Etherpad team blog

One of our side projects is a collaborative drawing/painting tool, it’s pretty nifty and is a lot of fun to use.

Have a go yourself below..

Docs / Repo / Source code

TLDR; Etherpad has changed a lot over the last few years, you should check out some of the great new stuff.

There has been a lot of progress in Etherpad but you might not know about it all because the instance you are using might be old and out of date. We wanted to make it easy for you so here is what’s new in Etherpad since we went open source nearly 5 years ago!

Plugin Framework and management

Client side plugins extend the editor functionality with excellent user experiences such as video conferencing, rich text editing, images, tables, comments, markdown, LaTeX and so much more. On the Server side hundreds of plugins extend Etherpad including support for email notifications, pad management, authentication.. The list really does go on so you should open it in a new tab and check it out when you have a few minutes spare!
Etherpad provides an admin page which provides functionality to edit settings, check your instance settings and manage plugins. Best of all the admin page is super quick and easy to use, similar to how WordPress does plugin management.

Accessibility

From High Resolution screen support to screen reader support to Internationalization (Translations) to Keyboard shortcuts we’re really keen to improve accessibility on the front end. On the back end various well documented clients and libraries for both the API and editor all supported by excellent Etherpad core documentation. We have also focused on document portability ensuring your ENTIRE pad including every single edit(and it’s history) can be exported and taken from one Etherpad instance to another, something no competitor offers.

Huge performance increases

The “old” version of Etherpad was stable up to about 20 people on a pad, after that things got a bit shaky. We’re now testing up to about 250 users on a single pad, way beyond what competitors can offer.

Stability improvements

We now provide both automated front-end and automated back-end testing for Etherpad. This has helped uptime instances be way within the 99.9% threshold required by most operators. While we’re constantly improving on this we’re really proud of the latest figures (99.993% up-time) across our enterprise supported instances and we hope to keep pushing for even better stability moving forward.

Recently we began providing our security releases as CVEs, this has helped the security community do deeper audits of Etherpad to move forward to a more secure piece of software

Commercial services

You know what commercial services are, if your company is using Etherpad then you probably have an internal guy that’s your Etherpad guy. Without that guy we wouldn’t exist as a project so here is an opportunity for us to say thanks! If you are that guy and you feel like you would like some support with your Etherpad instance do get in touch and we’d be happy to connect you to someone that can help. If you are a developer or admin and enjoy working with Etherpad then also get in touch, we can connect those dots too!

Shut up and take me to Etherpad!

IMPORTANT: Security release, please update your instances!

This is another security release, the exploit is documented as CVE-2015-3297 — If a specifically formatted URL is used to access Etherpad a file can be read from the filesystem. This issue has existed in Etherpad since 2012 so pretty much all deployments will be effected.

We have been doing a lot of security releases lately as we complete our third security audit. Our apologies for creating such a fire under admins to update so frequently lately.

SECURITY: Traversing URL exploit
NEW: Default Pad options can now be defined in settings.json, see the Etherpad Template file for reference.
NEW: sessionKey is now automatically generated and stored in the file system.
NEW: Logic for handling pad creation with illegal characters
FIX: IE10 now works
FIX: html10n missing semicolons, prevents warnings
FIX: Importing of Large .Etherpad files no longer crashes the server
UPDATES: Update all stuck dependencies (Inc underscore)
UPDATES: Update to Express 4
UPDATES: We no longer support IE8

This is our final release before we introduce some breaking changes over the weekend.

This release includes one critical security fix which can expose a file from your file system to a remote visitor. CVE due soon.

Download and upgrade at http://etherpad.org

Etherpad 1.5.3 is with us.. This release is a security release. The security issue is a big one so please do update…

Security

Don’t allow read files on directory traversal (CVE due very shortly)

Accessibility

Accessibility support for Screen readers, includes new fonts and keyboard shortcuts

API

API endpoint for Append Chat Message and Chat backend tests
Error messages displayed on load are included in Default Pad Text (can be suppressed)

Methods and functions

Content Collector can handle key values
getAttributesOnPosition Method returns applied attributes on a position

Bugfixes

Firefox keeps attributes (bold etc) on cut/copy -> paste
URL Parameter showControls=false now works
Cut and Paste works again…

Grab the latest Etherpad now

Today we’re proud to announce that Etherpad is now accessibility enabled.

