Files
truecharts/charts/stable/etherpad
TrueCharts Bot 52ec91d7d8 feat(etherpad): update image ghcr.io/ether/etherpad 3.0.0 → 3.1.0 (#48307)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [ghcr.io/ether/etherpad](https://redirect.github.com/ether/etherpad) |
minor | `037ce33` → `7bae8bd` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Release Notes

<details>
<summary>ether/etherpad (ghcr.io/ether/etherpad)</summary>

###
[`v3.1.0`](https://redirect.github.com/ether/etherpad/blob/HEAD/CHANGELOG.md#310)

[Compare
Source](https://redirect.github.com/ether/etherpad/compare/3.0.0...3.1.0)

3.1 ships the self-update programme's **Tier 4 — autonomous in a
maintenance window** for real (the v3.0.0 notes documented the design;
this is the release the code actually lands in), adds first-class SMTP
delivery so update failures email the admin, and bundles a
defence-in-depth pass across the HTTP/API entry points. Two new
admin-facing escape hatches arrive: a preflight check that aborts an
update *before* it mutates the working tree when the target tag's
`engines.node` doesn't match the running runtime, and email
notifications for every auto-rollback / preflight outcome (not just the
terminal `rollback-failed` state).

##### Notable enhancements

- **Self-update — Tier 4 (autonomous in a maintenance window).** Set
`updates.tier: "autonomous"` together with `updates.maintenanceWindow:
{"start":"HH:MM","end":"HH:MM","tz":"local"|"utc"}` to constrain
autonomous updates to a nightly window. The scheduler snaps
`scheduledFor` forward to the next window opening when grace would
otherwise land outside the window, and defers the fire when the window
has closed by the timer callback. Cross-midnight windows (`end < start`)
are supported; DST transitions are absorbed by host wall-clock
arithmetic. A missing or malformed window degrades the policy to Tier 3
with an explicit `policy.reason` of `maintenance-window-missing` /
`maintenance-window-invalid`; an admin banner surfaces the
misconfiguration so autonomous behaviour is not silently disabled. The
admin update page shows a "Maintenance window" section with the parsed
window summary, the next opening, and a "deferred until <iso>" subtitle
on the scheduled panel when the timer has been snapped forward. Closes
[#&#8203;7607](https://redirect.github.com/ether/etherpad/issues/7607)
([#&#8203;7753](https://redirect.github.com/ether/etherpad/issues/7753)).
- **Updater — real SMTP via nodemailer (new top-level `mail.*` block).**
Replaces the "(would send email)" stub. New settings: `mail.host`,
`mail.port`, `mail.secure`, `mail.from`, `mail.auth.{user,pass}`.
`mail.host=null` keeps the legacy log-only behaviour. The `nodemailer`
dependency is lazy-imported on first send so installs that don't
configure mail pay no runtime cost; the transport is cached on the full
SMTP options tuple so a `reloadSettings()` change to
host/port/credentials invalidates the cache. `settings.json.docker`
reads `MAIL_HOST` / `MAIL_FROM` / `MAIL_PORT` / `MAIL_SECURE` from env.
Send errors are logged warn and swallowed so a transient SMTP failure
can never poison the updater state machine.
- **Updater — preflight against the target tag's `engines.node`.**
Before mutating the working tree, `runPreflight` now runs `git show
<tag>:package.json` and verifies `process.versions.node` satisfies the
target's `engines.node`. A mismatch fails cleanly at `preflight-failed`
with the detail `target requires Node >=X, running Y` — no drain, no
restart, no rollback. The check runs *after* signature verification so
we only trust signed `package.json`. New `PreflightReason:
'node-engine-mismatch'`.
- **Updater — email admin on rollback / preflight-failed (not just
`rollback-failed`).** Before this release only the terminal
`rollback-failed` state emailed. Auto-recovered failures
(`rolled-back-install-failed`, `rolled-back-build-failed`,
`rolled-back-health-check`, `rolled-back-crash-loop`) and
`preflight-failed` now also fire one email per `<outcome>:<targetTag>`
(dedupe key in `EmailSendLog.lastFailureKey`). A 3am autonomous update
that rolls back because of, say, a Node engine bump now lands in the
admin inbox at 3am instead of staying invisible until the next admin
login. Boot-path catch-up covers cases where the failure preceded a
clean process exit (timer-fired health-check rollback, crash-loop forced
rollback, preflight-failed that didn't get to email before exit).
- **API — `listAuthorsOfPad` filters the synthetic system author.**
`Pad.SYSTEM_AUTHOR_ID` (`a.etherpad-system`) is the placeholder Etherpad
attributes to when the HTTP API receives a call without an `authorId`
(setText, setHTML, appendText, server-side import). It was leaking
through `listAuthorsOfPad`, making pads with only API-driven content
appear to have one "real" author. The synthetic id is now filtered at
that API surface only — `getAllAuthors()` and downstream callers (copy,
anonymize, atext verification) still see it. Fixes
[#&#8203;7785](https://redirect.github.com/ether/etherpad/issues/7785) /
[#&#8203;7790](https://redirect.github.com/ether/etherpad/issues/7790)
([#&#8203;7793](https://redirect.github.com/ether/etherpad/issues/7793)).

