Releases: linuxserver/docker-bookstack
v26.03.5-ls262
209efa2
LinuxServer-CI
LinuxServer.io CI
CI Report:
N/A
LinuxServer Changes:
Full Changelog: v26.03.4-ls261...v26.03.5-ls262
Remote Changes:
Updating to v26.03.5
v26.03.4-ls261
9bb178e
LinuxServer-CI
LinuxServer.io CI
CI Report:
N/A
LinuxServer Changes:
Full Changelog: v26.03.4-ls260...v26.03.4-ls261
Remote Changes:
Updating to v26.03.4
v26.03.4-ls260
84258e9
LinuxServer-CI
LinuxServer.io CI
CI Report:
N/A
LinuxServer Changes:
Full Changelog: v26.03.4-ls259...v26.03.4-ls260
Remote Changes:
Updating to v26.03.4
Contributors
Assets 2
v26.03.4-ls259
25a0a9e
LinuxServer-CI
LinuxServer.io CI
CI Report:
N/A
LinuxServer Changes:
Full Changelog: v26.03.3-ls258...v26.03.4-ls259
Remote Changes:
Security Release
This is a security release to improve attachment related permission checks, and URL validation for webhooks.
Upgrade is advised if you allow untrusted users to delete attachments, or if untrusted users have permission to create webhooks on instances which make use of the ALLOWED_SSR_HOSTS BookStack env file option.
Thanks to 404_pkj (GitHub) and naruhodoowl (GitHub) for responsibly reporting these issues.
Full List of Changes
- Updated PHP package versions.
- Updated attachment actions to align page access check.
- Updated URL validation in webhooks to help prevent escaping workarounds.
- Fixed issue where exact search term negation would lead to no results. (#6121)
v26.03.3-ls258
b8d3de4
LinuxServer-CI
LinuxServer.io CI
CI Report:
N/A
LinuxServer Changes:
Full Changelog: v26.03.3-ls257...v26.03.3-ls258
Remote Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
- Updated translations with latest Crowdin changes. (#6067)
- Updated PHP dependency versions.
v26.03.3-ls257
dd2a89a
LinuxServer-CI
LinuxServer.io CI
CI Report:
N/A
LinuxServer Changes:
Full Changelog: v26.03.3-ls256...v26.03.3-ls257
Remote Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
- Updated translations with latest Crowdin changes. (#6067)
- Updated PHP dependency versions.
v26.03.3-ls256
9952c15
LinuxServer-CI
LinuxServer.io CI
CI Report:
N/A
LinuxServer Changes:
Full Changelog: v26.03.3-ls255...v26.03.3-ls256
Remote Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
- Updated translations with latest Crowdin changes. (#6067)
- Updated PHP dependency versions.
v26.03.3-ls255
24d93b7
LinuxServer-CI
LinuxServer.io CI
CI Report:
N/A
LinuxServer Changes:
Full Changelog: v26.03.2-ls254...v26.03.3-ls255
Remote Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
- Updated translations with latest Crowdin changes. (#6067)
- Updated PHP dependency versions.
v26.03.2-ls254
827210b
LinuxServer-CI
LinuxServer.io CI
CI Report:
N/A
LinuxServer Changes:
Full Changelog: v26.03.1-ls253...v26.03.2-ls254
Remote Changes:
Security Release
This is a security release to address a vulnerability where the registration form could be manipulated to gain access to additional roles.
Upgrade is very strongly advised if your instance has user registration enabled.
Thanks to Kwonyong Lee (LinkedIn) for responsibly reporting this issue.
Also thanks to Boustani OSAMA (LinkedIn) for also reporting this before public announcement.
Full List of Changes
- Updated user creation to only use validated input from registration.
- Updated PHP package versions.
- Updated translations with latest Crowdin changes. (#6064)
- Updated PHP_CodeSniffer repository link. Thanks to @rodrigoprimo. (#6060)
- Updated WYSIWYG editors to have consistent collapsible block double click behavior. (#6059)
v26.03.1-ls253
207f9b1
LinuxServer-CI
LinuxServer.io CI
CI Report:
N/A
LinuxServer Changes:
Full Changelog: v26.03-ls252...v26.03.1-ls253
Remote Changes:
Security Release
This is a security release to address a vulnerability where page content, which should be hidden by permissions, could be visible during certain markdown exports.
We strongly advise that you update your instance if you use permissions to control page visibility.
Thanks to Ghufran Raza Khan (GitHub Profile, LinkedIn Profile) for responsibly reporting this issue.
Also thanks to Alex Dan (GitHub Profile) for also reporting this before public announcement.
Full List of Changes
- Updated queries used for pages in markdown exports.
- Updated handling of filenames for file serving.
- Updated PHP package versions.