Etherpad 1.5.3 is with us.. This release is a security release. The security issue is a big one so please do update…

Security

Don’t allow read files on directory traversal (CVE due very shortly)

Accessibility

Accessibility support for Screen readers, includes new fonts and keyboard shortcuts

API

API endpoint for Append Chat Message and Chat backend tests
Error messages displayed on load are included in Default Pad Text (can be suppressed)

Methods and functions

Content Collector can handle key values
getAttributesOnPosition Method returns applied attributes on a position

Bugfixes

Firefox keeps attributes (bold etc) on cut/copy -> paste
URL Parameter showControls=false now works
Cut and Paste works again…

Grab the latest Etherpad now

Today we’re proud to announce that Etherpad is now accessibility enabled.

TLDR;

Quick links

Special thanks to

Our sponsor: TBA
pvagner for all his input and testing..
W3 for their work on ARIA

Some quick win shortcuts you should know about

Alt F9 brings up the context menu, Alt F9 and Escape returns focus back to the pad.
Alt C brings up chat
Arrow keys navigate most things

I spotted something that’s wrong or I think it can be made better, how can I tell you?

Either create an issue on github and/or use our idea informer which doesn’t require any sign up or registration to post :)

When will see accessibility land in a major release?

We’re hours away from starting our 2015 hackathon which should bare the fruits of a major release so hopefully a major release will land within 48 hours of this blog post however if you are itching to get your mitts on Accessibility features simply checkout the Etherpad develop branch.

Nginx by Default with Etherpad will display the Nginx Server name value and not forward the Etherpad Server name value. This is a problem as it means your Etherpad version is not available in the Headers which makes debug more difficult among other things.

To solve this add the below your Nginx config and you are done :)

proxy_pass_header Server;

Check by restarting Etherpad and checking your headers.

Here’s some plugins you can use to enable Etherpad to be useful for academic writing. All founds on the Etherpad plugin page with minimal effort.

Rights Mgmt: Etherpad Admin Pads
Privacy: Take your pick from the plugin page.
Footnotes: Use ep_foot_note plugin
Tables: Use the Etherpad Tables plugin
Images: Use the Etherpad images plugin
Formulas: Use the Etherpad Mathjax plugin
Comments: Use the Etherpad Comments plugin
References: Use the Etherpad Reference plugin
Import/Export: Extend import/export support with various options from The plugin page
Offline Support: Use the Offline Edit plugin
Usability: Extend usability with various options from the plugin page

Periodically we sweep through sites that run Etherpad and check for any instances that are out of date.. This time we were alarmed by the number of out of date instances that contain security issues..

Please update your instances.. This is the list of URLS of out of date instances that contain security issues.

· https://piratepad.ca

· https://factor.cc/pad/

· https://pad.systemli.org/ (pads removed after 30 days of inactivity)

· https://pad.fnordig.de/

· https://pad.lqdn.fr/

· https://tihlde.org/etherpad/

· https://etherpad.wikimedia.org

· https://bitpad.co.nz/ (Tor hidden service, pads removed after 30 days of inactivity)

· https://etherpad.mozilla.org/

· https://text.allmende.io/

· http://notas.dados.gov.br

· http://board.net (Demo and FAQ: http://board.net/p/community)

· http://notes.occupy.net/

· http://piratepad.be

· http://pad.openerp.com

· http://pad.planka.nu/

· http://pad.tn/

· http://etherpad.brownbag.me/

· http://lite.framapad.org

· http://pad.hdc.pw/ (Email-Notification,SSL coming next, running in Austria)

· http://pad.op99.org

Interact with Pad contents in real time from within Node and from your CLI.

The CLI can be used to catch edit events from Etherpad. Changes are sent as Changesets so there is no performance drop or additional bandwidth required. We use the fastest possible method to reflected changes of a pad.

The CLI Client can also be used to append content to a pad.

5 seconds getting started…


sudo npm install -g etherpad-cli-client
etherpad https://beta.etherpad.org/p/clitest


See what else the Etherpad CLI Client can do!

The CLI Client was developed as part of our new load testing tool that we hope to release within the coming weeks. Development was funded by UCI & Primary Technology Ltd.

