dont add target=_blank to link to other notes

Signed-off-by: Philip Molares <philip.molares@udo.edu>

AUTHORS

@@ -40,6 +40,7 @@ Dennis Gaida <2392217+DennisGaida@users.noreply.github.com>
 Devon Jue <djue129@gmail.com>
 Dexter Chua <dalcde@yahoo.com.hk>
 Dmytro Kytsmen <dmitrokytsmen@gmail.com>
+Dominik Rimpf <dev@drimpf.de>
 Dustin Frisch <fooker@lab.sh>
 Dylan Dervaux <dylanderv05@gmail.com>
 Edgar Zanella Alvarenga <e@vaz.io>

docs/content/dev/openapi.yml

@@ -3,7 +3,7 @@ openapi: 3.0.1
 info:
   title: HedgeDoc
   description: HedgeDoc is an open source collaborative note editor. Several tasks of HedgeDoc can be automated through this API.
-  version: 1.10.0
+  version: 1.10.1
   contact:
     name: HedgeDoc on GitHub
     url: https://github.com/hedgedoc/hedgedoc

docs/content/setup/docker.md

@@ -28,7 +28,7 @@ services:
     restart: always
   app:
     # Make sure to use the latest release from https://hedgedoc.org/latest-release
-    image: quay.io/hedgedoc/hedgedoc:1.10.0
+    image: quay.io/hedgedoc/hedgedoc:1.10.1
     environment:
       - CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc
       - CMD_DOMAIN=localhost

docs/content/setup/manual-setup.md

@@ -19,7 +19,7 @@
 
 1. Check if you meet the [requirements at the top of this document](#manual-installation).
 2. Download the [latest release](https://hedgedoc.org/latest-release/) and extract it.  
-   <small>Alternatively, you can use Git to clone the repository and checkout a release, e.g. with `git clone -b 1.10.0 https://github.com/hedgedoc/hedgedoc.git`.</small>
+   <small>Alternatively, you can use Git to clone the repository and checkout a release, e.g. with `git clone -b 1.10.1 https://github.com/hedgedoc/hedgedoc.git`.</small>
 3. Enter the directory and execute `bin/setup`, which will install the dependencies and create example configs.
 4. Configure HedgeDoc: To get started, you can use this minimal `config.json`:
    ```json
@@ -61,7 +61,7 @@ If you want to upgrade HedgeDoc from an older version, follow these steps:
    and the latest release.
 2. Fully stop your old HedgeDoc server.
 3. [Download](https://hedgedoc.org/latest-release/) the new release and extract it over the old directory.  
-   <small>If you use Git, you can check out the new tag with e.g. `git fetch origin && git checkout 1.9.9`</small>
+   <small>If you use Git, you can check out the new tag with e.g. `git fetch origin && git checkout 1.10.1`</small>
 5. Run `bin/setup`. This will take care of installing dependencies. It is safe to run on an existing installation.
 6. *:octicons-light-bulb-16: If you used the release tarball for 1.7.0 or newer, this step can be skipped.*  
    Build the frontend bundle by running `yarn install --immutable` and `yarn build`. The extra `yarn install --immutable` is necessary as `bin/setup` does not install the       build dependencies.

locales/_supported.json

@@ -1,43 +1,44 @@
 {
     "en": "English",
-    "zh-CN": "简体中文",
-    "zh-TW": "繁體中文",
-    "fr": "Français",
-    "de": "Deutsch",
-    "ja": "日本語",
-    "es": "Español",
-    "ca": "Català",
-    "el": "Ελληνικά",
-    "pt": "Português",
-    "it": "Italiano",
-    "tr": "Türkçe",
-    "ru": "Русский",
-    "nl": "Nederlands",
-    "hr": "Hrvatski",
-    "pl": "Polski",
-    "uk": "Українська",
-    "hi": "हिन्दी",
-    "sv": "Svenska",
-    "eo": "Esperanto",
-    "da": "Dansk",
-    "ko": "한국어",
-    "id": "Bahasa Indonesia",
-    "sr": "Cрпски",
-    "vi": "Tiếng Việt",
     "ar": "العربية",
-    "cs": "Česky",
-    "sk": "Slovensky",
-    "ml": "മലയാളം",
     "bg": "български език",
+    "ca": "Català",
+    "cs": "Česky",
+    "da": "Dansk",
+    "de": "Deutsch",
+    "el": "Ελληνικά",
+    "eo": "Esperanto",
+    "es": "Español",
+    "eu": "Euskara",
     "fa": "فارسی",
+    "fr": "Français",
     "gl": "Galego",
     "he": "עברית",
+    "hi": "हिन्दी",
+    "hr": "Hrvatski",
     "hu": "Magyar",
-    "oc": "Occitan",
-    "pt-br": "Português do Brasil",
+    "id": "Bahasa Indonesia",
+    "it": "Italiano",
+    "ja": "日本語",
+    "ko": "한국어",
     "lt": "Lietuvių kalba",
+    "ml": "മലയാളം",
+    "nb": "Norsk bokmål",
+    "nl": "Nederlands",
+    "nl-be": "Nederlands (België)",
+    "oc": "Occitan",
+    "pl": "Polski",
+    "pt": "Português",
+    "pt-br": "Português do Brasil",
     "ro": "Română",
+    "ru": "Русский",
+    "sk": "Slovensky",
     "sl": "Slovenski jezik",
-    "eu": "Euskara",
-    "nb": "Norsk bokmål"
-}
+    "sr": "Cрпски",
+    "sv": "Svenska",
+    "tr": "Türkçe",
+    "uk": "Українська",
+    "vi": "Tiếng Việt",
+    "zh-CN": "简体中文",
+    "zh-TW": "繁體中文"
+}

