From eb9eb9e7829f2470cbb44350414402f3b8b5d28c Mon Sep 17 00:00:00 2001 From: Weblate Date: Fri, 2 Jul 2021 14:31:46 +0200 Subject: [PATCH 01/12] Translated using Weblate (Japanese) Currently translated at 100.0% (1366 of 1366 strings) Translation: CryptPad/App Translate-URL: http://weblate.cryptpad.fr/projects/cryptpad/app/ja/ Translated using Weblate (Japanese) Currently translated at 100.0% (1366 of 1366 strings) Translation: CryptPad/App Translate-URL: http://weblate.cryptpad.fr/projects/cryptpad/app/ja/ Translated using Weblate (Japanese) Currently translated at 100.0% (1366 of 1366 strings) Translation: CryptPad/App Translate-URL: http://weblate.cryptpad.fr/projects/cryptpad/app/ja/ Translated using Weblate (Japanese) Currently translated at 100.0% (1366 of 1366 strings) Translation: CryptPad/App Translate-URL: http://weblate.cryptpad.fr/projects/cryptpad/app/ja/ Translated using Weblate (Japanese) Currently translated at 100.0% (1366 of 1366 strings) Translation: CryptPad/App Translate-URL: http://weblate.cryptpad.fr/projects/cryptpad/app/ja/ Translated using Weblate (Japanese) Currently translated at 100.0% (1366 of 1366 strings) Translation: CryptPad/App Translate-URL: http://weblate.cryptpad.fr/projects/cryptpad/app/ja/ Translated using Weblate (Japanese) Currently translated at 100.0% (1366 of 1366 strings) Translation: CryptPad/App Translate-URL: http://weblate.cryptpad.fr/projects/cryptpad/app/ja/ Translated using Weblate (Japanese) Currently translated at 100.0% (1366 of 1366 strings) Translation: CryptPad/App Translate-URL: http://weblate.cryptpad.fr/projects/cryptpad/app/ja/ --- www/common/translations/messages.ja.json | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/www/common/translations/messages.ja.json b/www/common/translations/messages.ja.json index e3982bca6..348814824 100644 --- a/www/common/translations/messages.ja.json +++ b/www/common/translations/messages.ja.json @@ -23,7 +23,7 @@ "sheet": "スプレッドシート", "form": "フォーム" }, - "main_title": "CryptPad - 安全にリアルタイム編集可能なコラボレーションツール", + "main_title": "CryptPad - 安全にリアルタイムで編集可能なコラボレーションツール", "support_formButton": "送信", "support_formMessage": "メッセージを入力…", "support_formContentError": "エラー:内容が空です", @@ -126,11 +126,11 @@ "register_importRecent": "匿名セッションのドキュメントをインポート", "importButton": "インポート", "main_catch_phrase": "コラボレーションスイート
暗号化されかつオープンソース", - "tos_3rdparties": "私たちは、法律で義務付けられている場合を除き、個別のデータを第三者に提供しません。", + "tos_3rdparties": "私たちは、法令に基づく場合を除き、個人情報を第三者に提供しません。", "tos_logs": "あなたのブラウザからサーバーに送信されたメタデータは、サービスを維持するために記録される場合があります。", "tos_availability": "私たちはこのサービスがあなたの役に立つことを願っていますが、可用性や性能は保証できません。定期的にデータをエクスポートしてください。", "tos_legal": "悪意ある行為、乱用する行為、または何らかの違法な行為を行わないでください。", - "tos_title": "CryptPad サービス利用規約", + "tos_title": "CryptPadサービス利用規約", "whatis_title": "CryptPadとは?", "topbar_whatIsCryptpad": "CryptPadとは何か", "footer_tos": "利用規約", @@ -242,7 +242,7 @@ "settings_trimHistoryHint": "ドライブと通知の履歴を削除して、ストレージ容量を節約します。これはパッドの履歴には影響しません。パッドの履歴は、プロパティダイアログから削除できます。", "trimHistory_currentSize": "現在の履歴容量: {0}", "support_cat_other": "その他", - "user_about": "CryptPad について", + "user_about": "CryptPadについて", "fc_delete": "ごみ箱へ移動", "fc_remove": "削除", "fc_restore": "復元", @@ -568,7 +568,7 @@ "form_type_poll": "投票", "form_type_checkbox": "チェックボックス", "form_type_textarea": "段落", - "form_type_input": "文字", + "form_type_input": "文", "form_text_number": "数", "form_text_email": "Eメール", "form_text_url": "リンク", @@ -763,7 +763,7 @@ "userlist_offline": "現在オフラインのため、ユーザーリストは利用できません。", "readonly": "読み取り専用", "errorState": "重大なエラー: {0}", - "realtime_unrecoverableError": "回復不可能なエラーが発生しました。OKをクリックして再読み込みを行ってください。", + "realtime_unrecoverableError": "回復不能なエラーが発生しました。OKをクリックして再読み込みを行ってください。", "disabledApp": "このアプリケーションは無効になっています。詳細については、このCryptPadの管理者にお問い合わせください。", "deletedFromServer": "パッドは完全削除されました", "newVersionError": "新しいバージョンのCryptPadがあります。
リロードすると新しいバージョンを読み込みます。Escキーを押すとオフラインモードでコンテンツにアクセスします。", @@ -854,7 +854,7 @@ "settings_exportErrorMissing": "このドキュメントはサーバーにありません(期限切れ、もしくはオーナーにより削除されました)", "settings_exportErrorEmpty": "このドキュメントはエクスポートできません(内容が空もしくは無効です)。", "settings_exportErrorDescription": "以下のドキュメントをエクスポートに追加できませんでした:", - "settings_exportDescription": "ドキュメントをダウンロードして復号化しております。少々お待ちください。これには数分程度かかることがあります。タブを閉じると作業が中断されます。", + "settings_exportDescription": "ドキュメントをダウンロードして復号化しています。これには数分程度かかることがあります。タブを閉じると作業が中断されます。", "crowdfunding_popup_text": "

あなたの援助が必要です!

