To get an overview about new functionality, read the Release Notes.
To learn about the necessary actions to update Livingdocs to release-2024-01
, read on.
Attention: If you skipped one or more releases, please also check the release-notes of the skipped ones.
Webinar
- Feature Webinar Recording | Passcode: j@PkK@96
- Feature Webinar Documentation
- Dev Webinar Recording | Passcode: $2BSSyTt
- Dev Webinar Slides
- Release Newsletter Subscription
System Requirements
Suggested
Name | Version |
---|---|
Node | 20 |
NPM | 9 |
Postgres | 15 |
Elasticsearch OpenSearch | 8.x v2.3.0 |
Redis | 7 |
Livingdocs Server Docker Image | livingdocs/server-base:20 |
Livingdocs Editor Docker Image | livingdocs/editor-base:20 |
Browser Support | Edge >= 92, Firefox >= 90, Chrome >= 92, Safari >= 15.4, iOS Safari >= 15.4, Opera >= 78 |
Minimal
Name | Version |
---|---|
Node | 18 |
NPM | 9 |
Postgres | (Deprecated Postgres v12) 12 |
Elasticsearch OpenSearch | 7.x 1 |
Redis | 6.2 |
Livingdocs Server Docker Image | livingdocs/server-base:18.4 |
Livingdocs Editor Docker Image | livingdocs/editor-base:18.6 |
Browser Support | Edge >= 92, Firefox >= 90, Chrome >= 92, Safari >= 15.4, iOS Safari >= 15.4, Opera >= 78 |
Breaking Changes 🔥
Migrate the Postgres Database 🔥
No upstream migrations were added this release.
Drop support for Node v18.17 🔥
Drop support for Node versions below 18.17 due to a dependency. Use livingdocs/server-base:20
and livingdocs/editor-base:20
or the latest livingdocs/server-base:18.x
or livingdocs/editor-base:18.x
container images: livingdocs/server-base:18.4
and livingdocs/editor-base:18.6
.
Custom downstream plugins paramSchema validation changes 🔥
Plugins used in other contexts than the ones stated in the docs, will now report an error during server startup.
All downstream plugins are supported by default in document metadata and media library metadata. But if a downstream plugin is used in include services, creation flows or push messages, that will now cause an error during startup.
If a downstream plugin is being used in an include service or a creation flow params schema the following configuration needs to be added to the plugin declaration:
supportedPluginContexts: [
'documentMetadata',
'mediaLibraryEntryMetadata',
'includeParams',
'creationFlowParams'
]
You should remove the serverConfig.useStrictSchemas
property if you set it in the previous release.
Please contact your Livingdocs customer manager if you have any problems with the limitations imposed by the supported plugin contexts.
Config option realtimeUpdates.enabled
🔥
The option serverConfig.documents.realtimeUpdates.enabled
has been removed.
Please remove the enabled
property from your Server configuration and replace it with one or both of the following properties instead:
serverConfig.documents.realtimeUpdates.pollingEnabled
serverConfig.documents.realtimeUpdates.websocketsEnabled
This breaking change concerns the Teaser includes reload feature. Please read the feature documentation for more information.
Document Patch API 🔥
Document patch API document.patch
support has been removed. Please replace it with documentApi.executeDocumentCommands
. No data migration is required, but you will need to swap patches
parameter with commands
, and user
with userId
.
Endpoint PATCH /documents/:id
🔥
This concerns an internal API used by the Livingdocs Editor which has been used in the past by customizations.
The Endpoint PATCH /documents/:id
support has been removed. Please replace it with PATCH /documents/:id/commands
. No data migration is required, but you will need to swap patches
parameter with commands
.
Custom Channel config Properties via uiComponent
property 🔥
Support for custom Channel config Properties via uiComponent
property has been removed.
Please remove your property registration on the server liServer.registerChannelConfigProperty()
.
There isn’t a replacement for this functionality.
- Server PR: Remove support for custom Channel config property
- Editor PR: Remove support for custom Channel config property
Prepare Publish Flow feature 🔥
Support for the Prepare Publish Flow is removed, Publish Control is always used. No action is required.
