v0.35.0-rc.8
-
Breaking: Drop support for Node.js 18, now requires Node.js >= 20.9.0.
-
Breaking: Remove
installscript frompackage.jsonfile. Compiling from source is now opt-in via thebuildscript. -
Breaking: Lossy AVIF output is now tuned using SSIMULACRA2-based
iqquality metrics. -
Breaking: Add
limitInputChannelswith a default value of 5. -
Breaking: Remove deprecated
failOnErrorconstructor property. -
Breaking: Remove deprecated
paletteBitDepthfrommetadataresponse. -
Breaking: Remove deprecated properties from
sharpenoperation. -
Breaking: Rename
format.jp2kasformat.jp2for API consistency. -
Upgrade to libvips v8.18.3 for upstream bug fixes.
-
Remove experimental status from WebAssembly binaries.
-
Add prebuilt binaries for FreeBSD (WebAssembly).
-
Deprecate Windows 32-bit (win32-ia32) prebuilt binaries.
-
Ensure TIFF output
bitdepthoption is limited to 1, 2 or 4. -
Add AVIF/HEIF
tuneoption for control over quality metrics. #4227 -
Add
keepGainMapandwithGainMapto process HDR JPEG images with embedded gain maps. #4314 -
Add
toUint8Arrayfor output image as aTypedArraybacked by a transferableArrayBuffer. #4355 -
Require prebuilt binaries using static paths to aid code bundling. #4380
-
TypeScript: Ensure
FormatEnumkeys match reality. #4475 -
Add
marginoption totrimoperation. #4480 @eddienubes -
Ensure HEIF primary item is used as default page/frame. #4487
-
Add image Media Type (MIME Type) to metadata response. #4492
-
Add
withDensityto set output density in EXIF metadata. #4496 -
Improve
pkg-configpath discovery. #4504 -
Add WebP
exactoption for control over transparent pixel colour values. -
Add support for ECMAScript Modules (ESM). #4509 @florian-lefebvre
4.0.0-next.3
4.0.0-next.3 (2026-06-10)
v3.3.1
3.3.1 is a small bug-fix and hardening follow-up to 3.3.0. It closes a stored-XSS vector in the numbered-list start attribute, hardens the database layer so a dropped connection to PostgreSQL / Redis / RethinkDB no longer crashes the process (via ueberdb2 6.1.9), and fixes a handful of pad and admin regressions — the iOS dark-mode status bar, the settings language dropdown, the pad-deletion modal under allowPadDeletionByAllUsers, and a single unreadable pad blanking the admin Manage-pads list.
- Pad editor — escape and integer-coerce the numbered-list
startattribute (GHSA-f7h5-v9hm-548j, #7937). A crafted<ol start>value flowed unescaped intodomline.ts, a distinct client-side sink from the export-path fix in 3.3.0's #7905. The value is now integer-coerced and HTML-escaped before it reaches the DOM. A jsdom regression test covers the sink.
- Skin — paint the root canvas so iOS dark mode has no white status bar (#7606 / #7931). iOS Safari paints the top safe area from the
htmlroot background, whichtheme-color(an Android address-bar hint) does not affect, so dark-mode pads showed a white status-bar strip on iOS. Colibris now sets the root background andcolor-schemeso the safe area matches the editor. - Settings — show the detected language in the dropdown (#7925 / #7928). The settings language
<select>did not reflect the language Etherpad had actually auto-detected; it now shows the active selection. - Pad — don't issue a deletion token (or show its modal) when
allowPadDeletionByAllUsersis on (#7929). With pad deletion open to all users the client still minted a deletion token and surfaced the confirm modal; both are now suppressed in that configuration. - Admin — one unreadable pad no longer empties the Manage-pads list (#7935 / #7938). A single pad that failed to read could throw out of the list-hydration path and blank the entire admin Manage-pads view; the read is now guarded per-pad so the rest of the list still renders.
- CI — downstream client compatibility gate (#7923 / #7924 / #7927). A new gate smoke-tests the published
etherpad-pad,etherpad-cli, andetherpad-desktopclients against the server build (Phase 1 + Phase 2), with robust per-client error handling inrun-clients.shso one client's failure is reported rather than masking the others. - CI — verify Etherpad boots offline (#7936). Adds a test step that confirms a built Etherpad starts with no network access.
ueberdb26.1.8 → 6.1.9 — PostgreSQL pool errors are now handled and TCP keep-alive is enabled (fixes #7878), and the Redis and RethinkDB drivers attach connection-error handlers so a dropped database connection no longer crashes the Etherpad process.semver7.8.2 → 7.8.3 (#7933),rate-limiter-flexible11.1.1 → 11.2.0 (#7934), plus a dev-dependencies group update (#7932).
v3.3.1
3.3.1 is a small bug-fix and hardening follow-up to 3.3.0. It closes a stored-XSS vector in the numbered-list start attribute, hardens the database layer so a dropped connection to PostgreSQL / Redis / RethinkDB no longer crashes the process (via ueberdb2 6.1.9), and fixes a handful of pad and admin regressions — the iOS dark-mode status bar, the settings language dropdown, the pad-deletion modal under allowPadDeletionByAllUsers, and a single unreadable pad blanking the admin Manage-pads list.