CryptPadの開発が継続できるよう、OpenCollectiveのページからご支援いただきますようお願いします。ロードマップ資金調達の目標を同ページにて公開しています。", "autostore_notAvailable": "この機能を使うにはCryptDriveにパッドを保存する必要があります。", "autostore_forceSave": "CryptDriveにファイルを保存", @@ -1263,7 +1263,7 @@ "contacts_info1": "連絡先の一覧が表示されます。ここでは以下を行うことができます:", "share_noContactsLoggedIn": "連絡先がありません。プロフィールのリンクを共有して、連絡先のリクエストを送信してください。", "settings_cat_security": "セキュリティー", - "whatis_collaboration_info": "

CryptPadはコラボレーションを念頭に作られています。ドキュメントに加えられる変更は、リアルタイムで同期されます。全てのデータは暗号化されているため、サービスとその管理者が、編集され保存されているコンテンツを覗き見ることは不可能です。

", + "whatis_collaboration_info": "

CryptPadはコラボレーションを念頭に作られています。ドキュメントに加えられる変更は、リアルタイムで同期されます。全てのデータは暗号化されているため、サービスとその管理者が、編集され保存されているコンテンツを覗き見ることはできません。

", "whatis_apps": "フルスイートアプリケーション", "whatis_drive_info": "

ドキュメントをCryptDriveに保存して管理できます。フォルダを作ったり共有したりできるほか、ドキュメントをタグ付けして整理することもできます。PDFファイル、写真、動画、音声などのファイルをアップロードして共有できます。チームのドライブを使うと、メンバーとデータを共有したり、ファイルの管理や、きめ細かいアクセス権のコントロールを行うことができます。

", "whatis_model_info": "

CryptPadは2016年より、寄付金とcryptpad.frの定額利用のほか、BPIフランス、NLNet財団、NGI Trust、Mozillaオープンソースサポートといったフランス、EUの研究助成を受けています。私たちは、公的資金で作られたソフトウェアについては、コードも公的に公開されるべきであると考えているため、サービスは全てオープンソースで提供しています。誰でも自由にこのソフトウェアを使用、運営、改変することができます。

CryptPadは、ユーザーのデータを使って金銭上の利益を得ることはありません。これはプライバシーを尊重するオンラインサービスの展望の一部をなすものです。個人情報を使って金銭上の利益をあげながら「無料」を装う巨大プラットフォームとは違って、CryptPadは、ユーザーが自発的に支援を行うサービスのモデルを作ることを目指しています。

私たちは、CryptPadのサービスを無料で提供しています。それは、金銭的に余裕のある人々だけでなく、誰もがプライバシーを得るに値すると確信しているからです。もしあなたがこのプロジェクトを支援できる状況にあるなら、機能の開発や、改良、メンテナンスに参加していただきたく考えます。そうすることで、全てのユーザーに利益をもたらされるはずです。

このプロジェクトが実行可能であることが明らかになったいま、次のゴールは、ユーザーによる支援を通じて、プロジェクトを持続可能なものにすることにあります。CryptPadが、巨大プラットフォームに代わる持続可能なサービスを開発できるよう支援していただけるなら、一度もしくは継続的な寄付へのご協力をお願いいたします。

", @@ -1321,7 +1321,7 @@ "admin_surveyHint": "外部サイトで行うアンケートのリンクを追加、更新、削除できます。ユーザーには通知が送信され、アンケートはユーザーのメニューから開くことができます。", "broadcast_defaultLanguage": "この言語にフォールバック", "admin_performanceProfilingHint": "サーバー側でコマンドを実行する際に掛かった合計時間の一覧です", - "admin_consentToContactHint": "サーバーのテレメトリーには、ソフトウェアや設定に関する重大な問題が発生した際に開発者が連絡できるよう、管理者の連絡先のメールアドレスが含まれます。メールアドレスが共有、売却、マーケティングの目的で使用されることはありません。サーバーに重大な問題が発生した際に連絡を希望する場合は、「同意する」にチェックをつけてください。", + "admin_consentToContactHint": "サーバーのテレメトリーには、ソフトウェアや設定に関する重大な問題が発生した際に開発者が連絡できるよう、管理者の連絡先のメールアドレスが含まれます。メールアドレスが共有、売却、マーケティングの目的で使用されることはありません。サーバーに重大な問題が発生した際に連絡を希望する場合は、「同意する」にチェックを付けてください。", "admin_removeDonateButtonHint": "CryptPadの開発の一部は、公的な助成金と寄付金によってまかなわれています。クラウドファンディングに関する宣伝をあなたのインスタンスで行うことで、開発者が万人のためにプラットフォームを改良することへの支援につながります。ただし、もし宣伝が不適切な場合は、宣伝を無効にすることもできます。", "admin_performanceTimeHeading": "時間(秒)", "team_maxTeams": "それぞれのユーザーアカウントがメンバーになることができるのは、最大{0}チームまでです。", @@ -1334,7 +1334,7 @@ "burnAfterReading_linkBurnAfterReading": "一度だけ表示した後に自動で削除", "feedback_about": "これを読んでいるのは、特定のアクションの実行時にCryptPadがウェブページのリクエストを送信している理由が気になるからだと思います。", "burnAfterReading_warningLink": "パッドを自動削除に設定しました。リンクを受け取った相手がリンクを開くと、パッドは一度だけ表示され、その後削除されます。", - "burnAfterReading_warningAccess": "このドキュメントは自動的に削除されます。下のボタンをクリックするとコンテンツが自動的に表示され、その後で削除されます。ドキュメントを表示した後でウィンドウを閉じると、二度とドキュメントにアクセスすることはできません。準備が出来ていない場合は、ドキュメントを表示する前にこのウィンドウを閉じて、後ほどアクセスしてください。", + "burnAfterReading_warningAccess": "このドキュメントは自動的に削除されます。下のボタンをクリックするとコンテンツが自動的に表示され、その後で削除されます。ドキュメントを表示した後でウィンドウを閉じると、二度とドキュメントにアクセスすることはできません。準備ができていない場合は、ドキュメントを表示する前にこのウィンドウを閉じて、後ほどアクセスしてください。", "form_sort_hint": "項目を優先順位(1が最も高く{0}が最も低い)に従って並べてください。", "canvas_brush": "ペン", "share_versionHash": "ドキュメントの選択したバージョンを閲覧モードで共有します。それにより、このドキュメントの全てのバージョンへの読み取り専用アクセスも可能になります。", From ffad850434fdd31ee38ffd01be2df05097160b9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Benqu=C3=A9?= Date: Mon, 5 Jul 2021 10:12:51 +0100 Subject: [PATCH 02/12] Use more faded red for danger alert backgrounds --- customize.dist/src/less2/include/colortheme-dark.less | 2 +- customize.dist/src/less2/include/colortheme.less | 2 +- customize.dist/src/less2/include/markdown.less | 7 ++----- 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/customize.dist/src/less2/include/colortheme-dark.less b/customize.dist/src/less2/include/colortheme-dark.less index f8ea0c92b..5c1649850 100644 --- a/customize.dist/src/less2/include/colortheme-dark.less +++ b/customize.dist/src/less2/include/colortheme-dark.less @@ -53,7 +53,7 @@ @cryptpad_color_light_blue: #00b7d8; @cryptpad_color_red: #ff1100; @cryptpad_color_red_fade: fade(@cryptpad_color_red, 50%); -@cryptpad_color_red_fader: fade(@cryptpad_color_red, 25%); +@cryptpad_color_red_fader: fade(@cryptpad_color_red, 15%); @cryptpad_color_warn_red: @cryptpad_color_red_fade; @cryptpad_color_dark_red: #9e0000; @cryptpad_color_light_red: #FFD4D4; diff --git a/customize.dist/src/less2/include/colortheme.less b/customize.dist/src/less2/include/colortheme.less index a7b103797..18dcb1c0a 100644 --- a/customize.dist/src/less2/include/colortheme.less +++ b/customize.dist/src/less2/include/colortheme.less @@ -53,7 +53,7 @@ @cryptpad_color_light_blue: #00b7d8; @cryptpad_color_red: #ff1100; @cryptpad_color_red_fade: fade(@cryptpad_color_red, 50%); -@cryptpad_color_red_fader: fade(@cryptpad_color_red, 25%); +@cryptpad_color_red_fader: fade(@cryptpad_color_red, 15%); @cryptpad_color_warn_red: @cryptpad_color_red_fade; @cryptpad_color_dark_red: #9e0000; @cryptpad_color_light_red: #FFD4D4; diff --git a/customize.dist/src/less2/include/markdown.less b/customize.dist/src/less2/include/markdown.less index f42a27146..43732187a 100644 --- a/customize.dist/src/less2/include/markdown.less +++ b/customize.dist/src/less2/include/markdown.less @@ -156,14 +156,11 @@ } div.cp-inline-img-warning { - @cryptpad_test_red_fader: fade(@cryptpad_color_red, 15%); // XXX display: inline-block; padding: 10px; - - color: @cryptpad_text_col; // XXX - background-color: @cryptpad_test_red_fader; // XXX @cryptpad_color_red_fader; + color: @cryptpad_text_col; + background-color: @cryptpad_color_red_fader; border: 1px solid @cryptpad_color_red; - .cp-inline-img { display: flex; margin-bottom: 10px; From 512e6eea6b135581c40b05cddf3eb3080c5d7c2f Mon Sep 17 00:00:00 2001 From: Weblate Date: Mon, 5 Jul 2021 12:54:36 +0200 Subject: [PATCH 03/12] Translated using Weblate (French) Currently translated at 99.8% (1364 of 1366 strings) Translation: CryptPad/App Translate-URL: http://weblate.cryptpad.fr/projects/cryptpad/app/fr/ --- www/common/translations/messages.fr.json | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/www/common/translations/messages.fr.json b/www/common/translations/messages.fr.json index 563b89ade..ade45bb3a 100644 --- a/www/common/translations/messages.fr.json +++ b/www/common/translations/messages.fr.json @@ -1354,5 +1354,15 @@ "button_newform": "Nouveau formulaire", "share_formView": "Participant", "share_formAuditor": "Auditeur", - "share_formEdit": "Auteur" + "share_formEdit": "Auteur", + "admin_purpose_noanswer": "Je préfère ne pas répondre", + "admin_purpose_experiment": "Pour tester la plateforme ou développer de nouvelles fonctionnalités", + "resources_imageBlocked": "CryptPad a bloqué une image distante", + "resources_openInNewTab": "Ouvrir dans un nouvel onglet", + "resources_learnWhy": "En savoir plus sur les images bloquées", + "admin_instancePurposeTitle": "Usage de l'instance", + "admin_purpose_personal": "Usage personnel, famille ou amis", + "admin_purpose_org": "Usage associatif", + "admin_purpose_education": "Usage en entreprise", + "admin_purpose_public": "Service gratuit ouvert au public" } From f0635afdf8cf5812e54d53894cff5d48795692b9 Mon Sep 17 00:00:00 2001 From: Weblate Date: Mon, 5 Jul 2021 12:54:36 +0200 Subject: [PATCH 04/12] Translated using Weblate (Portuguese (Brazil)) Currently translated at 69.9% (955 of 1366 strings) Translation: CryptPad/App Translate-URL: http://weblate.cryptpad.fr/projects/cryptpad/app/pt_BR/ --- www/common/translations/messages.pt-br.json | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/www/common/translations/messages.pt-br.json b/www/common/translations/messages.pt-br.json index 971bf959a..81237753d 100644 --- a/www/common/translations/messages.pt-br.json +++ b/www/common/translations/messages.pt-br.json @@ -9,7 +9,7 @@ "whiteboard": "Whiteboard", "file": "File", "media": "Media", - "kanban": "Kanban", + "kanban": "Placa de Assinatura", "todo": "A Fazer", "contacts": "Contactos", "sheet": "Planilha (Beta)", @@ -221,7 +221,7 @@ "header_logoTitle": "Go to the main page", "edit": "edit", "view": "view", - "feedback_about": "If you're reading this, you were probably curious why CryptPad is requesting web pages when you perform certain actions", + "feedback_about": "Se você está lendo isso, provavelmente está curioso para saber por que o CryptPad está solicitando páginas da web quando você executa certas ações.", "feedback_privacy": "We care about your privacy, and at the same time we want CryptPad to be very easy to use. We use this file to figure out which UI features matter to our users, by requesting it along with a parameter specifying which action was taken.", "feedback_optout": "If you would like to opt out, visit your user settings page, where you'll find a checkbox to enable or disable user feedback.", "button_newkanban": "Novo Kanban", @@ -842,7 +842,7 @@ "admin_flushCacheTitle": "Limpar cache HTTP", "settings_padNotifTitle": "Notificações de comentários", "comments_comment": "Comentário", - "comments_resolve": "Resolve", + "comments_resolve": "Resolver", "comments_reply": "Responder", "comments_submit": "Enviar", "comments_edited": "Editado", @@ -952,5 +952,9 @@ "contacts_unmute": "Com som", "contacts_mute": "Mudo", "share_noContactsNotLoggedIn": "Faça login ou registre-se para ver seus contatos existentes e adicionar novos.", - "share_copyProfileLink": "Copiar link do perfil" + "share_copyProfileLink": "Copiar link do perfil", + "settings_padOpenLinkTitle": "Forma", + "settings_padOpenLinkHint": "Com esta opção, você pode abrir links incorporados com um clique, sem o pop-up de visualização", + "settings_padOpenLinkLabel": "Habilitar abertura de link direto", + "settings_padNotifHint": "Ignorar notificações quando alguém responder a um de seus comentários" } From 91c7accf9ca1752f3cf53fca44f28afd0e0580e2 Mon Sep 17 00:00:00 2001 From: Weblate Date: Mon, 5 Jul 2021 12:54:37 +0200 Subject: [PATCH 05/12] Translated using Weblate (Japanese) Currently translated at 100.0% (1366 of 1366 strings) Translation: CryptPad/App Translate-URL: http://weblate.cryptpad.fr/projects/cryptpad/app/ja/ --- www/common/translations/messages.ja.