Release v1.8.16

rhansen · rhansen · commit 142a47cbbc40 · 2021-11-28T23:03:58.000-05:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,25 @@
+# 1.8.16
+
+### Security fixes
+
+If you cannot upgrade to v1.8.16 for some reason, you are encouraged to try
+cherry-picking the fixes to the version you are running:
+
+```shell
+git cherry-pick b7065eb9a0ec..77bcb507b30e
+```
+
+* Maliciously crafted `.etherpad` files can no longer overwrite arbitrary
+  non-pad database records when imported.
+* Imported `.etherpad` files are now subject to numerous consistency checks
+  before any records are written to the database. This should help avoid
+  denial-of-service attacks via imports of malformed `.etherpad` files.
+
+### Notable enhancements and fixes
+
+* Fixed several `.etherpad` import bugs.
+* Improved support for large `.etherpad` imports.
+
 # 1.8.15
 
 ### Security fixes
diff --git a/src/package-lock.json b/src/package-lock.json
diff --git a/src/package.json b/src/package.json
@@ -246,6 +246,6 @@
     "test": "mocha --timeout 120000 --recursive tests/backend/specs ../node_modules/ep_*/static/tests/backend/specs",
     "test-container": "mocha --timeout 5000 tests/container/specs/api"
   },
-  "version": "1.8.15",
+  "version": "1.8.16",
   "license": "Apache-2.0"
 }

Original file line number	Diff line number	Diff line change
`@@ -246,6 +246,6 @@`
`246`	`246`	`"test": "mocha --timeout 120000 --recursive tests/backend/specs ../node_modules/ep_*/static/tests/backend/specs",`
`247`	`247`	`"test-container": "mocha --timeout 5000 tests/container/specs/api"`
`248`	`248`	`},`
`249`		`- "version": "1.8.15",`
	`249`	`+ "version": "1.8.16",`
`250`	`250`	`"license": "Apache-2.0"`
`251`	`251`	`}`