Filter Sets feature 🔥
Filter Sets feature has been removed in favor of configuring multiple dashboards to provide fast access to different sets of documents for different roles.
Deprecations ⚠️
defaultComponents
in container directives ⚠️
Container directives can define defaultComponents
, but the config has only an effect on direct children. With release-2024-03
, nested containers inherit the defaultComponents
from parent containers.
Please add explicit defaultComponents
to containers, if they shall not inherit the defaultComponents
from parent containers.
Features
Media Library UX improvements 🎁
New behavior added to the Media Library. When clicking a thumbnail on the Media Library view, a sidepanel appears with reduced details. The sidepanel allows users to edit metadata properties, but media actions and multi-language edit are not available. This view allows you to quickly inspect the details of a media library entry without leaving the Media Library view.
Hovering over the thumbnail will show the actions:
- Pencil button links to full edit page
- Magnifying glass button opens overlay with large image preview with the possibility to show a reduced set of metadata properties. The supported metadata property types are:
- li-text
- li-integer
- li-boolean
- li-date
- li-datetime
- li-enum
- li-string-list
Event Actors 🎁
actor
property has been added to the webhook payload. This property reports the actor that triggered the event. The use case can be defining a priority lane to prioritise events triggered by humans over machines or filter events by trigger actor.
The following actors are supported:
user
- user triggered the event, user name is not reported in the webhook payload:{type: 'user'}
importer
- import actor triggered the event, actor name is reported in the webhook payload:{type: 'importer', name: 'importer-name'}
api-client
- api client triggered the event, actor name is reported in the webhook payload:{type: 'api-client', name: 'api-client-name'}
Example webhook payload:
{
"event": "document.delete",
"deliveryId": "Vulsdw3-y2JLqnE13NjPa",
"projectId": 3,
"projectHandle": "service",
"webhookHandle": "test-1",
"documentId": 123,
"actor": {
"type": "importer",
"name": "Importer"
}
}
Secure Opensearch/Kibana 🎁
To improve security in the Livingdocs infrastructure, we have added a new authentication method to the Opensearch/Kibana stack. It is now possible to use AWS credentials methods to access the Opensearch/Kibana. The new configuration can be found in the Server config withing search
property:
search: {
elasticsearchClient: {
// AWS Credentials support for OpenSearch
// You can configure any AWS Credentials provider supported by the AWS SDK credentials-provider-node
// configuration provided: https://www.npmjs.com/package/@aws-sdk/credential-provider-node#supported-configuration
// Please make sure to always define aws object, even if you don't use AWS credentials
aws: {
accessKeyId: '*****',
secretAccessKey: '*****',
region: 'eu-central-1'
}
}
}
For production environments:
- using AWS IAM Roles you can define a token with
accessKeyId
andsecretAccessKey
in theaws
object - when running the Livingdocs Server in EKS, use the IAM Roles for Service Accounts feature to assign the required permissions to the Livingdocs Server pod.
- when running the Livingdocs Server in ECS/Fargate, use the IAM Roles for Tasks feature to assign the required permissions to the Livingdocs Server task.
For local development, AWS Profile credentials can be used when connecting to remote Opensearch/Kibana. In both cases make sure to define the region
property.
search: {
elasticsearchClient: {
aws: {
region: 'eu-central-1'
}
}
}
Support publishControl.visiblePublicationDateOverride
on Import API 🎁
The publishControl.visiblePublicationDateOverride
property can now be set within the documents
parameter when importing articles via the Import API. This allows you to set the visible publication date override when importing documents. As with other publish related properties, "flags": {"autoPublish": true}
must be defined when using the Public API.
Add support for ‘document.create’ and ‘document.delete’ webhooks 🎁
New webhooks for document create and delete have been added to the webhooks list. These webhooks are triggered when a document is created or deleted. Please find webhook payload examples below:
{
"event": "document.create",
"deliveryId": "KIOSZpPUt8X6X-FDlnLTX",
"projectId": 3,
"projectHandle": "service",
"webhookHandle": "test-1",
"documentId": 123,
"actor": {
"type": "user"
}
}
{
"event": "document.delete",
"deliveryId": "Vulsdw3-y2JLqnE13NjPa",
"projectId": 3,
"projectHandle": "service",
"webhookHandle": "test-1",
"documentId": 123,
"actor": {
"type": "api-client",
"name": "Publibot 3000"
}
}
Sort options of DisplayFilters are respected in Media Library 🎁
The Media Library DisplayFilter respects sorting options. This adapts the behavior of the Table Dashboards. The sorting options are defined in the DisplayFilter configuration.
