To get an overview about new functionality, read the Release Notes. To learn about the necessary actions to update Livingdocs to release-2023-05, read on.

Attention: If you skipped one or more releases, please also check the release-notes of the skipped ones.


System Requirements


Livingdocs Server Docker Imagelivingdocs/server-base:18.3
Livingdocs Editor Docker Imagelivingdocs/editor-base:18.5
Browser SupportEdge >= 80, Firefox >= 74, Chrome >= 80, Safari >= 13.1, iOS Safari >= 13.4, Opera >= 67


Livingdocs Server Docker Imagelivingdocs/server-base:16.3
Livingdocs Editor Docker Imagelivingdocs/editor-base:16.3
Browser SupportEdge >= 80, Firefox >= 74, Chrome >= 80, Safari >= 13.1, iOS Safari >= 13.4, Opera >= 67


German UI

To enable the German UI in the Editor, you have to set locale in the Editor config.

app: {
  locale: 'de'

In future, you will be able to configure your own labels for metadata properties in several languages, allowing individual users to switch between languages at their discretion for complete multi-language UI experience.

Breaking Changes πŸ”₯

Migrate the Postgres Database πŸ”₯

It’s a simple/fast migration with no expected data losses.

# run `livingdocs-server migrate up` to update to the newest database schema
# migration 187-indexes-deferrable.js
#   modifies constraints to be deferrable
# migration 188-document_content_types-archive.js
#   adds a new table to store archived content types
# migration 189-delete-draft-project-config-indexes.js
#   removes draft project config indexes
# migration 190-enable-preview-builds.js
#   adds a new column to store the preview build status
# migration 191-add-concurrent-user-tracking.js
#   adds a new table to store concurrent user information
# migration 193-increase-document-title-length.js
#   increases the length of the document title to 1000 characters
livingdocs-server migrate up

Add default settings for Editor Config πŸ”₯

πŸ”₯ Obsolete configs which can be removed from downstream editor environment configs


♻️ You can remove theses settings from your Downstream Editor Config if the value is identical (because it’s defined as default values)

debug: false
http.timeout: 10000
versionCheckTimeout: null
editor.imageCrop.showSurroundingImage: 'always'
editor.imageCrop.surroundingImageOpacity: 0.25
editor.imageCrop.zoomStep: 1.1
editor.printView.enableStepZooming: true
editor.printView.zoomStep: 1.2
auth.authTokenRenewalInterval: 0
app.locale: 'en'
app.dateTimeLocale: 'en-li'
app.documentLists.pageSize: 100
app.documentList.pageSize: 100
app.history.pageSize: 100
admin.showBilling: true
port: 9000
host: '::'
loglevel: 'warn'
basePath: '/'
compress: false
assetsMaxAge: '1y'
h2c: false
redirectHttpToHttps: true
contentSecurityPolicy: `frame-ancestors 'self';`

References: PR

Remove Editor Config πŸ”₯

πŸ”₯ Remove legacy Editor Config

As a replacement, please use the new Home Screen instead. See Home Screen or Start Page.

References: PR

Remove Gravatar support for profile images πŸ”₯

πŸ”₯ Gravatar is no longer supported for profile images

References: PR

documentApi | searchManager.searchPublications -> remove props in search result πŸ”₯

  • πŸ’₯ The property ‘.documents’ in the result of ‘documentApi.find()’ got removed. Please use ‘.results’.
    const res = documentApi.find({project_id: 1}, {limit: 1})
    - const firstdoc = res.documents[0]
    + const firstdoc = res.results[0]
  • πŸ’₯ The property ‘.publications’ in the result of ‘searchManager.searchPublications()’ got removed. Please use ‘.results’.
    const res = searchManager.searchPublications({projectId: 1}, {limit: 1})
    - const firstdoc = res.publications[0]
    + const firstdoc = res.results[0]

References: PR

registerProviders() for li-oembed feature is now synchronous πŸ”₯

πŸ”₯ If you used a promise .catch() handler when registering oEmbed providers (liServer.features.api('li-oembed').registerProviders()), please change this to a try/catch instead.

References: PR

Set allowQuickPublish: true to show publish button on Dashboard πŸ”₯

  label: 'Published',
  minWidth: 200,
  growFactor: 0,
  priority: 2,
  componentName: 'liTableDashboardCellPublishState',
  componentOptions: {
    allowQuickPublish: true // <---- you have to add that to enable quick publish

References: PR

Remove support for liServer.log.log | liServer.log.success πŸ”₯

πŸ”₯ Remove unused custom liServer.log.log and liServer.log.success levels. Use instead.

