recipe-maintainers/cc-ci-orchestrator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
28ef7e44ab19feef26e81fd388363d64feec0027
cc-ci-orchestrator/cc-ci-plan/upstream/hedgedoc.md
autonomic-bot 15e88eaca2 upstream(hedgedoc): add release-notes sources registry
2026-06-19 02:49:42 +00:00

1.1 KiB
Raw Blame History

Upstream sources — hedgedoc

service image source repo releases / changelog
app quay.io/hedgedoc/hedgedoc https://github.com/hedgedoc/hedgedoc https://github.com/hedgedoc/hedgedoc/releases
db pgautoupgrade/pgautoupgrade https://github.com/pgautoupgrade/pgautoupgrade https://github.com/pgautoupgrade/pgautoupgrade/releases

Standing notes

  • hedgedoc 1.11.0 (2026): 4 security CVEs fixed (HTML injection, YAML DoS, CSRF via Gist export, rate-limit bypass). No breaking changes, no migrations, no schema changes. Optional new env var CMD_RATE_LIMIT_USING_CLOUDFLARE only needed if running behind Cloudflare — not required for standard deployments.
  • pgautoupgrade: handles Postgres major-version upgrades automatically on container start. Bump ONE major at a time (16→17, then 17→18 on next cycle). The image tag is <pg-major>-alpine.
  • cc-ci tests use the sqlite backend (default compose.yml), not the postgresql compose override — so pgautoupgrade bumps do not affect CI test coverage.