This feature has also been backported to release-2023-11
and release-2023-09
.
Vulnerability Patches
We are constantly patching module vulnerabilities for the Livingdocs Server and Livingdocs Editor as module fixes are available. Below is a list of all patched vulnerabilities included in the release.
Livingdocs Server
This release we have patched the following vulnerabilities in the Livingdocs Server:
- CVE-2024-4068 patched in
braces
v3.0.3 - CVE-2023-26159 patched in
follow-redirects
v1.15.5 - CVE-2023-36665 patched in
protobufjs
v7.2.5 - CVE-2024-28176 patched in
jose
v4.15.5 - CVE-2024-28849 patched in
follow-redirects
v1.15.6 - CVE-2024-28863 patched in
tar
v6.2.1 - CVE-2024-29041 patched in
express
v4.19.2 - CVE-2024-30260 patched in
undici
v5.28.4 - CVE-2024-30261 patched in
undici
v5.28.4 - CVE-2024-37168 patched in
@grpc/grpc-js
v1.9.15 - CVE-2024-37890 patched in
ws
v8.17.1
No known vulnerabilities. 🎉
Livingdocs Editor
This release we have patched the following vulnerabilities in the Livingdocs Editor:
- CVE-2024-4068 patched in
braces
v3.0.3 - CVE-2023-26159 patched in
follow-redirects
v1.15.5 - CVE-2023-51701 patched in
@fastify/reply-from
v9.7.0 - CVE-2024-21501 patched in
sanitize-html
v2.12.1 - CVE-2024-28849 patched in
follow-redirects
v1.15.6 - CVE-2024-28863 patched in
tar
v6.2.1 - CVE-2024-29180 patched in
webpack-dev-middleware
v6.1.2 - CVE-2024-30260 patched in
undici
v5.28.4 - CVE-2024-30261 patched in
undici
v5.28.4 - CVE-2024-37890 patched in
ws
v8.17.1
We are aware of the following vulnerabilities in the Livingdocs Editor:
- CVE-2023-44270 vulnerability in
postcss
, it affects linters using PostCSS to parse external Cascading Style Sheets (CSS). It is not exploitable in the editor as we don’t load untrusted external CSS at build time. - CVE-2023-26116, CVE-2023-26118, CVE-2023-26117, CVE-2022-25869, CVE-2022-25844 are all AngularJS vulnerabilities that don’t have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js.
Patches
Here is a list of all patches after the release has been announced.
