Release date: 2025-07-31

• Server Pro Image ID: dd3d1c61f194
• Community Edition Image ID: 7b216673bd81
• Git Bridge Image ID: 45770796de58

This release includes bug fixes for an upcoming binary file migration.

Release date: 2025-07-29

• Server Pro Image ID: 2bf634002f11
• Community Edition Image ID: 62812cf70518
• Git Bridge Image ID: 45770796de58

This is a security release, we have updated internal dependencies used by the SAML integration. This release also contains updates to the base image and installed packages. Customers using SAML authentication are advised to upgrade.

Added script for bulk transfer of projects (documentation).

Release date: 2025-07-09

• Server Pro Image ID: 4f55e24737e4
• Community Edition Image ID: a9b671a7f751
• Git Bridge Image ID: 24939e88f5aa

This is a bug-fix release.

• Fixes bug which prevented anonymous editors from making tracked changes
• Fixes bug which caused a missing header image when using OVERLEAF_HEADER_IMAGE_URL
• Fixes bug which prevented the "Stop compile" button working when not using sandboxed compiles

Other changes

• You can now optionally configure your deployment to start even if the initial MongoDB startup checks fail by setting ALLOW_MONGO_ADMIN_CHECK_FAILURES=true
• Applied security updates to base image

Release date: 2025-05-09

• Server Pro Image ID: ccf59bc84efb
• Community Edition Image ID: 7fb7924f9e3d
• Git Bridge Image ID: 24939e88f5aa

• Fixes License Usage tab in the admin panel.
• Fixes Redis TLS configuration in history-v1 service.
• Fixes create-user script when used with mjs extension.

• Improved error message when using an invalid Feature Compatibility Version in MongoDB.

Release date: 2025-05-29

• Server Pro Image ID: f778900dbcb5
• Community Edition Image ID: d56f85856198
• Git Bridge Image ID: 24939e88f5aa

This release bumps the minimum mongo version to 6.0.

Before upgrading, if you've previously updated your mongo version to 6.0 following the instructions in the 5.1.0 release you should set the featureCompatibilityVersion setting to 6.0:

$ bin/mongo
> db.adminCommand( { getParameter: 1, featureCompatibilityVersion: 1 } )
 ... 
 {
    featureCompatibilityVersion: { version: '5.0' },
...
> db.adminCommand( { setFeatureCompatibilityVersion: "6.0" } ) 

When featureCompatibilityVersion is set to a value lower than 6.0 you would be seeing a Expression not supported in partial index error like:

MongoServerError: Error during migrate "20250411200550_active_chunk_index_update": Error in specification { name: "projectId_1_startVersion_1_v2", unique: true, partialFilterExpression: { state: { $in: [ "active", "closed" ] } }, background: true, key: { projectId: 1, startVersion: 1 }, v: 2 } :: caused by :: Expression not supported in partial index: state $in [ "active" "closed" ]

• Add --skip-email option to delete-user.js script.
• New improved UI for the review panel.

• Fixes Configuration property backupStore is not defined error being logged.
• Fixes email delivery when mail server uses self-signed certificates.
• Fixes Redis TLS configuration in references service.

• Podman based deployments: the Sandboxed compiles configuration has been merged and it is no longer possible to disable seccomp. Please download a copy of the seccomp profile and store it on the Docker host, then point Server Pro at it using the environment variable SECCOMP_PROFILE="/docker/host/path/of/seccomp/clsi-profile.json". WARNING: podman deployments are not officially supported.
• Added a new daily cron job that flushes projects with pending changes.
• Update base image to noble-1.0.2 and node@22
• Many small improvements and bug fixes.

Release date: 2025-04-30

• Server Pro Image ID: 24f0a095a3bc
• Community Edition Image ID: a5b8db34908e
• Git Bridge Image ID: 15a29bbb6524

This is a security release containing updates to the base image and installed packages.

• Fixes connection errors when attempting to use Redis via TLS.

Release date: 2025-04-11

• Server Pro Image ID: def5d40bc8a4
• Community Edition Image ID: 637631dedf09
• Git Bridge Image ID: 15a29bbb6524

• New export-user-projects.mjs script to export all user's projects. See documentation.
• TexLive 2025 is the new default image when not using Sandboxed Compiles in Server Pro.

• Fixes documentation access when running the instance behind a proxy.

