calibre-web no longer starts without proper calibre DB path configured,
so the default testcase (completely unconfigured) is removed.
(cherry picked from commit 80f7656229efee8817880250b2ca097a69898330)
With this change I can do
metrics:
enabled: true
listen_port: 8080
and retrieve metrics from `localhost:8080` for the telegram bridge.
(cherry picked from commit 9f9e32238b200716a622bd743e6859495aa83db1)
Discourse normally overrides the default notification email setting,
which makes the `notificationEmailAddress` setting ineffective. Add a
patch to remove this override.
Fixes#140114.
(cherry picked from commit 917a0cfe47bad420a894fe8ca35d7dd95ebb5a7c)
When restoring a backup, discourse decompresses the backup archive in
the /share/discourse/tmp dir. Before this change, it is linked to /run
which is typically backed by memory, so the backup will fail to
restore if you do not have enough memory on your system to contain the
backup. This has already happened to me on two small forums.
This moves tmp to the StateDirectory /var/lib/discourse/tmp which is
typically backed by disk.
(cherry picked from commit f933c68374b9c6195dc74d26c95fc9bf240fead8)
ChangeLog: https://github.com/hedgedoc/hedgedoc/releases/tag/1.9.0
As documented in the Nix expression, I unfortunately had to patch
`yarn.lock` manually (the `yarn.nix` result isn't affected by this). By
adding a `git+https`-prefix to
`midi "https://github.com/paulrosen/MIDI.js.git#abcjs"` in the lock-file
I ensured that `yarn` actually uses the `MIDI.js` from the offline-cache
from `yarn2nix` rather than trying to download a tarball from GitHub.
Also, this release contains a fix for CVE-2021-39175 which doesn't seem
to be backported to 1.8. To quote NVD[1]:
> In versions prior to 1.9.0, an unauthenticated attacker can inject
> arbitrary JavaScript into the speaker-notes of the slide-mode feature
> by embedding an iframe hosting the malicious code into the slides or by
> embedding the HedgeDoc instance into another page.
Even though it "only" has a medium rating by NVD (6.1), this seems
rather problematic to me (also, GitHub rates this as "High"), so it's
actually a candidate for a backport.
[1] https://nvd.nist.gov/vuln/detail/CVE-2021-39175
(cherry picked from commit 0a10c17c8d01e5f9fefa3d6dbb7802a3cbce7e23)
I'm not sure this is the best way to get these patches, but it's better than `master` (at commit `e9617f553284b170a8b520d051ac1fc1b83cff30` on `nginx` these patches moved into a `nginx` subdirectory, breaking the build unless the patches are cached).
(cherry picked from commit c5d876511301cdcb8a3d4de8c09a681fa128e172)
Pavel Borzenkov
Bruno BELANYI
Aaron Andersen
Maximilian Bosch
Mario Rodas
talyz
Lassulus
Lara
ajs124
0x4A6F
Ryan Mulligan
Artturi
R. RyanTM
Sumner Evans
pennae
James Kay
github-actions[bot]
Vladimír Čunát