Livingdocs Server Patches
- v245.0.51: fix(deps): update dependency axios from 1.6.2 to 1.7.4 [security]
- v245.0.50: fix(li-tree): Fix reference extraction of translated document references in li-tree
- v245.0.49: fix(deps): update dependency @livingdocs/framework from 27.2.17 to v27.2.18
- v245.0.48: fix(deps): update dependency @livingdocs/framework from 27.2.14 to v27.2.17
- v245.0.47: fix: document create functions require a title property
- v245.0.46: fix(includes): Convert preloaded metadata to JSON
- v245.0.45: fix(api-clients): Do not return archived clients when querying them
- v245.0.44: fix(retresco): Properly delete retresco enrich jobs from redis after processing
- v245.0.43: fix(azure-blob-storage): Correctly handle processing errors by propagating to all the streams
- v245.0.42: fix(security): Patch security vulnerabilities CVE-2024-30260 and CVE-2024-30261 in
undici
, CVE-2024-29041 inexpress
, CVE-2024-28863 intar
, CVE-2024-28849 infollow-redirects
, CVE-2024-28176 injose
, and CVE-2023-36665 inprotobufjs
- v245.0.41: fix(queue): Properly await in lib/async-queue
- v245.0.40: fix(planning boards): allow search strategy config
- v245.0.39: fix(project-secrets): Fix support for AWS Aurora for Postgres v14.9
- v245.0.38: fix(deps): update dependency ioredis from 5.3.2 to v5.4.1
- v245.0.37: fix(hugo): Return promise from async controller functions
- v245.0.36: fix(lists): Define limit as option on
documentListModel.getInbox()
, as it is possible to retrieve more than 1010 leading toToo many results
error - v245.0.35: fix(deps): update dependency exifreader from 4.17.0 to v4.21.1
- v245.0.34: fix(deps): Upgrade @livingdocs/framework@release-2024-01
- v245.0.33: fix(document-inbox): Only retrieve documentId and title fields from elasticsearch
- v245.0.32: fix(local-authentication): Allow null for projectId
- v245.0.31: fix(deps): Upgrade to @livingdocs/framework@27.2.12
- v245.0.30: fix(local-authentication): Adjust tests to new schema
- v245.0.29: fix(security): Patch vulnerabilities
CVE-2024-24758
onundici
andGHSA-9h6g-pr28-7cqp
onnodemailer
- v245.0.28: fix(images): Do not abort exif extraction with invalid dates
- v245.0.27: fix(memory-cache): Delete channel config key from cache if value is falsy
- v245.0.26: chore(desknet): Add tests for token refresh
- v245.0.25: chore(example-server): use
li-push-messages
handler with longer execution time - v245.0.24: chore(example-server): use
li-push-messages
handler with longer execution time - v245.0.23: fix(OIDC): Skip logging an error when thrown error is
nonce expired
during OIDC flow - v245.0.22: fix: add npg for duplicate filtering
- v245.0.21: fix(image-processing): Fix extracting metadata from large image headers
- v245.0.20: fix(mediaLibrary): Map the state attribute on media library entries based on the archived flag
- v245.0.19: fix(openid-connect): Remove log when nonce expires in Redis
- v245.0.18: fix(realtime): Emit ‘document.updated’ to avoid collaboration UI issues
- v245.0.17: fix(public-api): Restrict /search ids offset to 9'999 entries as elasticsearch only supports 10'000 and we prefetch 1 for the cursor
- v245.0.16: fix(documents): Throw better error when calling unpublish on a document that’s not public
- v245.0.15: fix: update package-lock for argon2
- v245.0.14: fix(deps): update dependency @livingdocs/secure-password from 5.0.2 to v5.0.3
- v245.0.13: fix(composition-api): Make sure we never load errors or null values into preloaded values
- v245.0.12: fix(notifications): Use link which opens the task side panel
- v245.0.11: chore(commands): Add failed precondition name into conflict error
- v245.0.10: fix(imports): Remove result count rendering on imports page
- v245.0.9: fix(dashboard-sources): ensure correct order of returned documents
- v245.0.8: fix(notifications): Use project defaultLocale for labels in task emails
- v245.0.7: fix: allow downstream plugin in creation flow params
- v245.0.6: chore: pin framework to 27.2.7
- v245.0.5: fix(media-library): Normalize upload error code
- v245.0.4: fix(media-library): Use extracted mime type for file uploads
- v245.0.3: fix(schema): Add message to createSchemaApi validation errors
- v245.0.2: fix(release-2024-01): Update framework to 27.2.5 (release-2024-01 tag)
Livingdocs Editor Patches
v106.0.116: fix(deps): update dependency webpack from 5.89.0 to 5.94.0 [security]