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/www/common/translations/messages.ja.json b/www/common/translations/messages.ja.json index 348814824..fded593cf 100644 --- a/www/common/translations/messages.ja.json +++ b/www/common/translations/messages.ja.json @@ -343,7 +343,7 @@ "settings_safeLinksTitle": "セーフリンク", "settings_safeLinksHint": "CryptPadでは、リンクの中にパッドを解読するための鍵が含まれています。ブラウザの閲覧履歴にアクセスできる人は、誰でもCryptPadのデータを閲覧することができます。ここにはデバイス間で履歴を同期するブラウザやその拡張機能も含まれます。「セーフリンク」を有効にすると、鍵がブラウザの閲覧履歴に残ったり、アドレスバーに表示されたりするのを可能な限り防ぐことができます。この機能を有効にして{0}の共有メニューを使用することを強く推奨します。", "settings_autostoreTitle": "CryptDriveへのパッドの保存", - "settings_logoutEverywhereConfirm": "全てのデバイスでログインが取り消されるため、今後利用する際にもう一度ログインするよう求められます。続行しますか?", + "settings_logoutEverywhereConfirm": "全てのデバイスで改めてログインしなければならなくなります。よろしいですか?", "settings_logoutEverywhere": "他の全てのウェブセッションからログアウト", "settings_logoutEverywhereTitle": "リモートセッションを閉じる", "loading_state_5": "ドキュメントを再構築", From 70219e376c5c62257dc000694f10469a26b50599 Mon Sep 17 00:00:00 2001 From: Weblate Date: Mon, 5 Jul 2021 12:54:54 +0200 Subject: [PATCH 06/12] Translated using Weblate (French) Currently translated at 99.8% (1364 of 1366 strings) Translation: CryptPad/App Translate-URL: http://weblate.cryptpad.fr/projects/cryptpad/app/fr/ --- www/common/translations/messages.fr.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/www/common/translations/messages.fr.json b/www/common/translations/messages.fr.json index ade45bb3a..0ce9e2d6f 100644 --- a/www/common/translations/messages.fr.json +++ b/www/common/translations/messages.fr.json @@ -1363,6 +1363,6 @@ "admin_instancePurposeTitle": "Usage de l'instance", "admin_purpose_personal": "Usage personnel, famille ou amis", "admin_purpose_org": "Usage associatif", - "admin_purpose_education": "Usage en entreprise", + "admin_purpose_education": "Usage éducatif, école ou université", "admin_purpose_public": "Service gratuit ouvert au public" } From 15fc16fca33d84362aaebaec0d0f5d6766e953bf Mon Sep 17 00:00:00 2001 From: ansuz Date: Mon, 5 Jul 2021 18:49:54 +0530 Subject: [PATCH 07/12] update changelog and version strings for 4.8.0 --- CHANGELOG.md | 94 +++++++++++++++++++++++------------------ customize.dist/pages.js | 2 +- package-lock.json | 2 +- package.json | 2 +- 4 files changed, 57 insertions(+), 43 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 92a38bfb1..01bb874c5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,43 +1,57 @@ -# WIP - -* WIP file conversion utilities -* server - * `installMethod: 'unspecified'` in the default config to distinguish docker installs - * `instancePurpose` on admin panel - * add support for archiving pin lists (instead of deleting them) - * blocks - * archive blocks instead of deleting them outright - * implement as storage API - * validate blocks in worker - * don't include adminEmail in telemetry unless we have consentToContact - * don't include instancePurpose in telemetry if it is "noanswer" -* display warnings when remote resources are blocked - * in code preview -* restrict style tags to a scope when rendering them in markdown preview by compiling their content as scoped less -* iPhone/Safari calendar and notification fixes (data parsing errors) -* checkup - * display actual FLoC header in checkup test - * WIP check for `server_tokens` settings (needs work for HTTP2) - * nicer output in error/warning tables - * more tests for Cross-Origin-Opener-Policy headers -* form templates -* guard against a type error in `getAccessKeys` -* guard against invalid or malicious input when constructing media-tags for embedding in markdown -* Japanese translation -* conversions - * convert app - * some basic office formats - * rich text => markdown (via turndown.js v7.1.1) - * handle some pecularities with headings and ids - * forms => .csv - * trello import with some loss -* fix rendering issue for legacy markdown media tag syntax - * guard against domExceptions - * catch errors thrown by the diff applier -* don't bother returning the hash of a pin list to the client, since they don't use it -* accounts - * trim leading and trailing whitespace from usernames when registering - * double-check that login blocks can be