The fastest knowledge base for growing teams. Beautiful, realtime collaborative, feature packed, and markdown compatible.
OTHER License
Published by tommoor almost 2 years ago
SMTP_NAME
config for email servers that require a specific hostnameNote: sequelize:migrate
is no longer included as a command, if you were using this then use db:migrate
instead.
Published by tommoor almost 2 years ago
Warning As of this release all documents edits are sent over websockets, this results in a much better editor experience with full support for realtime collaborative editing but requires websockets. If your self-hosted setup was managing without working websocket connections editing will no longer work with this release.
Warning Any Redis username in the
REDIS_URL
environment variable will be passed through to Redis as of this release, they were previously ignored. If you see NOAUTH errors then remove the username from the env config.
Warning Detection for HTTPS connections to proxies changed. If your proxy terminates SSL and the installation is in a https redirect loop after updating ensure that your proxy is adding the
x-forwarded-proto: https
header.
SENTRY_TUNNEL
option by @K3das in https://github.com/outline/outline/pull/4298
urls
to not break protocols by @iifawzi in https://github.com/outline/outline/pull/3995
koa-static
in https://github.com/outline/outline/pull/4387
DATABASE_URL
missing in env does not produce validation error in https://github.com/outline/outline/pull/4409
Full Changelog: https://github.com/outline/outline/compare/v0.66.0...v0.67.0
Published by tommoor almost 2 years ago
Warning As of this release all documents edits are sent through the collaborative process using websockets, this results in a much better editor experience with full support for realtime collaborative editing but requires websockets. If your self-hosted setup was managing without websocket connections editing will no longer work with this release.
Ensure that websockets are connecting correctly in v0.66.0 before upgrading.
SENTRY_TUNNEL
option by @K3das in https://github.com/outline/outline/pull/4298
urls
to not break protocols by @iifawzi in https://github.com/outline/outline/pull/3995
koa-static
in https://github.com/outline/outline/pull/4387
DATABASE_URL
missing in env does not produce validation error in https://github.com/outline/outline/pull/4409
Full Changelog: https://github.com/outline/outline/compare/v0.66.0...v0.67.0
Published by tommoor almost 2 years ago
Published by tommoor about 2 years ago
Published by tommoor about 2 years ago
Published by tommoor about 2 years ago
Note This update requires database migrations, take your installation offline, backup the database, and run with yarn db:migrate or yarn db:migrate --env production-ssl-disabled
Once the migrations have run, subscription data can be optionally backfilled with the following command – this will create a notification subscription to each document that users have contributed to which retains the previous notification behavior:
node build/server/scripts/20220722000000-backfill-subscriptions.js
markdown-it
to fix text collapse bug in https://github.com/outline/outline/pull/3953
GET
for RPC API requests by default in https://github.com/outline/outline/pull/4042
Full Changelog: https://github.com/outline/outline/compare/v0.65.1...v0.66.0
Published by tommoor over 2 years ago
The previous release did not allow for new installations, if you have an existing installation this patch offers no improvements.
Published by tommoor over 2 years ago
The previous release did not startup correctly on installations with an unsecured database connection.
Published by tommoor over 2 years ago
This months release comes with a number of new features – full support for outgoing Webhooks so you can integrate Outline with other tools, Mermaid diagrams in the editor, and the ability to setup multiple authentication providers for your team.
We also started a bug bounty program on huntr.dev which has resulted in an above-average number of security related patches in this release.
Note It is highly recommended to visit Settings -> Security and add team domains as an additional measure to restrict access to your self-hosted instance.
documents.update
API endpoint can now be used with collaborative editing enabled in https://github.com/outline/outline/pull/3647
ResizeObserver
for old iOS in https://github.com/outline/outline/pull/3629
svg+xml
image type ext not assigned properly by @CuriousCorrelation in https://github.com/outline/outline/pull/3774
Full Changelog: https://github.com/outline/outline/compare/v0.64.3...v0.65.0
Published by tommoor over 2 years ago
This patch release fixes an issue in the editor that allowed stored XSS to occur by not correctly sanitizing link href's. Note, that In order for this vulnerability to be abused you would need to have a malicious actor with access to the knowledge base (one of your team members).
Published by tommoor over 2 years ago
Published by tommoor over 2 years ago
Fixes another environment parsing bug introduced with the new validation in v0.64.0.
Published by tommoor over 2 years ago
Fixes two environment parsing bugs introduced with the new validation in v0.64.0
.
Published by tommoor over 2 years ago
Note: This update requires database migrations, take your installation offline, backup the database, and run with yarn db:migrate or yarn db:migrate --env production-ssl-disabled
The ALLOWED_DOMAINS
environment variable was moved into the UI under Settings -> Security. Upon upgrading, any existing values set in the environment will be automatically migrated and you can safely remove the ALLOWED_DOMAINS
value post-upgrade.
We also introduced stricter validation of all environment variables to help with debugging and setup of the community edition, depending on your environment this may result in new errors or warnings being output upon server startup. If you have empty environment variables defined these should be removed.
ALLOWED_DOMAINS
to a team level setting (see above) by @coreyja in https://github.com/outline/outline/pull/3489
Full Changelog: https://github.com/outline/outline/compare/v0.63.0...v0.64.0
Published by tommoor over 2 years ago
::
symbols appearing between lines when pasting plaintext in https://github.com/outline/outline/pull/3323
documentStructure
database locking in https://github.com/outline/outline/pull/3254
Full Changelog: https://github.com/outline/outline/compare/v0.62.0...v0.63.0
Published by tommoor over 2 years ago
:smile:
style emoji in Markdown paste handler https://github.com/outline/outline/pull/3056
localStorage
https://github.com/outline/outline/pull/3078
InputSearch
style for move dialog https://github.com/outline/outline/pull/3173
Published by tommoor almost 3 years ago
This release addresses a stored XSS vulnerability in document titles that was introduced in v0.57.0
.
Note: XSS allows an attacker to execute code in another users browser such as accessing cookie values. As document write permissions are required to inject a malicious payload within Outline, this is not considered to be a high severity issue for self-hosted installations at this time.
Published by tommoor almost 3 years ago
Note: This update requires database migrations, take your installation offline, backup the database, and run with yarn db:migrate or yarn db:migrate --env production-ssl-disabled
This month pinned documents got a visual refresh to help them stand out – we also added the option to reorder pins and pin documents to the home screen for everyone in the team. Make sure to check out all the other enhancements below…
Published by tommoor almost 3 years ago
This release fixes a security vulnerability that will be detailed in the future. It affects all previously published versions of Outline and is not known to allow exfiltration of database/document data, however upgrading is recommended.