##### Notable fixes

- **Export HTML — ordered-list counter no longer poisoned by a sibling
unordered list.** When an ordered-list level was the only consumer of
`olItemCounts`, closing *any* list at that depth (including a `<ul>`
that happened to share the level) reset the counter to 0. A subsequent
unrelated `<ol>` at the same depth then took the "counter exists but is
0" branch and emitted `<ol class="...">` without the `start=` attribute.
The reset is now gated on `line.listTypeName === 'number'` so closing an
unordered list never touches the ol bookkeeping. Fixes
[#&#8203;7786](https://redirect.github.com/ether/etherpad/issues/7786) /
[#&#8203;7787](https://redirect.github.com/ether/etherpad/issues/7787)
([#&#8203;7791](https://redirect.github.com/ether/etherpad/issues/7791)).
- **Export — bad `:rev` returns a meaningful 500 body, not Express's
HTML error page.** A non-numeric `:rev` (e.g. `/p/foo/test1/export/txt`)
reached `checkValidRev` which throws `CustomError('rev is not a number',
'apierror')`; the message fell through `.catch(next)` and Express's
default renderer returned an HTML 500 page. The route handler now
catches the apierror and emits `err.message` as a deterministic
`text/plain` 500. As a follow-up, `checkValidRev` runs *before*
`res.attachment()` so an invalid rev no longer leaves a
`Content-Disposition` header in place (browsers were offering to save
the error message as a file), and unrelated export failures (conversion,
fs, soffice) are surfaced as text/plain rather than the HTML stack page.
Fixes
[#&#8203;7788](https://redirect.github.com/ether/etherpad/issues/7788)
([#&#8203;7792](https://redirect.github.com/ether/etherpad/issues/7792)).

##### Security hardening

A bundle of defence-in-depth tightening picked up during an internal
audit pass
([#&#8203;7784](https://redirect.github.com/ether/etherpad/issues/7784)):

- **HTTP API — OAuth JWT path.** Verify the signature *before* reading
any claim off the payload; require `admin: true` strictly (presence is
no longer sufficient). The apikey comparison switches to
`crypto.timingSafeEqual`.
- **Import/Export temp-file path tokens.** Derived from
`crypto.randomBytes(16)` instead of `Math.random()`.
- **Token transfer.** Records now have a 5-minute TTL and are single-use
(removed from the store before responding). The author token is no
longer in the redemption response body — the `HttpOnly` cookie is the
only delivery channel.
- **`x-proxy-path` header sanitiser (new
`src/node/utils/sanitizeProxyPath.ts`).** Shared by `admin.ts` and
`specialpages.ts`. Strips characters outside `[A-Za-z0-9_./-]`,
collapses leading `//+` to a single `/`, rejects `..` traversal.
`admin.ts` also emits `Vary: x-proxy-path` and `Cache-Control: private,
no-store` so a poisoned response can never be reused for another origin.
- **`Pad.appendRevision` insert-op author invariant.** Centralises the
"every insert op carries an `author` attribute" rule the socket handler
already enforced, so non-wire callers (`setText`, `setHTML`,
`restoreRevision`, plugin paths) get the same check. `Pad.init` and
`setPadHTML` substitute `SYSTEM_AUTHOR_ID` when no author is supplied —
same pattern `setText` / `spliceText` already used.
- **`setPadRaw` legacy-import rewrite.** Bulk-import bypasses
`appendRevision`, so a hand-crafted `.etherpad` file could persist
non-conforming records that any subsequent `setText` / `setHTML` would
refuse to extend. A pre-pass now walks revs in order, sanitises each
changeset's `+` ops against the cumulative pad pool (substituting
`SYSTEM_AUTHOR_ID` where needed), and re-applies each changeset to a
running atext so the head atext and key-rev `meta.atext` / `meta.pool`
snapshots stay in lock-step. Conforming payloads round-trip unchanged.

