Files
truecharts/charts/stable/etherpad/Chart.yaml
T
TrueCharts Bot 8d20d91147 feat(etherpad): update image ghcr.io/ether/etherpad 3.1.0 → 3.2.0 (#48459)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [ghcr.io/ether/etherpad](https://redirect.github.com/ether/etherpad) |
minor | `7bae8bd` → `ba06bc0` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Release Notes

<details>
<summary>ether/etherpad (ghcr.io/ether/etherpad)</summary>

###
[`v3.2.0`](https://redirect.github.com/ether/etherpad/blob/HEAD/CHANGELOG.md#320)

[Compare
Source](https://redirect.github.com/ether/etherpad/compare/3.1.0...3.2.0)

3.2 adds first-class reverse-proxy / ingress support —
`X-Forwarded-Prefix` and `X-Ingress-Path` are now honoured under
`trustProxy`, so Etherpad can live under a subpath (Traefik, Nginx,
Kubernetes Ingress) without breaking the PWA manifest, social-meta URLs,
or any of the bootstrap asset links. The admin settings page learns to
show *resolved* runtime values next to `${VAR:default}` placeholders,
the v3.1.0 admin pad-list filter chips now apply server-side (so "show
empty pads" no longer returns 0–12 of hundreds), and the v3.1.0
redesigned outdated-version gritter actually fires in production now
(the session-based author lookup it shipped with always returned null
for pad visitors).

##### Notable enhancements

- **HTTP — accept `X-Forwarded-Prefix` and `X-Ingress-Path` under
`trustProxy`
([#&#8203;7802](https://redirect.github.com/ether/etherpad/issues/7802)
/
[#&#8203;7806](https://redirect.github.com/ether/etherpad/issues/7806)).**
With `trustProxy: true`, Etherpad now honours `X-Forwarded-Prefix`
(de-facto Traefik / Spring) and `X-Ingress-Path` (Kubernetes Ingress) in
addition to the prefix it already inferred from the request path. The
shared `sanitizeProxyPath` helper added in 3.1.0 (defence-in-depth:
`[A-Za-z0-9_./-]` only, `//+` collapsed, `..` traversal rejected) is
extended to the new headers and applied consistently across
`/manifest.json`, `socialMeta` `og:url` / `og:image`, and the
`index.html` / `pad.html` / `timeslider.html` / `export_html.html`
templates (manifest links, jslicense links, reconnect URLs). A
pre-existing `..` segment-count miscalculation in `pad.html` /
`timeslider.html` that broke the manifest link when served from a deep
subpath is also fixed in passing. New end-to-end suite covers the
prefix-applied / prefix-ignored matrix under `trustProxy=true|false` for
both header names. `settings.json.template` documents the new headers
alongside the existing `trustProxy` notes.
- **Admin settings — resolved runtime values surface on env-pill chips
([#&#8203;7803](https://redirect.github.com/ether/etherpad/issues/7803)
/
[#&#8203;7807](https://redirect.github.com/ether/etherpad/issues/7807)).**
The `/admin/settings` socket payload now carries a new `resolved` field
alongside the existing raw-file `results` blob, carrying the actual
in-memory settings module run through a new redactor
(`AdminSettingsRedact`) that replaces known-sensitive paths
(`users.*.password`, `dbSettings.password`,
`sso.clients[*].client_secret`, `sessionKey`, …) with `[REDACTED]`. The
admin SPA's `EnvPill` renders a `→ active value` chip when the path is
resolved, or `→ ••••••` with a redacted tooltip when the server returned
the sentinel — so `port: ${PORT:9001}` now shows `→ 9001` (or whatever
the live value is) instead of silently falling back to the template
default. Old admin SPAs that don't read `resolved` continue to work; the
save round-trip is unchanged so `${VAR:default}` literals are still
preserved verbatim on disk. The admin test script glob picks up
`.test.tsx` alongside `.test.ts` so the new `EnvPill` and
`resolveByPath` tests run under `tsx --test`.

