Upcoming
release-2026-05
May 2026 Release
https://github.com/livingdocsIO/livingdocs-editor/tree/release-2026-05

Caveat 🔥

These are the release notes of the upcoming release (pull requests merged to the main branch).

  • ℹ️ this document is updated automatically by a bot (pr’s to categorize section)
  • ℹ️ this document will be roughly updated manually once a week (put PRs + description to the right section)
  • 🔥 We don’t guarantee stable APIs. They can still change until the official release
  • 🔥 Integration against the upcoming release (currently main branch) is at your own risk

PRs to Categorize

To get an overview about new functionality, read the Release Notes. To learn about the necessary actions to update Livingdocs to release-2026-05, read on.

Attention: If you skipped one or more releases, please also check the release-notes of the skipped ones.

Webinar

System Requirements

Suggested

NameVersion
Node24
NPM11
Postgres17
Elasticsearch9
OpenSearch3
Redis8
Livingdocs Server Docker Imagelivingdocs/server-base:24
Livingdocs Editor Docker Imagelivingdocs/editor-base:24
Browser SupportChrome >= 145, Edge >= 145, Firefox >= 148, Safari >= 26.3

Minimal

NameVersion
Node22.17.1
NPM10
Postgres14
Elasticsearch8
OpenSearch2
Redis6.2
Livingdocs Server Docker Imagelivingdocs/server-base:22
Livingdocs Editor Docker Imagelivingdocs/editor-base:22
Browser SupportChrome >= 136, Edge >= 136, Firefox >= 138, Safari >= 18.4

Deployment

Before the deployment

No pre-deployment steps are required before rolling out this release.

Rollout deployment

Migrate the Postgres Database

No migrations are required for this release.

After the deployment

No post-deployment steps are required after rolling out this release.

Rollback

No rollback steps are required for this release.

Breaking Changes 🔥

Direct Imports from lib/ 🔥

Direct file imports from Livingdocs packages are not supported. This release might break direct imports from lib/. Downstreams are urged to remove all direct imports. Since this has never been supported, we will not communicate such changes in the future.

Stricter Validation of Image Processing Config Properties with use2025Behavior 🔥

The server config properties mediaLibrary.images.processing.failOn, mediaLibrary.images.processing.convert, mediaLibrary.images.processing.lossy, and mediaLibrary.images.processing.lossless are not applied when use2025Behavior is enabled. Configuring them alongside use2025Behavior will now result in an error. Please remove these properties if use2025Behavior is enabled.

Removal of Deprecated Image Processing Config Properties 🔥

The deprecated server config properties mediaLibrary.images.processing.maxFileSize and mediaLibrary.images.uploadRestrictions.maxResolution are no longer supported.

Please use the following replacements instead:

  • mediaLibrary.images.processing.maxFileSizemediaLibrary.images.uploadRestrictions.maxFileSize
  • mediaLibrary.images.uploadRestrictions.maxResolutionmediaLibrary.images.processing.maxResolution

Usage Log Params Schema Plugin Type Consistency

All paramsSchema entries across usage log purposes are now checked for type consistency. This ensures metadata plugins with the same handle share the same type. If you get the error message while updating a project config then you will need to modify the paramsSchema properties indicated so that they match across all purposes. You may also need to write a script to perform a manual data migration if you want to keep the data. Please contact us if you need any support with this.

An example of an invalid configuration:

{
  mediaCenter: {
    usageLog: {
      purposes: [
        {handle: 'web', paramsSchema: [{handle: 'page', type: 'li-text'}]},
        {handle: 'print', paramsSchema: [{handle: 'page', type: 'li-integer'}]}
      ]
    }
  }
}

To fix this example:

  • both page params would need to be either li-text or li-integer
  • or, one handle needs to be modified (e.g. renaming page to webpage)

Deprecations

Features 🎁

Public API Endpoint to get the Usage Log of a Media Library Entry 🎁

A new endpoint has been added, GET /api/:apiVersion/mediaLibrary/:id/usageLog, which returns all usage log entries for the specified media library entry. Further details can be found in the Get the Usage Log of a Media Library Entry endpoint documentation.

Public API Operations to Modify Media Library Entry Usage Log Entries 🎁

The Media Library Entry patch endpoint in the public API has been extended to allow external systems (e.g. print system) to report the usage of a media library entry and provide the details.

Add a new entry:

PATCH /api/2026-05/mediaLibrary/{id}

{
  "preserveUpdatedAt": true,
  "patches": [
    {
      "operation": "addUsageLogEntry",
      "value": {
        "state": "pending", // Optional 'pending' or 'confirmed' (default: 'pending')
        "purpose": "print", // Required handle of usage log purpose
        "publicationDate": "2026-05-01T11:00:00.000Z", // Required when state is 'confirmed'
        "url": "http://localhost", // Optional link to external editor or delivery
        "params": {} // Any value for params defined in the `paramsSchema` of the selected purpose
      }
    }
  ]
}

Update an entry:

PATCH /api/2026-05/mediaLibrary/{id}

{
  "preserveUpdatedAt": true,
  "patches": [
    {
      "operation": "updateUsageLogEntry",
      "usageLogEntryId": "g1x419UgQSS5",
      "value": {
        "state": "confirmed", // Required for updates
        "purpose": "print",
        "publicationDate": "2026-05-01T11:00:00.000Z",
        "url": "http://localhost",
        "params": {
          "medium": "Paper"
        }
      },
      "oldValue": {} // Optional expected state condition
    }
  ]
}

Remove an entry:

PATCH /api/2026-05/mediaLibrary/{id}

{
  "preserveUpdatedAt": true,
  "patches": [
    {
      "operation": "removeUsageLogEntry",
      "usageLogEntryId": "g1x419UgQSS5"
    }
  ]
}

Vulnerability Patches

We are constantly patching module vulnerabilities for the Livingdocs Server and Livingdocs Editor as module fixes are available. Below is a list of all patched vulnerabilities included in the release.

Livingdocs Server

This release we have patched the following vulnerabilities in the Livingdocs Server:

  • TBD

No known vulnerabilities. 🎉

Livingdocs Editor

This release we have patched the following vulnerabilities in the Livingdocs Editor:

  • TBD

We are aware of the following vulnerabilities in the Livingdocs Editor:

  • CVE-2023-44270 vulnerability in postcss, it affects linters using PostCSS to parse external Cascading Style Sheets (CSS). It is not exploitable in the editor as we don’t load untrusted external CSS at build time.
  • CVE-2022-25844, CVE-2022-25869, CVE-2023-26116, CVE-2023-26117, CVE-2023-26118, CVE-2024-8372, CVE-2024-8373, CVE-2024-21490, CVE-2025-0716 are all AngularJS vulnerabilities that don’t have a patch available. We are working on removing all AngularJS from our code and vulnerabilities will go away when we complete the transition to Vue.js.
  • CVE-2024-9506 vulnerability in vue, an ReDoS vulnerability exploitable through inefficient regex evaluation in parseHTML function. The issue can cause excessive CPU usage but is not exploitable in the editor as we don’t load untrusted HTML at runtime.

Patches

Here is a list of all patches after the release has been announced.

Livingdocs Server Patches

Livingdocs Editor Patches

Icon Legend

  • Breaking changes: 🔥
  • Feature: 🎁