All Versions
Latest Version
Avg Release Cycle
14 days
Latest Release

Changelog History
Page 1

  • v5.1.0 Changes


    ๐Ÿš€ We had two new members join our team in the time since our previous release.

    Mathilde joined us as an administrator of, so we decided to put some unplanned time towards the platform's administrative tooling to simplify some common workflows.

    Maxime joined us for a summer internship as a front-end developer, and took initiative on a number of popular issues from our tracker on GitHub.

    โšก๏ธ Update notes

    • We applied a minor optimization to CryptPad's caching rules which should result in a slight decrease of many pages' loading times, thanks to some helpful profiling by one of our users.

    • ๐Ÿ‘ท We have started implementing a very basic build system for CryptPad which, at the moment, is only responsible for generating a few static HTML pages.

      • These pages include the opengraph tags which describe how previews of the page should be rendered in social media posts, messenger applications, and search engine summaries.
      • For the moment we haven't configured the system to build distinct pages for every language, so they will include text which is hardcoded in a single language which defaults to English. This can be configured in config/config.js (for example: preferredLanguage: 'de',). We intend to improve this in the future.
      • They also update the content of the page's <noscript> tag, which is displayed in the event that the user has disabled JavaScript in their browser. The build system includes every translation of this message that is available, rather than just the English and French translations that were displayed previously.
      • We've included some new tests on the checkup page to detect whether these customized pages have been built, and to remind administrators to generate them otherwise (using npm run build).
      • Because the generated pages are based on the current default versions of these pages, updating to future versions of the software without re-building could result in errors due to outdated code being served. We'll include reminders in the update steps as we do for other common errors.
    • โšก๏ธ In order for the above changes to be effective, you'll need to update your NGINX configuration file. You can use git to see what has changed since v5.0.0 by running git diff 5.0.0...main ./docs in the root of your CryptPad repository.

    • We've updated the home page to use a distinct version of the CryptPad logo for its main image. This makes it easier to customize the home page itself without impacting the rest of the platform. To override the default image, include your own at /customize/CryptPad_logo_hero.svg.

    • ๐Ÿ“š Finally, a number of admins had opted into inclusion in our public instance directory but had not configured pages for their privacy policy or terms of service, which caused the checkup page to display an error. We've updated this error message to point directly to the relevant documentation, since the previous values were not sufficiently clear.

    โšก๏ธ To update from 5.0.0 to 5.1.0:

    โšก๏ธ 1. Update your reverse proxy configuration to match the settings in our current ./docs/example.nginx.conf and reload its configuration

    1. Stop your API server โœ… 3. Fetch the latest code with git โšก๏ธ 4. Install the latest dependencies with bower update and npm i ๐Ÿ— 5. Run npm run build to generate the new static pages
    2. Restart your server โœ… 6. Review your instance's checkup page to ensure that you are passing all tests

    ๐Ÿ”‹ Features

    • Administration:
      • The instance admin panel now features a "Database" tab which makes it possible to generate reports for accounts, documents, and "login blocks". This finally enables administrators to review document and account metadata, archive or restore data, and generally perform actions that used to require specialized knowledge about the platform's data storage formats.
      • Since the Database tab identifies accounts by their public signing keys, we made it easier to access these keys by adding a button to support tickets which copies the author's key to your clipboard.
    • Thanks to contributors, the platform is now available in Spanish (100%) and European Portuguese (91%).
    • ๐Ÿš€ We've updated our mermaid integration to v9.1.7.
    • 0๏ธโƒฃ Spellcheck is now enabled by default in our rich text editor and can be disabled via the settings page in case you have not already done so.
    • Our code editor now includes a highlighting module for asciidoc syntax.
    • โšก๏ธ The contact page has been updated to reflect that we have migrated our Mastodon account to
    • ๐Ÿ“š Various links throughout the platform have been updated to reflect that we've migrated our documentation from to The old domain now redirects to the new one to preserve compatibility with old instances or any other pages that have linked to it.
    • We've updated our issue templates on GitHub to use their new Issue Forms functionality, making it easier to correctly submit a well-formatted bug report or feature request.
    • ๐ŸŒ The project's readme now includes a widget indicating the completeness of CryptPad's translations on our Weblate instance.
    • We've added a placeholder to pages' basic HTML to make it easier to tell that something is happening before the proper loading screen is displayed.

    ๐Ÿ› Bug fixes

    • โšก๏ธ Thanks to some detailed reports from users of our spreadsheet editor we were able to reproduce an error that caused very large changes to be saved incorrectly. Such changes trigger multi-part messages to be created, but only the first message was correctly sent to the server. The client has now been updated to correctly send each part of the patch.
    • The behaviour of the long-form text input editor in our form app was not consistent with markdown-editing interfaces on the rest of the platform, so we enabled the same functionality as elsewhere.
    • Administration
      • We found that the quantity of support tickets shown for each category was sometimes inaccurate, so we corrected the way this number was computed.
      • A change in the internal format of each instance's name, location, and description caused these fields not to be included in telemetry for instances that had opted into the public instance directory. We've corrected this so such instances provide all the necessary information.
      • We've corrected some logic for displaying configured URLs for privacy policies, terms of service, and similar resources such that relative URLs are considered relative to the top-level domain (rather than the sandbox domain).
      • The "Launch time" value on the admin panel was using a hard-coded rather than the relevant translation, and was not correctly updating when the "Refresh" button was clicked. Both issues have been fixed.
      • Members of editing sessions are correctly informed when administrators archive active channels.
      • The Custom limits section of the API is now displayed in a somewhat nicer table.
    • ๐Ÿ’… A flaw in some of the styles for the kanban app made it impossible to add text to an empty card via the usual inline text field UI. Adding placeholder content to this field made the default click events work as expected.
    • โฌ‡๏ธ Dropdowns with text content containing quotes (such as those that could be created in the form app) caused an invalid CSS selector to be constructed, which resulted in rendering issues. Such quotes are now properly escaped.
    • ๐Ÿ“œ We found that some message handlers in CryptPad were receiving and trying to parse messages from unexpected sources (browser extensions). These messages triggered parsing errors which cause CryptPad's error screen to be displayed. We now guard against such messages and ignore them when they are not in the expected format or when they otherwise trigger parsing errors.
    • โšก๏ธ We updated our translation linting script to compare markup and variable substitution patterns across different translations. We identified and fixed quite a few errors (invalid markup, incomplete translations), and expect to have an easier time ensuring consistency going forward.
  • v5.0.0 Changes


    ๐Ÿš€ This release was centered around two main goals:

    1. Implement a new, more modern and minimalist design with rounded corners and simpler colors ๐Ÿš€ 2. Remove detailed information about the open-source project from the platform itself and instead host it on the recently deployed project site (

    โšก๏ธ Update notes

    ๐Ÿš€ Recent versions of CryptPad have introduced strict configuration requirements. If you are not already running version 4.14.1 then we recommend you read the notes of our past few releases and apply their updates in sequence. Each version introduces new tests on the checkup page which will help to identify configuration errors that may result in a non-functional server unless corrected.

    ๐Ÿ”– Version 5.0.0 introduces a new server-side API (/api/instance) which serves customized information (server name, description, hosting location) from the admin panel so that it can be displayed on the redesigned home page.