##### Notable fixes

- **Admin pads — filter chip now applies server-side, before pagination
([#&#8203;7798](https://redirect.github.com/ether/etherpad/issues/7798)).**
The 3.1.0 admin pad-list filter chips (`active` / `recent` / `empty` /
`stale`) ran on the client *after* the 12-row page slice had already
arrived. On a deployment with hundreds of pads, clicking "empty pads" on
page 1 only matched the 0–12 empties that happened to land in the
current page, with the pagination footer reporting nonsense totals
(reported on a 3.1.0 deployment). The filter is now part of the
`padLoad` socket query — pattern filter on names runs first (cheap),
metadata hydration for the matching pad universe is gated on a non-`all`
filter or a non-`padName` sort and runs under a 16-way concurrency cap
(was unbounded `Promise.all`, which fanned out to thousands of in-flight
`padManager.getPad()` reads on busy deployments), then the filter chip,
then sort + slice. `total` reflects the filtered universe so the footer
makes sense. Older admin clients that don't send `filter` keep working —
the server defaults to `all`. The `if/else if` ladder that duplicated
the hydrate-and-sort loop per `sortBy` is folded into one pipeline with
a single comparator switch.
- **Pad outdated notice — author now resolved from token cookie, not
session (Qodo
[#&#8203;7804](https://redirect.github.com/ether/etherpad/issues/7804) /
[#&#8203;7805](https://redirect.github.com/ether/etherpad/issues/7805)).**
The 3.1.0 redesigned outdated-version gritter never fired in production.
`resolveRequestAuthor()` looked for an `authorID` on `req.session.user`,
which Etherpad does not populate for pad visitors (express-session only
carries the admin-login user), so `computeOutdated()` always returned
EMPTY. The lookup now mirrors how the socket.io handshake resolves
pad-visitor identity — read the HttpOnly `token` (or `<prefix>token`)
cookie and call `authorManager.getAuthorId(token, user)` via a dynamic
import (same circular-init guard pattern the file already uses for
`PadManager`). The admin OpenAPI document gains a `description` note
clarifying that `/api/version-status` is a public pad-side endpoint that
lives in the admin doc only because it shares the same internal route
registration.
- **Localisation — silence spurious "could not translate element
content" warning
([#&#8203;7797](https://redirect.github.com/ether/etherpad/issues/7797)).**
`<select data-l10n-id="…">` with `<option>` element children — the
pattern used by `ep_headings2`, `ep_align`, `ep_font_size`,
`ep_font_family`, … — used to drop into the textContent branch of
`html10n.translateNode`, hunt for a text-node child to overwrite, find
none, and emit `Unexpected error: could not translate element content
for key …` on every pad load. The `SELECT` / `INPUT` / `TEXTAREA`
aria-label fallback already lived inside the same else-branch *after*
the warning, so the accessible name landed correctly but the noisy
console line still fired. Form-control elements now short-circuit into
the aria-label path *before* the text-node hunt — aria-label is the only
sensible localization target for these elements (a `<select>`'s text is
its `<option>` labels, not its own name). Closes the console warning
reported on Etherpad 3.1.0.

