[email protected]

Security fixes

• Security (RCE) : forbid any \end{CodeBlock} command from inside CodeBlocks themselves (included in 10.1.3)
• Security (LFI) : replace invalid pathes with a default image (included in 10.1.3)
• Security (SSRF) : prevent images downloads from local IP ranges (included in 10.1.3)
• Security (RCE) : filter the authorized math commands to a given list
• Security (RCE) : escape the content of abbreviations

LaTeX

• Important : Align table headers left instead of centered
• Minor : Restore a correct behavior for footnotes, but remove linking
• Minor : Fix tables column width so that tables take the whole page

Miscellaneous

• Important : Switch the project to NPMv7. Should not break dependants
• Important : Uses details/summary HTML tags for spoilers
• Minor : Better parsing for pings, now only break on line break and spaces
• Minor : Allow calling LaTeX endpoint without options
• Minor : Do not add line numbers to one-line code blocks
• Minor : Drop Node 10 support