    ๐Ÿš€ We've done some extra work relative to similar APIs we've introduced in the past to ensure that the client-side code will continue to work without it. The upgrade process should go smoothly even if you fail to apply the suggested updates to your reverse proxy configuration (see cryptpad/docs/example.nginx.conf). If this data cannot be retrieved by the client it will fall back to some sensible defaults, but we recommend you take the time to fix it now in case this API ceases to be optional in some future release. The checkup page will identify whether the API is accessible and display an error otherwise.

    diff --git a/docs/example.nginx.conf b/docs/example.nginx.conf
    index a2d1cb1ce..23139c58c 100644
    --- a/docs/example.nginx.conf
    +++ b/docs/example.nginx.conf
    @@ -183,7 +183,7 @@ server {
         # /api/config is loaded once per page load and is used to retrieve
         # the caching variable which is applied to every other resource
         # which is loaded during that session.
    -    location ~ ^/api/(config|broadcast).*$ {
    +    location ~ ^/api/.*$ {
             proxy_pass http://localhost:3000;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header Host $host;

    โšก๏ธ To update from 4.14.1 to 5.0.0:

    โšก๏ธ 1. Update your reverse proxy configuration to forward all /api/ requests to the API server, as per the diff shown above, and reload your reverse proxy config

    1. Stop your API server โœ… 3. Fetch the latest code with git โšก๏ธ 4. Install the latest dependencies with bower update and npm i
    2. Restart your server โœ… 6. Review your instance's checkup page to ensure that you are passing all tests

    ๐Ÿ”‹ Features

    • ๐Ÿš€ The most notable feature of this release is its new look: with rounded corners, a more subtle use of colors, and some updated icons.
    • As noted above, instance information from the admin panel is now displayed on the home page, making it easier to customize a CryptPad instance without having to edit so many files on the server. In particular, the home page will now display:
      1. The instance's configured name or its domain (as a default).
      2. The instance's description or a default string.
      3. The instance's hosting location (if specified).
      4. An optional notice to be displayed as a banner.
    • Many of the informational pages have been replaced by a link the project site ( Links to optional, instance-specific pages like its terms of service, privacy policy, legal notice and contact information are displayed inline, allowing for a smaller footer.
    • The drive's directory tree (also shown in teams) can now be resized by dragging its border.
    • โœ… The checkup page features several new tests, including some which only apply to public instances (a description and location are expected if you have opted into the public instance directory (

    ๐Ÿ› Bug fixes

    • ๐Ÿ›  The font selector in our OnlyOffice-based editors (sheets, docs, presentations) now supports several new fonts, and we've fixed a rendering error which caused the wrong font to be selected when clicking on certain options in the dropdown list (
    • ๐Ÿ’ป Clicking on an option in the user administration menu (in the top-right corner) didn't automatically close the menu in some cases because some browsers emitted an event while others did not. We now explicitly close this menu when any of its options are clicked.
    • ๐Ÿ”€ We now guard against a type error that occurred when trying to generate a list of documents to "pin" while shared folders were still in the process of synchronizing.
    • โšก๏ธ Thanks to a user report we identified that when a premium user uploaded to a non-premium team the error message incorrectly indicated that the uploaded file exceeded the premium size limit (rather than the non-premium size limit). This resulted in confusing behaviour where a 30MB file was described as being over the 150MB file upload limit. We've updated the resulting error message to display the appropriate size limit and indicate that it is relative to the target drive or team, rather than the user's account.
    • ๐Ÿšš Another user reported that they had trouble exporting OnlyOffice documents that contained certain unprintable control characters in their file names. We now remove those unprintable characters when exporting.
    • ๐Ÿ’… We noticed that very long messages in team invitation links could overflow their container, so we fixed its incorrect styles.
    • ๐Ÿ”ง We observed that some third-party instances had been incorrectly configured such that when they entered an editor's URL (such as /pad) they only observed a blank page rather than being redirected to the appropriate URL which contained a trailing slash (ie. /pad/). We've added a script which detects such cases and redirects to the appropriate URL if it exists.
  • v4.14.1 Changes

    ๐Ÿš€ This minor release fixes a number of bugs that we noticed after deploying 4.14.0.

    • ๐Ÿ“‡ A bug in the code responsible for loading document metadata caused documents to be incorrectly treated as if they had no owners. As a result, several options in the Drive's UI did not work as expected:
      • owned documents could not be destroyed from the access menu.
      • document passwords could not be changed from the access menu.
      • document history could not be trimmed from the properties menu.
    • ๐Ÿ’ป We also found that some components did not behave as expected in the Drive UI while in history mode:
      • it was not possible to open shared folders' menus (properties, share, access) to view what their properties were in the past (in the event that they had been deleted or had their passwords changed).
      • shared folders names were not correctly displayed even when their data was available.
    • ๐Ÿš€ Some last minute changes to the checkup page before the 4.14.0 release caused a default error message to be incorrectly concatenated with the intended error message for each failing test.
    • ๐Ÿ‘• A rule in one of our translation linting scripts incorrectly flagged the "ise" in the word "milliseconds" as an instance of the UK-English "-ise" suffix (we use "-ize" elsewhere).
    • โšก๏ธ An admin of a third-party instance found that they were unable to load their checkup page. As it turned out, they were trying to access it via /checkup instead of /checkup/. We've updated our example NGINX config to rewrite this URL to include the trailing slash.
    • ๐Ÿšš Some of the comments in cryptpad/config/config.example.js were outdated or incorrect and have been removed or corrected.
    • The "About CryptPad" now correctly accepts handles custom links provided as protocol-relative URLs.
    • โšก๏ธ A number of pages did not set custom titles and instead used the default "CryptPad". They now update the document title, making it possible to distinguish between such pages when you have multiple tabs open.
    • ๐Ÿ”ง The forms and kanban apps both allow users to write content in Markdown, but did not always display the toolbar above their editors. This was because they inferred the user's preferred editor configuration based on whether they had collapsed the toolbar in the code editor. Since these apps don't offer an easy way to display the toolbar once more, we decided that it was better to just display it all the time.

    ๐Ÿ”€ We've also merged a few significant improvements:

    • ๐Ÿ’… The Polish translation was updated by Dariusz Laska.
    • ๐ŸŒ A significant percentage (currently 66%) of the Ukrainian translation has also been completed and enabled.
    • โšก๏ธ We've updated Mermaidjs to version 9.0.0, which fixes a number of bugs and also introduces support for gitGraph diagrams
    • ๐Ÿ“š Users on will no longer be warned that they are leaving the platform when they open a link to our documentation. Users on third-party instances will continue to see the usual warning, since they really are navigating to a site operated by different admins.

    ๐Ÿš€ Our 4.14.0 release notes introduced breaking changes. If you are not already running 4.14.0 we recommend updating to that first, then updating to 4.14.1 once you've confirmed that you are correctly passing all the tests on your instance's checkup page.S

    To do so:

    1. Stop your server โœ… 2. Get the latest code with git โšก๏ธ 3. Install the latest dependencies with bower update and npm i
    2. Restart your server โœ… 5. Review your instance's checkup page to ensure that you are passing all tests
  • v4.14.0 Changes


    ๐Ÿš€ Our main goal for this release was to follow up on some of the findings of the Intigriti bug bounty program that was sponsored by the European Commission. We also aimed to deploy some features that we want to have in place before the deployment of our upcoming 5.0 release and a corresponding update to our project site ( You can read more about all of this in our latest blog post.

    โšก๏ธ Update notes

    ๐Ÿ’ฅ This release includes BREAKING CHANGES, especially if you have not configured your instance correctly. We advise that you read the following section carefully and follow its recommendations as closely as possible if you operate your own CryptPad instance.

    ๐Ÿš€ First, some review: CryptPad is designed to be deployed using two domains. One is the primary domain which users enter into their address bar, while the second is a "sandbox" that is loaded indirectly. Sensitive operations like cryptographic key management are performed in the scope of the primary domain, while the sandbox is used to load the majority of the platform's UI. If there is a vulnerability in the sandbox, it is at least limited in scope because of measures we've taken to prevent it from accessing user accounts' keys. We initially introduced this system nearly five years ago, it is described in our admin installation guide, and we've done our best to make sure admins are aware of its importance. Even so, only a small number of our admins follow our recommendations.