v106.0.115: fix(deps): update dependency axios from 1.6.2 to 1.7.4 [security]
v106.0.114: fix(deps): update dependency @livingdocs/framework from 27.2.17 to v27.2.18
v106.0.113: fix(security): Patch security vulnerabilities CVE-2024-4068 in
braces
, and CVE-2024-37890 inws
v106.0.112: chore(metadata): Improve li-image dropzone message
v106.0.111: fix(deps): update dependency @livingdocs/framework from 27.2.16 to v27.2.17
v106.0.110: fix(comments): Do not emit comment update events for
eventSource: remote
v106.0.109: fix(useDocumentSearch): transform baseFilters to filterStates
v106.0.108: fix(workspace): Prevent infinite refetch loop while on conflict screen
v106.0.107: fix(draft-storage): Fix function context in backported fix
v106.0.106: fix: update framework to fix safari 17.5 bug
v106.0.105: fix(draft-storage): Fix document conflicts with self
v106.0.104: fix(print): Fix this.draft context in print metadata plugin
v106.0.103: fix(draft-storage): Trigger digest when entering document conflict screen
v106.0.102: fix: change retresco idle to 30s
v106.0.101: fix(drop-actions): Make uploadOptions optional
v106.0.100: fix(trackjs): Do not use serialize-error as we suspect it can’t handle circular references in our production workloads
v106.0.99: chore: Revert reactive change on draft.remoteDocument
v106.0.98: chore: Add last save try and save success to autosave issue log
v106.0.97: fix(documents): Prevent overwriting newer revisions on save errors
v106.0.96: fix(print modal): Layout
v106.0.95: fix(create print article): handle overflow for the publication dropdown
v106.0.94: fix(groups): Increment version when updating group members
v106.0.93: fix(kanban-dashboard): Load document state from database on kanban dashboards
v106.0.92: chore(deps): Remove worker check
v106.0.91: fix(permissions): Also extract content types from
{not: {key: 'contentType', term: 'regular'}}
baseFilters to support permissions correctlyv106.0.90: fix(li-date-time-range-filter): Select correct filter key
v106.0.89: fix(tests): adapt tests for better li-image metadata UI testing
v106.0.88: fix(security): Update vulnerable dependencies in
cypress/
andserver/
, namelyfollow-redirects
,@fastify/reply-from
andundici
v106.0.87: fix(comyan): correctly notify the user on comyan imageData loading error
v106.0.86: fix(editor): Disable proofreading for history
v106.0.85: fix(ticker): Reassign shallowReactive attributes to trigger reactivity
v106.0.84: fix: hide remaining media library button when
showUi: false
v106.0.83: fix(editor): Prefill existing teasers when dropped from side panel
v106.0.82: fix: Blur components when exiting the edit mode
v106.0.81: fix(dashboards): Do not rename dashboardType variable
v106.0.80: fix(tasks): the task panel is not hidden anymore for narrow screens, so we can allow the toolbar action
v106.0.79: chore(collaboration): Simplify collaboration bar to only use one event listener
v106.0.78: fix(properties-panel): Only show transforms when there are alternatives
v106.0.77: fix(comments): Do not allow
@assignment
of api client and import usersv106.0.76: refactor: remove lodash get
v106.0.75: fix(page): list button only enabled with permissions
v106.0.74: fix: ensure same mediaId and recreate crops after image was replaced
v106.0.73: test: Use cy.spy instead of download request interceptor
v106.0.72: fix(proofreading): skip highlighting of invisible component elements
v106.0.71: fix(deps): Upgrade @livingdocs/framework@release-2024-01
v106.0.70: fix(ticker): Always load the design of ticker entries before rendering them
v106.0.69: fix(images): Fix named crops for imported images that don’t have an imageService configured
v106.0.68: fix(local-authentication): Do not include projectId if it is null
v106.0.67: chore(vue-components): Use correct lifecycle method in li-angular-component
v106.0.66: fix(dashboard): Use dashboard handle as fallback in cache key
v106.0.65: fix(deps): Upgrade to @livingdocs/framework@27.2.12
v106.0.64: fix(url): Allow URLs without a TLD
v106.0.63: fix(groups): Fix li-tag usage in angular. The
text=
attribute gets bound as variablev106.0.62: fix(media-library): no longer show error in console
v106.0.61: fix(display-filter): Reset filter if custom range is not defined properly
v106.0.60: fix(security): Patch vulnerability
CVE-2024-24758
onundici