• Added rate limiter to LDAP /login endpoint.
• Mitigate risk of data loss when shutting down the instance. A new MAX_RECONNECT_GRACEFULLY_INTERVAL_MS environment variable allows a finer configuration of the delay between editor graceful reconnection and data flushing, and container shutdown.

Release date: 2025-03-21

• Server Pro Image ID: 2a15214c521f
• Community Edition Image ID: eb2d221f5f5e
• Git Bridge Image ID: 8aa85fa0d7df

This is a security release, we updated internal dependencies used by SAML integration.

Release date: 2025-03-11

• Server Pro Image ID: 72f7039d52c6
• Community Edition Image ID: eb2d221f5f5e
• Git Bridge Image ID: 8aa85fa0d7df

• Fixes access to Overleaf documentation when using a proxy for external requests.

• Adds rate limiters to LDAP /login endpoint

Release date: 2025-01-29

• Server Pro Image ID: 6df5c59837a8
• Community Edition Image ID: eb2d221f5f5e
• Git Bridge Image ID: 8aa85fa0d7df

Note: An issue was discovered with version 5.3.0, so it was never made public. This resulted in 5.3.1 being the first release in the 5.3 release line.

• OVERLEAF_LOGIN_SUPPORT_TEXT can now be used to display support information underneath the login button. The text will be shown in the login screen and can be used to direct users to internal support or provide guidance related to logging in, creating accounts, etc.
• V1_HISTORY_URL_FOR_GIT_BRIDGE allows separating the history-v1 endpoint for internal traffic (web service → history-v1 service, both in sharelatex container) and external traffic (git-bridge → history-v1, running in separate containers).

• Fixed a bug where account deletion fails in certain situations where email service is not available.

• Improve file upload processing. The disk-IO load of large instances can drop by up-to 50%.
• Security updates to the base image and installed packages, along with improvements and bugfixes.

There are some changes in the languages supported by the spelling service.

Release date: 2024-10-24

• Server Pro Image ID: a1b1852ac7bd
• Community Edition Image ID: e187f0ff616c
• Git Bridge Image ID: f09f6dbba5ee

Note: An issue was discovered with version 5.2.0, so it was never made public. This resulted in 5.2.1 being the first release in the 5.2 release line.

The following environment variables are now available:

• LDAP: OVERLEAF_LDAP_IS_ADMIN_ATT and OVERLEAF_LDAP_IS_ADMIN_ATT_VALUE
• SAML: OVERLEAF_SAML_IS_ADMIN_FIELD and OVERLEAF_SAML_IS_ADMIN_FIELD_VALUE

When both environment variables are set, the login process updates user.isAdmin = true when the profile returned by the identity provided contains OVERLEAF_LDAP_IS_ADMIN_ATT/OVERLEAF_SAML_IS_ADMIN_FIELD, and its value is either:

• Equals to OVERLEAF_LDAP_IS_ADMIN_ATT_VALUE/OVERLEAF_SAML_IS_ADMIN_FIELD_VALUE
• An array containing OVERLEAF_LDAP_IS_ADMIN_ATT_VALUE/OVERLEAF_SAML_IS_ADMIN_FIELD_VALUE

• Chat feature can be disabled with OVERLEAF_DISABLE_CHAT=true
• SAML Audience, which defaults to OVERLEAF_SAML_ISSUER can now be configured with OVERLEAF_SAML_AUDIENCE

• Fixes anonymous users accessing a project via read-write link not being able to create labels in the history panel.
• Fixes some scenarios where users are unable to change the TeX Live version in the editor (Server Pro only)
• Admin: searching users by domain now display admins users.

• Admin: a num_active_users metric with the count of active users is now available via /metrics.
• Admin: editor resources checks are no longer part of the Launchpad main screen.
• Many small improvements and bug fixes.

Release date: 2024-08-13

• Server Pro Image ID: cb82f2debf6f
• Community Edition Image ID: 28f666f253f8
• Git Bridge Image ID: 4cd4bea6fb01

• Fixes TexLive version selection after a version of TexLive is removed from ALL_TEX_LIVE_DOCKER_IMAGES.
• The /metrics and /health_check endpoints now return 404. However, they are still accessible directly through the web service port inside the container (for example, http://localhost:3000/metrics).
• Fix SAML SSO when using POST request to the Identity Provider when CSP are enabled.