loaded after they have been written without error +# 4.8.0 + +## Goals + +This release cycle we decided to give people a chance to try our forms app and provide feedback before we begin developing its second round of major features and improvements. In the meantime we planned to work mostly on the activities of our [NGI DAPSI](https://dapsi.ngi.eu/) project which concerns client-side file format conversions. Otherwise, we dedicated some of our independently funded time towards some internal code review and security best-practices as a follow-up to the recent quick-scan performed by [Radically Open Security](https://radicallyopensecurity.com/) that was funded by [NLnet](https://nlnet.nl) as a part of our now-closing _CryptPad for Communities_ project. + +## Update notes + +We are still accepting feedback concerning our Form application via [a form hosted on CryptPad.fr](https://cryptpad.fr/form/#/2/form/view/gYs4QS7DetInCXy0z2CQoUW6CwN6kaR2utGsftDzp58/). We will accept feedback here until July 12th, 2021, so if you'd like your opinions to be represented in the app's second round of development act quickly! + +Following our last release we sent out an email to the admins of each outdated instance that had included their addresses in the server's daily telemetry. This appears to have been successful, as more than half of the 700+ instances that provide this telemetry are now running **4.7.0**. Previously, only 15% of instances were running the latest version. It's worth noting that of those admins that are hosting the latest version, less than 10% have opted into future emails warning them of security issues. In case you missed it, this can be done on the admin panel's _Network_ tab. Unlike most companies, we consider excess data collection a liability rather than an asset. As such, adminstrator emails are no longer included in server telemetry unless the admin has consented to be contacted. + +The same HTTP request that communicates server telemetry will soon begin responding with the URL of our latest release notes if it is detected that the remote instance is running an older version. The admin panel's _Network_ tab for instances running 4.7.0 or later will begin prompting admins to view the release notes and update once 4.8.0 is available. + +The Network tab now includes a multiple choice form as well. If you have not disabled your instance's telemetry you can use this field to answer _why you run your instance_ (for a business, an academic institution, personal use, etc.). We intend to use this data to inform our development roadmap, though as always, the fastest way to get us to prioritize your needs is to contact us for a support contract (sales@cryptpad.fr). + +Server telemetry will also include an `installMethod` property. By default this is `"unspecified"`, but we are planning to work with packagers of alternate install methods to modify this property in their installation scripts. This will help us assess what proportion of instances are installed via the steps included in our installation guide vs other methods such as the various docker images. We hope that it will also allow us to determine the source of some common misconfigurations so we can propose some improvements to the root cause. + +Getting off the topic of telemetry: two types of data that were previously deleted outright (pin logs and login blocks) are now archived when the client sends a _remove_ command. This provides for the ability to restore old user credentials in cases where users claim that their new credentials do not work following a password change. Some discretion is required in such cases as a user might have intentionally invalidated their old credentials due to shoulder-surfing or the breach of another service's database where they'd reused credentials. Neither of these types of data are currently included in the scripts which evict old data as they are not likely to consume a significant amount of storage space. In any case, CryptPad's data is stored on the filesystem, so it's always possible to remove outdated files by removing them from `cryptpad/data/archive/*` or whatever path you've configured for your archives. + +This release introduces some minor changes to the provided NGINX configuration file to enable support for WebAssembly where it is required for client-side file format conversions. We've added some new tests on the /checkup/ page that determine whether these changes have been applied. This page can be found via a button on the admin panel. + +To update from 4.7.0 to 4.8.0: + +1. Apply the documented NGINX configuration +2. Stop your server +3. Get the latest code with git +4. Install the latest dependencies with `bower update` and `npm i` +5. Restart your server +6. Confirm that your instance is passing all the tests included on the `/checkup/` page + +## Features + +* Those who prefer using tools localized in Japanese can thank [@Suguru](https://mstdn.progressiv.dev/@suguru) for completing the Japanese translation of the platform's text! CryptPad is a fairly big platform with a lot of text to translate, so we really appreciate how much effort went into this. + * While we're on the topic, CryptPad's _Deutsch_ translation is kept up to date largely by a single member of the German Pirate Party (Piratenpartei Deutschland). This is a huge job and we appreciate your work too! + * Anyone else who wishes to give back to the project by doing the same can contribute translations on an ongoing basis through [our Weblate instance](https://weblate.cryptpad.fr/projects/cryptpad/app/). +* We've implemented a new app for file format conversions as a part of our _INTEROFFICE_ project. At this point this page is largely a test-case for the conversion engine that we hope to integrate more tightly into the rest of the platform. It allows users to load a variety of file formats into their browser and convert to any other format that has a defined conversion process from the original format. What's special about this is that files are converted entirely in your browser, unlike other platforms which do so in the cloud and expose their contents in the process. Currently we support conversion between the following formats in every browser that supports modern web standards (ie. not safari): + * XLSX and ODS + * DOCX and ODT and TXT + * PPTX and ODP +* In addition to the /convert/ page which supports office file formats, we also put some time into improving interoperability for our existing apps. We're introducing the ability to export rich text documents as Markdown (via the [turndown](https://github.com/mixmark-io/turndown) library), to import trello's JSON format into our Kanban app (with some loss of attributes because we don't support all the same features), and to export form summaries as CSV files. +* We've added another extension to our customized markdown renderer which replaces markdown images with a warning that CryptPad blocks remote content to prevent malicious users from tracking visitors to certain pages. Such images should already be blocked by our strict use of Content-Security-Policy headers, but this will provide a better indication why images are failing to load on isnstances that are correctly configured and a modest improvement to users' privacy on instances that aren't. +* Up until now it was possible to include style tags in markdown documents, which some of our more advanced users used in order to customize the appearance of their rendered documents. Unfortunately, these styles were not applied strictly to the markdown preview window, but to the page as a whole, making it possible to break the platform's interface (for that pad) through the use of overly broad and powerful style rules. As of this release style tags are now treated as special elements, such that their contents are compiled as [LESS](https://lesscss.org/) within a scope that is only applied to the preview pane. This was intended as a bug fix, but it's included here as a _feature_ because advanced users might see it as such and use it to do neat things. We have no funding for further work in this direction, however, and presently have no intent of providing documentation about this behaviour. +* The checkup page uses some slightly nicer methods of displaying values returned by tests when the expected value of `true` is not returned. Some tests have been revised to return the problematic value instead of `false` when the test fails, since there were some cases where it was not clear why the test was failing, such as when a header was present but duplicated. +* We've made some server requests related to _pinning files_ moderately faster by skipping an expensive calculation and omitting the value it returned. This value was meant to be used as a checksum to ensure that all of a user's documents were included in the list which should be associated with their account, however, clients used a separate command to fetch this checksum. The value provided in response to the other commands was never used by the client. +* We've implemented a system on the client for defining default templates for particular types of documents across an entire instance in addition to the use of documents in the _templates_ section of the users drive (or that of their teams). This is intended more as a generic system for us to reuse throughout the platform's source than an API for instance admins to use. If there is sufficient interest (and funding) from other admins we'll implement this as an instance configuration point. We now provide a _poll_ template to replicate the features of our old poll app which has been deprecated in favour of forms. + +## Bug fixes + +* It was brought