1.10.3-ls172

CI Report:

https://ci-tests.linuxserver.io/linuxserver/hedgedoc/1.10.3-ls172/index.html

LinuxServer Changes:

Full Changelog: 1.10.3-ls171...1.10.3-ls172

Remote Changes:

Security fixes

This release fixes a security issue of a possible XSS exploit which can be planted via a malicous SVG file upload.

See CVE-2025-32391 for more details

Enhancements

• Add config options CMD_SAML_WANT_ASSERTIONS_SIGNED and CMD_SAML_WANT_AUTHN_RESPONSE_SIGNED for SAML auth, since
  some instances didn't comply with the new defaults of @node-saml/passport-saml

1.10.3-ls171

CI Report:

https://ci-tests.linuxserver.io/linuxserver/hedgedoc/1.10.3-ls171/index.html

LinuxServer Changes:

Rebase to Alpine 3.22.

Remote Changes:

Security fixes

This release fixes a security issue of a possible XSS exploit which can be planted via a malicous SVG file upload.

See CVE-2025-32391 for more details

Enhancements

• Add config options CMD_SAML_WANT_ASSERTIONS_SIGNED and CMD_SAML_WANT_AUTHN_RESPONSE_SIGNED for SAML auth, since
  some instances didn't comply with the new defaults of @node-saml/passport-saml

1.10.3-ls170

CI Report:

https://ci-tests.linuxserver.io/linuxserver/hedgedoc/1.10.3-ls170/index.html

LinuxServer Changes:

Add missing icu-data-full to fix bug with TextDecoder and image uploads.

Remote Changes:

Security fixes

This release fixes a security issue of a possible XSS exploit which can be planted via a malicous SVG file upload.

See CVE-2025-32391 for more details

Enhancements

• Add config options CMD_SAML_WANT_ASSERTIONS_SIGNED and CMD_SAML_WANT_AUTHN_RESPONSE_SIGNED for SAML auth, since
  some instances didn't comply with the new defaults of @node-saml/passport-saml

1.10.3-ls169

CI Report:

https://ci-tests.linuxserver.io/linuxserver/hedgedoc/1.10.3-ls169/index.html

LinuxServer Changes:

Add missing icu-data-full to fix bug with TextDecoder and image uploads.

Remote Changes:

Security fixes

This release fixes a security issue of a possible XSS exploit which can be planted via a malicous SVG file upload.

See CVE-2025-32391 for more details

Enhancements

• Add config options CMD_SAML_WANT_ASSERTIONS_SIGNED and CMD_SAML_WANT_AUTHN_RESPONSE_SIGNED for SAML auth, since
  some instances didn't comply with the new defaults of @node-saml/passport-saml

1.10.3-ls168

CI Report:

https://ci-tests.linuxserver.io/linuxserver/hedgedoc/1.10.3-ls168/index.html

LinuxServer Changes:

Add missing icu-data-full to fix bug with TextDecoder and image uploads.

Remote Changes:

Security fixes

This release fixes a security issue of a possible XSS exploit which can be planted via a malicous SVG file upload.

See CVE-2025-32391 for more details

Enhancements

• Add config options CMD_SAML_WANT_ASSERTIONS_SIGNED and CMD_SAML_WANT_AUTHN_RESPONSE_SIGNED for SAML auth, since
  some instances didn't comply with the new defaults of @node-saml/passport-saml

1.10.3-ls167

CI Report:

https://ci-tests.linuxserver.io/linuxserver/hedgedoc/1.10.3-ls167/index.html

LinuxServer Changes:

Add missing icu-data-full to fix bug with TextDecoder and image uploads.

Remote Changes:

Security fixes

This release fixes a security issue of a possible XSS exploit which can be planted via a malicous SVG file upload.

See CVE-2025-32391 for more details

Enhancements

• Add config options CMD_SAML_WANT_ASSERTIONS_SIGNED and CMD_SAML_WANT_AUTHN_RESPONSE_SIGNED for SAML auth, since
  some instances didn't comply with the new defaults of @node-saml/passport-saml

1.10.3-ls166

CI Report:

https://ci-tests.linuxserver.io/linuxserver/hedgedoc/1.10.3-ls166/index.html

LinuxServer Changes:

Add missing icu-data-full to fix bug with TextDecoder and image uploads.

Remote Changes:

Security fixes

This release fixes a security issue of a possible XSS exploit which can be planted via a malicous SVG file upload.

See CVE-2025-32391 for more details

Enhancements

• Add config options CMD_SAML_WANT_ASSERTIONS_SIGNED and CMD_SAML_WANT_AUTHN_RESPONSE_SIGNED for SAML auth, since
  some instances didn't comply with the new defaults of @node-saml/passport-saml

1.10.3-ls165

CI Report:

https://ci-tests.linuxserver.io/linuxserver/hedgedoc/1.10.3-ls165/index.html

LinuxServer Changes:

Add missing icu-data-full to fix bug with TextDecoder and image uploads.

Remote Changes:

Security fixes

This release fixes a security issue of a possible XSS exploit which can be planted via a malicous SVG file upload.

See CVE-2025-32391 for more details

Enhancements

• Add config options CMD_SAML_WANT_ASSERTIONS_SIGNED and CMD_SAML_WANT_AUTHN_RESPONSE_SIGNED for SAML auth, since
  some instances didn't comply with the new defaults of @node-saml/passport-saml

1.10.3-ls164

CI Report:

https://ci-tests.linuxserver.io/linuxserver/hedgedoc/1.10.3-ls164/index.html

LinuxServer Changes:

Add missing icu-data-full to fix bug with TextDecoder and image uploads.

Remote Changes:

Security fixes

This release fixes a security issue of a possible XSS exploit which can be planted via a malicous SVG file upload.

See CVE-2025-32391 for more details

Enhancements

• Add config options CMD_SAML_WANT_ASSERTIONS_SIGNED and CMD_SAML_WANT_AUTHN_RESPONSE_SIGNED for SAML auth, since
  some instances didn't comply with the new defaults of @node-saml/passport-saml

1.10.3-ls163

CI Report:

https://ci-tests.linuxserver.io/linuxserver/hedgedoc/1.10.3-ls163/index.html

LinuxServer Changes:

Add missing icu-data-full to fix bug with TextDecoder and image uploads.

Remote Changes:

Security fixes

This release fixes a security issue of a possible XSS exploit which can be planted via a malicous SVG file upload.

See CVE-2025-32391 for more details

Enhancements

• Add config options CMD_SAML_WANT_ASSERTIONS_SIGNED and CMD_SAML_WANT_AUTHN_RESPONSE_SIGNED for SAML auth, since
  some instances didn't comply with the new defaults of @node-saml/passport-saml