locales/nl-be.json

@@ -0,0 +1,130 @@
+{
+    "Collaborative markdown notes": "Gezamenlijke markdown-notities",
+    "Realtime collaborative markdown notes on all platforms.": "Werk samen aan markdown-notities op alle platforms in realtime.",
+    "Best way to write and share your knowledge in markdown.": "Het beste platform om markdown-notities te schrijven en te delen.",
+    "Intro": "Intro",
+    "History": "Geschiedenis",
+    "New guest note": "Nieuwe gastnotitie",
+    "Collaborate with URL": "Realtime samenwerking",
+    "Support charts and MathJax": "Werkt met grafieken en MathJax",
+    "Support slide mode": "Ondersteunt diamodus",
+    "Sign In": "Inloggen",
+    "Below is the history from browser": "Hieronder vindt u de geschiedenis van deze browser",
+    "Welcome!": "Welkom!",
+    "New note": "Nieuwe notitie",
+    "or": "of",
+    "Sign Out": "Uitloggen",
+    "Explore all features": "Ontdek alle functies",
+    "Select tags...": "Selecteer labels...",
+    "Search keyword...": "Zoek sleutelwoord…",
+    "Sort by title": "Sorteer op titel",
+    "Title": "Titel",
+    "Sort by time": "Sorteer op tijd",
+    "Time": "Tijd",
+    "Export history": "Geschiedenis exporteren",
+    "Import history": "Geschiedenis importeren",
+    "Clear history": "Geschiedenis wissen",
+    "Refresh history": "Vernieuw geschiedenis",
+    "No history": "Geen geschiedenis",
+    "Import from browser": "Importeren vanuit browser",
+    "Releases": "Releases",
+    "Are you sure?": "Weet u het zeker?",
+    "Do you really want to delete this note?": "Wilt u deze notitie echt verwijderen?",
+    "All users will lose their connection.": "Alle gebruikers verliezen hun verbinding.",
+    "Cancel": "Annuleren",
+    "Yes, do it!": "Ja, doe het!",
+    "Choose method": "Kies methode",
+    "Sign in via %s": "Log in via %s",
+    "New": "Nieuw",
+    "Publish": "Publiceren",
+    "Extra": "Extra",
+    "Revision": "Herziening",
+    "Slide Mode": "Dia-modus",
+    "Export": "Exporteren",
+    "Import": "Importeren",
+    "Clipboard": "Klembord",
+    "Download": "Downloaden",
+    "Raw HTML": "Ruwe HTML",
+    "Edit": "Bewerking",
+    "View": "Weergave",
+    "Both": "Beide",
+    "Help": "Hulp",
+    "Upload Image": "Afbeelding uploaden",
+    "Menu": "Menu",
+    "This page need refresh": "Deze pagina moet vernieuwd worden",
+    "You have an incompatible client version.": "De versie van uw klant is incompatibel.",
+    "Refresh to update.": "Vernieuwen om bij te werken.",
+    "New version available!": "Nieuwe versie beschikbaar!",
+    "See releases notes here": "Bekijk hier de release-opmerkingen",
+    "Refresh to enjoy new features.": "Vernieuw om van nieuwe functies te genieten.",
+    "Your user state has changed.": "Uw gebruikersstatus is gewijzigd.",
+    "Refresh to load new user state.": "Vernieuwen om de nieuwe gebruikersstatus te laden.",
+    "Refresh": "Vernieuwen",
+    "Contacts": "Contacten",
+    "Report an issue": "Een probleem melden",
+    "Meet us on %s": "Ontmoet ons op %s",
+    "Send us email": "Stuur ons een e-mail",
+    "Documents": "Documenten",
+    "Features": "Functies",
+    "YAML Metadata": "YAML-metagegevens",
+    "Slide Example": "Dia voorbeeld",
+    "Cheatsheet": "Spiek briefje",
+    "Example": "Voorbeeld",
