Caveat 🔥

These are the release notes of the upcoming release (pull requests merged to the main branch).

• ℹ️ this document is updated automatically by a bot (pr’s to categorize section)
• ℹ️ this document will be roughly updated manually once a week (put PRs + description to the right section)
• 🔥 We don’t guarantee stable APIs. They can still change until the official release
• 🔥 Integration against the upcoming release (currently master branch) is at your own risk

PRs to Categorize

• fix(deps): update dependency sass from 1.93.0 to v1.93.1 (main)

• fix(deps): update dependency posthog-node from 5.8.6 to v5.8.8 (main)

• Index documents without locale in their projects default locale

• fix(deps): update dependency sass from 1.92.1 to v1.93.0 (main)

• fix(deps): update aws-sdk from 3.884.0 to v3.893.0 (main) (minor)

• fix(deps): update dependency posthog-node from 5.8.4 to v5.8.6 (main)

• fix(deps): update dependency sharp from 0.34.3 to v0.34.4 (main)

• fix(deps): update dependency @livingdocs/framework from 32.10.0 to v32.10.1 (main)

• chore(deps): update dependency puppeteer-core from 24.20.0 to v24.21.0 (main)

• Fix minor UI bugs discovered during release testing

• fix(deps): update dependency axios from 1.11.0 to 1.12.0 [security] (main)

• Hide additional info toggle if nothing to show

• set create_date and change_date on retresco request data

• Feat/li-button with Auto-Icon

• chore(deps): update dependency eslint-plugin-jsdoc from 55.4.0 to v57 (main)

• Axios is vulnerable to DoS attack through lack of data size check - https://github.com/advisories/GHSA-4hjh-wcwx-xvwj

• Expose media library asset changes in server events

• chore(deps): update dependency eslint-plugin-jsdoc from 55.1.2 to v55.4.0 (main)

• Fix vue-template-compiler security issue

• Prevent upload center select all error when metadata config properties are undefined

• Check permission in li-image metadata form using uploadMediaType to prevent error trying to access the workspace

• fix(deps): update dependency @azure/identity from 4.11.1 to v4.11.2 (main)

• Correctly register opentelemetry span processor

• chore(deps): update dependency eslint-plugin-jsdoc from 54.5.0 to v54.7.0 (main)

• chore(deps): update dependency eslint from 9.34.0 to v9.35.0 (main)

• fix(deps): update dependency pino from 9.9.2 to v9.9.4 (main)

• Support setting migration sequence to 0 with documentApi.createV2

• fix(deps): update dependency dedent from 1.6.0 to v1.7.0 (main)

• fix(deps): update dependency posthog-node from 5.8.1 to v5.8.2 (main)

• fix(deps): update dependency pino from 9.9.1 to v9.9.2 (main)

• Trigger Google Vision enrichment on image upload

• Improve comment to component alignment on load

• Allow li-rubric-assignment in creation flows

• Exclude scheduled publication events from revisions list

• fix(deps): update dependency pino from 9.9.0 to v9.9.1 (main)

• Rename 213-* db migrations

To get an overview about new functionality, read the Release Notes. To learn about the necessary actions to update Livingdocs to release-2025-11, read on.

Attention: If you skipped one or more releases, please also check the release-notes of the skipped ones.

Webinar

• Feature Webinar Recording: TODO
• Feature Webinar Documentation: TODO
• Dev Webinar Recording: TODO
• Dev Webinar Slides: TODO
• Release Newsletter Subscription

System Requirements

Suggested

Minimal

Deployment

Before the deployment

No pre-deployment steps are required before rolling out this release.

Rollout deployment

Migrate the Postgres Database

No migrations are required for this release.

After the deployment

No post-deployment steps are required after rolling out this release.

Rollback

No rollback steps are required for this release.

Breaking Changes 🔥

Deprecations

Features

Vulnerability Patches

We are constantly patching module vulnerabilities for the Livingdocs Server and Livingdocs Editor as module fixes are available. Below is a list of all patched vulnerabilities included in the release.

Livingdocs Server

This release we have patched the following vulnerabilities in the Livingdocs Server:

• TBD

No known vulnerabilities. 🎉

Livingdocs Editor

This release we have patched the following vulnerabilities in the Livingdocs Editor:

• TBD

We are aware of the following vulnerabilities in the Livingdocs Editor:

• CVE-2023-44270 vulnerability in postcss, it affects linters using PostCSS to parse external Cascading Style Sheets (CSS). It is not exploitable in the editor as we don’t load untrusted external CSS at build time.
• CVE-2022-25844, CVE-2022-25869, CVE-2023-26116, CVE-2023-26117, CVE-2023-26118, CVE-2024-8372, CVE-2024-8373, CVE-2024-21490, CVE-2025-0716 are all AngularJS vulnerabilities that don’t have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js.
• CVE-2024-9506 vulnerability in vue, an ReDoS vulnerability exploitable through inefficient regex evaluation in parseHTML function. The issue can cause excessive CPU usage but is not exploitable in the editor as we don’t load untrusted HTML at runtime.

Patches

Here is a list of all patches after the release has been announced.

Livingdocs Server Patches

Livingdocs Editor Patches

Icon Legend

• Breaking changes: 🔥
• Feature: 🎁