Releases: cryptpad/cryptpad
💐 Spring 2025 release (2025.3.0)
52a4d92
davidbenque
David Benque
Goals
This release starts the important work of refactoring CryptPad code to be more modular and optimized. The first improvements will benefit users with large drives or teams as we now avoid loading all of your drives and shared folders before opening a document. We also include some admin features, numerous fixes and improvements with our usual focus on accessibility and mobile usage.
Note
We had planned to upgrade OnlyOffice applications (Sheet, Document, Presentation) to version 8 in this release. However we are still working on blocking bugs in the integration. Since the upgrade of documents is non-reversible we are going to keep working to fix the bugs and release 2025.3.1 with OnlyOffice 8 when ready.
Important
This release contains security fixes, we encourage instance administrators to upgrade.
Features
- SharedWorker build with faster loading for requested data #1822
- Add and remove admins from the UI #1801
- Upload diagram images on import #1828
- Integration API #1797
Improvements
- Drive
- Mobile
- Calendar
- Improved calendar dropdown: keyboard accessibility and title overflow fixes #1755
- OnlyOffice
- Treat relative URLs in the sandbox as relative to the outer domain #1752 thanks to @ansuz
- Blob metadata refactoring #1800
- Reload server subprocesses after a configured number of tasks #1796
- Reduce server memory usage when accessing document history #1795
- Add descriptive error messages #1789
- Add Skip Link #1774
Fixes
- Kanban
- Forms
- Drive
- Links
- Fix link dialog focus issues & Improve error handling #1758
- OnlyOffice
- Fix /checkup/ false positive when OnlyOffice is not installed #1731
- Large file uploads don't fail anymore on Chromium #1783
- Fix blob Access-Control-Allow-Origin header #1832
- Remove OCSP Stapling support for Nginx #1818
- Notifications sidebar: Fix keyboard navigation issues #1780
- Accessibility fixes to Admin UI #1829
Upgrade notes
If you are upgrading from a version older than 2024.12.0 please read the upgrade notes of all versions between yours and 2025.3.0 to avoid configuration issues.
To upgrade:
- Stop your server
- Get the latest code with git
git fetch --depth 1 origin tag 2025.3.0
git checkout 2025.3.0
npm ci
npm run install:components- Restart your server
- Review your instance's checkup page to ensure that you are passing all tests
(Optional) Re-build the SharedWorker
With this release we introduce www/common/worker.bundle.min.js which contains all code for the Shared Worker (thread common to all your CryptPad tabs) in a single built and minified file.
You can build this file yourself with npm run api before restarting the server.
Note: You must install the dev dependencies from npm if you want to build this command (don't use the --production flag)
(Optional) Update the SSO plugin
We released a new update of the SSO plugin, settings can now be managed from the admin panel user interface.
If you are using the plugin, update it by following the instructions below:
cd lib/plugins/sso
git fetch --depth 1 origin tag 0.2.0
git checkout 0.2.0
Contributors
Community: @jfly, @nisbet-hubbard
Alumni: @ansuz
CryptPad team: @AAAMON @Chouhartem @dariiing @davidbenque @DianaXWiki @mathilde-cryptpad @wginolas @yflory @zuzanna-maria
Contributors
Assets 2
❄️ Winter release (2024.12.0)
15c81aa
davidbenque
David Benque
Goals
This version delivers fixes and improvements across CryptPad. We are particularly happy to release a fix of our OnlyOffice integration that could address long-standing issues with documents becoming corrupted. If confirmed at scale, this fix could dramatically improve the use of OnlyOffice apps in CryptPad.
Improvements
- OnlyOffice integration
- Fix bug resulting in corrupted documents #1736
- Drive
- Links included in Drive exports #1695
- Rich Text
- Formatted tables and strikethrough text in Pad .md exports #1720
- Forms
- Form password warning #1690
- Performance improvements (1/3) to example-advanced.nginx.conf #1709
- Enable toggle in and out of calendars on small screens #1584
Fixes
- Accessibility
- Drive
- Notifications
- Forms
- Helpdesk
- Fix "Closed" support tickets remaining in Inbox #1719
- 'Request edit' button #1680
- Fix example-code-typo #1703
Upgrade notes
If you are upgrading from a version older than 2024.9.1 please read the upgrade notes of all versions between yours and 2024.9.1 to avoid configuration issues.
