12 lines
1.1 KiB
Markdown
12 lines
1.1 KiB
Markdown
# Upstream sources — hedgedoc
|
|
|
|
| service | image | source repo | releases / changelog |
|
|
|---------|-------|-------------|----------------------|
|
|
| app | quay.io/hedgedoc/hedgedoc | https://github.com/hedgedoc/hedgedoc | https://github.com/hedgedoc/hedgedoc/releases |
|
|
| db | pgautoupgrade/pgautoupgrade | https://github.com/pgautoupgrade/pgautoupgrade | https://github.com/pgautoupgrade/pgautoupgrade/releases |
|
|
|
|
## Standing notes
|
|
- hedgedoc 1.11.0 (2026): 4 security CVEs fixed (HTML injection, YAML DoS, CSRF via Gist export, rate-limit bypass). No breaking changes, no migrations, no schema changes. Optional new env var `CMD_RATE_LIMIT_USING_CLOUDFLARE` only needed if running behind Cloudflare — not required for standard deployments.
|
|
- pgautoupgrade: handles Postgres major-version upgrades automatically on container start. Bump ONE major at a time (16→17, then 17→18 on next cycle). The image tag is `<pg-major>-alpine`.
|
|
- cc-ci tests use the sqlite backend (default compose.yml), not the postgresql compose override — so pgautoupgrade bumps do not affect CI test coverage.
|