If you are reading this, this is going to be our last patch release announcement. Our blog will only be used now for minor and major release announcements. :)
Etherpad 1.8.8 has been released.
Important things to note:
- Includes security patches.
- Various test/code quality improvements.
- Various reliability improvements.
- Various performance improvements.
Huge thanks to @rhansen for the majority of work in this release and to @nulli @Translatewiki @Hossein M for some awesome contributions. Special thanks to @redhog / Egil who’s code has survived untouched for over 9 years and has had it’s first update this week.
In 45 days Etherpad will be 10 years old and we’re just getting started.
Etherpad 1.8.7 is a recommended update for these reasons:
- Various security patches.
- Various stability patches.
- Various performance improvements.
This release contains roughly 360 commits of mostly tidy up/fixes. We have very few bells and whistle features to announce this time around and for this reason we’re considering this as a patch release. Don’t be under the impression this is a small release with a small amount of effort, our team of elves have worked tirelessly to get this release out and we’re excited for the possibilities having a more stable code-base gives us to create new features to power Santa’s sleigh on his way to your chimney.
1.8.7 is the Etherpad you love, with greater security and reliability than any other release.
For more information see the change log.
Thanks for the love!
Not familiar with Etherpad? Etherpad is an online editor that focuses on putting people first and making the collaboration experience as much fun as possible.
1.8.6 includes an important security update so we recommend updating ASAP.
With 1.8.6 Etherpad now provides a method to copy pads that uses roughly 10% of the computational resources to copy a pad without any previous history. See: copyPadWithoutHistory
A postgres bug existed in 1.8.5 so if you are a postgres user we recommend updating to 1.8.6.
Various other changes are available in the small changelog. As always our focus is on ease of implementation, scale, stability and consistency throughout the editor. Sorry if you hope to get new bells and whistles with this release, things should be stable with 1.8.6 which means we can shift our focus to 1.9 which is scheduled to be our final release during 2020 and will have some major new changes we are pretty excited to announce.
Thanks for supporting Etherpad and being involved with the project <3
You probably know what Github sponsors is, if not, it’s a way you can support projects like Etherpad by donating a monthly amount. I don’t think waxing lyrical about the benefits of supporting Etherpad is useful but I think it’s worth mentioning we’re under Software Freedom Conservancy (501c3) and all funds raised go back into the project and we try to donate to dependency projects whenever we can.
In 1.8.3 Etherpad introduced a new feature called the “Theme variant generator”. To access it append #skinvariantsbuilder to your Pad URL IE http://video.etherpad.com/p/examplethemeshiznee#skinvariantsbuilder
Once you have it styled how you like then copy the Result to settings.json and restart Etherpad. After restart this style will be applied to pads and you don’t need to include the #skinvariantsbuilder.
This release is huge, probably our biggest in 5 years. If you used to use Etherpad back in the day but it’s fallen off your radar then this might be the release that brings you back. If not, that’s cool, thanks for the love anyway :)
This release includes 5 Critical Security Vulnerability resolutions which in itself is enough of a reason to update.
1.8.3 also includes our new modern interface by default. We’re really chuffed with it!
The usual bug-fixes and optimizations are in but this release can basically be summarized as “Modern at the front, secure(r) at the back”. Unlike yo momma…
Anyway, enough waffle.
Etherpad is a humble project and we’re really appreciative that you either use it or contribute. Thanks!
It’s time for us to give back. This time we’re supporting the global efforts to stop the Corona Pandemic by giving people a real-time editing and video conferencing tool that’s completely free to use with no sign in.
❤️ to 26LLC for covering our hosting costs & ❤️ to the WebRTC guys for making WebRTC work.
❤️ to everyone, we hope Corona passes and normal service is resumed. Stay awesome!
This is a guest post from our contributor Ray Bellis, from Internet Systems Consortium, Inc.
Ray took care of migrating Etherpad code to async/await. His work landed on #3540, and will be part of next Etherpad release (1.8).
A lot of its code is quite old and written using coding paradigms that have since been replaced with much better alternatives. This resulted in a significant “technical debt” and a code base that is difficult to maintain and enhance.
At ISC we use Etherpad extensively. We wanted to add some functionality but found the code base very difficult to work with, and in particular the program’s flow of execution was difficult to analyse. I determined that the code could probably benefit from rewriting parts of it to take advantage of new language features.
With ISC’s support, I therefore recently spent a few weeks working on a significant refactoring of the Etherpad code, with that work described here.
TLDR; Site admins should Update ASAP to 1.6.4 due to several security enhancements.
Today we released Etherpad 1.6.4.
This release fixes several security vulnerabilities in recent versions:
- One is an arbitrary code execution vulnerability in version 1.6.3.
- Another is an arbitrary code execution vulnerability which is present in all versions from 1.5.0 on, but only exploitable on sites that store pads in DirtyDB, CouchDB, MongoDB, or RethinkDB.
- A third allows attackers to export any pad without knowing its name (as normally required) in all versions from 1.5.0 on.
The Etherpad Leadership Team recommends that administrators upgrade to 1.6.4 as soon as possible to mitigate these issues.
“Etherpad is key to a number of organization that promote collaboration, freedom and transparency and as such we are proud to provide infrastructure for these values,”
said John McLear, Etherpad’s chief maintainer.
“In a world that is becoming more fragmented, we’re very keen to promote global collaboration and are dedicated to improving the security of Etherpad.”
Etherpad is a highly customizable free software editor for collaborative editing online. Used to support collaboration across many important initiatives across the Internet, Etherpad is critical web infrastructure. Etherpad is widely used by individuals and groups who want to collaborate effectively using decentralized trusted free software.
The Etherpad foundation would like to thank Synacktiv for responsibly disclosing these vulnerabilities.