    Since we've tried every other option we could think of to inform administrators of the risks of storing sensitive data on a misconfigured CryptPad instance, we are now adopting a more drastic policy where correct behaviour is enforced in the code itself. What that means for admins is that if you fail to implement configuration parameters which we consider essential, then various parts of the codebase will detect this and refuse to operate.

    If your instance is configured correctly, then this shouldn't impact you at all. If you're worried that you might be impacted, then the best course of action is to update to 4.13.0 (the previous release, if you aren't already running it) and to follow its recommendation to review the checkup page and ensure that your instance passes its self-diagnostic tests. 4.14.0 introduces a large number of new tests, but those that were already present in 4.13.0 should identify the major issues that will prevent your instance from loading after the update.

    Now, a bit about the situations in which CryptPad will fail to load:

    • ๐Ÿ”ง if CryptPad is loaded via any origin that does not match its configured httpUnsafeOrigin, then it will abort.
      • hint: for, this value is
    • if CryptPad's sandbox does not correctly block the use of eval, then it will abort.
      • the use of eval is blocked by the recommended Content-Security-Policy headers. These strict headers are applied to most resources loaded from the sandbox origin.
      • hint: for the httpSafeOrigin is, while our NGINX sets $sandbox_domain to
    • ๐Ÿ”’ if CryptPad is loaded in a browser that does not enforce Content-Security-Policy (such as Internet Explorer or any other browser using a non-compliant configuration) then it will abort.
    • if CryptPad is embedded within an iframe and you have not explicitly enabled embedding via the admin panel (more on that later) it will abort.
    • if any CryptPad application that requires special permissions (drive, calendar, sheet, doc, presentation) is loaded in an iframe then it will abort.

    ๐Ÿ”‹ The reasons for blocking embedding will be described in the Features section below, so keep reading if you're curious.

    โšก๏ธ We're also recommending a few more updates, but we don't expect that these will stop the service from loading:

    • NodeJS v12.14.0 (which we have recommended for some time) will be considered End-Of-Life as of April 30th.
      • We recommend updating to NodeJS v16.14.2 via NVM.
      • The API server will check the version of its runtime when it launches. It will print a warning to your server logs and set a public flag in /api/config indicating that it should be updated. There is a corresponding test on the checkup page which checks for the presence of this flag for admins that aren't in the habit of reviewing their logs.
    • โœ… The recommended NGINX config file also includes some minor changes. You can compare the current version (in cryptpad/docs/example.nginx.conf) against your live config with a diff tool. There are also new tests on the checkup page which will identify whether the newly changed headers have been correctly applied.
    • โšก๏ธ There are updates to our dependencies using both npm and bower.
    • ๐Ÿ”ง There are a number of new configuration parameters that can be customized via application_config.js. Some are optional. A number of other parameters, such as URLs for a privacy policy and terms of service, will be expected if your instance permits registration. The checkup page will display warnings if these are absent. Configuration via application_config.js is described in our docs.

    We've also made a number of changes and additions to the instance admin panel:

    • ๐Ÿ‘‰ controls for archiving and restoring documents can now be found under User storage, rather General.
      • Both sections now include an optional "note" field, allowing admins to specify the reason why a document was archived/restored. This value will be included in the server's logs.
    • ๐ŸŽ the Performance tab now includes two new settings which permit admins to enable a new API endpoint (/api/profiling) which exposes some live performance data as JSON endpoint. If you don't know what this means you probably don't need it.
    • ๐Ÿ‘ The admin support ticket panel now responds somewhat more quickly thanks to some sorting optimizations.
    • The General tab now includes three new fields (instance name, instance description, hosting location).
      • These are primarily intended for admins who have opted in to inclusion in the directory of public instances which we plan to deploy along with our next release.
      • In the future we hope to use these values on the home page as well, making it easier to customize your instance.

    โšก๏ธ To update from 4.13.0 to 4.14.0:

    โšก๏ธ 0. Before updating, review your instance's checkup page to see whether you have any unresolved issues

    1. Install NodeJS v16.14.2 โšก๏ธ 2. Update your systemd service file (or whatever method you use to launch CryptPad) to use the newer NodeJS version โšก๏ธ 3. Update your NGINX configuration file to match the provided example
    2. Stop your server โœ… 5. Get the latest code with git โšก๏ธ 6. Install the latest dependencies with bower update and npm i
    3. Restart your server โœ… 8. Confirm that your instance is passing all the tests included on the /checkup/ page (on whatever devices you intend to support)

    ๐Ÿ”‹ Features

    • 0๏ธโƒฃ Embedding of CryptPad in iframes on third-party websites is now disabled by default because doing so prevents a number of possible attacks in cases of overly permissive HTTP headers.
      • CryptPad's editors will only load properly if the instance is explicitly configured via the admin panel to permit this behaviour.
      • Even where embedding is enabled, the properties, share, access, and insert menus are disabled. Attempts to use them cause a dialog to open which prompts users to open the current document/page in a dedicated tab/window.
      • The embed tab of the share menu (which generates code for embedding CryptPad documents in third-party sites) is only shown if the instance administrators have enabled embedding.
    • More information about the host instance is included in the About CryptPad dialog which can be opened via the account administration menu in the top-right corner of the screen.
      • specifically: it now displays the same configurable instance description which is displayed on the home page, as well as links to the instance's terms of service and source code (if they are available).
    • ๐Ÿ‘ The support page has a number of new features:
      • A new tab is accessible via the left sidebar which displays a preview of the metadata which is included along with support tickets.
      • We revised the ticket categories which are listed in the dropdown menu. Users are prompted to choose a category. Once a category is chosen, more specific information is automatically requested with links to the relevant documentation.
    • The login page now features a reminder that administrators cannot reset passwords or recover accounts.
    • ๐Ÿšš Tracking parameters are automatically removed from the address bar after the page loads for cases where a third-party tool automatically added them.
    • Calendars in the sidebar of the calendar app are now sorted according to their title.
    • โœ… The checkup page features many new tests and improvements:
      • Errors are now sorted above warnings.
      • Errors and warnings are each sorted according to their test number.
      • In cases where multiple tests need to inspect the HTTP headers of a common resource, the resource is only requested once and subsequent requests access it from a cache, speeding up loading time and reducing network usage.
      • The Server header is displayed in the page summary if it is available.
      • The tests for CSP headers now describe the failures of each misconfigured CSP directive, rather than just the first one to fail.
      • Warnings are displayed for each of several important resources (privacy policy, terms of service, etc) when the instance allows registration but has not provided this information for new users.
      • Our test runner catches synchronously thrown errors and tries to display helpful messages.
      • Tests will time out after 25 seconds to ensure that the set of tests eventually completes.
      • A new script is executed before CryptPad's bootloader which should detect and handle bootloader errors such as missing dependencies or unreachable API endpoints.