- Pad editor — escape and integer-coerce the numbered-list
startattribute (GHSA-f7h5-v9hm-548j, #7937). A crafted<ol start>value flowed unescaped intodomline.ts, a distinct client-side sink from the export-path fix in 3.3.0's #7905. The value is now integer-coerced and HTML-escaped before it reaches the DOM. A jsdom regression test covers the sink.
- Skin — paint the root canvas so iOS dark mode has no white status bar (#7606 / #7931). iOS Safari paints the top safe area from the
htmlroot background, whichtheme-color(an Android address-bar hint) does not affect, so dark-mode pads showed a white status-bar strip on iOS. Colibris now sets the root background andcolor-schemeso the safe area matches the editor. - Settings — show the detected language in the dropdown (#7925 / #7928). The settings language
<select>did not reflect the language Etherpad had actually auto-detected; it now shows the active selection. - Pad — don't issue a deletion token (or show its modal) when
allowPadDeletionByAllUsersis on (#7929). With pad deletion open to all users the client still minted a deletion token and surfaced the confirm modal; both are now suppressed in that configuration. - Admin — one unreadable pad no longer empties the Manage-pads list (#7935 / #7938). A single pad that failed to read could throw out of the list-hydration path and blank the entire admin Manage-pads view; the read is now guarded per-pad so the rest of the list still renders.
- CI — downstream client compatibility gate (#7923 / #7924 / #7927). A new gate smoke-tests the published
etherpad-pad,etherpad-cli, andetherpad-desktopclients against the server build (Phase 1 + Phase 2), with robust per-client error handling inrun-clients.shso one client's failure is reported rather than masking the others. - CI — verify Etherpad boots offline (#7936). Adds a test step that confirms a built Etherpad starts with no network access.
ueberdb26.1.8 → 6.1.9 — PostgreSQL pool errors are now handled and TCP keep-alive is enabled (fixes #7878), and the Redis and RethinkDB drivers attach connection-error handlers so a dropped database connection no longer crashes the Etherpad process.semver7.8.2 → 7.8.3 (#7933),rate-limiter-flexible11.1.1 → 11.2.0 (#7934), plus a dev-dependencies group update (#7932).
v10.1.1
- fix(core): floor adaptive precision at float resolution to let springs settle on sub-precision drift by @joshuaellis in https://github.com/pmndrs/react-spring/pull/2520
- chore(deps): update build-tooling by @renovate[bot] in https://github.com/pmndrs/react-spring/pull/2524
- chore(deps): update commitlint to v21.0.2 by @renovate[bot] in https://github.com/pmndrs/react-spring/pull/2525
- fix(parallax): pin container to top-left to prevent double scrollbar by @joshuaellis in https://github.com/pmndrs/react-spring/pull/2527
- docs(core): clarify null/undefined goals are skipped, not animated by @joshuaellis in https://github.com/pmndrs/react-spring/pull/2528
- fix(shared): guard string interpolator against number-less output values by @joshuaellis in https://github.com/pmndrs/react-spring/pull/2529
- test(parallax): pin #2052 sticky-layer-in-component regression by @joshuaellis in https://github.com/pmndrs/react-spring/pull/2530
- test(core): cover declarative useSpring auto-start under StrictMode (#2361) by @joshuaellis in https://github.com/pmndrs/react-spring/pull/2531
- fix(core): auto-start useTransition when props is a function (#2287) by @joshuaellis in https://github.com/pmndrs/react-spring/pull/2532
- fix(three): drive demand-mode frameloop so looping animations don't freeze by @joshuaellis in https://github.com/pmndrs/react-spring/pull/2536
- chore: version packages by @github-actions[bot] in https://github.com/pmndrs/react-spring/pull/2521
Full Changelog: https://github.com/pmndrs/react-spring/compare/v10.1.0...v10.1.1
v53.1.0
- #5002 by @kiranmagic7 – Clear stale DnD drop indicators when dragging from a block into editor whitespace.
