All Versions
76
Avg Release Cycle
14 days
Latest Release
-

## Changelog History Page 1

• ### v4.12.1 Changes

🚀 This minor release contains a few bug fixes based on feedback we received and adjustments to prepare for the update to OnlyOffice 6.4.

• 🚀 We noticed that charts and tables in the Document and Presentation (early access) applications cause conflicts with the upcoming OnlyOffice update. They are now disabled until the next release.
• We found that the button to export form results to a CryptPad sheet was empty so we added the missing text.
• 🛠 Several issues were reported with the Forms application and are now fixed. This patch will prevent conditional sections from losing their content (questions and conditions) while editing the form. The "max options" selector won't be displayed anymore when converting "checkbox" questions to other types. The first two lines of a "choice grid" weren't always registered when submitting a form and this patch fixes it for newly created choice grids.
• Some calendars created with external tools couldn't be imported in CryptPad due to notifications settings. We've changed the "import" script to make sure the event could still be imported but without the problematic notification.
• 0️⃣ We've received conflicting feedback about the privacy settings in forms. In the existing system, the users had to untick a box to submit with their name but, depending on the context, it's not always a good solution to make a form result anonymous by default. Similarly submitting form results with the username by default isn't privacy-friendly. We implemented a new system to prompt users to choose between submitting anonymously or with their name (unless one of the options is disabled).

## Goals

🚀 Our primary goal for this release was to improve support for office file formats in CryptPad by

1. integrating OnlyOffice's word processor and presentation editor and
2. introducing more intuitive workflows that allow users to convert and open uploaded office files directly from their drives

## ⚡️ Update notes

🚀 This release requires configuration changes to work correctly. We've updated our example NGINX config file to apply the required HTTP headers where appropriate.

⚡️ You can compare the updated example against that of a previous CryptPad version by running something like git diff -U2 4.11.0 docs/ to generate a diff:

diff --git a/docs/example.nginx.conf b/docs/example.nginx.conf
index 14a3d4fc2..ea21e3ba7 100644
--- a/docs/example.nginx.conf
+++ b/docs/example.nginx.conf
@@ -65,5 +65,5 @@ server {

set $coop ''; - if ($uri ~ ^\/(sheet|presentation|doc|convert)\/.*$) { set$coop 'same-origin'; }
+    #if ($uri ~ ^\/(sheet|presentation|doc|convert)\/.*$) { set $coop 'same-origin'; } # Enable SharedArrayBuffer in Firefox (for .xlsx export) @@ -91,5 +91,5 @@ server { # connect-src restricts URLs which can be loaded using script interfaces - set$connectSrc "'self' https://${main_domain}${main_domain} https://${api_domain} blob: wss://${api_domain} ${api_domain}${files_domain}";
+    set $connectSrc "'self' https://${main_domain} ${main_domain} https://${api_domain} blob: wss://${api_domain}${api_domain} ${files_domain} https://${sandbox_domain}";

# fonts can be loaded from data-URLs or the main domain
@@ -121,8 +121,13 @@ server {
# they unfortunately still require exceptions to the sandboxing to work correctly.
if ($uri ~ ^\/(sheet|doc|presentation)\/inner.html.*$) { set $unsafe 1; } - if ($uri ~ ^\/common\/onlyoffice\/.*\/index\.html.*$) { set$unsafe 1; }
+    if ($uri ~ ^\/common\/onlyoffice\/.*\/.*\.html.*$) { set $unsafe 1; } # everything except the sandbox domain is a privileged scope, as they might be used to handle keys if ($host != $sandbox_domain) { set$unsafe 0; }
+    # this iframe is an exception. Office file formats are converted outside of the sandboxed scope
+    # because of bugs in Chromium-based browsers that incorrectly ignore headers that are supposed to enable
+    # the use of some modern APIs that we require when javascript is run in a cross-origin context.
+    # We've applied other sandboxing techniques to mitigate the risk of running WebAssembly in this privileged scope
+    if ($uri ~ ^\/unsafeiframe\/inner\.html.*$) { set \$unsafe 1; }

# privileged contexts allow a few more rights than unprivileged contexts, though limits are still applied

⚡️ We've also updated the checkup page to test for the expected server behaviour and suggest helpful steps for correcting misconfiguration issues. You can access this diagnostic page at https://<your-cryptpad-domain>/checkup/.

Our team has limited resources, so we've chosen to introduce the new (and experimental) office editors gradually to avoid getting overwhelmed by support tickets as was the case when we introduced the current spreadsheet editor in 2019. In order to support this we've implemented an early access system which optionally restricts the use of these editors to premium subscribers. We will enable this system on CryptPad.fr, but admins of independent instances can enable them at their discretion.

📄 To enable the use of the OnlyOffice Document and Presentation editor for everyone on your instance, edit your customize/application_config.js file to include AppConfig.enableEarlyAccess = true;.

👍 If you wish to avoid a rush of support tickets from your users by limiting early access to users with custom quota increases, add another line like so Constants.earlyAccessApps = ['doc', 'presentation'];.

0️⃣ As these editors become more stable we plan to enable them by default on third-party instances. Keep in mind, these editors may be unstable and users may lose their work. Our team will fix bugs given sufficient information to reproduce them, but we will not take the time to help you recover lost data unless you have taken a support contract with us.

⚡️ To update from 4.11.0 to 4.12.0:

1. Stop your server ✅ 2. Get the latest code with git
2. Apply the recommended changes to your NGINX config (don't forget to reload NGINX)
• optionally edit your application_config.js file to enable early access apps. restart your server or use the admin panel's Flush cache button for this to take effect. ⚡️ 4. Install the latest dependencies with bower update and npm i
3. Restart your server ✅ 6. Confirm that your instance is passing all the tests included on the /checkup/ page (on whatever devices you intend to support)

## 🔋 Features

• ↪ It took a lot of experimentation, reading of specification documents, and reverse-engineering of undocumented workarounds to avoid browser-specific regressions, but we've gotten our client-side engine for office file format conversion to work as intended in the context of user or team drives. This means that as long as you are using a relatively modern browser (not Safari or anything on iOS) you should be able to do things like:
• right-click and open uploaded XLSX or ODS files in our OnlyOffice Sheet integration,
• implicitly convert editable sheets to XLSX individually (using the download option) or as part of a collection when you download your full drive or one of its subtrees,
• perform similar workflows with DOCX, ODT, PPT, and ODP files.
• As mentioned above, admins that enable early access editors will be able try out the word processor and presentation editor. These editors use OnlyOffice client-side components, but have had their server-side components completely replaced, just as with our Sheet integration. Nobody else has packaged OnlyOffice's editors in this manner, so this is experimental technology and we recommend that you back up your documents regularly!
• The form app now includes an option to open collected results in a new spreadsheet for advanced analysis.

