agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-05-23 09:09:36 +02:00
Code Issues Packages Projects Releases Wiki Activity

Release v5.5.6-ext-v3.2

yu-i-i
2025-11-13 18:09:56 +01:00
parent 075322af12
commit c1f026b22f
6 changed files with 79 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Extended-CE:-Environment-Variables.md Normal file

@@ -0,0 +1,7 @@
## Environment Variables
In addition to the [environment variables used in upstream Overleaf Server CE](https://docs.overleaf.com/on-premises/configuration/overleaf-toolkit/environment-variables),
the following variables has been added in Extended CE:
- `MAX_UPLOAD_SIZE`
* Specifies the maximum size of an uploaded project or file, in MB. The default value is 50 MB.

43
Extended-CE:-From-External-URL.md

@@ -7,3 +7,46 @@ ENABLED_LINKED_FILE_TYPES=project_file,project_output_file,url
```
This will extend both the *Add Files* menu and the *Insert Figure* dropdown in the toolbar: the *Add Files* menu allows you to add a
file to your project using its URL, while the *Insert Figure* dropdown lets you insert an image into your document directly from its URL.
### Security Note
When users add a link to an external file in their projects, the file is fetched on behalf of the server where Overleaf is installed.
If the Overleaf server is hosted inside a private network that also contains internal HTTP servers (intended only for internal use),
a user with access to Overleaf could potentially access data from these internal services.
To prevent this, links to external files must not point to servers whose IP addresses belong to any of the restricted network ranges. These are:
- `127.0.0.0/8` (loopback)
- `169.254.0.0/16` (link-local)
- `10.0.0.0/8` (private network)
- `172.16.0.0/12` (private network)
- `192.168.0.0/16` (private network)
In addition, the following environment variable is introduced:
- `OVERLEAF_LINKED_URL_BLOCKED_NETWORKS`
* A whitespace-separated list of networks in CIDR notation from which external resources are prohibited from being fetched.
Typically, this should include the organization's internal network.
- Example:
`OVERLEAF_LINKED_URL_BLOCKED_NETWORKS=123.123.0.0/16 124.124.124.0/24`
However, in many organizations, servers within the internal network may also host data that should be publicly accessible.
To allow access to specific resources even if the entire network is blocked, the following environment variable is provided:
- `OVERLEAF_LINKED_URL_ALLOWED_RESOURCES`
* A regular expression defining allowed web resources from which external files may be fetched.
If a URL matches this regular expression, access to it is granted even if its network is otherwise blocked.
- Example: To allow URLs like
`https://www.example.com/~john/pictures/frog.jpg` and
`http://www.example.com/public/whatever/lit.bib`:
`OVERLEAF_LINKED_URL_ALLOWED_RESOURCES=^https?://www\.example\.com/(?:~[^/]+|public)(?:/.*)?`
- Example: To deny URLs like
`http://www.example.com/private/whatever/file`,
while allowing all other resources not in the `private` subtree:
`OVERLEAF_LINKED_URL_ALLOWED_RESOURCES=^https?://www\.example\.com/(?!private)(?:.*)`

9
Extended-CE:-Installation.md

@@ -10,13 +10,14 @@ services:
image: sharelatex/sharelatex:ext-ce
```
If you want to build a Docker image of the extended CE based on the upstream v5.5.0 codebase, you can check out the corresponding tag by running:
If you want to build a Docker image of the extended CE based on the upstream v5.5.n version, check out the tag, corresponding to version v5.5.0-ext-v3.2 by running:
```
git checkout v5.5.0-ext-v3.1
git checkout v5.5.0-ext-v3.2
```
After building the image, switch to the latest state of the repository and check the `server-ce/hotfix` directory. If a subdirectory matching your version (e.g., `5.5.2`) exists, build a patched image.
After building the image, switch to the latest state of the repository, rewiev the `server-ce/hotfix` directory, and build the patched images sequentially: v5.5.1-ext-v3.2,i ..., v5.5.n-ext-v3.2.
Alternatively, you can download a prebuilt image from Docker Hub:
```
docker pull overleafcep/sharelatex:5.5.2-ext-v3.1
docker pull overleafcep/sharelatex:5.5.6-ext-v3.2
```
Make sure to update the image name in `overleaf-toolkit/config/docker-compose.override.yml` accordingly.