• Removed Editor Resources check from launchpad, which has been broken for a while and wasn't providing any value.
• /metrics and /health_check now return 404.
• Security update to prevent remote image loading in Visual Editor.

Release date: 2024-07-17

• Server Pro Image ID: 7216db608356
• Community Edition Image ID: 41a77f59f69e
• Git Bridge Image ID: 4cd4bea6fb01

MongoDB 5 is reaching end of life on October 2024. All customers should upgrade to MongoDB 6.0. Follow the link to the official documentation for instructions.

Toolkit users now need to split the mongo image between MONGO_IMAGE (with just the image name) and MONGO_VERSION in their config/overleaf.rc.

Example:

# when using a custom image, MONGO_VERSION is required
MONGO_IMAGE=my.docker.hub/mongo
MONGO_VERSION=6.0-custom

Please ensure you have a database backup before upgrading.

AOF (Append Only File) persistence is now the recommended configuration for Redis persistence.

Redis documentation in the Overleaf wiki.

Toolkit users have AOF persistence enabled by default for new installs. Existing users are recommended to follow the instructions on the official documentation to switch to AOF:

https://redis.io/docs/latest/operate/oss_and_stack/management/persistence/#how-i-can-switch-to-aof-if-im-currently-using-dumprdb-snapshots

docker-compose v1 has reached its End Of Life in July 2023 (https://docs.docker.com/compose/migrate/). Support for docker-compose v1 in the Overleaf Toolkit will be dropped with the release of Server Pro 5.2. We recommend upgrading to Docker Compose v2 before then.

• SAML: multiple certificates are now supported. You can now set a list of comma-separated certificates in OVERLEAF_SAML_SIGNING_CERT and OVERLEAF_SAML_CERT
• CSP (Content Security Policy) is now enabled by default. It can be disabled adding OVERLEAF_CSP_ENABLED=false to config/variables.env.

• Fixes a bug where projects created before enabling the templates feature couldn't be published as templates.
• Fixed spacing in project list footer.
• Fixed post-login redirection when login after clicking the "Log in" button in the header.

• Removed support for running LaTeX compiles with Docker-In-Docker in Server Pro. Sandboxed compiles using "sibling" containers is not affected by this.

• TeXLive images, as used for Sandboxed compiles, need to be pulled outside of Server Pro now. All customers have been granted read access to quay.io/sharelatex/texlive-full.

  The Overleaf Toolkit is pulling all configured images as part of bin/up. You can disable the automatic pulling using SIBLING_CONTAINERS_PULL=false in your config/overleaf.rc file.

• Stricter and faster graceful shutdown procedure for the Server Pro container

• The environment variable SYNCTEX_BIN_HOST_PATH is no longer used by the application

• We are sunsetting window properties like window.project_id. If you need access to any of these, please reach out to support@overleaf.com to discuss options.

• Significant reduction in Docker image size for Server Pro and CE

• Security updates to the base image and installed dependencies.

• Minor improvements and bugfixes.

Release date: 2024-07-12

• Server Pro Image ID: a8c301474a4d
• Community Edition Image ID: 6f3e55a67fd5
• Git Bridge Image ID: 455a8c0559a4

This is a security release. We added stricter controls for accessing project invite details and locked down access to files via the LaTeX compilation service.

We strongly recommend turning on the Sandboxed compiles feature in Server Pro.

Release date: 2024-06-20

• Server Pro Image ID: c9de60b06959
• Community Edition Image ID: 46bb44d4215d
• Git Bridge Image ID: 455a8c0559a4

This is a security release. We added stricter controls for creating projects from ZIP URLs.

Release date: 2024-06-11

• Server Pro Image ID: 60da5806f83e
• Community Edition Image ID: 46bb44d4215d
• Git Bridge Image ID: 455a8c0559a4

This is a security release. We added stricter controls to prevent arbitrary CSS loading in the project editor.

Release date: 2024-05-24

• Server Pro Image ID: b0db0405a7ce
• Community Edition Image ID: abcec6efbbf7
• Git Bridge Image ID: 455a8c0559a4

This release provides security updates, bug fixes, and performance enhancements, including:

• Stricter controls to prevent arbitrary JavaScript execution in the browser.
• Updated libraries to enhance security and performance.