## 🐛 Bug fixes

• We finally tracked down a sneaky bug that was responsible for scrambling users' spreadsheets. The issue was triggered when they were disconnected and reconnected after editing the sheet by themself, usually for an extended period. A bug in the reconnection logic caused their earlier changes to the sheet to be replayed a second time, typically to disastrous effect if they had inserted rows in the meantime. A minor patch guards against this possibility, making sheets (and the newer office editors) far more stable.
• 🖨 We noticed that the OnlyOffice editors' print to PDF functionality behaved differently depending on the user's preferences for downloads and file-type handling. In some cases the resulting PDF would be opened in an invisible iframe. In addition to the intentional download prompt we meant to trigger, some users would be implicitly shown a second prompt to download the contents of the iframe. We suppressed the creation of the hidden iframe and now download the generated PDF directly using a single, more modern method.
• ✅ It was reported that responses to conditional sections of forms were not included in their results. Our patch has been tested in production and has been verified to correct the issue.
• The recently introduced file upload preview was capable of throwing an error under certain circumstances when previewing text files, which prevented them from being uploaded. We now guard against these errors and fall back to no preview.
• The chat box in pads failed to load for guests using the no-drive mode which we introduced as an optimization to reduce load time for one-time visitors. An attempt to access a data structure that did not exist caused a type error, which resulted in the chat interface appearing to load indefinitely.
• We now guard against DOMException errors whenever we try to write data into localStorage, as this is capable of triggering a QuotaExceeded error which we has been observed to occur more frequently lately.
• When attempting to use an editor's Insert menu to embed uploaded media in a document, we now wait until all thumbnails are loaded before displaying the menu. This is intended to avoid circumstances where the user attempts to click the menu's upload button but accidentally chooses a previously uploaded media file when the position of the button changes.

## Goals

🚀 Our main goal for this release was to update our Forms app to address feedback gathered in the research we conducted over the summer (survey and one-on-one interviews with volunteers). Many of these points were limited to forms itself, but some were closely related with some other concepts in the platform and prompted us to make some considerable changes throughout.

## ⚡️ Update notes

🚀 As of this release we are dropping support for Internet Explorer 11 we learned that even Microsoft stopped supporting it in their own Office 365 platform. This means that we can finally start using some newer browser features that are available in every other modern browser and simplify parts of our code, making it smaller and faster to load for everyone else.

🚀 4.11 doesn't require any manual configuration if you're updating from 4.10, so this should be a fairly simple release. There is a new customization option that is described in the following features section, however, this is entirely optional.

⚡️ To update from 4.10.0 to 4.11.0:

1. Stop your server ✅ 2. Get the latest code with git ⚡️ 3. Install the latest dependencies with bower update and npm i
• this release requires new client-side dependencies, so don't forget this step
2. Restart your server ✅ 5. Confirm that your instance is passing all the tests included on the /checkup/ page (on whatever devices you intend to support)

## 🔋 Features

• 0️⃣ We've changed the platform's default display name from "Anonymous" to "Guest" and have also replaced existing mentions of "Unregistered" or "Non-registered" users with this terminology.
• The term "Anonymous" was only ever intended to convey the classical sense of the word ("without name or attribution") rather than the stricter modern sense "indistinguishable from a meaningfully large set of other individuals". To be clear, this is a change of terminology, not behaviour. To prevent your IP address from being revealed to the host server while using CryptPad the best option has always been, and continues to be Tor browser.
• Going forward, if you see "anonymize" in CryptPad (such as in forms), you can take it to mean that extra efforts are being taken to make protocol-level metadata indistinguishable from that of other users, while "Guest" means only that you haven't registered or have removed your display name.
• While we were reconsidering the notion of guest accounts we decided that it would be useful to be able to distinguish one guest from another. We decided to implement this by hooking into the existing system for displaying users' profile pictures by mapping a list of emojis to guests' randomly generated identifiers.
• We chose a list of emojis that we hoped nobody would find objectionable ('🙈 🦀 🐞 🦋 🐬 🐋 🐢 🦉 🦆 🐧 🦡 🦘 🦨 🦦 🦥 🐼 🐻 🦝 🦓 🐄 💮️ 🐙️ 🌸️ 🌻️ 🐝️ 🐐 🦙 🦒 🐘 🦏 🐁 🐹 🐰 🦫 🦔 🐨 🐱 🐺 👺 👹 👽 👾 🤖'), but we realize that cultures and contexts differ widely. As such, we've made this configurable on a per-instance basis. A custom list of emojis can be set in customize/application_config.js as an array of single-emoji strings (AppConfig.emojiAvatars = ['🥦', '🧄', '🍄', '🌶️'];) or as an empty array if you prefer not to display any emojis (AppConfig.emojiAvatars = [];). See our admin docs for more info on customization.
• Users can edit their display name inline in the user list or on their settings page, in which case their avatar will be one or two letters from their name (their first two initials if their name contains at least one space, otherwise the first two letters of their name).
• Once these initial improvements had been made to the user list, the lack of support for emoji avatars in a number of places felt very conspicuous, so we've done our best to implement them consistently across every social aspect of the platform. Default emoji avatars are also displayed in comments in the rich text editor, in authorship data in our code/markdown editor, in tooltips when you hover over the marker for remote users' cursor location, in the "currently editing" indicator for Kanban cards, in the share and access menus, and in the "contacts" app.
• 📇 The file upload dialog now includes a preview of the media that you are about to upload (as long as it's something CryptPad is capable of displaying) as well as a text field for describing the media. Descriptive text is added to the file's encrypted metadata and is applied to rendered media as alt or title attributes wherever applicable. This coincides with a broader effort to improve keyboard navigation and add support for screen-readers.
• 💻 The link creation UI from 4.9.0 now highlights the URL input field as you type to indicate whether the current URL value is valid, rather than simply displaying an error when you submit.
• 🐎 The 'Performance' tab of the admin panel has reused the bar chart UI we added for displaying the results of forms.
• 🚀 We've written a small script to help us identify translated strings that are consistently duplicated across the four languages into which CryptPad has been fully translated (English, French, German, Japanese). We plan to use this to remove unnecessary strings in an upcoming release and make it easier to translate the platform into new languages.
• 💻 The "share" menu now makes its primary actions more clear, with explicit text ("copy link" instead of just "copy") on its main buttons, as well as icons that better match button UI on the rest of the platform.
• 🚀 Finally, this release introduces our "v2" forms update with many usability enhancements:
• Forms can now include questions which are displayed based on the condition of participants' earlier answers.
• The participant view of forms no longer displays CryptPad's toolbar and popups and instead uses a full-page view. CryptPad's logo is included at the bottom of the page and acts as a link to the home page.
• Form authors can set a custom message to be displayed to participants once they have submitted a response.
• Some more advanced form settings are available for authors, and we've clarified the descriptions of existing options ("Anonymize responses", "Guest access", "Editing after submission").
• Form authorship supports real-time editing more broadly than before:
• Changes are saved as you type, so you no longer need to manually save each question.
• Multiple authors can edit edit the same question concurrently without overwriting each other's work.
• We avoid redrawing active parts of the UI when other authors make a change, so remote actions won't interfere with your local date-picker, dropdown selections, etc.
• The UI is redrawn no more than once every 500ms for performance reasons.
• We do our best to preserve current scroll position when other users make changes so authors don't accidentally click on the wrong elements.
• Authors have easier access to basic functionality in the left sidebar that allows them to preview a form, copy the participant link, and view existing responses with a single click.
• The form creation presents better default options (placeholders instead of pre-filled fields for text inputs) and offers intuitive controls, such as "enter" to create a new field, "esc" to clear an empty field, and "tab" to navigate with just the keyboard.
• The summary of existing responses is presented more intuitively:
• The tally of empty responses is now displayed at the top of each question's summary rather than the bottom.
• Bar charts are used throughout, wherever applicable.
• Options with no answers are still displayed with zero results in the summary rather than not being displayed at all.
• Options are displayed according to the order of their appearance in the original question, rather than according to the order in which participants chose them.
• Form authors can conveniently change a question's type wherever its content can be automatically converted to a related format (radio, checkbox, ranked choices).
• There are more options for form validation, such as required questions and new types of questions with automatic validation. Invalid answers are summarized at the bottom of the form. Clicking summaries jumps to the relevant question.
• We now pre-fill some options in our "simple scheduling poll" template, suggesting some basic options for the upcoming week and better indicating how the poll is intended to be used.
• Lastly, authors can assign color themes to their form for some basic visual customization.