    ๐Ÿ› Bug fixes

    • ๐Ÿ“œ The checkup page now handles and error that occurred when trying to parse CSP headers that were not provided (trying to parse null as a string).
    • The form app allowed authors to specify links (via markdown) in questions' descriptions and the form's submit message, but none of these links used CryptPad's typical link click handler. As a result these links failed to open.
    • Links specified on users' profile pages are opened via the bounce app, which warns users when a link will navigate outside CryptPad and blocks links which are clearly malicious in nature (trying to execute code).
    • ๐Ÿ›  We discovered and fixed a deadlock that occurred in cases where users tried to download a folder that contained multiple Office documents.
    • The drive's history mode now displays the appropriate document id in the properties menu in cases where an earlier version of a document had a different id (due to a password change).
    • During development of a new feature we discovered that the server could respond to HTTP requests with stack traces in cases where the request triggered an error. These responses could contain information about the server's directory structure, so we now handle these errors and send the client a page indicating that there was an internal server error.
    • Attempting to convert office documents could mistakenly trigger two concurrent downloads of the client-side conversion engine. Now it is only downloaded once, so conversion should be roughly twice as fast for cases where the WebAssembly blob was not already cached.
    • A number of users reported various actions which could cause documents in their team drives to be duplicated. These duplicated entries are references to the same document as the original, not complete copies, so care should be taken not to use the destroy option when removing them from your drive. If a user accidentally destroys a document then it should be possible for an administrator to restore its content via the admin panel if the user can provide a safe link that they can find using the drive's history mode.
  • v4.13.0 Changes


    ๐Ÿš€ For this release we set aside time to update a number of our software dependencies and to investigate a variety of bugs that had been reported in support tickets.

    ๐Ÿš€ We have also been coordinating with security researchers through a bug bounty program hosted by and sponsored by the European Commission. This release includes security fixes and a number of new tests on the checkup page to help ensure that your instance is configured in the most secure manner possible. We recommend you read these notes thoroughly to ensure you update correctly.

    โšก๏ธ Update notes

    ๐Ÿ”’ 4.13.0 includes significant changes to the Content-Security-Policy found in the example NGINX configuration which we recommend (available on GitHub). The updated policy only allows client behaviour which is strictly necessary for clients to work correctly, and is intended to be resilient against misconfiguration beyond the scope of this file. For instance, rather than simply allowing clients to connect to a list of permitted domains we are now explicit that those domains should only be accessible via HTTPS, in case the administrator was incorrectly serving unencrypted content over the same domain. These changes will need to be applied manually.

    ๐Ÿ”’ Several of the new tests on the checkup page ( evaluate the host instance's CSP headers and are very strict about what is considered correct. These settings are a core part of CryptPad's security model, and failing to configure them correctly can undermine its encryption by putting users at risk of cross-site-scripting (XSS) vulnerabilities.

    โšก๏ธ To update from 4.12.0 or 4.12.1 to 4.13.0:

    โšก๏ธ 0. Before updating, review your instance's checkup page to see whether you have any unresolved issues โšก๏ธ 1. Update your NGINX configuration file to match the provided example

    1. Stop your server โœ… 3. Get the latest code with git โšก๏ธ 3. Install the latest dependencies with bower update and npm i
    2. Restart your server โœ… 5. Confirm that your instance is passing all the tests included on the /checkup/ page (on whatever devices you intend to support)

    ๐Ÿ”‹ Features

    • ๐Ÿš€ This release updates OnlyOffice to v6.4.2, which includes a wide variety of improvements and bug fixes, such as:
      • dark mode
      • conditional formatting in sheets
      • fixes for various font and scaling issues
      • numerous other issues mentioned in OnlyOffice's changelog
    • ๐Ÿ”’ We switched from using our fork of Fabricjs back to the latest version of the upstream branch, since the maintainers had resolved the cause of an incompatibility with our strict Content Security Policy settings. Among other things, this brought improved support for a variety of pressure-sensitive drawing tablets when using our whiteboard app.
    • โšก๏ธ Mermaidjs ( has been updated to the version (8.13.10) which:
      • includes fixes a number of possible security flaws which should not have had any effect due to our CSP settings
      • introduces support for several new diagram types (entity relationship, requirement diagrams, user journeys)
      • adds support for dark mode and more modern styles
    • ๐Ÿ”ง We've begun to experiment with additional iframe sandboxing features to further isolate common platform features (sharing, access controls, media transclusion, upload) from the apps that can trigger their display. These measures should be mostly redundant on CryptPad instances with correctly configured sandboxes, but may help mitigate unexpected risks in other circumstances.
      • these improvements were disabled because they were handled incorrectly by Safari
    • We've added the ability for guests to edit calendars when they have the appropriate editing rights
    • ๐Ÿ’… A number of groups and individuals volunteered to help translate CryptPad into more languages or complete translations of languages that had fallen out of date. We are happy to say that CryptPad is now fully translated in Russian, Brazilian Portuguese, Czech, and Polish.

    ๐Ÿ› Bug fixes

    • ๐Ÿ”’ 4.13.0 fixes a number of security issues:
      • There were several instances where unsanitized user input was display as HTML in the UI. This had no effect on instances with correctly configured CSP headers, but could have been leveraged by attackers to run scripts on other users devices where these protections were not applied.
      • The 'bounce' page (which handles navigation from a CryptPad document to another page) didn't warn users when they were leaving CryptPad (a flaw known as an 'open redirect'). We now detect and warn users of redirection to untrusted pages, reducing the risk of phishing attacks. Some users have complained that they find this new behaviour annoying, but it's there to make the platform safer by default.
      • We've updated the protocol through which our cross-domain sandboxing system communicates with content served on the main domain so that it completely ignores messages from untrusted sources and refuses to communicate to other contexts unless they are explicitly trusted by the platform. Because of these restrictions it is possible that misconfigured instances will fail to load or otherwise behave incorrectly. Once again, there are tests on the checkup page designed to help identify these configuration issues, so please do take advantage of them.
    • Some code which was intended to prompt guests to log in or register when viewing a shared folder stopped working due to some changes in a past release. We now correctly identify when these guests have edit rights, and instead of simply displaying the text READ ONLY we prompt them with instructions on how to make full use of the rights they've been given.
    • ๐Ÿ’… We fixed some border styles on the horizontal dividers that are sometimes shown in dropdown menus such that consecutive dividers beyond the first are hidden.
    • โšก๏ธ One of our developer dependencies (json-schema) has been updated to fix a prototype pollution bug which should not have had any impact on anyone in practice.
    • A user reported that including __proto__ as the language in fenced code blocks in a markdown document triggered an error, so we now guard against this case.
    • ๐Ÿ›  We've fixed a few issues related to templates:
      • after creating a template in a team drive, clicking the store button would store it in your own drive
      • the creation of a template from a password-protected sheet did not correctly use the source sheet's password
    • Thanks to some user reports we discovered some possible type errors that could occur when migrating some account data to a newer internal version.
    • ๐Ÿ‘€ We disabled some unmaintained client-side tests after discovering that they were throwing errors under certain conditions, seemingly due to some browser regressions.
    • โšก๏ธ We updated some code to handle uploading dropped folders in the drive. Unfortunately this type of "drop" event has to be handled differently than when a folder is uploaded through other means, and Opera browser doesn't support the required APIs, so this is only supported in Firefox and Chromium-based browsers.
    • ๐Ÿ‘ When previewing uploaded media we now supply the file object rather than its raw buffer contents which were not supported for all media types.
    • ๐Ÿ›  We've fixed numerous issues with forms:
      • layout issues with buttons displayed in forms' author mode
      • the configured options for certain types of questions are reprocessed when you convert between related question types (multi-checkbox, multi-radio) with options being set back to their defaults when configurations are rendered invalid
      • editing status is recovered whenever possible if autosave interrupts user activity
    • ๐Ÿ›  Finally, we've fixed a number of issues specific to our integration of OnlyOffice's editors:
      • we now guard against some possible type errors if the metadata required for sharing cursor and selection data is absent or poorly formed
      • we do our best to recover your old cursor position if the document needs to be reloaded after a checkpoint
      • some special cases of image inclusion are now handled in the presentation editor
      • we ensure that images are correctly loaded when exporting, including embedded media and theme backgrounds in presentations
      • the chart and table buttons were temporarily disabled in OnlyOffice's toolbar due to some incompatibilities which have since been resolved
      • we now avoid creating duplicated network handlers when reconnecting to an office editing session
  • v4.12.1 Changes

    ๐Ÿš€ This minor release contains a few bug fixes based on feedback we received and adjustments to prepare for the update to OnlyOffice 6.4.

