Release notes 5.x.x

Server Pro 5.5.6

Release date: 2025-10-29

• Server Pro Image ID: a7fabd92df1d

• Community Edition Image ID: 670af1d40458

• Git Bridge Image ID: 346ef9a195f1

This is a security release containing updates to the base image and installed packages.

Server Pro 5.5.5

Release date: 2025-10-23

• Server Pro Image ID: 662319c9321f

• Community Edition Image ID: 18b74885001f

• Git Bridge Image ID: 24939e88f5aa

This release contains internal tools and checks designed to prepare a Server Pro instance for the upcoming 6.0 upgrade.

Server Pro 5.5.4

Release date: 2025-07-31

• Server Pro Image ID: dd3d1c61f194

• Community Edition Image ID: 7b216673bd81

• Git Bridge Image ID: 45770796de58

This release includes bug fixes for an upcoming binary file migration.

Server Pro 5.5.3

Release date: 2025-07-29

• Server Pro Image ID: 2bf634002f11

• Community Edition Image ID: 62812cf70518

• Git Bridge Image ID: 45770796de58

This is a security release, we have updated internal dependencies used by the SAML integration. This release also contains updates to the base image and installed packages. Customers using SAML authentication are advised to upgrade.

New Features

Added script for bulk transfer of projects (documentation).

Server Pro 5.5.2

Release date: 2025-07-09

• Server Pro Image ID: 4f55e24737e4

• Community Edition Image ID: a9b671a7f751

• Git Bridge Image ID: 24939e88f5aa

This is a bug-fix release.

Bugfixes

• Fixes bug which prevented anonymous editors from making tracked changes

• Fixes bug which caused a missing header image when using OVERLEAF_HEADER_IMAGE_URL

• Fixes bug which prevented the "Stop compile" button working when not using Sandboxed Compiles

Other Changes

• You can now optionally configure your deployment to start even if the initial MongoDB startup checks fail by setting ALLOW_MONGO_ADMIN_CHECK_FAILURES=true

• Applied security updates to base image

Server Pro 5.5.1

Release date: 2025-05-09

• Server Pro Image ID: ccf59bc84efb

• Community Edition Image ID: 7fb7924f9e3d

• Git Bridge Image ID: 24939e88f5aa

Bugfixes

• Fixes License Usage tab in the admin panel.

• Fixes Redis TLS configuration in history-v1 service.

• Fixes create-user script when used with mjs extension.

Other Changes

• Improved error message when using an invalid Feature Compatibility Version in MongoDB.

Server Pro 5.5.0

Release date: 2025-05-29

• Server Pro Image ID: f778900dbcb5

• Community Edition Image ID: d56f85856198

• Git Bridge Image ID: 24939e88f5aa

This release bumps the minimum mongo version to 6.0. If you've previously updated your MongoDB version to 6.0 following the instructions in the 5.1.0 release you might need to set the featureCompatibilityVersion setting to 6.0:

$ bin/mongo
> db.adminCommand( { getParameter: 1, featureCompatibilityVersion: 1 } )
 ... 
 {
    featureCompatibilityVersion: { version: '5.0' },
...
> db.adminCommand( { setFeatureCompatibilityVersion: "6.0" } ) 

When featureCompatibilityVersion is set to a value lower than 6.0 you would be seeing a Expression not supported in partial index error like:

MongoServerError: Error during migrate "20250411200550_active_chunk_index_update": Error in specification { name: "projectId_1_startVersion_1_v2", unique: true, partialFilterExpression: { state: { $in: [ "active", "closed" ] } }, background: true, key: { projectId: 1, startVersion: 1 }, v: 2 } :: caused by :: Expression not supported in partial index: state $in [ "active" "closed" ]

New Features

• Add --skip-email option to delete-user.js script.

• New improved UI for the review panel.

Bugfixes

• Fixes Configuration property backupStore is not defined error being logged.

• Fixes email delivery when mail server uses self-signed certificates.

• Fixes Redis TLS configuration in references service.

Other Changes

• Podman based deployments: the Sandboxed Compiles configuration has been merged and it is no longer possible to disable seccomp. Please download a copy of the seccomp profile and store it on the Docker host, then point Server Pro at it using the environment variable SECCOMP_PROFILE="/docker/host/path/of/seccomp/clsi-profile.json".

• Added a new daily cron job that flushes projects with pending changes.

• Update base image to noble-1.0.2 and node@22

• Many small improvements and bug fixes.