+    "Syntax": "Syntaxis",
+    "Header": "Koptekst",
+    "Unordered List": "Ongeordende lijst",
+    "Ordered List": "Bestelde lijst",
+    "Todo List": "Controlelijst",
+    "Blockquote": "Blokcitaat",
+    "Bold font": "Vetgedrukt",
+    "Italics font": "Cursief",
+    "Strikethrough": "Doorhalen",
+    "Inserted text": "Onderstreepte tekst",
+    "Marked text": "Gemarkeerde tekst",
+    "Link": "Koppeling",
+    "Image": "Afbeelding",
+    "Code": "Code",
+    "Externals": "Externen",
+    "This is a alert area.": "Dit is een waarschuwingsgebied.",
+    "Revert": "Terugdraaien",
+    "Import from clipboard": "Importeren vanaf klembord",
+    "Paste your markdown or webpage here...": "Plak hier uw korting of webpagina...",
+    "Clear": "Duidelijk",
+    "This note is locked": "Deze notitie is vergrendeld",
+    "Sorry, only owner can edit this note.": "Sorry, alleen de eigenaar kan deze notitie bewerken.",
+    "OK": "OK",
+    "Reach the limit": "Bereik de limiet",
+    "Sorry, you've reached the max length this note can be.": "Sorry, je hebt de maximale lengte van dit briefje bereikt.",
+    "Please reduce the content or divide it to more notes, thank you!": "Maak de notitie korter.",
+    "Import from Gist": "Importeren vanuit Gist",
+    "Paste your gist url here...": "Plak hier uw kern-URL...",
+    "Import from Snippet": "Importeren uit fragment",
+    "Select From Available Projects": "Selecteer uit beschikbare projecten",
+    "Select From Available Snippets": "Selecteer uit beschikbare fragmenten",
+    "OR": "OF",
+    "Export to Snippet": "Exporteren naar fragment",
+    "Select Visibility Level": "Selecteer Zichtbaarheidsniveau",
+    "Night Theme": "Nacht thema",
+    "Follow us on %s and %s.": "Volg ons op %s en %s.",
+    "Privacy": "Privacy",
+    "Terms of Use": "Gebruiksvoorwaarden",
+    "Do you really want to delete your user account?": "Wilt u uw gebruikersaccount echt verwijderen?",
+    "This will delete your account, all notes that are owned by you and remove all references to your account from other notes.": "Hiermee verwijdert u uw account, alle notities die uw eigendom zijn en worden alle verwijzingen naar uw account uit andere notities verwijderd.",
+    "Delete user": "Verwijder gebruiker",
+    "Export user data": "Gebruikersgegevens exporteren",
+    "Help us translating on %s": "Help ons met vertalen op %s",
+    "Source Code": "Broncode",
+    "Register": "Register",
+    "Powered by %s": "Mogelijk gemaakt door %s",
+    "Help us translating": "Help ons met vertalen",
+    "Join the community": "Sluit je aan bij de gemeenschap",
+    "Imprint": "Afdruk",
+    "Freely - Anyone can edit": "Vrij: iedereen kan bewerken",
+    "Editable - Signed-in people can edit": "Bewerkbaar: ingelogde mensen kunnen bewerken",
+    "Limited - Signed-in people can edit (forbid guests)": "Beperkt - Ingelogde mensen kunnen bewerken (gasten verbieden)",
+    "Locked - Only owner can edit": "Vergrendeld: alleen de eigenaar kan bewerken",
+    "Protected - Only owner can edit (forbid guests)": "Beschermd - Alleen de eigenaar kan bewerken (gasten verbieden)",
+    "Private - Only owner can view & edit": "Privé - Alleen de eigenaar kan bekijken en bewerken",
+    "changed": "veranderd",
+    "created": "gemaakt"
+}

