you encounter any issues after the deployment, you can rollback to the previous release. If you have already run the migrations and they have completed, you can rollback to the previous release by running the commands below. The processes will continue to run even if those down migrations are not executed, but to ensure consistency, please run those after doing a rollback. ```sh +# File names can also be ommited livingdocs-server migrate down 213-add-media-library-permissions.js livingdocs-server migrate down 214-remove-unused-tables-and-improve-document-deletion.js livingdocs-server migrate down 215-update-document-publications-columns.js From 226798e554a5d7586f7984ac9a8f52da68709b1f Mon Sep 17 00:00:00 2001 From: eileenoo Date: Mon, 8 Sep 2025 14:06:36 +0200 Subject: [PATCH 56/58] chore(release-2025-09): remove PRs to categorize --- content/operations/releases/release-2025-09.md | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/content/operations/releases/release-2025-09.md b/content/operations/releases/release-2025-09.md index fe4216263..2c3b01cf5 100644 --- a/content/operations/releases/release-2025-09.md +++ b/content/operations/releases/release-2025-09.md @@ -54,15 +54,6 @@ systemRequirements: version: Edge >= 92, Firefox >= 90, Chrome >= 92, Safari >= 15.4, iOS Safari >= 15.4, Opera >= 78 --- -## PRs to Categorize - -- -> Marc B. (No Backport) [Fix indexes of documents, support legacy channel and archived content type deletion](https://github.com/livingdocsIO/livingdocs-server/pull/8298) -- -> Marc B. (No Backport) [Add publicApi.minimumApiVersion to server configuration to allow serving only newer api versions](https://github.com/livingdocsIO/livingdocs-server/pull/8290) -- -> Marc B. (No Backport)[ESM example](https://github.com/livingdocsIO/livingdocs-server/pull/8293) -- -> Marc B.(No Backport) [Remove lock routes & controller & other small maintenance](https://github.com/livingdocsIO/livingdocs-server/pull/8187) -- -> Robin (No Backport) [Authenticate /media-library/:id/download editing API endpoint](https://github.com/livingdocsIO/livingdocs-server/pull/7981) -- -> Alex (No Backport) [Set media as `publishedInDocument` when scheduling a publication](https://github.com/livingdocsIO/livingdocs-server/pull/8194) - To get an overview about new functionality, read the [Release Notes](https://livingdocs.io/en/release-september-2025). To learn about the necessary actions to update Livingdocs to `release-2025-09`, read on. @@ -115,7 +106,7 @@ livingdocs-server migrate up ### After the deployment -No post-deployment steps are required after rolling out this release. // TODO +TODO: Add livingdocs-server release-2025-09-delete-old-channels helper to delete secondary channels and documents. Documents of secondary channels have not been accessible anymore, so a deletion won't affect other systems. ### Rollback From de856ba944c4db5e9a6d4b63325dd0f8774fb5dc Mon Sep 17 00:00:00 2001 From: Machine User Date: Tue, 9 Sep 2025 01:11:50 +0200 Subject: [PATCH 57/58] fix(main): add patch to main.md with tag v281.4.10 --- content/operations/releases/release-2025-11.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/operations/releases/release-2025-11.md b/content/operations/releases/release-2025-11.md index d0293aff0..282f634c5 100644 --- a/content/operations/releases/release-2025-11.md +++ b/content/operations/releases/release-2025-11.md @@ -64,6 +64,7 @@ These are the release notes of the upcoming release (pull requests merged to the - :fire: Integration against the upcoming release (currently `master` branch) is at your own risk ## PRs to Categorize +- [chore(deps): update dependency eslint-plugin-jsdoc from 54.5.0 to v54.7.0 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8367) - [chore(deps): update dependency eslint from 9.34.0 to v9.35.0 (main)](https://github.com/livingdocsIO/livingdocs-editor/pull/10271) - [fix(deps): update dependency pino from 9.9.2 to v9.9.4 (main)](https://github.com/livingdocsIO/livingdocs-server/pull/8361) From 62f48acd11ccbd707299617ac046207e08cbfe64 Mon Sep 17 00:00:00 2001 From: Machine User Date: Tue, 9 Sep 2025 01:11:51 +0200 Subject: [PATCH 58/58] fix(main): update release notes overview for main for livingdocs-server with tag v281.4.10 --- data/releases.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/releases.json b/data/releases.json index b1b5f656f..5f36dd11a 100644 --- a/data/releases.json +++ b/data/releases.json @@ -9,7 +9,7 @@ "legacy": false, "sortId": 52, "editorVersion": "v119.15.3", - "serverVersion": "v281.4.9" + "serverVersion": "v281.4.10" }, "release-2025-09": { "key": "release-2025-09",