Server Pro 5.4.1

Release date: 2025-04-30

• Server Pro Image ID: 24f0a095a3bc

• Community Edition Image ID: a5b8db34908e

• Git Bridge Image ID: 15a29bbb6524

This is a security release containing updates to the base image and installed packages.

Bugfixes

• Fixes connection errors when attempting to use Redis via TLS.

Server Pro 5.4.0

Release date: 2025-04-11

• Server Pro Image ID: def5d40bc8a4

• Community Edition Image ID: 637631dedf09

• Git Bridge Image ID: 15a29bbb6524

New Features

• New export-user-projects.mjs script to export all user's projects. For more information see documentation.

• TeX Live 2025 is the new default image when not using Sandboxed Compiles in Server Pro.

Bugfixes

• Fixes documentation access when running the instance behind a proxy.

Other Changes

• Added rate limiter to LDAP /login endpoint.

• Mitigate risk of data loss when shutting down the instance. A new MAX_RECONNECT_GRACEFULLY_INTERVAL_MS environment variable allows a finer configuration of the delay between editor graceful reconnection and data flushing, and container shutdown.

Server Pro 5.3.3

Release date: 2025-03-21

• Server Pro Image ID: 2a15214c521f

• Community Edition Image ID: eb2d221f5f5e

• Git Bridge Image ID: 8aa85fa0d7df

This is a security release, we updated internal dependencies used by SAML integration.

Server Pro 5.3.2

Release date: 2025-03-11

• Server Pro Image ID: 72f7039d52c6

• Community Edition Image ID: eb2d221f5f5e

• Git Bridge Image ID: 8aa85fa0d7df

Bugfixes

• Fixes access to Overleaf documentation when using a proxy for external requests.

Other Changes

• Adds rate limiters to LDAP /login endpoint

Server Pro 5.3.1

Release date: 2025-01-29

• Server Pro Image ID: 6df5c59837a8

• Community Edition Image ID: eb2d221f5f5e

• Git Bridge Image ID: 8aa85fa0d7df

New Features

• OVERLEAF_LOGIN_SUPPORT_TEXT can now be used to display support information underneath the login button. The text will be shown in the login screen and can be used to direct users to internal support or provide guidance related to logging in, creating accounts, etc.

• V1_HISTORY_URL_FOR_GIT_BRIDGE allows separating the history-v1 endpoint for internal traffic (web service → history-v1 service, both in sharelatex container) and external traffic (git-bridge → history-v1, running in separate containers).

Bugfixes

• Fixed a bug where account deletion fails in certain situations where email service is not available.

Other changes

• Improve file upload processing. The disk-IO load of large instances can drop by up-to 50%.

• Security updates to the base image and installed packages, along with improvements and bugfixes.

There are some changes in the languages supported by the spelling service.

Server Pro 5.2.1

Release date: 2024-10-24

• Server Pro Image ID: a1b1852ac7bd

• Community Edition Image ID: e187f0ff616c

• Git Bridge Image ID: f09f6dbba5ee

Note: An issue was discovered with version 5.2.0, so it was never made public. This resulted in 5.0.1 being the first release in the 5.0 release line.

New Features

Admin capabilities can be granted via LDAP/SAML attributes

The following environment variables are now available:

• LDAP: OVERLEAF_LDAP_IS_ADMIN_ATT and OVERLEAF_LDAP_IS_ADMIN_ATT_VALUE

• SAML: OVERLEAF_SAML_IS_ADMIN_FIELD and OVERLEAF_SAML_IS_ADMIN_FIELD_VALUE

When both environment variables are set, the login process updates user.isAdmin = true when the profile returned by the identity provided contains OVERLEAF_LDAP_IS_ADMIN_ATT/OVERLEAF_SAML_IS_ADMIN_FIELD, and its value is either:

• Equals to OVERLEAF_LDAP_IS_ADMIN_ATT_VALUE/OVERLEAF_SAML_IS_ADMIN_FIELD_VALUE

• An array containing OVERLEAF_LDAP_IS_ADMIN_ATT_VALUE/OVERLEAF_SAML_IS_ADMIN_FIELD_VALUE

Other new features

• Chat feature can be disabled with OVERLEAF_DISABLE_CHAT=true

• SAML Audience, which defaults to OVERLEAF_SAML_ISSUER can now be configured with OVERLEAF_SAML_AUDIENCE

Bugfixes

• Fixes anonymous users accessing a project via read-write link not being able to create labels in the history panel.

• Fixes some scenarios where users are unable to change the TeX Live version in the editor (Server Pro only)

• Admin: searching users by domain now display admins users.