    • ๐Ÿš€ We noticed that charts and tables in the Document and Presentation (early access) applications cause conflicts with the upcoming OnlyOffice update. They are now disabled until the next release.
    • We found that the button to export form results to a CryptPad sheet was empty so we added the missing text.
    • ๐Ÿ›  Several issues were reported with the Forms application and are now fixed. This patch will prevent conditional sections from losing their content (questions and conditions) while editing the form. The "max options" selector won't be displayed anymore when converting "checkbox" questions to other types. The first two lines of a "choice grid" weren't always registered when submitting a form and this patch fixes it for newly created choice grids.
    • Some calendars created with external tools couldn't be imported in CryptPad due to notifications settings. We've changed the "import" script to make sure the event could still be imported but without the problematic notification.
    • 0๏ธโƒฃ We've received conflicting feedback about the privacy settings in forms. In the existing system, the users had to untick a box to submit with their name but, depending on the context, it's not always a good solution to make a form result anonymous by default. Similarly submitting form results with the username by default isn't privacy-friendly. We implemented a new system to prompt users to choose between submitting anonymously or with their name (unless one of the options is disabled).
  • v4.12.0 Changes


    ๐Ÿš€ Our primary goal for this release was to improve support for office file formats in CryptPad by

    1. integrating OnlyOffice's word processor and presentation editor and
    2. introducing more intuitive workflows that allow users to convert and open uploaded office files directly from their drives

    โšก๏ธ Update notes

    ๐Ÿš€ This release requires configuration changes to work correctly. We've updated our example NGINX config file to apply the required HTTP headers where appropriate.

    โšก๏ธ You can compare the updated example against that of a previous CryptPad version by running something like git diff -U2 4.11.0 docs/ to generate a diff:

    diff --git a/docs/example.nginx.conf b/docs/example.nginx.conf
    index 14a3d4fc2..ea21e3ba7 100644
    --- a/docs/example.nginx.conf
    +++ b/docs/example.nginx.conf
    @@ -65,5 +65,5 @@ server {
         set $coop '';
    -    if ($uri ~ ^\/(sheet|presentation|doc|convert)\/.*$) { set $coop 'same-origin'; }
    +    #if ($uri ~ ^\/(sheet|presentation|doc|convert)\/.*$) { set $coop 'same-origin'; }
         # Enable SharedArrayBuffer in Firefox (for .xlsx export)
    @@ -91,5 +91,5 @@ server {
         # connect-src restricts URLs which can be loaded using script interfaces
    -    set $connectSrc "'self' https://${main_domain} ${main_domain} https://${api_domain} blob: wss://${api_domain} ${api_domain} ${files_domain}";
    +    set $connectSrc "'self' https://${main_domain} ${main_domain} https://${api_domain} blob: wss://${api_domain} ${api_domain} ${files_domain} https://${sandbox_domain}";
         # fonts can be loaded from data-URLs or the main domain
    @@ -121,8 +121,13 @@ server {
         # they unfortunately still require exceptions to the sandboxing to work correctly.
         if ($uri ~ ^\/(sheet|doc|presentation)\/inner.html.*$) { set $unsafe 1; }
    -    if ($uri ~ ^\/common\/onlyoffice\/.*\/index\.html.*$) { set $unsafe 1; }
    +    if ($uri ~ ^\/common\/onlyoffice\/.*\/.*\.html.*$) { set $unsafe 1; }
         # everything except the sandbox domain is a privileged scope, as they might be used to handle keys
         if ($host != $sandbox_domain) { set $unsafe 0; }
    +    # this iframe is an exception. Office file formats are converted outside of the sandboxed scope
    +    # because of bugs in Chromium-based browsers that incorrectly ignore headers that are supposed to enable
    +    # the use of some modern APIs that we require when javascript is run in a cross-origin context.
    +    # We've applied other sandboxing techniques to mitigate the risk of running WebAssembly in this privileged scope
    +    if ($uri ~ ^\/unsafeiframe\/inner\.html.*$) { set $unsafe 1; }
         # privileged contexts allow a few more rights than unprivileged contexts, though limits are still applied

    โšก๏ธ We've also updated the checkup page to test for the expected server behaviour and suggest helpful steps for correcting misconfiguration issues. You can access this diagnostic page at https://<your-cryptpad-domain>/checkup/.

    Our team has limited resources, so we've chosen to introduce the new (and experimental) office editors gradually to avoid getting overwhelmed by support tickets as was the case when we introduced the current spreadsheet editor in 2019. In order to support this we've implemented an early access system which optionally restricts the use of these editors to premium subscribers. We will enable this system on, but admins of independent instances can enable them at their discretion.

    ๐Ÿ“„ To enable the use of the OnlyOffice Document and Presentation editor for everyone on your instance, edit your customize/application_config.js file to include AppConfig.enableEarlyAccess = true;.

    ๐Ÿ‘ If you wish to avoid a rush of support tickets from your users by limiting early access to users with custom quota increases, add another line like so Constants.earlyAccessApps = ['doc', 'presentation'];.

    0๏ธโƒฃ As these editors become more stable we plan to enable them by default on third-party instances. Keep in mind, these editors may be unstable and users may lose their work. Our team will fix bugs given sufficient information to reproduce them, but we will not take the time to help you recover lost data unless you have taken a support contract with us.

    โšก๏ธ To update from 4.11.0 to 4.12.0:

    1. Stop your server โœ… 2. Get the latest code with git
    2. Apply the recommended changes to your NGINX config (don't forget to reload NGINX)
      • optionally edit your application_config.js file to enable early access apps. restart your server or use the admin panel's Flush cache button for this to take effect. โšก๏ธ 4. Install the latest dependencies with bower update and npm i
    3. Restart your server โœ… 6. Confirm that your instance is passing all the tests included on the /checkup/ page (on whatever devices you intend to support)

    ๐Ÿ”‹ Features

    • โ†ช It took a lot of experimentation, reading of specification documents, and reverse-engineering of undocumented workarounds to avoid browser-specific regressions, but we've gotten our client-side engine for office file format conversion to work as intended in the context of user or team drives. This means that as long as you are using a relatively modern browser (not Safari or anything on iOS) you should be able to do things like:
      • right-click and open uploaded XLSX or ODS files in our OnlyOffice Sheet integration,
      • implicitly convert editable sheets to XLSX individually (using the download option) or as part of a collection when you download your full drive or one of its subtrees,
      • perform similar workflows with DOCX, ODT, PPT, and ODP files.
    • As mentioned above, admins that enable early access editors will be able try out the word processor and presentation editor. These editors use OnlyOffice client-side components, but have had their server-side components completely replaced, just as with our Sheet integration. Nobody else has packaged OnlyOffice's editors in this manner, so this is experimental technology and we recommend that you back up your documents regularly!
    • The form app now includes an option to open collected results in a new spreadsheet for advanced analysis.