to our attention that the registration page was not trimming leading and trailing whitespace from usernames as intended. We've updated the page to do so, however, accounts created with such characters in their username field must enter their credentials exactly as they were at registration time in order to log in. We have no means of detecting such accounts on the server, as usernames are not visible to server admins. We'll consider this behaviour in the future if we introduce an option to change usernames as we do with passwords. +* We now double-check that login blocks (account credentials encrypted with a key derived from a username and password) can be accessed by the client when registering or changing passwords. It should be sufficient to rely on the server to report whether the encrypted credentials were stored successfully when uploading them, but in instances where these resources don't load due to a misbehaving browser extension it's better that we detect it at registration time rather than after the user creates content that will be difficult to access without assistance determining which extension or browser customization is to blame. +* We learned that the Javascript engine used on iOS has trouble parsing an alternative representation of data strings that every other platform seems to handle. This caused calendars to display incorrect data. Because Apple prevents third-party browsers from including their own JavaScript engines this means that users were affected by this Safari bug regardless of whether they used browsers branded as Safari, Firefox, Chrome, or otherwise. +* After some internal review we now guard against a variety of cases where user-crafted input could trigger a DOMException error and prevent a whole page worth of markdown content to fail to render. While there is no impact for users' privacy or security in this bug, a malicious user could exploit it to be annoying. +* Shortly after our last release a user reported being unable to access their account due to a typeError which we were able to [guard against](https://github.com/xwiki-labs/cryptpad/commit/abc9466abe71a76d1d31ef6a3c2c9bba4d2233e4). # 4.7.0 diff --git a/customize.dist/pages.js b/customize.dist/pages.js index b0fd2f20a..18632f6ea 100644 --- a/customize.dist/pages.js +++ b/customize.dist/pages.js @@ -105,7 +105,7 @@ define([ var imprintUrl = AppConfig.imprint && (typeof(AppConfig.imprint) === "boolean" ? '/imprint.html' : AppConfig.imprint); - Pages.versionString = "v4.7.0"; + Pages.versionString = "v4.8.0"; // used for the about menu diff --git a/package-lock.json b/package-lock.json index ab294ec92..4d7992f82 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "cryptpad", - "version": "4.7.0", + "version": "4.8.0", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index f9dfc2c14..9e18f05f0 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "cryptpad", "description": "realtime collaborative visual editor with zero knowlege server", - "version": "4.7.0", + "version": "4.8.0", "license": "AGPL-3.0+", "repository": { "type": "git", From 19eddb1af61c68d098bd49e88f50202c42287ef3 Mon Sep 17 00:00:00 2001 From: ansuz Date: Mon, 5 Jul 2021 18:57:32 +0530 Subject: [PATCH 08/12] grep the changelog for 'the the ' --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 01bb874c5..721fa7ff5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -543,7 +543,7 @@ To upgrade from 3.24.0 to 3.25.0: ## Features * This release makes a lot of changes to how content is loaded over the network. - * Most notably, CryptPad now employs a client-side cache based on the the _indexedDB API_. Browsers that support this functionality will opportunistically store messages in a local cache for the next time they need them. This should make a considerable difference in how quickly you're able to load a pad, particularly if you accessing the server over a low-bandwidth network. + * Most notably, CryptPad now employs a client-side cache based on the _indexedDB API_. Browsers that support this functionality will opportunistically store messages in a local cache for the next time they need them. This should make a considerable difference in how quickly you're able to load a pad, particularly if you accessing the server over a low-bandwidth network. * Uploaded files (images, PDFs, etc.) are also cached in a similar way. Once you'd loaded an asset, your client will prefer to load its local copy instead of the server. * We've updated the code for our _full drive backup_ functionality so that it uses the local cache to load files more quickly. In addition to this, backing up the contents of your drive will also populate the cache as though you had loaded your documents in the normal fashion. This cache will persist until it is invalidated (due to the authoritative document having been deleted or had its