##### Internal / contributor-facing

- **Backend tests — `tests/backend/specs/{api,admin}/*` un-skipped.**
The pnpm test script's glob (`tests/backend/specs/**.ts`) only matched
depth-1 files. Every spec under `api/` (14 files) and `admin/` (2 files)
has been silently skipped by CI. Switched to `--extension ts
--recursive` so mocha walks the tree as documented. A new vitest
regression check reads the pnpm script, hands mocha the same arguments
under `--dry-run --list-files`, and asserts representative specs from
both subdirectories appear in the discovered list
([#&#8203;7789](https://redirect.github.com/ether/etherpad/issues/7789)).
- **CI — Windows `npx ENOENT` in the glob-discovery regression check.**
`execFileSync('npx', ...)` doesn't pick up `npx.cmd` on Windows runners.
Resolved by running `mocha`'s JS entry directly via `require.resolve`
under the current node process. Path normalisation now goes through
`path.relative` + `replace([\\/])` so mixed-separator / drive-letter
casing on Windows mocha output still matches the POSIX-relative
assertions
([#&#8203;7794](https://redirect.github.com/ether/etherpad/issues/7794)).
- **CI — `anonymizeAuthorSocket` suite gated on admin-socket health when
`ep_hash_auth` is installed.** Un-hiding the suite in
[#&#8203;7789](https://redirect.github.com/ether/etherpad/issues/7789)
surfaced a 14-minute stall on every with-plugins matrix run because
`ep_hash_auth`'s `handleMessage` hook fires for every socket message
regardless of namespace and reads from the deprecated `client` context
(undefined for non-pad namespaces). Until the root cause lands (tracked
in
[#&#8203;7795](https://redirect.github.com/ether/etherpad/issues/7795)),
the suite skips itself when an application-level probe shows the admin
`/settings` namespace isn't responding — keeps the no-plugin matrix
covered and stops burning \~14 minutes per with-plugins run
([#&#8203;7796](https://redirect.github.com/ether/etherpad/issues/7796)).

##### Localisation

- Multiple updates from translatewiki.net.

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9ldGhlcnBhZCIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvbWlub3IiXX0=-->
2026-05-17 18:59:19 +02:00
..
2026-04-17 18:06:06 +00:00

title
title
README

General Info

For more information about this Chart, please check the docs on the TrueCharts website

This chart is not maintained by the upstream project and any issues with the chart should be raised here

Installation

Helm-Chart installation

To install TrueCharts Helm charts using Helm, you can use our OCI Repository.

helm install mychart oci://oci.trueforge.org/truecharts/etherpad

For more information on how to install TrueCharts Helm charts, checkout the instructions on the website

Chart Specific Guides and information

All our charts have dedicated documentation pages. The documentation for this chart can be found here: https://truecharts.org/charts/stable/etherpad

Configuration Options

To view the chart specific options, please view Values.yaml included in the chart. The most recent version of which, is available here: https://github.com/trueforge-org/truecharts/blob/master/charts/stable/etherpad/values.yaml

All our Charts use a shared "common" library chart that contains most of the templating and options. For the complete overview of all available options, please checkout the documentation for them on the common docs on our website

For information about the common chart and all defaults included with it, please review its values.yaml file available here: https://github.com/trueforge-org/truecharts/blob/master/charts/library/common/values.yaml

Support


Sponsor TrueCharts

TrueCharts can only exist due to the incredible effort of our staff. Please consider making a donation or contributing back to the project any way you can!

All Rights Reserved - The TrueCharts Project