    ๐Ÿ› Bug fixes

    • We finally tracked down a sneaky bug that was responsible for scrambling users' spreadsheets. The issue was triggered when they were disconnected and reconnected after editing the sheet by themself, usually for an extended period. A bug in the reconnection logic caused their earlier changes to the sheet to be replayed a second time, typically to disastrous effect if they had inserted rows in the meantime. A minor patch guards against this possibility, making sheets (and the newer office editors) far more stable.
    • ๐Ÿ–จ We noticed that the OnlyOffice editors' print to PDF functionality behaved differently depending on the user's preferences for downloads and file-type handling. In some cases the resulting PDF would be opened in an invisible iframe. In addition to the intentional download prompt we meant to trigger, some users would be implicitly shown a second prompt to download the contents of the iframe. We suppressed the creation of the hidden iframe and now download the generated PDF directly using a single, more modern method.
    • โœ… It was reported that responses to conditional sections of forms were not included in their results. Our patch has been tested in production and has been verified to correct the issue.
    • The recently introduced file upload preview was capable of throwing an error under certain circumstances when previewing text files, which prevented them from being uploaded. We now guard against these errors and fall back to no preview.
    • The chat box in pads failed to load for guests using the no-drive mode which we introduced as an optimization to reduce load time for one-time visitors. An attempt to access a data structure that did not exist caused a type error, which resulted in the chat interface appearing to load indefinitely.
    • Loading a shared folder by its link now causes it to be displayed in the context of your drive, rather than loading it in the background but displaying your last accessed folder instead.
    • We now guard against DOMException errors whenever we try to write data into localStorage, as this is capable of triggering a QuotaExceeded error which we has been observed to occur more frequently lately.
    • When attempting to use an editor's Insert menu to embed uploaded media in a document, we now wait until all thumbnails are loaded before displaying the menu. This is intended to avoid circumstances where the user attempts to click the menu's upload button but accidentally chooses a previously uploaded media file when the position of the button changes.
  • v4.11.0 Changes


    ๐Ÿš€ Our main goal for this release was to update our Forms app to address feedback gathered in the research we conducted over the summer (survey and one-on-one interviews with volunteers). Many of these points were limited to forms itself, but some were closely related with some other concepts in the platform and prompted us to make some considerable changes throughout.

    โšก๏ธ Update notes

    ๐Ÿš€ As of this release we are dropping support for Internet Explorer 11 we learned that even Microsoft stopped supporting it in their own Office 365 platform. This means that we can finally start using some newer browser features that are available in every other modern browser and simplify parts of our code, making it smaller and faster to load for everyone else.

    ๐Ÿš€ 4.11 doesn't require any manual configuration if you're updating from 4.10, so this should be a fairly simple release. There is a new customization option that is described in the following features section, however, this is entirely optional.

    โšก๏ธ To update from 4.10.0 to 4.11.0:

    1. Stop your server โœ… 2. Get the latest code with git โšก๏ธ 3. Install the latest dependencies with bower update and npm i
      • this release requires new client-side dependencies, so don't forget this step
    2. Restart your server โœ… 5. Confirm that your instance is passing all the tests included on the /checkup/ page (on whatever devices you intend to support)

    ๐Ÿ”‹ Features

    • 0๏ธโƒฃ We've changed the platform's default display name from "Anonymous" to "Guest" and have also replaced existing mentions of "Unregistered" or "Non-registered" users with this terminology.
      • The term "Anonymous" was only ever intended to convey the classical sense of the word ("without name or attribution") rather than the stricter modern sense "indistinguishable from a meaningfully large set of other individuals". To be clear, this is a change of terminology, not behaviour. To prevent your IP address from being revealed to the host server while using CryptPad the best option has always been, and continues to be Tor browser.
      • Going forward, if you see "anonymize" in CryptPad (such as in forms), you can take it to mean that extra efforts are being taken to make protocol-level metadata indistinguishable from that of other users, while "Guest" means only that you haven't registered or have removed your display name.
    • While we were reconsidering the notion of guest accounts we decided that it would be useful to be able to distinguish one guest from another. We decided to implement this by hooking into the existing system for displaying users' profile pictures by mapping a list of emojis to guests' randomly generated identifiers.
      • We chose a list of emojis that we hoped nobody would find objectionable ('๐Ÿ™ˆ ๐Ÿฆ€ ๐Ÿž ๐Ÿฆ‹ ๐Ÿฌ ๐Ÿ‹ ๐Ÿข ๐Ÿฆ‰ ๐Ÿฆ† ๐Ÿง ๐Ÿฆก ๐Ÿฆ˜ ๐Ÿฆจ ๐Ÿฆฆ ๐Ÿฆฅ ๐Ÿผ ๐Ÿป ๐Ÿฆ ๐Ÿฆ“ ๐Ÿ„ ๐Ÿ’ฎ๏ธ ๐Ÿ™๏ธ ๐ŸŒธ๏ธ ๐ŸŒป๏ธ ๐Ÿ๏ธ ๐Ÿ ๐Ÿฆ™ ๐Ÿฆ’ ๐Ÿ˜ ๐Ÿฆ ๐Ÿ ๐Ÿน ๐Ÿฐ ๐Ÿฆซ ๐Ÿฆ” ๐Ÿจ ๐Ÿฑ ๐Ÿบ ๐Ÿ‘บ ๐Ÿ‘น ๐Ÿ‘ฝ ๐Ÿ‘พ ๐Ÿค–'), but we realize that cultures and contexts differ widely. As such, we've made this configurable on a per-instance basis. A custom list of emojis can be set in customize/application_config.js as an array of single-emoji strings (AppConfig.emojiAvatars = ['๐Ÿฅฆ', '๐Ÿง„', '๐Ÿ„', '๐ŸŒถ๏ธ'];) or as an empty array if you prefer not to display any emojis (AppConfig.emojiAvatars = [];). See our admin docs for more info on customization.
      • Users can edit their display name inline in the user list or on their settings page, in which case their avatar will be one or two letters from their name (their first two initials if their name contains at least one space, otherwise the first two letters of their name).
      • Once these initial improvements had been made to the user list, the lack of support for emoji avatars in a number of places felt very conspicuous, so we've done our best to implement them consistently across every social aspect of the platform. Default emoji avatars are also displayed in comments in the rich text editor, in authorship data in our code/markdown editor, in tooltips when you hover over the marker for remote users' cursor location, in the "currently editing" indicator for Kanban cards, in the share and access menus, and in the "contacts" app.
    • ๐Ÿ“‡ The file upload dialog now includes a preview of the media that you are about to upload (as long as it's something CryptPad is capable of displaying) as well as a text field for describing the media. Descriptive text is added to the file's encrypted metadata and is applied to rendered media as alt or title attributes wherever applicable. This coincides with a broader effort to improve keyboard navigation and add support for screen-readers.
    • ๐Ÿ’ป The link creation UI from 4.9.0 now highlights the URL input field as you type to indicate whether the current URL value is valid, rather than simply displaying an error when you submit.
    • ๐ŸŽ The 'Performance' tab of the admin panel has reused the bar chart UI we added for displaying the results of forms.
    • ๐Ÿš€ We've written a small script to help us identify translated strings that are consistently duplicated across the four languages into which CryptPad has been fully translated (English, French, German, Japanese). We plan to use this to remove unnecessary strings in an upcoming release and make it easier to translate the platform into new languages.
    • ๐Ÿ’ป The "share" menu now makes its primary actions more clear, with explicit text ("copy link" instead of just "copy") on its main buttons, as well as icons that better match button UI on the rest of the platform.
    • ๐Ÿš€ Finally, this release introduces our "v2" forms update with many usability enhancements:
      • Forms can now include questions which are displayed based on the condition of participants' earlier answers.
      • The participant view of forms no longer displays CryptPad's toolbar and popups and instead uses a full-page view. CryptPad's logo is included at the bottom of the page and acts as a link to the home page.
      • Form authors can set a custom message to be displayed to participants once they have submitted a response.
      • Some more advanced form settings are available for authors, and we've clarified the descriptions of existing options ("Anonymize responses", "Guest access", "Editing after submission").
      • Form authorship supports real-time editing more broadly than before:
      • Changes are saved as you type, so you no longer need to manually save each question.
      • Multiple authors can edit edit the same question concurrently without overwriting each other's work.
      • We avoid redrawing active parts of the UI when other authors make a change, so remote actions won't interfere with your local date-picker, dropdown selections, etc.
      • The UI is redrawn no more than once every 500ms for performance reasons.
      • We do our best to preserve current scroll position when other users make changes so authors don't accidentally click on the wrong elements.
      • Authors have easier access to basic functionality in the left sidebar that allows them to preview a form, copy the participant link, and view existing responses with a single click.
      • The form creation presents better default options (placeholders instead of pre-filled fields for text inputs) and offers intuitive controls, such as "enter" to create a new field, "esc" to clear an empty field, and "tab" to navigate with just the keyboard.
      • The summary of existing responses is presented more intuitively:
      • The tally of empty responses is now displayed at the top of each question's summary rather than the bottom.
      • Bar charts are used throughout, wherever applicable.
      • Options with no answers are still displayed with zero results in the summary rather than not being displayed at all.
      • Options are displayed according to the order of their appearance in the original question, rather than according to the order in which participants chose them.
      • Form authors can conveniently change a question's type wherever its content can be automatically converted to a related format (radio, checkbox, ranked choices).
      • There are more options for form validation, such as required questions and new types of questions with automatic validation. Invalid answers are summarized at the bottom of the form. Clicking summaries jumps to the relevant question.
      • CryptPad logo is included at the bottom of the participant page and links to the home page so that participants can create their own forms or learn more about how data is encrypted.
      • We now pre-fill some options in our "simple scheduling poll" template, suggesting some basic options for the upcoming week and better indicating how the poll is intended to be used.
      • Lastly, authors can assign color themes to their form for some basic visual customization.