To upgrade:
- Stop your server
- Get the latest code with git
git fetch origin --tags
git checkout 2024.12.0
npm ci
npm run install:components- Restart your server
- Review your instance's checkup page to ensure that you are passing all tests
2024.9.1
Goals
This point release contains fixes and improvements addressing issues and needs we encountered on the flagship instance cryptpad.fr
Improvements
Fixes
- Contact page not loading #1685
- Server worker issues #168
- Prevent server Out-of-Memory crash caused by document history #1701
Dependencies
We upgraded the following packages
- cookie-parser to
1.4.7 - express to
4.21.1 - http-proxy-middleware
3.0.3
Upgrade notes
If you are upgrading from a version older than 2024.9.0 please read the upgrade notes of all versions between yours and 2024.9.0 to avoid configuration issues.
To upgrade:
- Stop your server
- Get the latest code with git
git fetch origin --tags
git checkout 2024.9.1
npm ci
npm run install:components- Restart your server
- Review your instance's checkup page to ensure that you are passing all tests
🍁 Autumn release (2024.9.0)
0d872af
davidbenque
David Benque
Goals
This release improves the performance of CryptPad with server optimizations and an optional cryptography plugin. We also include lots of improvements and fixes across various areas.
Features
- Add support for cryptography plugins to replace tweetnacl on the server #1667
- We use our CryptPad Sodium plugin to improve the performance of our flagship instance cryptpad.fr.
- Documentation will be available shortly in the form of a blog post and section in the admin guide.
Improvements
- Server memory improvements #1543
- Server optimization when computing metadata #1566
- Team roster channels slow down team members accounts #1614
- Deployment
- Add confirmation modal when admins turn on mandatory 2FA #1552
- Developers on Windows can now launch their local instance with
npm run windev
Fixes
- Modals accessibility
- Calendar
- Teams
- Toolbar/menus
- Diagram
- Ignore unknown fields in diagram document #1666
- Forms
- Fix overflowing check and radio items in form app conditional #1591
- Kanban
- fixed a bug that was causing duplicate cards when many editors were collaborating 02da76d
- OnlyOffice
- OnlyOffice document out of sync with multiple tabs as guest #1671
- Miscellaneous
Dependencies
We upgraded the following packages
- cryptpad
- chainpad-server to
5.2.2 - netflux-websocket to
1.2.1
- chainpad-server to
- third-party
- express to
4.21.0 - http-proxy-middleware to
3.0.2 - requirejs to
2.3.7 - stylelint to
16.9.0
- express to
Upgrade notes
If you are upgrading from a version older than 2024.6.1 please read the upgrade notes of all versions between yours and 2024.9.0 to avoid configuration issues.
To upgrade:
- Stop your server
- Get the latest code with git
git fetch origin --tags
git checkout 2024.9.0
npm ci
npm run install:components
./install-onlyoffice.sh- Restart your server
- Review your instance's checkup page to ensure that you are passing all tests
2024.6.1
31a30e2
davidbenque
David Benque
Goals
This is a bugfix release to address issues that were reported by Cryptpad.fr users. We took the opportunity to update the translations with some new languages contributed by the community.
Improvements
- Translations update from CryptPad Translations #1575
- Added: Español cubano, اَلْعَرَبِيَّةُ Arabic, Svenska
- Removed some languages without enough coverage
- Greek (16%)
- Romanian (36%)
Fixes
- Calendar events sometimes don’t appear when created #1551 fixed by 072dba2
- Revert the new method of counting registered users in the admin panel 4544be6
- Fix broken OnlyOffice Document #1572
- Fix printing in Code documents #1557 #1478
- Fix OnlyOffice undefined functions #1550
- Fix keyboard operation of confirm modals #1576
- Pressing Enter on the "Cancel" button triggered the "OK" button instead
Upgrade notes
If you are upgrading from a version older than 2024.6.0 please read the upgrade notes of all versions between yours and 2024.6.1 to avoid configuration issues.
