recipe-maintainers/cc-ci-orchestrator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

upstream(hedgedoc): add release-notes sources registry

Browse Source
This commit is contained in:
autonomic-bot
2026-06-19 02:49:42 +00:00
parent f195dfc828
commit 15e88eaca2
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
cc-ci-plan/upstream/hedgedoc.md Normal file
View File

@ -0,0 +1,11 @@
# Upstream sources — hedgedoc
| service | image | source repo | releases / changelog |
|---------|-------|-------------|----------------------|
| app | quay.io/hedgedoc/hedgedoc | https://github.com/hedgedoc/hedgedoc | https://github.com/hedgedoc/hedgedoc/releases |
| db | pgautoupgrade/pgautoupgrade | https://github.com/pgautoupgrade/pgautoupgrade | https://github.com/pgautoupgrade/pgautoupgrade/releases |
## Standing notes
- hedgedoc 1.11.0 (2026): 4 security CVEs fixed (HTML injection, YAML DoS, CSRF via Gist export, rate-limit bypass). No breaking changes, no migrations, no schema changes. Optional new env var `CMD_RATE_LIMIT_USING_CLOUDFLARE` only needed if running behind Cloudflare — not required for standard deployments.
- pgautoupgrade: handles Postgres major-version upgrades automatically on container start. Bump ONE major at a time (16→17, then 17→18 on next cycle). The image tag is `<pg-major>-alpine`.
- cc-ci tests use the sqlite backend (default compose.yml), not the postgresql compose override — so pgautoupgrade bumps do not affect CI test coverage.