7
Extended-CE:-Useful-Links.md Normal file

@@ -0,0 +1,7 @@
## Useful Links
- [How to increase the maximum compilation time beyond 600 seconds](https://github.com/yu-i-i/overleaf-cep/discussions/37)
- [How to enable the 'Restore project to this version' feature](https://github.com/yu-i-i/overleaf-cep/discussions/76)
- [Example of Authentik Identity Provider configuration for OIDC](https://github.com/yu-i-i/overleaf-cep/discussions/68)

7
Home.md

@@ -12,6 +12,13 @@ the [Overleaf Wiki Page](https://github.com/overleaf/overleaf/wiki).
## Extended CE Release Notes
### `v5.5.6-ext-v3.2`
- Based on upstream release v5.5.6
- Fixed an issue where Sandboxed Compiles stopped working due to excessively strict seccomp restrictions
- Introduced the `MAX_UPLOAD_SIZE` variable to control the maximum allowed size for uploaded projects and files
- **Security fix**: Files attached from an external URL are now fetched through a proxy. For details, see [Security Note](https://github.com/yu-i-i/overleaf-cep/wiki/Extended-CE:-From-External-URL#security-note)
### `v5.5.4-ext-v3.1`
- Based on upstream release v5.5.4

18
_Sidebar.md

@@ -1,8 +1,10 @@
## Extended CE
- [Installation](https://github.com/yu-i-i/overleaf-cep/wiki/Extended-CE:-Installation)
- [Sandboxed Compiles](https://github.com/yu-i-i/overleaf-cep/wiki/Extended-CE:-Sandboxed-Compiles)
- [LDAP Authentication](https://github.com/yu-i-i/overleaf-cep/wiki/Extended-CE:-LDAP-Authentication)
- [SAML Authentication](https://github.com/yu-i-i/overleaf-cep/wiki/Extended-CE:-SAML-Authentication)
- [OIDC Authentication](https://github.com/yu-i-i/overleaf-cep/wiki/Extended-CE:-OIDC-Authentication)
- [Template Gallery](https://github.com/yu-i-i/overleaf-cep/wiki/Extended-CE:-Template-Gallery)
- [From External URL Feature](https://github.com/yu-i-i/overleaf-cep/wiki/Extended-CE:-From-External-URL)
## Extended CE
- [Installation](https://github.com/yu-i-i/overleaf-cep/wiki/Extended-CE:-Installation)
- [Sandboxed Compiles](https://github.com/yu-i-i/overleaf-cep/wiki/Extended-CE:-Sandboxed-Compiles)
- [LDAP Authentication](https://github.com/yu-i-i/overleaf-cep/wiki/Extended-CE:-LDAP-Authentication)
- [SAML Authentication](https://github.com/yu-i-i/overleaf-cep/wiki/Extended-CE:-SAML-Authentication)
- [OIDC Authentication](https://github.com/yu-i-i/overleaf-cep/wiki/Extended-CE:-OIDC-Authentication)
- [Template Gallery](https://github.com/yu-i-i/overleaf-cep/wiki/Extended-CE:-Template-Gallery)
- [From External URL Feature](https://github.com/yu-i-i/overleaf-cep/wiki/Extended-CE:-From-External-URL)
- [Environment Variables](https://github.com/yu-i-i/overleaf-cep/wiki/Extended-CE:-Environment-Variables)
- [Useful Links](https://github.com/yu-i-i/overleaf-cep/wiki/Extended-CE:-Useful-Links)