-
#4997 by @WilliamPeralta – Forward two dropped options in
exportToDocx:pageSize— the html-to-docx engine accepts a page size, butexportToDocxonly forwardedmarginsandorientation, so the document was always the default (US Letter). You can now pass e.g.pageSize: { width: 11906, height: 16838 }to export A4.fontFamily— it was only applied to the serialized HTML (and only when anEditorStaticComponentwas provided), so the document default font was never set and Word fell back to Times New Roman. It now also sets the document default font (documentOptions.font).
Thanks to everyone who contributed to this release:
@kiranmagic7, @WilliamPeralta
Full changelog: v53.0.9...v53.1.0
v0.35.0-rc.7
-
Breaking: Drop support for Node.js 18, now requires Node.js >= 20.9.0.
-
Breaking: Remove
installscript frompackage.jsonfile. Compiling from source is now opt-in via thebuildscript. -
Breaking: Lossy AVIF output is now tuned using SSIMULACRA2-based
iqquality metrics. -
Breaking: Add
limitInputChannelswith a default value of 5. -
Breaking: Remove deprecated
failOnErrorconstructor property. -
Breaking: Remove deprecated
paletteBitDepthfrommetadataresponse. -
Breaking: Remove deprecated properties from
sharpenoperation. -
Breaking: Rename
format.jp2kasformat.jp2for API consistency. -
Upgrade to libvips v8.18.3 for upstream bug fixes.
-
Remove experimental status from WebAssembly binaries.
-
Add prebuilt binaries for FreeBSD (WebAssembly).
-
Deprecate Windows 32-bit (win32-ia32) prebuilt binaries.
-
Ensure TIFF output
bitdepthoption is limited to 1, 2 or 4. -
Add AVIF/HEIF
tuneoption for control over quality metrics. #4227 -
Add
keepGainMapandwithGainMapto process HDR JPEG images with embedded gain maps. #4314 -
Add
toUint8Arrayfor output image as aTypedArraybacked by a transferableArrayBuffer. #4355 -
Require prebuilt binaries using static paths to aid code bundling. #4380
-
TypeScript: Ensure
FormatEnumkeys match reality. #4475 -
Add
marginoption totrimoperation. #4480 @eddienubes -
Ensure HEIF primary item is used as default page/frame. #4487
-
Add image Media Type (MIME Type) to metadata response. #4492
-
Add
withDensityto set output density in EXIF metadata. #4496 -
Improve
pkg-configpath discovery. #4504 -
Add WebP
exactoption for control over transparent pixel colour values. -
Add support for ECMAScript Modules (ESM). #4509 @florian-lefebvre
v16.3.0-canary.47
- Rename prefetch option
force-runtimetoallow-runtime: #94568 - Remove unstable_instant agent hints; insights validate by default: #94577
- [turbopack] Use an arena for
JSValues: #94297 - Stabilize export const prefetch: #94571
- Fix node:stream leak in webpack edge bundles: #94585
- docs: fix 'time zone' spelling in FOUC guide: #93244
- docs: add pnpm installation step to module-not-found error page: #93773
- Stream Cache Components dev render instead of restarting on cache miss: #94457
- instant: polish client-hook overlay wording, cards, and docs links: #94496
- Fix Navigation Inspector Continue Rendering with loading.tsx: #94355
- disallow reads from .next-profiles: #94570
- [turbopack] add an extension to trace files: #94587
- [ci] Remove dead playwright docker image creation logic: #94576
- [cd] Ensure release can be triggered on old branches: #94596
- Make router-act ignore App Shell prefetch requests: #94580
- Enable experimental.appShells by default with cacheComponents: #94516
- [turbopack] Lazily allocate the BlockCaches: #94562
- Stabilize catchError and retry by removing unstable_ prefix: #94610
- Revert "Stabilize catchError and retry by removing unstable_ prefix": #94617
- docs: root-params highligth fixes: #94620
- Stabilize
unstable_instant: #94578 - docs: remove unstable_disableValidation recommendations: #94608
- doc: instant navs runtime story: #93204
- Reapply "Stabilize catchError and retry by removing unstable_ prefix": #94623
Huge thanks to @gnoff, @gaojude, @sampoder, @karlhorky, @MikhailStn, @unstubbable, @aurorascharff, @samselikoff, @lukesandberg, @bgw, @eps1lon, @acdlite, @devjiwonchoi, and @icyJoseph for helping!
v16.2.9
Empty release to ensure next@latest points at a stable release. Next.js only allows publishing with Trusted Publishing enabled. In order to fix NPM dist-tags, we have to release a new version. Updating dist-tags is not possible with Trusted Publishing.