Caveat 🔥
These are the release notes of the upcoming release (pull requests merged to the main branch).
- ℹ️ this document is updated automatically by a bot (pr’s to categorize section)
- ℹ️ this document will be roughly updated manually once a week (put PRs + description to the right section)
- 🔥 We don’t guarantee stable APIs. They can still change until the official release
- 🔥 Integration against the upcoming release (currently
mainbranch) is at your own risk
PRs to Categorize
- Upgrade to ajv@8.18.0
- fix(deps): update opentelemetry from 0.211.0 to ^0.212.0 (main) (minor)
- Handle migrations of old documents without the statistics property
- Move vendors to npm modules
- chore(deps): update dependency pino from 10.2.1 to v10.3.0 (main)
- feat(media-center): add variable thumbnail sizes
- fix: bump file-type version for a bug fix
- fix(deps): update dependency @livingdocs/framework from 32.12.4 to v32.12.5 (main)
- fix(deps): update dependency @livingdocs/framework from 32.12.4 to v32.12.5 (main)
- fix(include): iframe resize bursts debounced
- chore(deps): update dependency pg from 8.17.2 to v8.18.0 (main)
- chore(deps): update dependency @fastify/reply-from from 12.5.0 to v12.6.0 (main)
- Read mimetype from asset object when downloading
- chore(deps): update dependency eslint-plugin-jsdoc from 62.4.1 to v62.5.0 (main)
- Show image and metadata of selected locale in lightbox
- fix(deps): update dependency @livingdocs/framework from 32.12.3 to v32.12.4 (main)
- fix(deps): update dependency @livingdocs/framework from 32.12.2 to v32.12.3 (main)
- chore(deps): update playwright monorepo from 1.57.0 to v1.58.0 (main) (minor)
- Patch vulnerabilities [main]
- Patch vulnerabilities [main]
- Reuse existing media library entries when a media source item has already been imported
- Reuse existing media library entries when a media source item has already been imported
- Patch vulnerabilities [main]
- chore(deps): update dependency posthog-node from 5.20.0 to v5.21.0 (main)
- fix(deps): update dependency @livingdocs/framework from 32.12.1 to v32.12.2 (main)
- Differentiate custom text formatting with the same attribute name
- Scroll document when dragging component close to an edge
- Only support revoke note with use2025Behavior
- Disable print flow create button when workspace is dirty
- fix(deps): update opentelemetry (main) (minor)
- Set an unpublish schedule for a scheduled document
- Clear include overrides when replacing a teaser via drag&drop
- fix(deps): update pintura [main]
- Patch vulnerabilities [main]
- Render li-image metadata properties with named crops in media upload
- Allow removing settings.editMode
- Show label tooltips on text formatting toolbar buttons
- Replace document ownership links with summary when merging users
- Show custom cards in media library sidepanel
- Fix rendering of kanban boards
- Do not attempt to render comments in history view
- Fix Server Settings console errors
- Limit LIDEP075 deprecation to specific print properties
- Show table dashboard row highlight
- Fix delivery build prop validation error
- Show projectId in Retresco error message if integration is disabled
- Download animated images
- Download localized asset on media library detail page
- fix(deps): update dependency @opentelemetry/instrumentation-ioredis from 0.56.0 to ^0.57.0 (main)
- fix(deps): update dependency @livingdocs/framework from 32.11.1 to v32.12.1 (main)
- Media library Dashboards: Small Improvements
To get an overview about new functionality, read the Release Notes.
To learn about the necessary actions to update Livingdocs to release-2026-03, read on.
Attention: If you skipped one or more releases, please also check the release-notes of the skipped ones.
Webinar
- Feature Webinar Recording: TODO
- Feature Webinar Documentation: TODO
- Dev Webinar Recording: TODO
- Dev Webinar Slides: TODO
- Release Newsletter Subscription
System Requirements
Suggested
| Name | Version |
|---|---|
| Node | 24 |
| NPM | 11 |
| Postgres | 17 |
| Elasticsearch | 9.x |
| OpenSearch | 2.3.0 |
| Redis | 8 |
| Livingdocs Server Docker Image | livingdocs/server-base:24 |
| Livingdocs Editor Docker Image | livingdocs/editor-base:24 |
| Browser Support | Chrome >= 144, Edge >= 144, Firefox >= 146, Safari >= 26.0 |
Minimal
| Name | Version |
|---|---|
| Node | 22.17.1 |
| NPM | 10 |
| Postgres | 14 |
| Elasticsearch | 7.x |
| OpenSearch | 1 |
| Redis | 6.2 |
| Livingdocs Server Docker Image | livingdocs/server-base:22 |
| Livingdocs Editor Docker Image | livingdocs/editor-base:22 |
| Browser Support | Chrome >= 133, Edge >= 133, Firefox >= 135, Safari >= 18.3 |
Deployment
Before the deployment
No pre-deployment steps are required before rolling out this release.
Rollout deployment
Migrate the Postgres Database
No migrations are required for this release.
After the deployment
No post-deployment steps are required after rolling out this release.
Rollback
No rollback steps are required for this release.
Breaking Changes 🔥
Validation of Media Source Plugin Return Properties systemName and externalId
The media source plugin function searchMediaImage now requires systemName and externalId to be strings when returned. Previously, these properties were not validated and had no effect.
Deprecations
Features 🎁
Reuse Already Imported Media Source Items 🎁
When a media source item has already been imported, Livingdocs now reuses the existing media library entry instead of importing it again. This allows keeping media libraries free of duplicates when using media from external systems.
To enable the deduplication, media source search results can include systemName and externalId. If a media library entry with the same systemName/externalId pair already exists, it is reused.
module.exports = {
handle: 'examplePlugin',
async searchMediaImage() {
return {
total: 123,
results: [
{
metadata: {},
asset: {},
+ systemName: 'exampleSource',
+ externalId: 'exampleExternalId'
}
]
}
},
async fetchMediaImage() {}
}
Vulnerability Patches
We are constantly patching module vulnerabilities for the Livingdocs Server and Livingdocs Editor as module fixes are available. Below is a list of all patched vulnerabilities included in the release.
Livingdocs Server
This release we have patched the following vulnerabilities in the Livingdocs Server:
- TBD
No known vulnerabilities. 🎉
Livingdocs Editor
This release we have patched the following vulnerabilities in the Livingdocs Editor:
- TBD
We are aware of the following vulnerabilities in the Livingdocs Editor:
- CVE-2023-44270 vulnerability in
postcss, it affects linters using PostCSS to parse external Cascading Style Sheets (CSS). It is not exploitable in the editor as we don’t load untrusted external CSS at build time. - CVE-2022-25844, CVE-2022-25869, CVE-2023-26116, CVE-2023-26117, CVE-2023-26118, CVE-2024-8372, CVE-2024-8373, CVE-2024-21490, CVE-2025-0716 are all AngularJS vulnerabilities that don’t have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js.
- CVE-2024-9506 vulnerability in
vue, an ReDoS vulnerability exploitable through inefficient regex evaluation in parseHTML function. The issue can cause excessive CPU usage but is not exploitable in the editor as we don’t load untrusted HTML at runtime.
Patches
Here is a list of all patches after the release has been announced.
Livingdocs Server Patches
Livingdocs Editor Patches
Icon Legend
- Breaking changes: 🔥
- Feature: 🎁