Release date: 2024-04-24

• Server Pro Image ID: dc88a9ade14d
• Community Edition Image ID: b4712d596c75
• Git Bridge Image ID: 455a8c0559a4

This release builds up on 5.0.2 and includes the second revision of the recovery process for doc versions.

If you never ran Server Pro version 5.0.1 or Community Edition version 5.0.1, or you started a brand new instance with 5.0.1, you do not need to run this recovery process. Please see the Bugfixes section for Server Pro 5.0.2 below for details on the need for a recovery and follow the updated wiki page on the recovery process.

⚠️ 2024-04-22: We are retracting version 5.0.2. We have identified a few corner cases in the recovery procedure for docs.

⚠️ 2024-04-24: Server Pro version 5.0.3 sports fixes for the previously identified corner cases.

Release date: 2024-04-22

• Server Pro Image ID: 06eed5680340
• Community Edition Image ID: 9f018f899ba5
• Git Bridge Image ID: 455a8c0559a4

Server Pro 5.0.2 is a security release for the application runtime.

The Node.js runtime has been upgraded to 18.20.2. Check their release notes (18.20.1, 18.20.2) for more information.

• Fixes database migration that resulted in the loss of doc versions. These are used by the history system and their loss resulted in the history system skipping over updates effectively resulting in no further changes to the history view and git-integration. This release fixes the database migration and also sports a recovery process for instances that ran release 5.0.1. If you ran version 5.0.1, please take a look at the dedicated page on the recovery process.
• Fixes references and templates services on Docker 26 + ipv6.

• Adds bin/flush-history-queues and bin/force-history-resyncs utility scripts.

⚠️ 2024-04-18: We have identified a critical bug in a database migration that causes data loss. Please defer upgrading to release 5.0.1 until further notice on the mailing list. Please hold on to any backups that were taken prior to upgrading to version 5.0.1.

⚠️ 2024-04-24: Server Pro 5.0.3 has been released with a fix and recovery process that does not need access to a backup. See details above.

Release date: 2024-04-02

• Server Pro Image ID: 0d28770b4692
• Community Edition Image ID: ee69bf0baddf
• Git Bridge Image ID: 455a8c0559a4

Note: An issue was discovered with version 5.0.0, so it was never made public. This resulted in 5.0.1 being the first release in the 5.0 release line.

This major release includes the following changes:

• Required database upgrade from MongoDB 4 to MongoDB 5
• Rebranding of SHARELATEX_* to OVERLEAF_* environment variables
• Rebranding of filesystem paths from ShareLaTeX brand to Overleaf brand

Important: the Overleaf Toolkit will help migrating your configuration, please follow the prompts of bin/upgrade.

MongoDB 4.4 has reached end of life on February 2024. All customers should upgrade to MongoDB 5.0 before upgrading to the 5.0 release line.

The release also includes migrations that update the database in a backwards incompatible format.

Please ensure you have a database backup before upgrading. In case of roll-back, you will need to restore the database backup. Server Pro 4.x is not capable of reading the new format, which can result in data-loss or broken projects.

Environment variables have been rebranded from SHARELATEX_* to OVERLEAF_*. Overleaf Toolkit users should be prompted to perform the migration when running bin/upgrade, and warnings will be printed when trying to run the Overleaf instance with the incorrect configuration.

Filesystem paths have also been rebranded from ShareLaTeX brand to Overleaf brand:

• /var/lib/sharelatex -> /var/lib/overleaf
• /var/log/sharelatex -> /var/log/overleaf
• /etc/sharelatex -> /etc/overleaf

Filesystem changes are automatically handled by the Overleaf Toolkit. Otherwise, make sure bind-mount targets are updated to refer to the Overleaf equivalent, e.g.

docker-compose/yml before:

    volumes:
     - /my/docker-host/path:/var/log/sharelatex

docker-compose.yml after:

    volumes:
     - /my/docker-host/path:/var/log/overleaf

• Added support for using IAM credentials when using AWS S3 for project/history files
• Server Pro will refuse to start when using an older version of MongoDB

• Fixes a scenario in which the share project modal doesn't display the link-sharing links immediately after turning on the feature

• All services are now using IPv4 in the container
• Container image upgrade from Ubuntu 20.04 to 22.04 LTS
• Security updates to the base image and installed packages, along with improvements and bugfixes.