    ๐Ÿ› Bug fixes

    • โœ… While implementing and testing the display of emojis as avatars for guests we found several instances (in teams, chat, and the contacts app) where the UI did not fall back to the default display name.
    • ๐Ÿ‘ We've clarified a comment in our example NGINX file which recommended that admins contact us if they are using CryptPad in a production environment. It now indicates that they should do so if they require professional support.
    • We now handle an edge case in ICS import to calendars where DTEND was not defined. When a duration is specified we calculate the end of the event relative to the provided start time, and otherwise consider it a "full-day" event as per the ICS specification.
    • ๐Ÿ’… Users can share links directly with contacts, but we noticed that the color of the previewed link was overridden by some styles from bootstrap, resulting in very low contrast. We now use a standard CryptPad color which is clearly legible in both light and dark mode.
    • Finally, we've applied some stricter validation to the encrypted content of team invite links which could have previously resulted in type errors.
  • v4.10.0 Changes


    August is typically a quiet month for CryptPad's development team, as members of our team and many of our users take their (northern hemisphere) summer holidays. We took the opportunity to catch up on some regular maintentance and to review and some prototype branches of our code that had been ready for integration for some time.

    ๐Ÿ‘€ It seems that some browser developers thought to do the same thing, because we noticed some significant regressions in some APIs that we rely on. Some of our time went towards addressing the resulting bugs and restructuring some code to avoid future regressions for browser behaviour that seem likely to be changed again in the near future.

    โšก๏ธ Update notes

    ๐Ÿ’ป 4.10.0 includes some minor changes to the checkup page. Some admins have included screenshots of this page in bug reports or requests for support along with details of problems they suspect of being related. Because we've observed that the root of many issues is the browser (sometimes in addition to the server) we have decided to include details about the browser in this page's summary.

    ๐Ÿ”ง Up until now the checkup page only tested observable behaviour of the server such as HTTP headers on particular resources, configuration parameters distributed to the client, and the availability of essential resources. This practice meant that a report for an instance should have been the same regardless of the device that was used to generate the report. In light of a serious regression in Chrome (and all its derivatives) we decided that objectiveness was less important than utility and introduced some tests which check whether the client running the diagnostics interprets the provided server configuration. Terrible browsers (ie. every browser that is available on iOS) will fail these tests every time because they don't implement the expected APIs, but we've tried to detect these cases and warn that they are expected.

    ๐Ÿš€ For the most part you (as an admin) will not need to do anything special for this release as a result. If you notice weird issues on particular browsers in the future, however, it might be helpful to view this page from the affected browser/device and include any information that is provided in bug reports.

    โšก๏ธ To update from 4.9.0 to 4.10.0:

    1. Stop your server โœ… 2. Get the latest code with git โšก๏ธ 3. Install the latest dependencies with bower update and npm i
    2. Restart your server โœ… 5. Confirm that your instance is passing all the tests included on the /checkup/ page (on whatever devices you intend to support)

    ๐Ÿ”‹ Features

    ๐Ÿšง As noted above, web standards and the browsers that implement them are constantly changing. Web applications like CryptPad which use new and advanced browser features are particularly prone to regressions even when we use browser features exactly as intended and advertized. The "Features" section of each release's notes typically highlights visible things, like clickable buttons or improvements to the interface. This point is included as a reminder that regular maintenance is at least as important to an open-source software project, even though it gets little attention and far less funding. The funding bodies that have generously supported our work typically award grants for research and the development of novel features, but we are sorely in need of increased support to allow us the flexibility to deal with unanticipated problems as they arise. If you are fortunate enough to have some disposable income and value the work that keeps CryptPad functional we would greatly appreciate a one-time or recurring donation to our OpenCollative campaign.

    • This release coincided the yearly seminar of XWiki (our parent organization) which always features a day-long hackathon. This year our team was joined by @aemi-dev who has been working as an intern within XWiki's product team. Together we worked on adding some data visualization to our recently introduced Form app. The improvements include a timeline to visualize how many responses were submitted to the form during each day and bar charts for a variety of question types to complement the existing tally of results. There's still more work to be done in this direction, but we established some useful foundations during our relatively short session.
    • Frequent users of small screens will be pleased to hear that CryptPad's app toolbar now includes a button to collapse the upper segment of the toolbar which includes CryptPad's logo, the current document's title, status indicator (saved, editing, disconnected, etc.), and the user administration menu.
    • Likewise, Kanban users may note that the app's toolbar also features a "Tools" menu (like that in the markdown editor) which toggles display of the controls which filter board items by tag and select view state (detailed or brief).
    • ๐Ÿ’ป Password fields that are specific to files and documents now have the autocomplete="new-password" attribute applied to prevent browsers and integrated password managers from suggesting that users enter their account password. This lowers the risk that users will inadvertently reveal their account password in the future. Additionally, Firefox will now prompt users to use a high-entropy password instead.
    • ๐Ÿš€ Our integrated support ticket functionality automatically includes some commonly needed information about the user's account and browser. As of this release this data will also include the browser's vendor and appVersion, which are useful hints about the host browser and OS (which we almost always have to ask about when the ticket is for a bug report). This data will also include the browser's current width and height, as some issues only occur at particular resolutions and can otherwise be difficult to reproduce.
    • โšก๏ธ We reviewed a range of third-party dependencies that are included in our repository and updated cryptpad/www/lib/ to better indicate their exact version, source, and any CryptPad-specific modifications we've made to them.
      • We found less.js had been duplicated, with one version (provided by bower) being used for custom styles in our slide editor while the rest of the platform used a custom version that fixed an apparent bug in the reference import syntax. We've standardized on our custom version and removed the alternative from our bower.json file.
      • We also identified a few files that were no longer in use and removed them. There's still more work to be done to document the exact versions and source of some dependencies, so we've made this process a part of our regular release checklist.
    • ๐Ÿš€ During a manual review we noticed some inconsistencies between different translations of CryptPad and have automated these checks by adding them to a script which we use to review translations before each release. These have helped us standardize things like the capitalization of "CryptPad", the syntax for some basic markup like <br> tags, and the consistent use of both dialect-specific suffixes in English and punctuation rules in French. We have only added tests for languages in which members of our team are fluent, so if you maintain a translation in another language and can suggest additional qualities we could test we would welcome your suggestions.
    • ๐Ÿ”’ The improved consistency of our translations has also enabled us to construct some translated UI components programmatically without directly using their inline HTML. This provides an extra layer of security in the event that
      1. malicious code was included in a translation file
      2. our tests failed to identify the code before it was included in a release
      3. the release was deployed by an admin that had failed to take advantage of the sandboxing system that prevents the injection of scripts into the UI

