5.1.4

Security

• Increase minimum DOMPurify version to 2.0.16 due to recent upstream security advisories

5.0.4

Security

• Increase minimum DOMPurify version to 2.0.16 due to recent upstream security advisories

5.1.3

Security

• Increase minimum DOMPurify version to 2.0.6 due to recent upstream security advisories

5.0.3

Security

• Increase minimum DOMPurify version to 2.0.6 due to recent upstream security advisories

5.1.2

Security

• Bump Dockerfile base image to Alpine 3.8.1 to fix an apk remote code execution vulnerability

5.1.1

This will be the last release line to support Node.js 4, 5 and 7.

Improved

• Backport Docker image infrastructure

Fixed

• Backport fix for non-public images always returning 403 Forbidden (#1438)

5.1.0

Changed

• Bump gm version out of caution to pull in a fully security-patched debug

5.1.0 beta 0

Improved

• Generate startup log warnings on bad configurations, including insecure secret values and internal parameters
• Add a Dockerfile
• Added zero-downtime upgrade support

Changed

• Update deps
• Enable some more tests and start tracking code coverage with Coveralls
• Expand package.json metadata
• Clarify semver-major local modification policy
• Move most documentation to ReadTheDocs (#1496)

Fixed

• bin/pump-import-collection no longer crashes due to an underscore-contrib reference
• Fix the logged-out mobile homepage's menu icon being black (#1445)
• Fix the JavaScript license page not loading Bootstrap properly (#1432)
• Fix some README config options
• SockJS connections no longer fail due to authorization problems (#1475)

5.0.2

Fixed

• connect-auth-pumpio is pulled from npm instead of GitHub again

5.0.1

No changes from 5.0.1 beta 0:

Security

• Fix multiple denial-of-service security vulnerabilities in indirect dependencies