Releasing Etherpad 1.3

Ouch. As you have probably noticed, the last release had a painful bug in it — we had accidentally switched two lines, which lead to really bad performance on production instances.

Of course we fixed this in the new release, which should now really solve most of your problems. Thus, it is called (and I am proud to announce that starting with this version we’ll be following the spec for semantic versioning): Etherpad 1.3

  • NEW: We now follow the semantic versioning scheme!
  • NEW: Option to disable IP logging
  • NEW: Localisation updates from
  • Fix: Fix readOnly group pads
  • Fix: don’t fetch padList on every request


Don’t hesitate, git pull today! And as always: spread the word, share the love!

1+2 =12 — release of v1.2.12

Hello dear etherfolks,

turns out we haven’t kept our promise: Contrary to previous statements this is not v1.3, as you may have noticed. Development velocity has seen a slight drop in the past moths, as people have been busy with other stuff.

Still you shouldn’t be sad, because waiting to be pulled as part of v1.2.12 are a bunch of brightly-shining fixes (including a rock-solid security patch for an intimidating security hole!) plus a few new fluffy features. This release should make your life a whole lot easier:

* NEW: Add explanations for more disconnect scenarios
* NEW: export sessioninfos so plugins can access it
* NEW: pass pad in postAceInit hook
* NEW: Add trustProxy setting (use X-forwarded-for as remoteAddress)
* NEW: userLeave hook
* NEW: Plural macro for translations
* NEW: backlinks to main page in Admin pages
* NEW: New translations from
* SECURITY FIX: Filter author data sent to clients
* FIX: Never keep processing a changeset if it’s corrupted
* FIX: Some client-side performance fixes for webkit browsers
* FIX: Only execute listAllPads query on demand (not on start-up)
* FIX: various issues with HTML import
* FIX: check if uploaded file only contains ascii chars when abiword disabled
* FIX: Plugin search in /admin/plugins
* FIX: Don’t create new pad if a non-existant read-only pad is accessed
* FIX: Drop messages from unknown connections
* FIX: API: fix createGroupFor endpoint, if mapped group is deleted
* FIX: Import form for other locales
* FIX: Don’t stop processing changeset queue if there is an error
* FIX: Caret movement. Chrome detects blank rows line heights as incorrect
* FIX: allow colons in password
* FIX: Polish logging of client-side errors on the server
* FIX: Username url param
* FIX: Make start script POSIX compatible

As always, if you like etherpad why not pitch in and help push etherpad to the next level! We have ambitious plans!

Git pull today, and happy collaborating!

Important security update

TLDR; PadId was being broadcast to Read Only Clients.

Vileda discovered an issue where in certain conditions the pad ID of a user was being broadcast to users on a Rad Only Pad.

We fixed the issue within minutes of hearing about it (24 minutes to be precise).

You will need to checkout develop to get this security patch, we will be doing a major release soon-ish.

We will release specific details in a few weeks once everyone has patched up.

git checkout develop
git pull
/etc/init.d/etherpad-lite restart

Should be all you need for now.