Other changes

• Admin: a num_active_users metric with the count of active users is now available via /metrics.

• Admin: editor resources checks are no longer part of the Launchpad main screen.

• Many small improvements and bugfixes.

Server Pro 5.1.1

Release date: 2024-08-13

• Server Pro Image ID: cb82f2debf6f

• Community Edition Image ID: 28f666f253f8

• Git Bridge Image ID: 4cd4bea6fb01

Bugfixes

• Fixes TexLive version selection after a version of TexLive is removed from ALL_TEX_LIVE_DOCKER_IMAGES.

• Fix for invalid URLs returning 500 instead of 400.

• Fix SAML SSO when using POST request to the Identity Provider when CSP are enabled.

Other changes

• Removed Editor Resources check from launchpad, which has been broken for a while and wasn't providing any value.

• /metrics and /health_check now return 404.

• Security update to prevent remote image loading in Visual Editor.

Server Pro 5.1.0

Release date: 2024-07-17

• Server Pro Image ID: 7216db608356

• Community Edition Image ID: 41a77f59f69e

• Git Bridge Image ID: 4cd4bea6fb01

MongoDB upgrade to v6

MongoDB 5 is reaching end of life on October 2024. All customers should upgrade to MongoDB 6.0. Follow the link to the official documentation for instructions.

Toolkit users now need to split the MongoDB image between MONGO_IMAGE (with just the image name) and MONGO_VERSION in their config/overleaf.rc file.

Example:

# When using a custom image, MONGO_VERSION is required
MONGO_IMAGE=my.docker.hub/mongo
MONGO_VERSION=6.0-custom

Please ensure you have a consistent database backup before upgrading.

Redis AOF Persistence enabled by default

AOF (Append Only File) persistence is now the recommended configuration for Redis persistence.

Redis documentation in the Overleaf wiki.

Toolkit users have AOF persistence enabled by default for new installs. Existing users are recommended to follow the instructions on the official documentation to switch to AOF:

https://redis.io/docs/latest/operate/oss_and_stack/management/persistence/#how-i-can-switch-to-aof-if-im-currently-using-dumprdb-snapshots

Deprecation for docker-compose v1

docker-compose v1 has reached its End Of Life in July 2023 (https://docs.docker.com/compose/migrate/). Support for docker-compose v1 in the Overleaf Toolkit will be dropped with the release of Server Pro 5.2. We recommend upgrading to Docker Compose v2 before then.

New features

• SAML: multiple certificates are now supported. You can now set a list of comma-separated certificates in OVERLEAF_SAML_SIGNING_CERT and OVERLEAF_SAML_CERT

• CSP (Content Security Policy) is now enabled by default. It can be disabled adding OVERLEAF_CSP_ENABLED=false to config/variables.env.

Bugfixes

• Fixes a bug where projects created before enabling the templates feature couldn't be published as templates.

• Fixed spacing in project list footer.

• Fixed post-login redirection when login after clicking the "Log in" button in the header.

Other changes

• Removed support for running LaTeX compiles with Docker-In-Docker in Server Pro. Sandboxed compiles using "sibling" containers is not affected by this.

• TeX Live images, as used for Sandboxed Compiles, need to be pulled outside of Server Pro now. All customers have been granted read access to quay.io/sharelatex/texlive-full.

  The Overleaf Toolkit is pulling all configured images as part of bin/up. You can disable the automatic pulling using SIBLING_CONTAINERS_PULL=false in your config/overleaf.rc file.

• Stricter and faster graceful shutdown procedure for the Server Pro container

• The environment variable SYNCTEX_BIN_HOST_PATH is no longer used by the application

• We are sunsetting window properties like window.project_id. If you need access to any of these, please reach out to [email protected] to discuss options.

• Significant reduction in Docker image size for Server Pro and CE

• Security updates to the base image and installed dependencies.

• Minor improvements and bugfixes.

Server Pro 5.0.7

Release date: 2024-07-12

• Server Pro Image ID: a8c301474a4d

• Community Edition Image ID: 6f3e55a67fd5

• Git Bridge Image ID: 455a8c0559a4

This is a security release. We added stricter controls for accessing project invite details and locked down access to files via the LaTeX compilation service.

We strongly recommend turning on the Sandboxed Compiles feature in Server Pro.

Server Pro 5.0.6

Release date: 2024-06-20

• Server Pro Image ID: c9de60b06959

• Community Edition Image ID: 46bb44d4215d

• Git Bridge Image ID: 455a8c0559a4

This is a security release. We added stricter controls for creating projects from ZIP URLs.