TLDR;

Screen readers are fully supported

Keyboard shortcuts are now available for the pad and timeslider pages

Various new fonts available in core (only changes viewers experience)

High contrast user experience now available (see ep_themes plugin)

Control Shift 2 shows author information pop-up for currently selected line

Quick links

Accessibility and keyboard shortcut documentation

The pull request with a plethora of comments and thoughts

A testing environment to play around with

Special thanks to

Our sponsor: TBA
pvagner for all his input and testing..
W3 for their work on ARIA

Some quick win shortcuts you should know about

Alt F9 brings up the context menu, Alt F9 and Escape returns focus back to the pad.
Alt C brings up chat
Arrow keys navigate most things

I spotted something that’s wrong or I think it can be made better, how can I tell you?

Either create an issue on github and/or use our idea informer which doesn’t require any sign up or registration to post :)

When will see accessibility land in a major release?

We’re hours away from starting our 2015 hackathon which should bare the fruits of a major release so hopefully a major release will land within 48 hours of this blog post however if you are itching to get your mitts on Accessibility features simply checkout the Etherpad develop branch.

Nginx by Default with Etherpad will display the Nginx Server name value and not forward the Etherpad Server name value. This is a problem as it means your Etherpad version is not available in the Headers which makes debug more difficult among other things.

To solve this add the below your Nginx config and you are done :)

proxy_pass_header Server;

Check by restarting Etherpad and checking your headers.

Here’s some plugins you can use to enable Etherpad to be useful for academic writing. All founds on the Etherpad plugin page with minimal effort.

Rights Mgmt: Etherpad Admin Pads
Privacy: Take your pick from the plugin page.
Footnotes: Use ep_foot_note plugin
Tables: Use the Etherpad Tables plugin
Images: Use the Etherpad images plugin
Formulas: Use the Etherpad Mathjax plugin
Comments: Use the Etherpad Comments plugin
References: Use the Etherpad Reference plugin
Import/Export: Extend import/export support with various options from The plugin page
Offline Support: Use the Offline Edit plugin
Usability: Extend usability with various options from the plugin page

Periodically we sweep through sites that run Etherpad and check for any instances that are out of date.. This time we were alarmed by the number of out of date instances that contain security issues..

Please update your instances.. This is the list of URLS of out of date instances that contain security issues.

· https://piratepad.ca

· https://factor.cc/pad/

· https://pad.systemli.org/ (pads removed after 30 days of inactivity)

· https://pad.fnordig.de/

· https://pad.lqdn.fr/

· https://tihlde.org/etherpad/

· https://etherpad.wikimedia.org

· https://bitpad.co.nz/ (Tor hidden service, pads removed after 30 days of inactivity)

· https://etherpad.mozilla.org/

· https://text.allmende.io/

· http://notas.dados.gov.br

· http://board.net (Demo and FAQ: http://board.net/p/community)

· http://notes.occupy.net/

· http://piratepad.be

· http://pad.openerp.com

· http://pad.planka.nu/

· http://pad.tn/

· http://etherpad.brownbag.me/

· http://lite.framapad.org

· http://pad.hdc.pw/ (Email-Notification,SSL coming next, running in Austria)

· http://pad.op99.org

Interact with Pad contents in real time from within Node and from your CLI.

The CLI can be used to catch edit events from Etherpad. Changes are sent as Changesets so there is no performance drop or additional bandwidth required. We use the fastest possible method to reflected changes of a pad.

The CLI Client can also be used to append content to a pad.

5 seconds getting started…


sudo npm install -g etherpad-cli-client
etherpad https://beta.etherpad.org/p/clitest


See what else the Etherpad CLI Client can do!

The CLI Client was developed as part of our new load testing tool that we hope to release within the coming weeks. Development was funded by UCI & Primary Technology Ltd.