## 🐛 Bug fixes

• ✅ While implementing and testing the display of emojis as avatars for guests we found several instances (in teams, chat, and the contacts app) where the UI did not fall back to the default display name.
• 👍 We've clarified a comment in our example NGINX file which recommended that admins contact us if they are using CryptPad in a production environment. It now indicates that they should do so if they require professional support.
• We now handle an edge case in ICS import to calendars where DTEND was not defined. When a duration is specified we calculate the end of the event relative to the provided start time, and otherwise consider it a "full-day" event as per the ICS specification.
• 💅 Users can share links directly with contacts, but we noticed that the color of the previewed link was overridden by some styles from bootstrap, resulting in very low contrast. We now use a standard CryptPad color which is clearly legible in both light and dark mode.
• Finally, we've applied some stricter validation to the encrypted content of team invite links which could have previously resulted in type errors.

## Goals

August is typically a quiet month for CryptPad's development team, as members of our team and many of our users take their (northern hemisphere) summer holidays. We took the opportunity to catch up on some regular maintentance and to review and some prototype branches of our code that had been ready for integration for some time.

👀 It seems that some browser developers thought to do the same thing, because we noticed some significant regressions in some APIs that we rely on. Some of our time went towards addressing the resulting bugs and restructuring some code to avoid future regressions for browser behaviour that seem likely to be changed again in the near future.

## ⚡️ Update notes

💻 4.10.0 includes some minor changes to the checkup page. Some admins have included screenshots of this page in bug reports or requests for support along with details of problems they suspect of being related. Because we've observed that the root of many issues is the browser (sometimes in addition to the server) we have decided to include details about the browser in this page's summary.

🔧 Up until now the checkup page only tested observable behaviour of the server such as HTTP headers on particular resources, configuration parameters distributed to the client, and the availability of essential resources. This practice meant that a report for an instance should have been the same regardless of the device that was used to generate the report. In light of a serious regression in Chrome (and all its derivatives) we decided that objectiveness was less important than utility and introduced some tests which check whether the client running the diagnostics interprets the provided server configuration. Terrible browsers (ie. every browser that is available on iOS) will fail these tests every time because they don't implement the expected APIs, but we've tried to detect these cases and warn that they are expected.

🚀 For the most part you (as an admin) will not need to do anything special for this release as a result. If you notice weird issues on particular browsers in the future, however, it might be helpful to view this page from the affected browser/device and include any information that is provided in bug reports.

⚡️ To update from 4.9.0 to 4.10.0:

1. Stop your server ✅ 2. Get the latest code with git ⚡️ 3. Install the latest dependencies with bower update and npm i
2. Restart your server ✅ 5. Confirm that your instance is passing all the tests included on the /checkup/ page (on whatever devices you intend to support)

## 🔋 Features

🚧 As noted above, web standards and the browsers that implement them are constantly changing. Web applications like CryptPad which use new and advanced browser features are particularly prone to regressions even when we use browser features exactly as intended and advertized. The "Features" section of each release's notes typically highlights visible things, like clickable buttons or improvements to the interface. This point is included as a reminder that regular maintenance is at least as important to an open-source software project, even though it gets little attention and far less funding. The funding bodies that have generously supported our work typically award grants for research and the development of novel features, but we are sorely in need of increased support to allow us the flexibility to deal with unanticipated problems as they arise. If you are fortunate enough to have some disposable income and value the work that keeps CryptPad functional we would greatly appreciate a one-time or recurring donation to our OpenCollative campaign.

• This release coincided the yearly seminar of XWiki (our parent organization) which always features a day-long hackathon. This year our team was joined by @aemi-dev who has been working as an intern within XWiki's product team. Together we worked on adding some data visualization to our recently introduced Form app. The improvements include a timeline to visualize how many responses were submitted to the form during each day and bar charts for a variety of question types to complement the existing tally of results. There's still more work to be done in this direction, but we established some useful foundations during our relatively short session.
• Frequent users of small screens will be pleased to hear that CryptPad's app toolbar now includes a button to collapse the upper segment of the toolbar which includes CryptPad's logo, the current document's title, status indicator (saved, editing, disconnected, etc.), and the user administration menu.
• Likewise, Kanban users may note that the app's toolbar also features a "Tools" menu (like that in the markdown editor) which toggles display of the controls which filter board items by tag and select view state (detailed or brief).
• 💻 Password fields that are specific to files and documents now have the autocomplete="new-password" attribute applied to prevent browsers and integrated password managers from suggesting that users enter their account password. This lowers the risk that users will inadvertently reveal their account password in the future. Additionally, Firefox will now prompt users to use a high-entropy password instead.
• 🚀 Our integrated support ticket functionality automatically includes some commonly needed information about the user's account and browser. As of this release this data will also include the browser's vendor and appVersion, which are useful hints about the host browser and OS (which we almost always have to ask about when the ticket is for a bug report). This data will also include the browser's current width and height, as some issues only occur at particular resolutions and can otherwise be difficult to reproduce.
• ⚡️ We reviewed a range of third-party dependencies that are included in our repository and updated cryptpad/www/lib/changelog.md to better indicate their exact version, source, and any CryptPad-specific modifications we've made to them.
• We found less.js had been duplicated, with one version (provided by bower) being used for custom styles in our slide editor while the rest of the platform used a custom version that fixed an apparent bug in the reference import syntax. We've standardized on our custom version and removed the alternative from our bower.json file.
• We also identified a few files that were no longer in use and removed them. There's still more work to be done to document the exact versions and source of some dependencies, so we've made this process a part of our regular release checklist.
• 🚀 During a manual review we noticed some inconsistencies between different translations of CryptPad and have automated these checks by adding them to a script which we use to review translations before each release. These have helped us standardize things like the capitalization of "CryptPad", the syntax for some basic markup like <br> tags, and the consistent use of both dialect-specific suffixes in English and punctuation rules in French. We have only added tests for languages in which members of our team are fluent, so if you maintain a translation in another language and can suggest additional qualities we could test we would welcome your suggestions.
• 🔒 The improved consistency of our translations has also enabled us to construct some translated UI components programmatically without directly using their inline HTML. This provides an extra layer of security in the event that
1. malicious code was included in a translation file
2. our tests failed to identify the code before it was included in a release
3. the release was deployed by an admin that had failed to take advantage of the sandboxing system that prevents the injection of scripts into the UI

