Skip to content

1.8.16

Compare
Choose a tag to compare
@rhansen rhansen released this 29 Nov 05:01
· 1380 commits to develop since this release
1.8.16

Security fixes

This release includes fixes for GHSA-w3g3-qf3g-2mqc (CVE-2021-43802).

If you cannot upgrade to v1.8.16 for some reason, you are encouraged to try cherry-picking the fixes to the version you are running:

git cherry-pick b7065eb9a0ec..77bcb507b30e
  • Maliciously crafted .etherpad files can no longer overwrite arbitrary non-pad database records when imported.
  • Imported .etherpad files are now subject to numerous consistency checks before any records are written to the database. This should help avoid denial-of-service attacks via imports of malformed .etherpad files.

Notable enhancements and fixes

  • Fixed several .etherpad import bugs.
  • Improved support for large .etherpad imports.