To upgrade:
- Stop your server
- Get the latest code with git
git fetch origin --tags
git checkout 2024.6.1
npm ci
npm run install:components
./install-onlyoffice.sh- Restart your server
- Review your instance's checkup page to ensure that you are passing all tests
2024.6.0
Goals
This release introduces a new onboarding flow to guide administrators through the setup of an instance. After creating the first admin account, 3 screens guide them through the customization of the instance title, logo, accent color, available applications, and security features. We also include a new language, some fixes on accessibility, deployment, OnlyOffice and more.
Features
- Onboarding screens & app configuration #1513
- Bahasa Indonesia is a new available language fe78b6a
- Thanks to our Weblate contributors who made that happen!
Improvements
Fixes
- Accessibility
- OnlyOffice
- Remove x2t from the CryptPad repo #1454
- Other OnlyOffice users are shown as "Guest" #1446
- Document PDF exports are empty when remote embedding is disabled #1472
- Nginx modifications made to
example-advanced.nginx.conf0604b70
- Nginx modifications made to
- Sometimes images of a presentation are not exported to PDF #1500
- Automatic upgrade of an OnlyOffice document fails sometimes #1534
- Import/Export is broken #1532
- Print is broken #1533
- Deployment / Hosting
- Upgrade CryptPad version in docker-compose.yml #1529
- Optimize HTTPd example config #1498
- Tidy up HTTPd config #1527
- Clarify sandbox
httpSafePortuse inconfig.example.js#1518 - Switch to new
http2Nginx option #1516 - Server fixes and aggregated stats #1509
- Create the block folder at boot #911
- Remove obsolete
versionfromdocker-compose.yml2e716eb
- Other
Dependencies
- Upgrade CryptPad version in
package.json, update description as well #1530 - Remove deprecated and unmaintained
lesshintlibrary and usestylelintand itsstylelint-lessplugin instead
Upgrade notes
If you are upgrading from a version older than 2024.3.1 please read the upgrade notes of all versions between yours and 2024.3.1 to avoid configuration issues.
To upgrade:
- Stop your server
- Get the latest code with git
git fetch origin --tags
git checkout 2024.6.0
npm ci
npm run install:components
./install-onlyoffice.sh- Restart your server
- Review your instance's checkup page to ensure that you are passing all tests
Important
As usual, don't forget to check the changes that might have been made to our web-server / reverse proxy configuration. Especially for the example-advanced.nginx.conf file.
2024.3.1
Goals
This minor release introduces a workaround to recover corrupted OnlyOffice documents alongside other fixes, with some improvements.
Fixes
- Workarounds for missing OnlyOffice methods: #1492
- Fix HTTP server issue with NodeJs >= v20.13.0: 4483b84
- Fix merge issues with
package.json: 7f45d59 - Fix Docker ports: #1485
- Change inactive to archived in
config.example.jsfile: #1474
Improvements
- New translations from our Weblate contributors: #1491
- Polish
- French
- Bulgarian
- Hungarian
- Basque
- Optimize default Nginx example config: #1486
- Add
.mjssupport in HTTPd example config: #1471
Upgrade notes
If you are upgrading from a version older than 2024.3.0 please read the upgrade notes of all versions between yours and 2024.3.1 to avoid configuration issues.
To upgrade:
- Stop your server
- Get the latest code with git
git fetch origin --tags
git checkout 2024.3.1
npm ci
npm run install:components
./install-onlyoffice.sh- Restart your server
- Review your instance's checkup page to ensure that you are passing all tests
Spring 2024 (2024.3.0)
Goals
This release is aimed at instance administrators with new features and changes in the way CryptPad is installed. This marks a major release and we are also taking the opportunity to change the way we number CryptPad versions, moving to a date-based format (from semver to calver). For full details on the reasons behind this change please read our March 2024 status blog post. The short version is that this is our Spring 2024 release with number 2024.3.0 and that we are aiming for the following schedule going forward, sticking to the YYYY.MM.micro format:
- 💐 Spring
2024.3.0 - 🌻 Summer
2024.6.0end June 2024 - 🍁 Autumn
2024.9.0end September 2024 - ❄️ Winter
2024.12.0end December 2024
Features
- Admin and moderation changes #1438
- Support system refactoring with a new help-desk functionality, allowing non-admins to be moderators and handle support tickets
- New instance customization features from the admin panel
- Instance logo
- Instance accent color
- Admin panel code refactoring
Improvements
- Completed accessibility improvements for all dropdown menus #1380
- Developer experience #1436 with new
.editorconfigand updated.gitignorefiles
Fixes
- Fix Notifications replaying (#1399) #1428
- Fix hover and focus styling of toolbar menus #1417
- Fix ssoauth path regex #1411
- File upload broken with a specific size #1419
- User menu displays may include consecutive separators #1402
- Diagram
- Enable and fix internal drawio exports #1439
- OnlyOffice
- Do not allow OnlyOffice comments in view mode #1424
Dependencies
OnlyOffice
- OnlyOffice is now a separate module #1435
- avoids having compiled binaries in the main code repository
- first step towards new instances only downloading the current version + any future updates (i.e. avoiding 1.7GB of historical OnlyOffice versions they will never use).