## 🐛 Bug fixes

• ↪ The Chrome development team made some changes related to the availability of the SharedArrayBuffer API in cross-site-isolated contexts such as that of our sandboxing system which resulted in it being disabled despite the fact that our usage conformed to a specification that should have been supported. We use this modern browser feature (where available) to convert spreadsheets between different formats in the browser itself, whereas other services (even those advertizing their use of encryption for documents) send users' content to their server for conversion. Since Chrome's engine is used as the basis for a wide variety of other browsers, this broke sheet export everywhere except Firefox (which correctly implements the specification). Luckily, we found a simple workaround to use the same underlying feature using an alternate syntax that they had failed to disable. This is only a short-term solution as we have no expectation that it will continue to work, so we are actively investigating making this conversion a trusted process that will be run outside of our sandboxing system.
• On the topic of spreadsheet conversion, we updated our translations of the warning that is displayed in our conversion UI when the required browser features are not available. Rather than referring to "Microsoft Office formats" we now refer to "Office formats" since we offer support for ODS in addition to XLSX.
• 👀 We found that CSV export mysteriously stopped working as well (seemingly everywhere, not just Chrome and derivatives). We're still not sure why this is the case, but the option is disabled in the UI until we can find and fix the problem.
• The drive app includes a button that lets guest users wipe their personal data from their browser's session. We noticed that this button did nothing after approximately 50% of page loads in Firefox, suggesting there was an unpredictable quality related to either how the button was being created or how "click handlers" were declared. We traced it back to the jQuery library and rewrote the handler to use "VanillaJS". We don't have the time or budget to dig into why it stopped working, so unless someone else can figure it out for us then you, dear reader, may never learn the answer to this mystery.
• While investigating the drive we also added some guards against some possible type errors.
• ⚡️ We noticed that the loginToken attribute was not correctly removed from clients' localStorage when they deleted their account. The value of this token is random and is of no use to attackers (especially when the token belongs to a deleted account), but it was a cause of some inconvenience to us when testing account deletion, as the mismatch between the token stored locally and in accounts (after login) required us to login in a second time before. We've updated the related code to:
1. correctly delete the token when you delete an account from the settings page
2. ensure that no such token is present when logging in
• 📌 Document ids with invalid lengths are excluded from accounts' lists of "pinned documents" (those which should not be deleted from the server). We recently implemented a similar fix, but found that this list could be constructed in more than one way depending on the context.
• 🛠 We identified and fixed two problems with our "history trim" functionality (accessible via documents' "Properties" menu):
1. In the extremely unlikely event that a user requested that the server trim the history of a document and its metadata failed to load, the server would respond to the user with an error but did not correctly abort from the subsequent process to trim the document's history. In theory this could have been used by non-owners to archive parts of the documents history, however, we have no reason to believe that this was possible in practice. In any case, the flaw has been corrected.
2. Complex documents like spreadsheets that use more than one channel to store different types of content would trim their respective histories in parallel, however, in such cases any errors were returned to the calling function as a list of warnings rather than a singular error. This format was not handled by the UI, resulting in an apparent success in cases of a partial or complete failure for such document types.

## Goals and announcements

🚀 We allocated most of this release cycle towards a schedule of one-on-one user interviews and some broad usage studies leveraging our new Form app. The remainder of our time was spent on some minor improvements. We'll continue at a slightly slower pace of implementation for the coming weeks while we complete our scheduled interviews and take some much-needed vacations.

## ⚡️ Update notes

🚀 It appears our promotion of the checkup page through our recent release notes and the inclusion of a link to it from the instance admin have been moderately successful. We've observed that more instance admins are noticing and fixing some common configuration issues.

This release features some minor changes to one instance configuration test which incorrectly provided an exemption for the use of http://localhost:3000 as an httpUnsafeOrigin value. This exemption was provided because this value is valid for local development. However, it suppressed errors when this configuration was used for production instances where it could cause a variety of problems. As usual, we recommend checking your instance's admin page after updating to confirm that you are passing the latest tests. Information about the checkup page is included in our documentation.

⚡️ To update from 4.8.0 to 4.9.0:

1. Stop your server ✅ 2. Get the latest code with git ⚡️ 3. Install the latest dependencies with bower update and npm i
2. Restart your server ✅ 5. Confirm that your instance is passing all the tests included on the /checkup/ page

## 🔋 Features

• 👍 Our rich text editor now supports indentation with the tab key, as per issue #634.
• 💅 Forms received another round of improvements to styles, workflows, and some basic survey functionality to yield more accurate results.
• Ordered lists are now shuffled for each survey participant so that their initial order has less effect on the final results.
• CSV export now uses one column for each option in polls, making them easier to read.
• Unregistered users can now add a name to their response.
• Form results are displayed automatically (when available) to those who have answered.
• Authors and auditors can now click on usernames in polls to jump directly to other answers from the same user.
• 👉 Users with very large drives might notice that their account loads slightly faster now, due to some minor optimizations in an integrity check that the client performs when loading accounts.

## 🐛 Bugs

• We've added a guard against a type error that could be triggered when loading teams under certain rare conditions.
• 💻 Unregistered users' drives now show the "bread-crumb" UI for navigating between folders when viewing a shared folder in read-only mode. We've also suppressed the "Files" button for displaying the tree view which was non-functional for such users.
• 🛠 A change in the format of support tickets caused tickets recently created by premium users to not be recognized as such. We've fixed the categorization in the admin panel's support ticket view.
• 🛠 We've fixed a number of minor issues with forms:
• The maximum number of selectable choices for checkbox questions can no longer exceed the number of available choices.
• We guard against a type error that could occur when parsing dates.
• Forms imported from templates now have their initial title corrected.
• We've disabled the use of our indexedDB caching system for form results, since it was quietly dropping older responses when more than 100 responses had been submitted. We plan to re-enable caching for results once we've updated the eviction metric to better handle the response format.

## Goals

This release cycle we decided to give people a chance to try our forms app and provide feedback before we begin developing its second round of major features and improvements. In the meantime we planned to work mostly on the activities of our NGI DAPSI project which concerns client-side file format conversions. Otherwise, we dedicated some of our independently funded time towards some internal code review and security best-practices as a follow-up to the recent quick-scan performed by Radically Open Security that was funded by NLnet as a part of our now-closing CryptPad for Communities project.

## ⚡️ Update notes

We are still accepting feedback concerning our Form application via a form hosted on CryptPad.fr. We will accept feedback here until July 12th, 2021, so if you'd like your opinions to be represented in the app's second round of development act quickly!

The same HTTP request that communicates server telemetry will soon begin responding with the URL of our latest release notes if it is detected that the remote instance is running an older version. The admin panel's Network tab for instances running 4.7.0 or later will begin prompting admins to view the release notes and update once 4.8.0 is available.

The Network tab now includes a multiple choice form as well. If you have not disabled your instance's telemetry you can use this field to answer why you run your instance (for a business, an academic institution, personal use, etc.). We intend to use this data to inform our development roadmap, though as always, the fastest way to get us to prioritize your needs is to contact us for a support contract ([email protected]).

🐳 Server telemetry will also include an installMethod property. By default this is "unspecified", but we are planning to work with packagers of alternate install methods to modify this property in their installation scripts. This will help us assess what proportion of instances are installed via the steps included in our installation guide vs other methods such as the various docker images. We hope that it will also allow us to determine the source of some common misconfigurations so we can propose some improvements to the root cause.

✂ Getting off the topic of telemetry: two types of data that were previously deleted outright (pin logs and login blocks) are now archived when the client sends a remove command. This provides for the ability to restore old user credentials in cases where users claim that their new credentials do not work following a password change. Some discretion is required in such cases as a user might have intentionally invalidated their old credentials due to shoulder-surfing or the breach of another service's database where they'd reused credentials. Neither of these types of data are currently included in the scripts which evict old data as they are not likely to consume a significant amount of storage space. In any case, CryptPad's data is stored on the filesystem, so it's always possible to remove outdated files by removing them from cryptpad/data/archive/* or whatever path you've configured for your archives.