    ๐Ÿ› Bug fixes

    • โ†ช The Chrome development team made some changes related to the availability of the SharedArrayBuffer API in cross-site-isolated contexts such as that of our sandboxing system which resulted in it being disabled despite the fact that our usage conformed to a specification that should have been supported. We use this modern browser feature (where available) to convert spreadsheets between different formats in the browser itself, whereas other services (even those advertizing their use of encryption for documents) send users' content to their server for conversion. Since Chrome's engine is used as the basis for a wide variety of other browsers, this broke sheet export everywhere except Firefox (which correctly implements the specification). Luckily, we found a simple workaround to use the same underlying feature using an alternate syntax that they had failed to disable. This is only a short-term solution as we have no expectation that it will continue to work, so we are actively investigating making this conversion a trusted process that will be run outside of our sandboxing system.
    • On the topic of spreadsheet conversion, we updated our translations of the warning that is displayed in our conversion UI when the required browser features are not available. Rather than referring to "Microsoft Office formats" we now refer to "Office formats" since we offer support for ODS in addition to XLSX.
    • ๐Ÿ‘€ We found that CSV export mysteriously stopped working as well (seemingly everywhere, not just Chrome and derivatives). We're still not sure why this is the case, but the option is disabled in the UI until we can find and fix the problem.
    • The drive app includes a button that lets guest users wipe their personal data from their browser's session. We noticed that this button did nothing after approximately 50% of page loads in Firefox, suggesting there was an unpredictable quality related to either how the button was being created or how "click handlers" were declared. We traced it back to the jQuery library and rewrote the handler to use "VanillaJS". We don't have the time or budget to dig into why it stopped working, so unless someone else can figure it out for us then you, dear reader, may never learn the answer to this mystery.
    • While investigating the drive we also added some guards against some possible type errors.
    • โšก๏ธ We noticed that the loginToken attribute was not correctly removed from clients' localStorage when they deleted their account. The value of this token is random and is of no use to attackers (especially when the token belongs to a deleted account), but it was a cause of some inconvenience to us when testing account deletion, as the mismatch between the token stored locally and in accounts (after login) required us to login in a second time before. We've updated the related code to:
      1. correctly delete the token when you delete an account from the settings page
      2. ensure that no such token is present when logging in
    • ๐Ÿ“Œ Document ids with invalid lengths are excluded from accounts' lists of "pinned documents" (those which should not be deleted from the server). We recently implemented a similar fix, but found that this list could be constructed in more than one way depending on the context.
    • ๐Ÿ›  We identified and fixed two problems with our "history trim" functionality (accessible via documents' "Properties" menu):
      1. In the extremely unlikely event that a user requested that the server trim the history of a document and its metadata failed to load, the server would respond to the user with an error but did not correctly abort from the subsequent process to trim the document's history. In theory this could have been used by non-owners to archive parts of the documents history, however, we have no reason to believe that this was possible in practice. In any case, the flaw has been corrected.
      2. Complex documents like spreadsheets that use more than one channel to store different types of content would trim their respective histories in parallel, however, in such cases any errors were returned to the calling function as a list of warnings rather than a singular error. This format was not handled by the UI, resulting in an apparent success in cases of a partial or complete failure for such document types.
  • v4.9.0 Changes

    Goals and announcements

    ๐Ÿš€ We allocated most of this release cycle towards a schedule of one-on-one user interviews and some broad usage studies leveraging our new Form app. The remainder of our time was spent on some minor improvements. We'll continue at a slightly slower pace of implementation for the coming weeks while we complete our scheduled interviews and take some much-needed vacations.

    โšก๏ธ Update notes

    ๐Ÿš€ It appears our promotion of the checkup page through our recent release notes and the inclusion of a link to it from the instance admin have been moderately successful. We've observed that more instance admins are noticing and fixing some common configuration issues.

    This release features some minor changes to one instance configuration test which incorrectly provided an exemption for the use of http://localhost:3000 as an httpUnsafeOrigin value. This exemption was provided because this value is valid for local development. However, it suppressed errors when this configuration was used for production instances where it could cause a variety of problems. As usual, we recommend checking your instance's admin page after updating to confirm that you are passing the latest tests. Information about the checkup page is included in our documentation.

    โšก๏ธ To update from 4.8.0 to 4.9.0:

    1. Stop your server โœ… 2. Get the latest code with git โšก๏ธ 3. Install the latest dependencies with bower update and npm i
    2. Restart your server โœ… 5. Confirm that your instance is passing all the tests included on the /checkup/ page

    ๐Ÿ”‹ Features

    • We've added the ability to store URLs in user and team drives as requested in a private support ticket and this issue. Links can be shared directly with contacts. Unlike pads, links are not collaborative objects, so updating a link's name will not update the entry in another user's drive if you've already shared it with them. Links are integrated into our apps' insert menu to facilitate quick insertion of links you've stored into your documents. We're interested in measuring how this functionality is used in practice so we can decide whether it's worth spending more time on it. We have added some telemetry to measure (in aggregate) how often its components are used. We anonymize IP addresses in the logs for, but as always, you can disable telemetry via your settings panel.
    • ๐Ÿ‘ Our rich text editor now supports indentation with the tab key, as per issue #634.
    • ๐Ÿ’… Forms received another round of improvements to styles, workflows, and some basic survey functionality to yield more accurate results.
      • Ordered lists are now shuffled for each survey participant so that their initial order has less effect on the final results.
      • CSV export now uses one column for each option in polls, making them easier to read.
      • Unregistered users can now add a name to their response.
      • Form results are displayed automatically (when available) to those who have answered.
      • Authors and auditors can now click on usernames in polls to jump directly to other answers from the same user.
    • ๐Ÿ‘‰ Users with very large drives might notice that their account loads slightly faster now, due to some minor optimizations in an integrity check that the client performs when loading accounts.

    ๐Ÿ› Bugs

    • We've added a guard against a type error that could be triggered when loading teams under certain rare conditions.
    • ๐Ÿ’ป Unregistered users' drives now show the "bread-crumb" UI for navigating between folders when viewing a shared folder in read-only mode. We've also suppressed the "Files" button for displaying the tree view which was non-functional for such users.
    • ๐Ÿ›  A change in the format of support tickets caused tickets recently created by premium users to not be recognized as such. We've fixed the categorization in the admin panel's support ticket view.
    • ๐Ÿ›  We've fixed a number of minor issues with forms:
      • The maximum number of selectable choices for checkbox questions can no longer exceed the number of available choices.
      • We guard against a type error that could occur when parsing dates.
      • Forms imported from templates now have their initial title corrected.
      • We've disabled the use of our indexedDB caching system for form results, since it was quietly dropping older responses when more than 100 responses had been submitted. We plan to re-enable caching for results once we've updated the eviction metric to better handle the response format.