##### Internal / contributor-facing

- **CI — swap archived `ep_readonly_guest` for `ep_guest` in the plugin
matrix
([#&#8203;7795](https://redirect.github.com/ether/etherpad/issues/7795)
/
[#&#8203;7808](https://redirect.github.com/ether/etherpad/issues/7808)).**
`ep_readonly_guest` is archived (read-only on GitHub) and its
`authenticate` hook unconditionally swapped `req.session.user` with a
read-only guest, *even when the request carried an HTTP Authorization
header*. That silently demoted admin login attempts and stalled the
`anonymizeAuthorSocket` tests for 14 min/run on every with-plugins CI
matrix. The pre-fix theory from 3.1.0
([#&#8203;7796](https://redirect.github.com/ether/etherpad/issues/7796))
blamed `ep_hash_auth.handleMessage`; that was a red herring —
`handleMessage` only fires on the `/pad` namespace, never on
`/settings`. `ep_guest` is the maintained successor (same authors, same
purpose); 1.0.72 on npm already defers to basic auth / admin paths.
Swapping the matrix unblocks the `anonymizeAuthorSocket` suite on Linux,
Windows, and the upgrade-from-latest-release workflow. The runtime probe
added in
[#&#8203;7796](https://redirect.github.com/ether/etherpad/issues/7796)
stays — it still catches any other authenticate-hook plugin that rejects
the test's plain-text credentials (e.g. a future hashed-only plugin).
- **Tests — admin `saveSettings` round-trip + cross-restart persistence
([#&#8203;7819](https://redirect.github.com/ether/etherpad/issues/7819)
/ [#&#8203;7820](https://redirect.github.com/ether/etherpad/issues/7820)
/
[#&#8203;7821](https://redirect.github.com/ether/etherpad/issues/7821)).**
The admin `saveSettings` socket had zero direct backend coverage and the
existing e2e "restart works" test only checked that the page renders
after a restart, neither of which catches a deployment that resets
`settings.json` on restart, nor the user-visible workflow that triggered
[#&#8203;7819](https://redirect.github.com/ether/etherpad/issues/7819)
(add a top-level plugin block via Raw, save, watch it disappear). Three
new backend specs (`adminSettingsSave.ts`) verify byte-for-byte write,
top-level-block augmentation round-tripping through the next `load`, and
`/* */` comments surviving the write path. A new e2e spec mirrors the
[#&#8203;7819](https://redirect.github.com/ether/etherpad/issues/7819)
user workflow — open Raw, prepend an `ep_oauth`-shaped top-level block,
save, `restartEtherpad()`, re-login, confirm the block is still in Raw
and surfaces as its own Form-view section (`Ep oauth` from
`humanize()`). A separate `docker.yml` job (`adminSettings_7819.ts`)
authenticates via `POST /admin-auth/` (always-requireAdmin, regardless
of `settings.requireAuthentication`), saves a hand-built
minimal-but-viable settings document containing a marker block, `docker
exec test grep`s for it, `docker restart`s the container, waits for the
health probe, and re-greps. Both checks must pass.
- **Bug report template** now asks contributors whether the abstraction
in their proposed fix matches the rest of the codebase, to head off
premature-generalisation fixes earlier in review.

##### Dependencies

- `ueberdb2` 6.0.3 → 6.1.2 (two patch releases of cleanup on top of the
6.1.0 `findKeysPaged` API that the 3.1.0 sessionstorage OOM fix relies
on).
- `semver` 7.8.0 → 7.8.1, `lru-cache` 11.3.6 → 11.5.0,
`@elastic/elasticsearch` 9.4.0 → 9.4.1, `pg` 8.20.0 → 8.21.0,
`openapi-backend` 5.16.1 → 5.17.0, `tsx` 4.22.0 → 4.22.3,
`@tanstack/react-query` 5.100.10 → 5.100.11 +
`@tanstack/react-query-devtools`, `js-cookie` 3.0.6 → 3.0.7, plus two
dev-dependency group bumps.

##### Localisation

- Multiple updates from translatewiki.net.

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9ldGhlcnBhZCIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvbWlub3IiXX0=-->
2026-05-27 07:19:58 +02:00

44 lines
1.2 KiB
YAML

annotations:
artifacthub.io/links: |-
- name: support
url: https://discord.com/invite/tVsPTHWTtr
truecharts.org/train: stable
trueforge.org/category: media
trueforge.org/max_helm_version: "4.1"
trueforge.org/max_kubernetes_version: 1.35.0
trueforge.org/min_helm_version: "3.14"
trueforge.org/train: stable
apiVersion: v2
appVersion: 3.2.0
dependencies:
- name: common
version: 29.3.4
repository: oci://oci.trueforge.org/truecharts
condition: ""
alias: ""
tags: []
import-values: []
deprecated: false
description: A real-time collaborative editor scalable to thousands of simultaneous real time users.
home: https://truecharts.org/charts/stable/etherpad
icon: https://truecharts.org/img/hotlink-ok/chart-icons/etherpad.webp
keywords:
- etherpad
- editor
- notepad
- pad
kubeVersion: '>=1.33.0-0'
maintainers:
- name: TrueCharts
email: info@truecharts.org
url: https://truecharts.org
name: etherpad
sources:
- https://etherpad.org/
- https://ghcr.io/ether/etherpad
- https://github.com/ether/etherpad-lite
- https://github.com/trueforge-org/truecharts/tree/master/charts/stable/etherpad
type: application
version: 22.2.0