🚀 This release introduces some minor changes to the provided NGINX configuration file to enable support for WebAssembly where it is required for client-side file format conversions. We've added some new tests on the /checkup/ page that determine whether these changes have been applied. This page can be found via a button on the admin panel.

⚡️ To update from 4.7.0 to 4.8.0:

🔧 1. Apply the documented NGINX configuration

1. Stop your server ✅ 3. Get the latest code with git ⚡️ 4. Install the latest dependencies with bower update and npm i
2. Restart your server ✅ 6. Confirm that your instance is passing all the tests included on the /checkup/ page

## 🔋 Features

• 🌐 Those who prefer using tools localized in Japanese can thank @Suguru for completing the Japanese translation of the platform's text! CryptPad is a fairly big platform with a lot of text to translate, so we really appreciate how much effort went into this.
• While we're on the topic, CryptPad's Deutsch translation is kept up to date largely by a single member of the German Pirate Party (Piratenpartei Deutschland). This is a huge job and we appreciate your work too!
• Anyone else who wishes to give back to the project by doing the same can contribute translations on an ongoing basis through our Weblate instance.
• We've implemented a new app for file format conversions as a part of our INTEROFFICE project. At this point this page is largely a test-case for the conversion engine that we hope to integrate more tightly into the rest of the platform. It allows users to load a variety of file formats into their browser and convert to any other format that has a defined conversion process from the original format. What's special about this is that files are converted entirely in your browser, unlike other platforms which do so in the cloud and expose their contents in the process. Currently we support conversion between the following formats in every browser that supports modern web standards (ie. not safari):
• XLSX and ODS
• DOCX and ODT and TXT
• PPTX and ODP
• 👍 In addition to the /convert/ page which supports office file formats, we also put some time into improving interoperability for our existing apps. We're introducing the ability to export rich text documents as Markdown (via the turndown library), to import trello's JSON format into our Kanban app (with some loss of attributes because we don't support all the same features), and to export form summaries as CSV files.
• 🔒 We've added another extension to our customized markdown renderer which replaces markdown images with a warning that CryptPad blocks remote content to prevent malicious users from tracking visitors to certain pages. Such images should already be blocked by our strict use of Content-Security-Policy headers, but this will provide a better indication why images are failing to load on instances that are correctly configured and a modest improvement to users' privacy on instances that aren't.
• 🔋 Up until now it was possible to include style tags in markdown documents, which some of our more advanced users used in order to customize the appearance of their rendered documents. Unfortunately, these styles were not applied strictly to the markdown preview window, but to the page as a whole, making it possible to break the platform's interface (for that pad) through the use of overly broad and powerful style rules. As of this release style tags are now treated as special elements, such that their contents are compiled as LESS within a scope that is only applied to the preview pane. This was intended as a bug fix, but it's included here as a feature because advanced users might see it as such and use it to do neat things. We have no funding for further work in this direction, however, and presently have no intent of providing documentation about this behaviour.
• ✅ The checkup page uses some slightly nicer methods of displaying values returned by tests when the expected value of true is not returned. Some tests have been revised to return the problematic value instead of false when the test fails, since there were some cases where it was not clear why the test was failing, such as when a header was present but duplicated.
• 📌 We've made some server requests related to pinning files moderately faster by skipping an expensive calculation and omitting the value it returned. This value was meant to be used as a checksum to ensure that all of a user's documents were included in the list which should be associated with their account, however, clients used a separate command to fetch this checksum. The value provided in response to the other commands was never used by the client.
• We've implemented a system on the client for defining default templates for particular types of documents across an entire instance in addition to the use of documents in the templates section of the users drive (or that of their teams). This is intended more as a generic system for us to reuse throughout the platform's source than an API for instance admins to use. If there is sufficient interest (and funding) from other admins we'll implement this as an instance configuration point. We now provide a poll template to replicate the features of our old poll app which has been deprecated in favour of forms.
• 👍 We've included some more non-sensitive information about users' teams to the debugging data to which is automatically submitted along with support tickets, such as the id of the team's drive, roster, and how large the drive's contents are.
• 🌲 The Log out everywhere option that is displayed in the user admin menu in the top-right corner of the page for logged-in users now displays a confirmation before terminating all remote sessions.

## 🐛 Bug fixes

• ⚡️ It was brought to our attention that the registration page was not trimming leading and trailing whitespace from usernames as intended. We've updated the page to do so, however, accounts created with such characters in their username field must enter their credentials exactly as they were at registration time in order to log in. We have no means of detecting such accounts on the server, as usernames are not visible to server admins. We'll consider this behaviour in the future if we introduce an option to change usernames as we do with passwords.
• 💻 We now double-check that login blocks (account credentials encrypted with a key derived from a username and password) can be accessed by the client when registering or changing passwords. It should be sufficient to rely on the server to report whether the encrypted credentials were stored successfully when uploading them, but in instances where these resources don't load due to a misbehaving browser extension it's better that we detect it at registration time rather than after the user creates content that will be difficult to access without assistance determining which extension or browser customization is to blame.
• 👀 We learned that the Javascript engine used on iOS has trouble parsing an alternative representation of data strings that every other platform seems to handle. This caused calendars to display incorrect data. Because Apple prevents third-party browsers from including their own JavaScript engines this means that users were affected by this Safari bug regardless of whether they used browsers branded as Safari, Firefox, Chrome, or otherwise.
• 🔒 After some internal review we now guard against a variety of cases where user-crafted input could trigger a DOMException error and prevent a whole page worth of markdown content to fail to render. While there is no impact for users' privacy or security in this bug, a malicious user could exploit it to be annoying.
• 🚀 Shortly after our last release a user reported being unable to access their account due to a typeError which we were able to guard against.
• Images appearing in the 'lightbox' preview modal no longer appear stretched.
• Before applying actions that modify the team's membership we now confirm that server-enforced permissions match our local state.

## Goals

🚀 Our main goal for this release was to prepare a BETA version of our new forms app, however, it also includes a number of nice bug fixes and minor features.

## ⚡️ Update notes

🚀 As this release includes a new app you'll want to compare your current NGINX config against our example (cryptpad/docs/example.nginx.conf) and update yours to match the updated sections which rewrites URLs to include trailing slashes. We've also introduced a number of new variables to our color scheme which might conflict with customizations you've made to your stylesheets. As always, it's recommended that you test your customizations on a updated non-production instance before deploying.

🚀 We've been steadily adding new tests to our recently developed checkup page each time we observe particular types of instance misconfigurations in the wild. Unfortunately, it seems the admins that have the most trouble with instance configuration are those that haven't read the numerous mentions of this page throughout the last few release notes. For that reason we've made it so the server prints a link to this page at launch time if it detects that some important value is left unconfigured.

🔧 On the topic of instance configuration, admins that have enabled their instance's admin panel may notice that it contains a new "Network" tab. On this pane you may find a button that links to the instance's checkup page to make it even easier to identify configuration problems. You should also notice options for configuring a number of values, some of which could previously only be set by modifying the server's configuration file and restarting.