Server Pro 5.0.5

Release date: 2024-06-11

• Server Pro Image ID: 60da5806f83e

• Community Edition Image ID: 46bb44d4215d

• Git Bridge Image ID: 455a8c0559a4

This is a security release. We added stricter controls to prevent arbitrary CSS loading in the project editor.

Server Pro 5.0.4

Release date: 2024-05-24

• Server Pro Image ID: b0db0405a7ce

• Community Edition Image ID: abcec6efbbf7

• Git Bridge Image ID: 455a8c0559a4

This release provides security updates, bugfixes, and performance enhancements, including:

• Stricter controls to prevent arbitrary JavaScript execution in the browser.

• Updated libraries to enhance security and performance.

Server Pro 5.0.3

Release date: 2024-04-24

• Server Pro Image ID: dc88a9ade14d

• Community Edition Image ID: b4712d596c75

• Git Bridge Image ID: 455a8c0559a4

This release builds up on 5.0.2 and includes the second revision of the recovery process for doc versions.

If you never ran Server Pro version 5.0.1 or Community Edition version 5.0.1, or you started a brand new instance with 5.0.1, you do not need to run this recovery process. Please see the Bugfixes section for Server Pro 5.0.2 below for details on the need for a recovery and follow the updated wiki page on the recovery process.

Server Pro 5.0.2 (Retracted)

Release date: 2024-04-22

• Server Pro Image ID: 06eed5680340

• Community Edition Image ID: 9f018f899ba5

• Git Bridge Image ID: 455a8c0559a4

Security release

Server Pro 5.0.2 is a security release for the application runtime.

The Node.js runtime has been upgraded to 18.20.2. Check their release notes (18.20.1, 18.20.2) for more information.

Bugfixes

• Fixes database migration that resulted in the loss of doc versions. These are used by the history system and their loss resulted in the history system skipping over updates effectively resulting in no further changes to the history view and git-integration. This release fixes the database migration and also sports a recovery process for instances that ran release 5.0.1. If you ran version 5.0.1, please take a look at the dedicated doc version recovery process.

• Fixes references and templates services on Docker 26 IPv6.

Other changes

• Adds bin/flush-history-queues and bin/force-history-resyncs utility scripts.

Server Pro 5.0.1 (Retracted)

Release date: 2024-04-02

• Server Pro Image ID: 0d28770b4692

• Community Edition Image ID: ee69bf0baddf

• Git Bridge Image ID: 455a8c0559a4

This major release includes the following changes:

• Required database upgrade from MongoDB 4 to MongoDB 5

• Rebranding of SHARELATEX_* to OVERLEAF_* environment variables

• Rebranding of filesystem paths from ShareLaTeX brand to Overleaf brand

Important: the Toolkit will help migrating your configuration, please follow the prompts of bin/upgrade.

MongoDB upgrade to v5

MongoDB 4.4 has reached end of life on February 2024. All customers should upgrade to MongoDB 5.0 before upgrading to the 5.0 release line.

The release also includes migrations that update the database in a backwards incompatible format.

Please ensure you have a consistent database backup before upgrading. In case of roll-back, you will need to restore the database backup. Server Pro 4.x is not capable of reading the new format, which can result in data-loss or broken projects.

Configuration changes

Environment variables have been rebranded from SHARELATEX_* to OVERLEAF_*. Overleaf Toolkit users should be prompted to perform the migration when running bin/upgrade, and warnings will be printed when trying to run the Overleaf instance with the incorrect configuration.

Filesystem paths have also been rebranded from ShareLaTeX brand to Overleaf brand:

• /var/lib/sharelatex -> /var/lib/overleaf

• /var/log/sharelatex -> /var/log/overleaf

• /etc/sharelatex -> /etc/overleaf

Filesystem changes are automatically handled by the Overleaf Toolkit. Otherwise, make sure bind-mount targets are updated to refer to the Overleaf equivalent, e.g.

docker-compose/yml before:

volumes:
    - /my/docker-host/path:/var/log/sharelatex

docker-compose.yml after:

volumes:
    - /my/docker-host/path:/var/log/overleaf

New features

• Added support for using IAM credentials when using AWS S3 for project/history files

• Server Pro will refuse to start when using an older version of MongoDB

Bugfixes

• Fixes a scenario in which the share project modal doesn't display the link-sharing links immediately after turning on the feature

Other changes

• All services are now using IPv4 in the container

• Container image upgrade from Ubuntu 20.04 to 22.04 LTS

• Security updates to the base image and installed packages, along with improvements and bugfixes.