References: PR

Remove functions from projectConfigApi πŸ”₯

  • πŸ”₯ Remove projectSettings.draftAssets. There is no replacement.
  • πŸ”₯ Remove projectConfigApi.getDraft({projectId, channelId, draftName}). There is no replacement.
  • πŸ”₯ Remove projectConfigApi.createDraft({projectId, channelId, draftName}). There is no replacement.
  • πŸ”₯ Remove projectConfigApi.updateDraft({projectId, channelId, draftName, channelConfig, ignore}). There is no replacement.
  • πŸ”₯ Remove projectConfigApi.deleteDraft({projectId, channelId, draftName}). There is no replacement.
  • πŸ”₯ Remove projectConfigApi.publishDraft({projectId, channelId, draftName, userId}). There is no replacement.

References: PR

Drop callback support for menuApi πŸ”₯

πŸ”₯ Remove callback support for menuApi (liServer.features.api('li-menus')). Please use promises instead.

References: PR

Drop callback support for groupsApi πŸ”₯

πŸ”₯ Remove callback support for groupsApi (liServer.features.api('li-groups')). Please use promises instead.

References: PR

serverConfig.policies is not supported anymore πŸ”₯

πŸ”₯ serverConfig.policies is no longer supported.

Please use projects[].groups[].policies in your seeding config, or define the policies through the UI by visiting Project Administration -> Groups -> [Group] -> Edit Permissions.

See Project Seeding API documentation for further details.

References: PR

Elasticsearch client.get needs projectId πŸ”₯

πŸ”₯ elasticsearchClient.get() needs to pass the projectId


  handle: 'your-handle',
  id: `${projectId}:${documentId}` // <----- pass projectId here

References: PR

Access Control feature adds permission checks + input validation πŸ”₯

πŸ”₯ liServer.features.api('li-access-control').verifyAction() additionally handles restricted user and content type permission checks, in addition to the existing registered access control hooks. If you have issues, please contact us. πŸ”₯ liServer.features.api('li-access-control') API methods now have strict input validation. If you have issues, please contact us.

References: PR

Moved Server Config πŸ”₯

πŸ”₯ Removed Server Config (used by the Elasticsearch Client). Please use search.elasticsearchClient.node instead.

References: PR

Removed Editor metadataLifecycle πŸ”₯

πŸ”₯ Removed Editors coreApi.metadataLifecycle function, please use contentType.defaultMetadata instead

References: PR

Removed li-authentication-sso Authentication πŸ”₯

πŸ”₯ Remove legacy li-authentication-sso authentication

References: PR

Removed groupsApi.getScopesOfUser πŸ”₯

πŸ”₯ Remove liServer.features.api('li-groups').getScopesOfUser()

References: PR

Groups API πŸ”₯

  • πŸ”₯ Moved groupsApi.setAccessPolicy to groupsApi.setPermissions
  • πŸ”₯ Use groupsApi.setPermissions with the parameters data: {policies: [], scope: ''}
  • πŸ”₯ groupsApi.updateGroup does not support scope parameter anymore.

References: PR

Metadata Plugin li-issue-management

  • πŸ”₯ metadata type li-issue-management: requires finiteProducts in the root of the project config from now on. See Documentation

Project Config

   v: 2,
+  finiteProducts: [{
+    issueContentType: 'issue',
+    issueMemberContentTypes: ['page']
+  }],
  • πŸ”₯ metadata type li-issue-management: requires config: {index: true}, metadata config from now on. See Documentation
   handle: 'local',
   type: 'li-issue-management',
+  config: {index: true},
   ui: {

Adding index: true config requires elasticsearch to be re-indexed:

livingdocs-server elasticsearch-index --handle=li-documents -y


Porting useAsTitle to displayTitlePattern

The useAsTitle option has been deprecated and will be removed in release-2023-07. If you are currently using an li-text plugin with useAsTitle: true, please migrate to displayTitlePattern. You will want to remove the useAsTitle from the metadata and introduce displayTitlePattern: '{{metadata.title}}' to maintain the functionality, where title is handle for an li-text plugin. Please bear in mind that Editor toolbar behaviour will change, and it will no longer be possible to change the title of the article from the toolbar. The title will be editable in the li-text plugin. Please also make sure that document.title is no longer accessed in custom code, e.g. in Includes since this would leak the internal Working Title to the public.

Rename mediaIndex to indexing

Rename your-metadata-plugin.mediaIndex to your-metadata-plugin.indexing

// migrate your metadata plugins from
mediaIndex: {
  enabled: true,
  index_behavior: []

// to
indexing: {
  enabled: true,
  behavior: []

Breaking Change: release-2023-07

References: PR


Deprecate behaveAsLiImage for custom metadata plugins. Replace your custom image metadata plugins with li-image

Breaking Change: release-2023-07

References: PR

APIs 🎁

livingdocs-server secret-show

Introduce livingdocs-server secret-show CLI task to display the currently defined secretRefs of a project

Other Changes





Vulnerability Patches

We are constantly patching module vulnerabilities for the Livingdocs Server and Livingdocs Editor as module fixes are available. Below is a list of all patched vulnerabilities included in the release.