package.json

@@ -1,6 +1,6 @@
 {
   "name": "HedgeDoc",
-  "version": "1.10.0",
+  "version": "1.10.1",
   "description": "The best platform to write and share markdown.",
   "main": "app.js",
   "license": "AGPL-3.0",
@@ -18,7 +18,7 @@
   },
   "dependencies": {
     "@hedgedoc/meta-marked": "14.1.0",
-    "@node-saml/passport-saml": "4.0.4",
+    "@node-saml/passport-saml": "5.0.0",
     "@passport-next/passport-openid": "1.0.0",
     "Idle.Js": "git+https://github.com/shawnmclean/Idle.js#commit=2b57cc6e49d177b7ddce0cca00ef5cbe07453541",
     "archiver": "6.0.2",
@@ -137,8 +137,8 @@
     "url": "https://github.com/hedgedoc/hedgedoc.git"
   },
   "devDependencies": {
-    "@eslint/eslintrc": "^3.2.0",
-    "@eslint/js": "^9.19.0",
+    "@eslint/eslintrc": "3.2.0",
+    "@eslint/js": "9.19.0",
     "@hedgedoc/codemirror-5": "5.65.12",
     "abcjs": "6.4.4",
     "babel-cli": "6.26.0",
@@ -168,7 +168,7 @@
     "flowchart.js": "1.18.0",
     "fork-awesome": "1.2.0",
     "gist-embed": "2.6.0",
-    "globals": "^15.14.0",
+    "globals": "15.14.0",
     "highlight.js": "10.7.3",
     "html-webpack-plugin": "4.5.2",
     "imports-loader": "1.2.0",

public/docs/release-notes.md

@@ -2,18 +2,34 @@
 
 ## <i class="fa fa-tag"></i> 1.x.x <i class="fa fa-calendar-o"></i> UNRELEASED
 
+## <i class="fa fa-tag"></i> 1.10.1 <i class="fa fa-calendar-o"></i> 2024-02-02
+
+This release fixes a security issue where brute-forcing local email/passwords is possible because of missing rate-limits.
+We recommend upgrading as soon as possible, if you use local logins.
+
+See also <https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-6w39-x2c6-6mpf>
+
 This release changes the default configuration of the HSTS preload attribute to false for compliance with the
 HSTS preload list requirements. This shouldn't impact any instance. However, if you intend to use HSTS preloading
-you should enable the config setting `hsts.preload` or set environment variable `CMD_HSTS_PRELOAD=true`.
+you should enable the config setting `hsts.preload` to `true` or set environment variable `CMD_HSTS_PRELOAD=true`.
+
+This release deprecates support for Node 18.
+As the LTS support for 18 runs out in April 2025, the next release will only work with Node 20 and upwards.
+Consider this your early warning to upgrade any running instances to at least Node 20.
 
 ### Enhancements
 - Add fixed rate-limiting to the login and register endpoints
 - Add configurable rate-limiting to the new notes endpoint
 
 ### Bugfixes
-- Fix a crash when cannot read user profile in Oauth
+- Fix a crash when cannot read user profile in OAuth ([#5850](https://github.com/hedgedoc/hedgedoc/pull/5850) by [@lautaroalvarez](https://github.com/lautaroalvarez))
 - Fix CSP Header for mermaid embedded images ([#5887](https://github.com/hedgedoc/hedgedoc/pull/5887) by [@domrim](https://github.com/domrim))
-- Change default of HSTS preload to false for compliance with the HSTS preload list requirements
+- Change default of HSTS preload to false for compliance with the HSTS preload list requirements ([#5913](https://github.com/hedgedoc/hedgedoc/issues/5913) by [@SvizelPritula](https://github.com/SvizelPritula))
+
+### Contributors
+
+- [Dominik Rimpf](https://github.com/domrim)
+- [Lautaro Alvarez](https://github.com/lautaroalvarez)
 
 ## <i class="fa fa-tag"></i> 1.10.0 <i class="fa fa-calendar-o"></i> 2024-09-01
 

public/js/extra.js

@@ -573,7 +573,7 @@ export function postProcess (code) {
   // link should open in new window or tab
   // also add noopener to prevent clickjacking
   // See details: https://mathiasbynens.github.io/rel-noopener/
-  result.find('a:not([href^="#"]):not([target])').attr('target', '_blank').attr('rel', 'noopener')
+  result.find('a:not([href^="#"]):not([href^="/"]):not([target])').attr('target', '_blank').attr('rel', 'noopener')
 
   // If it's hashtag link then make it base uri independent
   result.find('a[href^="#"]').each((index, linkTag) => {