What’s new TLDR;

Mostly bugfixes, one security/privacy fix. One UI feature (Chat and Users always on screen)

NEW: High resolution Icon
NEW: Use HTTPS for plugins.json download
NEW: Add ‘last update’ column
NEW: Show users and chat at the same time (try it)
NEW: Support io.js
Fix: removeAttributeOnLine now works properly
Fix: Plugin search and list
Fix: Issue where unauthed request could cause error
Fix: Privacy issue with .etherpad export
Fix: Freeze deps to improve bisectability
Fix: IE, everything. IE is so broken.
Fix: Timeslider proxy
Fix: All backend tests pass
Fix: Timeslider stars
Fix: Translation update
Fix: Check filesystem if Abiword exists
Fix: Docs formatting
Fix: Move Save Revision notification to a gritter message
Fix: UeberDB MySQL Timeout issue
Fix: Indented +9 list items
Fix: Don’t paste on middle click of
SECURITY Fix: Issue where a malformed URL could cause EP to disclose installation location

Usually on releases the first thing we do is tell you what’s new and why you should upgrade. If you are looking for this, scroll down.

This release is different. What makes Etherpad such a great project is the number of contributors that can maintain the software. This means that should one maintainer be unable to maintain Etherpad others can step in. So the first thing we want to do on this release is hat tip the contributors between 1.4.1 and 1.5. Now you know who to hire for your next Etherpad project!

Etherpad is mostly a British-German alliance. The majority of our funding comes through US organizations and Primary Technology. We’d like to see more funding arrive through donations and sponsorship. These donations have less strings attached so will keep us more independent and neutral. If you can help, please visit the donation section on Etherpad.org

@webzwo0i, @marcelklehr, @Gared, @simong, @BjarniRunar, @luto, @l-y-n-x, @beaugunderson, @cristo-rabani, @prtksxna, @0ip, TranslateWiki team
And finally Myself: @JohnMcLear

TLDR; What’s new and why should I care?
> Full Etherpad Pad Export and Import
> Bug fixes, tests, UI/UX polishing & updates of dependencies
> Speed improvements to all pages. Page load times improved by ~30%.
> Support for instance Sharding (Scaling Etherpad to multiple servers)
> Better documentation & more language support.

Nice things for users:
> Control 5 now does Strikethrough.
> Better experience at higher DPI screens (use of icons instead of fonts)
> 30% Faster page load
> Full Pad Portability (Export/Import)

While this release is mostly a bugfix & performance release we have updated about 20% of the overall Etherpad code since 1.4.1 so we have given it a major release number.

Our release schedule is heating up as we get more and more commercial support ergo more active development.

Some cool things Etherpad can do that it couldn’t before
> curl HTTP POST files right to your Etherpad Instance
> Export other HTTP block elements (Such as subscript/superscript)
> Talk to your pad
> Switch between pads without reloading the editor

Demo Etherpad

Demo Pad, have a play!

Simple single command to post a files data to your Etherpad instance:

curl -X POST -d @yourfile.here http://youretherpad/post

This command will return the URL to a pad containing the contents of the file you selected.

To get this functionality:
1. Visit /admin/plugins
2. Install ep_post_data

Enjoy! And merry festive period, may all be red and ball like.

ep_post_data

Shut up rambling John. Just tell me what’s New and why should I upgrade/care?

Performance:
* Huge MySQL performance improvements (InnoDB to MyISAM)

Hooks:
* User Leave
* Export File Name
* Preprocessor Hook for DOMLine attributes

Scripts
* Script to reinsert all DB values of a Pad

Configuration:
* Allow for absolute settings paths

API:
* Get Pad ID from read Only Pad ID

Fixes:
* Exception on Plugin Search and fix for plugins not being fetched
* Font on innerdoc body can be arial on paste
* Fix Dropping of messages in handleMessage
* Don’t use Abiword for HTML exports
* Color issues with user Icon
* Timeslider Button
* Session Deletion error
* Allow browser tabs to be cycled when focus is in editor
* Various Editor issues with Easysync potentially entering forever loop on bad changeset

Shut up John, why no update for so long?
Thanks to you guys supporting my other project I have been crazy busy and that means no time for Etherpad, thankfully other project members have lead the way but things haved moved slower than we’d all like. Etherpad is still a project very close to my heart and I’m making plans to commit more time to move things forward in 2015.

Remember people, cloud hosting where you can’t replicate the system locally is going to cost you long term. Did anyone else just notice Google changed Google Drive/Docs interface yet again, can anyone find any of their documents? I tried.. Gave up.. Hillarious. TAKE CONTROL.

Also props to services such as Own Cloud gaining traction, we love you guys, you give control. Keep on being smashing.