Livingdocs Server

This release we have patched the following vulnerabilities in the Livingdocs Server:

We are aware of the following vulnerabilities in the Livingdocs Server:

  • CVE-2023-26102 has yet to be patched by rangy but we have proposed a fix in this PR This vulnerability is not exploitable in the Livingdocs Server.

Livingdocs Editor

This release we have patched the following vulnerabilities in the Livingdocs Editor:

We are aware of the following vulnerabilities in the Livingdocs Editor:

  • CVE-2023-26102 has yet to be patched by rangy but we have proposed a fix in this PR This vulnerability is not exploitable in the Livingdocs Editor because rangy module is scoped in the livingdocs-framework and not exposed to the users.
  • CVE-2023-26116, CVE-2023-26118, CVE-2023-26117, CVE-2022-25869, CVE-2022-25844 are all AngularJS vulnerabilities that don’t have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js.


Here is a list of all patches after the release has been announced.

Livingdocs Server Patches

  • v226.3.47: fix(exif-extraction): Normalize the Date Created exif field to a full iso timestamp supported everywhere
  • v226.3.46: fix(http): agent updated to only support https
  • v226.3.45: fix(indexing): Increase events to fetch if no group existed
  • v226.3.44: fix(security): Update sharp to version v226.3.47 to patch CVE-2023-4863
  • v226.3.43: fix(routing): Remove slug limitation of 30 characters
  • v226.3.42: fix(documents): Truncate title on creation
  • v226.3.41: fix(dashboard source): doesn’t query by ID
  • v226.3.40: fix(importer): trim title
  • v226.3.39: fix(deps): update dependency @livingdocs/framework from 24.13.8 to v24.13.10
  • v226.3.38: fix(woodwing): The blob-store createReadStream returns a promise, await it
  • v226.3.37: fix(document import): copies metadata on drag
  • v226.3.36: chore(ci): Run nzz tests using node 18
  • v226.3.35: fix(sitemap): Add entriesPerPage to getSitemapIndex call
  • v226.3.34: fix(image-processing): Use .on listeners instead of .once to prevent process crashes on errors
  • v226.3.33: fix(media-library): Add failOn config for processing corrupt image files
  • v226.3.32: chore(elasticsearch): Increase index delay to 3 - 6 seconds during 429 errors
  • v226.3.31: fix(lists): Return scheduled_in_inbox with find request
  • v226.3.30: fix(search): Don’t provide format for Elasticsearch < 7.13.0
  • v226.3.29: fix(deps): Upgrade @livingdocs/conf to not merge arrays
  • v226.3.28: fix(search): Provide format when sorting by date
  • v226.3.27: fix(documents): Fix metadata_id query in document cleanup script
  • v226.3.26: fix(documents): Set first_publication_id of scheduled documents when they get published
  • v226.3.25: test(document-lists): Test scheduled documents in document lists
  • v226.3.24: fix(indexing): Fix --ids=1,2,3 indexing for the drafts index
  • v226.3.23: fix: bump framework version to include original size for custom image service
  • v226.3.22: fix(routing): Use isolatedCacheFactory instead of persistent in-process cache for route builders
  • v226.3.21: chore(media-library): Return latest entry after update
  • v226.3.20: fix(indexing): Add try/catch around elasticsearch payload creation to prevent full bulk failures if one document is faulty
  • v226.3.19: fix(dependencies): Upgrade vm2 and @livingdocs/framework to fix security vulnerabilities CVE-2023-32314
  • v226.3.18: chore(data-migrations): Support new date range structure on data migration document filter query
  • v226.3.17: chore(documents): Remove ordering from getPublicationReferences call as it behaves buggy
  • v226.3.16: test: desk-net hooks tests
  • v226.3.15: fix: also support camel case in systemdata for a Data Migration
  • v226.3.14: fix: desk-net status sync back without config
  • v226.3.13: fix(reports): report concurrent users only when concurrent billing is enabled
  • v226.3.12: fix(logging): Make dev string formatter more reliable with custom input

Livingdocs Editor Patches

  • v94.10.85: fix(tasks): Use correct steps within task value

  • v94.10.84: test: fix media library cypress test for image storage size

  • v94.10.83: code(comments): always use the context from editable data

  • v94.10.82: fix(references): typo

  • v94.10.81: fix(pills): print layout has translate hack

  • v94.10.80: fix(translations): Task labels on history side panel and home screen

  • v94.10.79: fix(deps): update dependency @livingdocs/framework from 24.13.8 to v24.13.10