• 🔊 One checkbox allows you to opt out of the server telemetry which tells our server that your server exists. This is mostly so that we have a rough idea of how many admins are running CryptPad and what version they have installed. It was clearly documented in the config file, but now it's even easier to opt out if you don't want us to know you exist. In the interest of transparency, everything that is sent to our server as a part of this telemetry is also printed to your application server's logs, so you always check what information has been shared.
• Another setting opts in to listing your server in public directories. At present there is no public directory of CryptPad instances that are suitable for public use, but we plan to launch one in the coming months. For now this checkbox will serve to inform us how many instance admins are interested in offering their server to the public. This setting will have no effect if you've disabled telemetry as that is how your server informs ours of your preferences. We reserve the right to exclude instances from our listing for any reason.
• 🔒 A third option allows admins to consent to be contacted by email. We aren't interested in spamming anyone with marketing email, rather, it's so that we can inform administrators of vulnerabilities in the software before they are publicly disclosed. Leave this unchecked if you prefer to be surprised by security flaws.
• 💻 The option to disable crowdfunding notices in the UI can be disabled via a simple checkbox.
• 🚀 Starting with our next release (4.8.0) anyone running 4.7.0 should also notice that a button appears on this pane informing them that an update is available. We regularly fix security flaws and improve general safeguards against them, so if you aren't up to date you might be putting your users' data at risk.

⚡️ To update from 4.6.0 to 4.7.0:

🔧 1. Apply the documented NGINX configuration

1. Stop your server ✅ 3. Get the latest code with git ⚡️ 4. Install the latest dependencies with bower update and npm i

Please note that the new Forms app depends on an update to our cryptography library. If you omit bower update from the upgrade sequence above, the app will not work.

## 🔋 Features

• This release introduces our new Forms app. This app allows users to create complex forms and to collect answers. Three roles are available with granular permissions:

• Authors can collaboratively create surveys with different types of questions and generate links to share with participants.
• Participants can respond to forms and view responses if these are made public (this can be set by authors).
• Auditors can view responses, but cannot necessarily add their own answers unless they have the correct participant key.

This new app addresses many of the shortcomings of our current Polls and vastly expands the feature set. Polls are effectively one of the many question types now available in Forms. For this reason we are deprecating the Polls app. It will remain available to view and respond to existing polls, but we discourage the creation of new polls and all future improvements will be focused on Forms.

• 0️⃣ Likewise, we received some reports that some users found it frustrating that the home page automatically redirected them to their drive when they were logged in. We've disabled this behaviour by default but added an option in the settings page through which you may re-enable the old behaviour. This can be found at the top of the "CryptDrive" pane.
• Embedded markdown editors' toolbars (such as that in the kanban and form apps) now include an "embed file" option.
• 👍 We've revised some text on the checkup page to better explain what some headers do and how to correct them.
• 🖨 Some error messages printed by the server under rare conditions now include a little more debugging information.
• 💻 We've improved some of the UI of the "report" page (which diagnoses possible reasons why your drive, shared folders, or teams might be failing to load now includes) so that users can now copy the output of the report directly to their clipboard instead of having to select that page's text and use their OS's copy to clipboard functionality.

## 🐛 Bug fixes

• 👍 The home page now displays the appropriate text ("Features" or "Pricing") for the features page depending on whether the instance in question supports subscriptions. We had made some changes to this before but missed an instance where the text was displayed.
• 👍 The admin page will now display the "General" pane if for some reason the hash in its URL does not contain a supported value.
• 💻 We found that there were two cases where localForage (a library that manages an in-browser cache) could throw a DOMExceptionerror because we didn't supply a handler. This caused the calendar app's UI to incorrectly treat a newly created event as though it had not been saved.
• 🛠 A user brought it to our attention that the share menu was returning incorrect URLs for password-protected files. This has now been fixed.
• The code that is responsible for preserving your cursor position when using the code editor collaboratively was capable of interfering with active scrolling when other users' edits were applied. This is now handled more gracefully. Another fix addresses an issue that prevented the markdown preview pane from being resized under certain conditions.
• Finally, as a part of a routine security scan funded by NLnet and executed by Radically Open Security it was discovered that an unsanitized account name was displayed in the users own toolbar. As a consequence, users could trigger a cross-site scripting vulnerability on themself by entering <script>alert("pew")</script> for their username at registration time. On a correctly configured instance this was blocked everywhere except in the sheet editor due to its more lax Content-Security Policy. This unsanitized value was never displayed for remote accounts, so the impact is extremely limited. Even so, we recommend that you update.

## Goals

Our main goal for this release cycle was to get a strong start on our upcoming Forms app. This is a big job which we didn't expect to finish in the course of a few weeks, so in the meantime we've taken the opportunity to address many minor issues, stabilize the codebase, and implement a number of new tests.

## ⚡️ Update notes

👀 Over the years the example configuration file has grown to include a large number of parameters. We've seen that this can make it hard to pick out which configuration parameters are important for a newly installed or migrated instance. We're trying to address this by moving more configuration options to the admin panel.

👌 4.6.0 introduces the ability to generate credentials for your instance's support ticket mailbox and publish the corresponding public key with the push of a button. Previously it was necessary to run a script, copy its value, update the config file, restart the server, and enter the private component of the keypair into an input on the admin panel. The relevant button can be found in the admin panel's Support tab.

We've also introduced the ability to update your adminEmail settings via a field on the General tab of the admin panel. This value is used by the contact page so that your users can contact you (instead of us) in case they encounter any problems when using your instance. Both the supportMailbox and adminEmail values are distributed by the /api/config endpoint which is typically cached by clients. You probably need to use the Flush cache button to ensure that everyone loads the latest value. This button can also found on the General tab.

One admin reported difficulty customizing their instance because they copy-pasted code from cryptpad/www/common/application_config_internal.js directly into cryptpad/customize/application_config.js. Unfortunately the internal variable name for the configuration object in the former did not match the value in the latter, so this led to a reference error. We've updated the variable name in the internal configuration file which provides the default options to match the customizable one, making it easier to copy-paste code examples without understanding what it's really doing.

We also introduced a new configuration option in application_config_internal.js which prevents unregistered users from creating new pads. Add AppConfig.disableAnonymousPadCreation = true; to your customize/application_config.js to disable anonymous pad creation. If you read the adjacent comment above the default example you'll see that this barrier is only enforced on the client, so it will keep out honest users but won't stop malicious ones from messaging the server directly.

🚀 This release also includes a number of new tests on the /checkup/ page. Most notably it now checks for headers on certain assets which can only be checked from within the sandboxed iframe. These new tests automate the manual checks we were performing when admins reported that everything was working except for sheets, and go a little bit further to report which particular headers are incorrect. We also fixed some bugs that were checking headers on resources which could be cached, added a test for the recently added anti-FLoC header, fixed the styles on the page to respond to both light and dark mode, and made sure that websocket connections that were opened by tests were closed when they finished.

⚡️ Some of the tests we implemented checked the headers on resources that were particularly prone to misconfiguration because its headers were set by both NGINX and the NodeJS application server (see #694). We tested in a variety of configurations and ultimately decided that the most resilient solution was to give up on using heuristics in the application server and just update the example NGINX config to use a patch proposed by another admin which fully overrides the settings of the application server. You can find this patch in the /api/(config|broadcast) section of the example config.

💅 Finally, we've made some minor changes to the provided package-lock.json file because npm reported some "Regular Expression Denial of Service" vulnerabilities. One of these was easy to fix, but another two were reported shortly thereafter. These "vulnerabilities" only affect some developer dependencies and will have no effect on regular usage of our software. The "risk" is essentially that malicious modifications to our source code can be tailored to make our style linting software run particularly slowly. This can only be triggered by integrating such malicious changes into your local repository and running npm run lint:less, so maybe don't do that.