history trimmed) or until you have logged out. * We've added the ability to configure the maximum size for automatically downloaded files. Any encrypted files that are above this size will instead require manual interaction to begin downloading. Files that are larger than this limit which are already loaded in your cache will still be automatically displayed. @@ -2063,7 +2063,7 @@ Finally, we prioritized the ability to archive files for a period instead of del * Users with existing friends on the platform will run a migration to allow them to share pads with friends directly instead of sending them a link. * they'll receive a notification indicating the title of the pad and who shared it * if you've already added friends on the platform, you can send them pads from the usual "sharing menu" -* Our code editor already offered the ability to set their color theme and highlighting mode, but now those values will be previewed when mousing over the the option in the dropdown. +* Our code editor already offered the ability to set their color theme and highlighting mode, but now those values will be previewed when mousing over the option in the dropdown. * Our slide editor now offers the same theme selection as the code editor * It's now possible to view the history of a shared folder by clicking the history button while viewing the shared folder's contents. From 30955260669d5124b50c064acf4f7f93c988da0d Mon Sep 17 00:00:00 2001 From: ansuz Date: Mon, 5 Jul 2021 18:59:33 +0530 Subject: [PATCH 09/12] remove some notes that have been addressed --- www/checkup/main.js | 3 +-- www/convert/inner.js | 1 - 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/www/checkup/main.js b/www/checkup/main.js index 143d1709b..f4a40d11e 100644 --- a/www/checkup/main.js +++ b/www/checkup/main.js @@ -732,7 +732,6 @@ define([ cb(isHTTPS(trimmedUnsafe) && isHTTPS(trimmedSafe)); }); - [ 'sheet', 'presentation', @@ -787,7 +786,7 @@ define([ " header. This information can make it easier for attackers to find and exploit known vulnerabilities. ", ]; - if (family === 'NGINX') { // XXX incorrect instructions for HTTP2. needs a recompile? + if (family === 'NGINX') { // FIXME incorrect instructions for HTTP2. needs a recompile? msg.appendChild(h('span', text.concat([ "This can be addressed by setting ", code("server_tokens off"), diff --git a/www/convert/inner.js b/www/convert/inner.js index 4952b2d6e..cdcf745ca 100644 --- a/www/convert/inner.js +++ b/www/convert/inner.js @@ -48,7 +48,6 @@ define([ debug("x2t mount done"); }; var getX2t = function (cb) { - // XXX require http headers on firefox... require(['/common/onlyoffice/x2t/x2t.js'], function() { // FIXME why does this fail without an access-control-allow-origin header? var x2t = window.Module; x2t.run(); From 5070a751cd4830a5edf94b0c9a8c5a9a7c11b8ba Mon Sep 17 00:00:00 2001 From: ansuz Date: Mon, 5 Jul 2021 19:21:22 +0530 Subject: [PATCH 10/12] style remote image warnings in slides --- www/slide/app-slide.less | 1 + 1 file changed, 1 insertion(+) diff --git a/www/slide/app-slide.less b/www/slide/app-slide.less index 7e518a1c7..ce12b1de3 100644 --- a/www/slide/app-slide.less +++ b/www/slide/app-slide.less @@ -356,6 +356,7 @@ } .markdown_main(); + .markdown_cryptpad(); .markdown_preformatted-code; .markdown_gfm-table(); From aaa18a3feb320ed39051b32b2c59adc873479a67 Mon Sep 17 00:00:00 2001 From: ansuz Date: Tue, 6 Jul 2021 13:23:41 +0530 Subject: [PATCH 11/12] fix stretched images in 'lightbox' preview modal --- customize.dist/src/less2/include/modals-ui-elements.less | 3 +++ 1 file changed, 3 insertions(+) diff --git a/customize.dist/src/less2/include/modals-ui-elements.less b/customize.dist/src/less2/include/modals-ui-elements.less index 92fef68d0..7ec19a699 100644 --- a/customize.dist/src/less2/include/modals-ui-elements.less +++ b/customize.dist/src/less2/include/modals-ui-elements.less @@ -221,6 +221,9 @@ button { line-height: 1.5; } + img { + align-self: center; + } & > iframe { width: 100%; height: 100%; From f652d11ace5cd53f72c245affc31e28f03280cbe Mon Sep 17 00:00:00 2001 From: ansuz Date: Tue, 6 Jul 2021 14:02:29 +0530 Subject: [PATCH 12/12] don't show the 'remote image warning' for data URLs in markdown --- www/common/diffMarked.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/www/common/diffMarked.js b/www/common/diffMarked.js index 52a8cf0a1..99031b336 100644 --- a/www/common/diffMarked.js +++ b/www/common/diffMarked.js @@ -292,6 +292,9 @@ define([ if (typeof(window.URL) === 'undefined') { return false; } try { var url = new URL(href, ApiConfig.httpUnsafeOrigin); + // FIXME data URLs can be quite large, but that should be addressed + // in the source markdown's, not the renderer + if (url.protocol === 'data:') { return true; } var localURL = new URL(ApiConfig.httpUnsafeOrigin); return url.host === localURL.host; } catch (err) {