Starting with this version, OnlyOffice applications (Sheets, Document, Presentation) are not bundled with CryptPad anymore. You can install/update them by running the installation script we provide:
./install-onlyoffice.sh
# press q to close the license screen
# and Y ⏎ to accept the OnlyOffice licenseFor Docker users that want to use OnlyOffice, please read our updated Docker installation guide.
Others
- Bump follow-redirects from 1.15.4 to 1.15.6 #1432
- Bump jose from 4.15.3 to 4.15.5 #1426
- Bump express from 4.18.2 to 4.19.2 #1451
Upgrade notes
If you are upgrading from a version older than 5.7 please read the upgrade notes of all versions between yours and 5.7 to avoid configuration issues.
To upgrade:
- Stop your server
- Get the latest code with git
git fetch origin --tags
git checkout 2024.3.0
npm install
npm run install:components
./install-onlyoffice.sh
# press q to close the license screen
# and Y ⏎ to accept the OnlyOffice license- Restart your server
- Review your instance's checkup page to ensure that you are passing all tests
5.7.0
5.7.0
Goals
This release includes some features that could not be included into 5.6.0, namely instance invitations and support for images in diagrams. It also includes bug fixes in the drive, calendar and many other places.
Features
- Instance administrators can now issue invitation links that can be used to create one account each, even if registration is closed on the instance. An optional User Directory can help keep track of the known accounts on the instance. This feature is designed for the needs of enterprise customers who use their own instance, hence allowing administrators access to more information than on a public-facing service #1395
- Diagram documents now support images #1295
Fixes
- Fix access modal issues after password change #1394
- Drive
- Files
- PDFjs rendering issue with Firefox 121 #1393
- Rich Text
- Forms
- Kanban
- Kanban item export #1360
- Calendar
- Calendar datepicker on mobile now easily toggled #1368
- Behaviour change: keep the offset between start and end date constant when updating the start date (otherwise it was possible to create events that end before even starting that thus don’t appear in the calendar)
- Calendar yearly recurring event - wrong month name #1398
- Admin
- Encoding issues in broadcast messages #1379
- Deployment
Dependencies
- Bump follow-redirects from 1.15.3 to 1.15.4 #1378
Upgrade notes
If you are upgrading from a version older than 5.6.0 please read the upgrade notes of all versions between yours and 5.6.0 to avoid configuration issues.
To upgrade:
- Stop your server
- Get the latest code with git
git fetch origin --tags
git checkout 5.7.0- Update dependencies
npm ci
npm run install:components- Restart your server
- Review your instance's checkup page to ensure that you are passing all tests
Nginx config changes
diff --git a/docs/example-advanced.nginx.conf b/docs/example-advanced.nginx.conf
index cb827b4b0..f2b32e959 100644
--- a/docs/example-advanced.nginx.conf
+++ b/docs/example-advanced.nginx.conf
@@ -14,6 +14,8 @@ server {
# Let's Encrypt webroot
include letsencrypt-webroot;
+ # Include mime.types to be able to support .mjs files (see "types" below)
+ include mime.types;
# CryptPad serves static assets over these two domains.
# `main_domain` is what users will enter in their address bar.
@@ -166,11 +168,6 @@ server {
# We've applied other sandboxing techniques to mitigate the risk of running WebAssembly in this privileged scope
if ($uri ~ ^\/unsafeiframe\/inner\.html.*$) { set $unsafe 1; }
- # draw.io uses inline script tags in it's index.html. The hashes are added here.