  • v94.10.78: fix: switch webpack devtool setting to have less errors

  • v94.10.77: fix(security): Update semver (CVE-2022-25883), word-wrap (CVE-2023-26115) and tough-cookie (CVE-2023-26136) to patch security vulnerabilities

  • v94.10.76: fix(comments): Disable comments for data records

  • v94.10.75: fix(publish control panel): padding added

  • v94.10.74: fix(lists): Include scheduled when calculating sort order

  • v94.10.73: fix(dashboards): Reset pagination when resetting filters

  • v94.10.72: fix(drop-handler): check if children allowed

  • v94.10.71: fix(editor): Limit back button target to specific allow list

  • v94.10.70: fix(media-library): Always show the media info, even if there’s no user present (e.g. with imports)

  • v94.10.69: fix(publish control): show publication date only when a visiblePublicationDate is available (the article has been published before)

  • v94.10.68: fix(back button): ignore kanban boards from potential navigation targets for user clarity

  • v94.10.67: fix(editor): Fix labels for cut and copy buttons in multiselect panel

  • v94.10.66: fix(metadata preview): show different previews in correct order

  • v94.10.65: fix(document lists): show correct label on card after publish control schedule is removed

  • v94.10.64: fix(realtime): Notify user on Pusher connection error

  • v94.10.63: fix(metadata previews): show previews after errors and length feedback

  • v94.10.62: fix: clone dashboard config before modifying

  • v94.10.61: fix(table dashboards): correctly error when custom tableDashboardCell components take editable prop

  • v94.10.60: chore: Add scheduledOrPublished support on legacy documentState filter

  • v94.10.59: fix: bump framework version to support original size in custom image service

  • v94.10.58: fix(quick publish): correctly show quick publish button if allowed

  • v94.10.57: chore: Downgrade node v18.16.1 to v18.14.1

  • v94.10.56: fix(title): Always truncate the title and do not send the title to the server if a displayTitlePattern is active

  • v94.10.55: fix(media-library): Reassign saveStatus object for AngularJS reactivity

  • v94.10.54: fix(li-publish-control-status): calculate if document is issue member independently of editor depenency

  • v94.10.53: chore(legacy-search): Skip tests that call _fetchDocumentList

  • v94.10.52: fix(dates): Fix relative date formatting and write tests for it

  • v94.10.51: fix(issue-management): show release in place of publication if page is part of issue type

  • v94.10.50: fix(li-form-select): avoid dropdowns in text formatting popover to be cut off

  • v94.10.49: fix(metadata preview): properly remove iframe message event listeners when unmounting the preview iframe

  • v94.10.48: fix(indexing): Fix queue log formatting on indexing dashboard

  • v94.10.47: fix(li-unsaved-dialog): Use $t() instead of undefined this.$t(), when adding translations to vue template

  • v94.10.46: fix(dependencies): Upgrade and to fix security vulnerabilities CVE-2023-31125 and CVE-2023-32695

  • v94.10.45: fix(li-publish-control-embargo): keep UTC date

  • v94.10.44: fix(distribution-planning): Fix time tag position in schedule panel

  • v94.10.43: fix(redirect): state given over URL

  • v94.10.42: fix(distribution-planning): Process queue while retrying save

  • v94.10.41: fix(toolbar): Add reactivity for li-tasks-toolbar-action, with metadata listener to metadataChanged

  • v94.10.40: fix(editable teasers): correctly clear overrides on article references change after teaser transform

  • v94.10.39: fix(distribution-planning): Set null when removing last distribution

  • v94.10.38: fix: treat filter v2 options with exists as valid selection

  • v94.10.37: fix(li-publish-control-embargo): respect setTimeout max delay value

  • v94.10.36: fix(table-dashboard): Don’t check for dashboard source updates

  • v94.10.35: fix(document creation): set metadata title property with useAsTitle during creation

  • v94.10.34: fix(editable teasers): apply overrides when inserting a component from clipboard

  • v94.10.33: fix(publish control): don’t show publish/unpublish buttons in wrong state until panel reopen

  • v94.10.32: fix(teaser preview): Layout

  • v94.10.31: fix(display filters): don’t render container for listV2 filters with no options

  • v94.10.30: fix(billing): show concurrents only if reported

  • v94.10.29: fix(distribution planning): return to correct state after opening an article from distribution planning screen

  • v94.10.28: fix(distribution planning): don’t show proposals section when not used

  • v94.10.27: fix(home screen): show tasks again after query optimization

  • v94.10.26: fix(buy-in): consider editable config in dashboard cell

  • v94.10.25: fix(home screen): load tasks only if feature enabled

  • v94.10.24: fix(distribution-planning): Clear metadata value using null

    Icon Legend

    • Breaking changes: πŸ”₯
    • Feature: 🎁
    • Bugfix: πŸͺ²
    • Chore: πŸ”§