⚡️ To update from 4.5.0 to 4.6.0:

🔧 1. Apply the documented NGINX configuration

1. Stop your server ✅ 3. Get the latest code with git ⚡️ 4. Install the latest dependencies with bower update and npm i

## 🔋 Features

⚡️ This release includes very few new features aside from those already mentioned in the Update notes section. One very minor improvement is that formatted code blocks in the code editor's markdown preview use the full width of their parent container instead of being indented.

## 🐛 Bug fixes

• 👷 Once again we fixed a bug that only occurs on Safari because Apple refuses to implement APIs that make the web a viable competitor to their app store. This one was triggered by opening a shared folder from its link as an unregistered user, then trying to open a pad stored only in that folder and not elsewhere in your drive. Literally every other browser supports SharedWorkers, which allow tabs on the same domain to share a background process, reducing consumption of CPU, RAM, and electricity, as well as allowing the newly opened tab to read the document's credentials from the temporarily loaded shared folder. On Safari the new tab failed to load. We fixed it by checking whether the shared folder would be accessible from newly opened tabs, and choosing to use the document's "unsafe link" instead of its "safe link".
• ⚡️ We updated the "Features" page to be displayed as "Pricing" in the footer when some prospective clients reported that they couldn't find a mention of what they would get by creating a premium subscription. #683 had the opposite problem, that they didn't support payment and they wanted to only show features. Now the footer displays the appropriate string depending on your instance's configuration.
• 💻 We fixed some inconsistent UI in our recently introduced date picker. The time formats displayed in the text field and date picker interface should now match the localization settings provided to your browser by your OS. Previously it was possible for one of these elements to appear in 24 hour time while the other appeared in 12 hour time.
• Another time-related issue appeared in the calendar for users in Hawai'i, who reported that some events were displayed on the wrong day due to the incorrect initialization of a reference date.
• We've applied a minor optimization which should reduce the size of shared folders.
• 👍 Some functionality on the admin panel has been improved with some better error handling.
• ⚡️ Finally, one user reported that one of their PDFs was displaying only blank pages. After a short investigation we found that the problematic PDF was trying to run some scripts which were being blocked by our strict Content-Security-Policy headers. We've updated our PDF renderer to avoid compiling and running such scripts. As a result, such PDFs should not be prevented from rendering, though they may lack some dynamic functionality that you might be expecting. We'd welcome an example of such a PDF so we can assess if there is a safe way to load their embedded scripts and how much work would be required to do so.

## Goals

📚 This release cycle we aimed to complete three major milestones: the official release of our calendar app, the ability for admins to close registration on their instance, and the deployment of the admin section of our official documentation. We spent the remainder of our time addressing a growing backlog of issues on GitHub by fixing a number of weird bugs.

## ⚡️ Update notes

🔧 This release includes a new GitHub issue template (cryptpad/.github/ISSUE_TEMPLATE/initial-instance-configuration.md). The intent of this file is to make it clear that Bug Reports are for intended for bugs in the software itself, not for soliciting help in configuring your personal server. Such issues take away time that we'd rather spend improving the platform for everybody's benefit, rather than for single administrators.

🔧 Sometimes difficulty configuring an instance does stem from an actual bug, however, most of the time these issues relate to the use of an unsupported configuration or failure to correctly follow installation instructions. The issue template includes some basic debugging steps which should identify the vast majority of problems. Beyond its primary goal of narrowing the scope of our issue tracker, we hope it will also be useful as an offline reference for administrators attempting to debug their instance.

⚠ This template references the /checkup/ page that we've been steadily improving over the last few releases. It now includes even more tests to diagnose instance configuration problems, each with their own messages that provide some fairly detailed hints about what is wrong when an error is detected. This release introduces a number of tests that print warnings that won't break an instance but might detract from users' experience. We recommend checking this page on your instance with each release as we will continue to improve it on an regular basis, and it might detect some errors of which you were unaware.

🚀 Otherwise, this release includes some changes to the provided example NGINX config file. It now includes a header designed to disable clients' participation in Google's FLoC network, as well as some basic rules related to the addition of our calendar app and OnlyOffice's two remaining editors (which are still not officially supported despite their inclusion here).

⚡️ Lastly, any instance administrators that have had to customize their instance in order to disable registration can instead rely on a built-in feature that is available on the main page of the admin panel. Checking the "Close registration" checkbox will cause the application server to reject the creation of new "login blocks" (which store users' encrypted account credentials) while permitting existing users to change their passwords. Clients will be informed that registration is closed via the /api/config endpoint, causing the registration page to display a notice instead of the usual form. You may need to use the FLUSH CACHE button which can found on the same page of the admin panel in order to force clients to load the updated server config.

⚡️ To update from 4.4.0 to 4.5.0:

🔧 1. Apply the documented NGINX configuration

1. Stop your server ✅ 3. Get the latest code with git ⚡️ 4. Install the latest dependencies with bower update and npm i

## 🔋 Features

• We included a first version of our new calendar app in our last release, however, it was only accessible by URL as there were no links to it in the UI. We've spent time implementing the basic features we expect of any of our apps, including translated UI text (the first version was mostly for us to test) and the ability to import/export .ics files (via ical.js), and the ability to view and store a calendar shared via its URL. It also introduces support for configurable reminders (which can be disabled via the notifications panel of your settings page) and fixes a number of style issues that occurred on small screens. You can access the calendar app via the user admin menu found at the top-right corner of your screen.
• The What-is-CryptPad page now includes the logo of our latest sponsor: NGI DAPSI (the Data and Portability Services Incubator). DAPSI is another branch of the European Next Generation Internet initiative which has already done so much for our project. Over the next nine months we will use their funding and mentorship to improve CryptPad's interoperability with other services via support for open and de-facto file formats and increasingly intuitive workflows for import and export of your documents. There is already a lot of demand for this functionality, so we're very grateful to finally have the support necessary to take on this big project.
• 🔧 We've merged a contribution that implements a preference for the rich text editor to open links in a single click instead of treating them as text with a clickable bubble that contains a link. This can be configured on the rich text panel of your settings page.
• The File menu in our apps now includes a Store in CryptDrive. This option appears when you have not already stored the document you are currently viewing and when the prompt to store the file has been dismissed or intentionally suppressed via the never ask setting for pad storage.
• We've added support for the display of a configurable Roadmap URL in the footer that can be found on our static pages. This is included mostly for our own purposes of increasing the visibility of the project's planned development, but administrators can also use it however they want to keep their own users informed of their upcoming plans. This value can be set via the host instance's customize/application_config.js. An example is included in cryptpad/www/common/application_config_internal.js.
• Following the addition of some basic telemetry in our 4.3.1 release we observed that about 20% of newly registered users actually opened the What is CryptPad document which was automatically created in their drive. As such, we've removed the code responsible for its creation along with the translations of its text. New users will instead be directed to read our docs.