- if ($uri ~ ^\/components\/drawio\/src\/main\/webapp\/index.html.*$) {
- set $scriptSrc "'self' 'sha256-dLMFD7ijAw6AVaqecS7kbPcFFzkxQ+yeZSsKpOdLxps=' 'sha256-6g514VrT/cZFZltSaKxIVNFF46+MFaTSDTPB8WfYK+c=' resource: https://${main_domain}";
- }
-
# privileged contexts allow a few more rights than unprivileged contexts, though limits are still applied
if ($unsafe) {
set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: https://${main_domain}";
@@ -179,6 +176,11 @@ server {
# Finally, set all the rules you composed above.
add_header Content-Security-Policy "default-src 'none'; child-src $childSrc; worker-src $workerSrc; media-src $mediaSrc; style-src $styleSrc; script-src $scriptSrc; connect-src $connectSrc; font-src $fontSrc; img-src $imgSrc; frame-src $frameSrc; frame-ancestors $frameAncestors";
+ # Add support for .mjs files used by pdfjs
+ types {
+ application/javascript mjs;
+ }
+
# The nodejs process can handle all traffic whether accessed over websocket or as static assets
# We prefer to serve static content from nginx directly and to leave the API server to handle
# the dynamic content that only it can manage. This is primarily an optimizationContributors
Assets 2
5.6.0
Goals
This release introduces support for integrating CryptPad instances with Single-Sign On authentication. It brings a lot of improvements and fixes to Form, Calendar, and other parts of CryptPad. This release begins to improve the accessibility of the toolbar towards full WCAG compliance which we hope to achieve in the near future.
Features
- Authentication
- Form
- New button to duplicate a question #1305
- Calendar
- New description field for calendar events #1299
Improvements
- Accessibility of toolbars and some drop-down menus #1290
- "+ New" drop-down menu in Drive and Team Drive #1191
- New
Ctrl + emodal #1192 - Code contact request notifications as headings #1197
- DOM order of toolbar #1198
- Notifications menu not accessible via Keyboard #1201
- Sidebar "tabs" not accessible via keyboard #1203
- Implement keyboard navigation of toolbar menus #1209
- CryptDrive page needs a logical tab order #1151
- Elements not accessible using the keyboard #1162
- Calendar event modal date-picker is cut-off at some screen resolutions #1280
- Visible focus #1206
- Rich Text
- Improvements to the Rich Text toolbar and layout for mobile usage #1296
- Calendar
- Handling the move of repeating events from a calendar to another #1308
- Kanban
- Changed positioning of kanban tag container on smaller screens #1307
- New option to increase the number of teams slots for premium users only #1315
- Improve licensing information, CryptPad code now complies with the REUSE specifications #1300
- Deployment
- Basic configuration for Apache HTTPd #1332 thanks @nisbet-hubbard
- Add Docker health check #1287 thanks @llaumgui
- Cleanup
Fixes
- Fix browser autocomplete issues (password, numbers, etc.) #1342
- Drive
- OnlyOffice applications
- Form
- Fix an error upon importing a template in forms #1316
- Can now set form closing date/time on mobile #1305
- Can now edit time options for poll questions on mobile #1305
- Dates in CSV exports of forms are now in ISO (not timestamp) format #1305
- Page breaks are no longer visible in conditional sections when condition is not met #1305
- Final submission page now has margins #1305
- Question blocks on mobile are now only draggable at the top of the block to make scrolling possible #1305
- Whiteboard
- Fix a few export-related issues #1328
- Calendar
- Translations
Dependencies
Deployment
We fixed an issue with the Systemd service file and logging, you'll need to add the following lines to your cryptpad.service before continuing by following the upgrade notes below.
# Restart service after 10 seconds if node service crashes
RestartSec=2
+ # Proper logging to journald
+ StandardOutput=journal
+ StandardError=journal+console
User=cryptpad
Group=cryptpadUpgrade notes
If you are upgrading from a version older than 5.5.0 please read the upgrade notes of all versions between yours and 5.5.0 to avoid configuration issues.
To upgrade:
- Reload the Systemd daemon, required due to the changes in the Deployment section
sudo systemctl daemon-reload- Stop your server
- Get the latest code with git
git fetch origin --tags
git checkout 5.6.0- Get the latest dependencies and components
npm ci
npm run install:components- Restart your server
- Review your instance's checkup page to ensure that you are passing all tests