v106.0.59: fix(properties): Don’t warn about config when there is no reference
v106.0.58: chore: Remove debug console log
v106.0.57: fix(workspace): Reload document on design change
v106.0.56: fix(lightbox): use 1680px breakpoint for metadata visibility
v106.0.55: fix: close cropping dialog on cancel for
focalPointOnly
behaviorv106.0.54: fix(ticker): Skip softLock checks for ticker entries
v106.0.53: fix(document-preview): Post to wildcard if the origin uses a sandbox without
allow-same-site
. Without it postMessage doesn’t work at all.v106.0.52: chore: Remove TODO, leave the comment about workspace initialization
v106.0.51: fix(li-table): Correctly compute whether a table cell is in the overflow
v106.0.50: fix(toolbar): Hide metadata overlay when opening tasks sidebar
v106.0.49: chore(publish-control): Remove unused property
v106.0.48: fix(li-image): Do not allow picking images from a document that are not present in the media library
v106.0.47: fix(link-edit): Return link data property for prefilling
v106.0.46: fix: Use input or change events instead of keyup
v106.0.45: fix(popover): save on removing specialproviders and make custom elements work on vue popover
v106.0.44: fix(video upload): showing transcoding when uploading single file
v106.0.43: fix(filters): Reposition filter popups when selecting values
v106.0.42: fix(li-image): actually reload document images when content changed
v106.0.41: fix(publish-control-delivery): Show delivery state when opening publish control panel
v106.0.40: fix(canvas): Reassign state.areas to trigger reactivity
v106.0.39: fix(realtime): Add version to refetch stub response in tests
v106.0.38: fix(external systems): show goTo action in dashboards only for documents without an externalSystem
v106.0.37: fix(publish-control-panel): Update running task whenever publish control panel changes visibility state
v106.0.36: fix(ticker): Ensure currently created ticker entries never get removed as they are not present in the elasticsearch result for a few seconds
v106.0.35: fix(table-dashboard): Update model when dashboardConfig changes
v106.0.34: fix(metadata): Feedback stacking
v106.0.33: fix(push messages): allow push for published articles with unpublished changes
v106.0.32: test(links): Add cypress tests
v106.0.31: fix(dashboards): Fix tests
v106.0.30: fix(docked content): Layering
v106.0.28: fix(li-link-edit): apply correct default attributes for internal urls
v106.0.27: fix: pass directive config.search.displayFilters and config.search.baseFilters to the Angular embed teaser
v106.0.26: chore(editor): Remove online listener from autosave on unload
v106.0.25: fix(deps): update dependency @livingdocs/editable.js from 5.0.0 to 5.0.2
v106.0.24: fix(text-formatting): Re-calculate the text formatting states when toggling bold/italic buttons
v106.0.23: fix(imports): Remove result count rendering on imports page
v106.0.22: fix: avoid invalid component inserted after pressing enter
v106.0.21: fix: make sure publish button is not rendered outside of table
v106.0.20: chore: remove unused
li-metadata-form-component
componentv106.0.19: fix(tasks): Add metadataProperty.config.label fallback
v106.0.18: fix(workspace): Add cleanup fn to leaveWindow event handler response
v106.0.17: fix(search): Hide load more button when returning to result groups
v106.0.16: fix: translate unpublished
v106.0.15: fix(shortcuts): allow shortcuts for double low-9 quotation mark and it’s mirror
v106.0.14: fix(delivery builds): fix label for relative time of build start
v106.0.13: fix(ticker): Save publication date on first attempt
v106.0.12: fix(tasks): Only show remove action when the task has a value
v106.0.11: fix(publish-control): Hide update tasks link when in read-only mode
v106.0.10: fix(editor): Prefill teasers when dropped from side panel
v106.0.9: fix: resolve default components via container method
v106.0.8: fix(api): Improve asset proxy error handling
v106.0.7: fix: add back the stopping of click event propagation
v106.0.6: fix: support component drag&drop in safari 17.2
v106.0.5: fix(themes): Move theme logic from bootstrap to session initialization
v106.0.4: fix(li-link-edit): extend typeahead search baseFilters from useDashboard
v106.0.3: fix(release-2024-01): Update framework to 27.2.5 (release-2024-01 tag)
Icon Legend
- Breaking changes: 🔥
- Feature: 🎁
- Bugfix: 🪲
- Chore: 🔧