## 🐛 Bug fixes

• 🚀 Our 4.4.0 release included functionality allowing administrators to broadcast notifications to all the users of their instance. Since then, we noticed that clients were incorrectly "pinning" the log file which stores a record of all messages broadcast in this fashion. In other words, they were informing the server that it should continue to store this file on their behalf and that its size should count against their storage quota. We added an explicit exception to code responsible for generating the list of documents that should be "pinned".
• Right-clicking on rendered markdown extensions in the code editor's preview pane opens a custom menu that offers some basic options. This menu incorrectly displayed some options that were appropriate for encrypted uploads, but not for other extensions such markmap, mathjax, and mermaid. We now handle these explicitly and provide options to export to the relevant image format.
• In one more example of a long list of browser quirks that have broken CryptPad in bizarre ways, we learned that the web engine that used by all browsers available for iPhone incorrectly handles click events on elements that contain buttons. Rather than emitting a single click event in response to user action, the engine seems to emit an event for each sibling button tag regardless of whether it is visible. The HTML structure of the list/grid view mode toggle in the drive caused the engine to emit two click events, immediately toggling the view mode away from and back to its original state. Since Apple has an anti-competitive policy requiring every browser to use the engine they provide (as opposed to independent ones which include speed-boosting optimizations, modern features, and frequent bug fixes), this means that iPhone users could not switch to an alternative. Anyway, we changed the HTML structure that was working well in literally every other browser to make this better for iPhone users.
• 💻 There were some CSS selectors in the code app that caused the preview pane to be hidden on narrow screens. This rule is no longer applied when the client loads in embed/present mode, which disable all other UI to display only the preview pane.
• We identified and addressed an unhandled error on the registration page which could have caused clients to act as though the upload of their accounts encrypted credentials had succeeded when it had not. This could result in the inability to access their content on successive login attempts.
• ⚡️ The whiteboard editor allows users to upload images for inclusion in their whiteboard up to a certain size. It was brought to our attention that the enforced size limit was compared against the size of the image after it had been encoded, while the resulting error message suggested that it was measuring the size of the image as uploaded. We've updated this limit to account for the encoding's overhead.
• 📜 We've added some extra error handling to diffDOM, the library we use to compute and apply a minimal set of patches to a document. It was brought to our attention that it did not correctly parse and compare some input that is valid in the HTML dialect used to display emails but does not commonly occur in modern browsers. This crashed the renderer with a DOMException error when it tried to apply the malformed attribute.
• ⚡️ Lastly, as usual, we've received a variety of questions and bug reports related to spreadsheets. We've added some guards to prevent the creation of invalid checkpoints. If a generated checkpoint is larger than the maximum file size limit allowed for a particular user we avoid successive attempts to upload within that same session, which avoids spamming the user with repeated warnings of failed uploads. We updated the notice that informs users when conversion to Office formats is not supported in their browser to recommend a recent version of Firefox or Chrome, and displayed the same notice when importing. We also updated the function which checks whether the APIs required for conversion were present, as it checked for SharedArrayBuffers and Atomics but not WebAssembly, all of which are necessary. Finally, we made some minor changes that allow the sheet editor to lock and unlock faster when a checkpoint is loaded and applied, resulting in less disruption to the user's work.

## Goals

📚 Our main goal for this release was to complete the first steps of our "Dialogue" project, which will introduce surveys into CryptPad. We've also put considerable effort towards addressing some configuration issues, correcting some inconsistently translated UI, and writing some new documentation.

## ⚡️ Update notes

🚀 We've clarified a point about telemetry in the notes of our 4.3.1 release. The text suggested that users on your instance would send telemetry to OUR webserver. It has been clarified to reflect that telemetry from your users is only ever sent to your instance.

🚀 We've spent some time working on improving our (officially) unreleased integrations of OnlyOffice's presentation and document editors. We've advised against enabling these editors on your instance. This release includes changes that may not be fully backwards compatible. If your users rely on either editor we advise that you not update until they have had an opportunity to back up their documents. We still aren't officially supporting either editor and we may make further breaking changes in the future. Consider this a warning and not an advertizement of their readiness!

🚀 This release also includes changes to the recommended NGINX configuration. Compare your instance's config against cryptpad/docs/example.nginx.conf and apply all the new changes before updating. In particular, you'll want to pay attention to the configuration for a newly exposed server API (/api/broadcast). This should work much the same as /api/config, so if you're using a non-standard configuration that uses more than one server you may want to proxy it in a similar fashion.

⚡️ Lastly, we've made some big improvements to the /checkup/ page which performs some basic tests to confirm that your instance is configured correctly. It now provides some much more detailed descriptions of what might be wrong and how you can start debugging any issues that were identified. If you experience any problems after updating please review this page to assess your instance for any known issues before asking for help.

⚡️ To update from 4.3.1 to 4.4.0:

🔧 1. Apply the documented NGINX configuration

1. Stop your server ✅ 3. Get the latest code with git ⚡️ 4. Install the latest dependencies with bower update and npm i

This release requires updates to both clientside and serverside dependencies. You will experience problems if you skip any of the above steps.

## 🔋 Features

• 4.4.0 includes a basic version of a calendar app. There are no links to it anywhere in the platform, its translations are hardcoded, and its title includes the text BETA. It's included in this release so that we can test and improve it for the next release, however, it should not be considered stable. Use it at your own risk! Our plan for this app is to offer the ability to set and review reminders for deadlines in CryptPad. We haven't secured funding for more advanced functionality, however, our team is available for sponsored development if you'd like to provide funding to include such improvements in our short-term roadmap.
• The admin panel now includes several closely related features in its "broadcast" tab, which allows administrators to send a few types of notifications to all users:
1. Maintenance notices inform users that the service may be unavailable during a specified time range.
2. Survey notices inform users that the instance administrators have published a new survey and would like their feedback. We plan to use this on CryptPad.fr to perform some voluntary user studies on an ongoing basis.
3. Broadcast messages allow admins to send all users a custom message with optional localization in their users' preferred language.
• 📄 The drive now includes a "Getting started" message and a link to our docs, like all our other apps. This replaces the creation of a personal "What is CryptPad" pad in the user's drive when they register.
• 🌐 We recently wrote some scripts to automatically review our translations. This exposed some inconsistencies and incorrectly applied attributes in translations that included HTML. Since it's not reasonable to expect translators to know HTML, we've taken some steps to remove all but the most basic markup from translatable messages. Instead, more advanced attributes are applied via JavaScript. This makes it easier than ever to translate CryptPad as well as providing a more consistent experience to those using translations written by contributors.

## 🐛 Bug fixes

• Premium users are now prompted to cancel their subscriptions before deleting their accounts.
• The /logout/ page will now clear users' local document cache. Admins can recommend that users try loading this page when users are mysteriously unable to load their drive (or that of a team). If you find that this solves a user's problem, please report their exact problem so we can investigate the underlying cause.
• 👌 The support page guards against type errors that appear to have been caused by third-party extensions interfering with some browser APIs and rewriting URLs.
• 🛠 We found that anonymous users who had not created a drive were not able to use the "Make a copy" functionality on a pad that they were viewing. This has been fixed.
• We noticed that under some unknown circumstances it was possible for users to store documents with invalid document IDs in their drive. We've added a few guards that detect these invalid channels and we're working on a solution to automatically repair them, if possible.
• 🔗 Links to anchors in read-only rich text documents now navigate to the correct section of the document rather than opening a new tab.
• 🚀 We've made a large number of improvements to our OnlyOffice integration. This will primarily affect the sheet app, but it also paves the way for us to introduce presentations and text documents in a future release.
• We now inform OnlyOffice of user-list changes, which should fix the incorrect display of users names when they lock a portion of a document.
• Text documents and presentations use a different data format than sheets for locking the document. We've adjusted our code to handle these formats.
• We've fixed some lock-related errors in sheets that could be triggered when receiving checkpoints from other users while editing in strict mode.
• We've adjusted some CSS selectors intended to hide parts of OnlyOffice's UI that are invalid within CryptPad, since those elements' IDs have changed since the last version.