ether/etherpad-lite 1.8.16

on GitHub

Security fixes

This release includes fixes for GHSA-w3g3-qf3g-2mqc (CVE-2021-43802).

If you cannot upgrade to v1.8.16 for some reason, you are encouraged to try cherry-picking the fixes to the version you are running:

git cherry-pick b7065eb9a0ec..77bcb507b30e

• Maliciously crafted .etherpad files can no longer overwrite arbitrary non-pad database records when imported.
• Imported .etherpad files are now subject to numerous consistency checks before any records are written to the database. This should help avoid denial-of-service attacks via imports of malformed .etherpad files.

Notable enhancements and fixes

• Fixed several .etherpad import bugs.
• Improved support for large .etherpad imports.