Skip to content

Releases: linuxserver/docker-bookstack

v21.08.2-ls157

09 Sep 16:10
Compare
Choose a tag to compare

LinuxServer Changes:

Rebase to Alpine 3.14.

bookstack Changes:

Security Release

This security release is intended to cover a couple of XSS vulnerabilities, where a malicious user with page edit access could enter script that would execute upon page view. You should update as soon as possible if you allow untrusted users to edit content in your instance.

In addition, this releases expands the CSP headers set by BookStack to help avoid any similar vulnerabilities from being effective going forward. If you've performed some more advanced customizations on your instance, they may need to be altered to work with the built-in CSP system.

v21.08.2-ls156

04 Sep 15:40
Compare
Choose a tag to compare

LinuxServer Changes:

Rebase to Alpine 3.14.

bookstack Changes:

Security Release

This security release is intended to cover a couple of XSS vulnerabilities, where a malicious user with page edit access could enter script that would execute upon page view. You should update as soon as possible if you allow untrusted users to edit content in your instance.

In addition, this releases expands the CSP headers set by BookStack to help avoid any similar vulnerabilities from being effective going forward. If you've performed some more advanced customizations on your instance, they may need to be altered to work with the built-in CSP system.

v21.08.1-ls156

02 Sep 20:34
Compare
Choose a tag to compare

LinuxServer Changes:

Rebase to Alpine 3.14.

bookstack Changes:

Links

Full List of Changes

This release contains the following fixes and changes:

  • Updated TOTP setup flow to display a URL of the QR code contents during setup for non-QR scanning usage. (#2908)
  • Updated translations with latest Crowdin updates. (#2906)
  • Fixed broken page ordering on various views. (#2905)

v21.08-ls156

02 Sep 16:09
Compare
Choose a tag to compare

LinuxServer Changes:

Rebase to Alpine 3.14.

bookstack Changes:

Links

Upgrade Notices

  • Config & Administration - The introduction of multi-factor authentication brings the first use of encryption in the platform.
    This uses the APP_KEY value in your .env file. Ensure you have this stored safely since it would be required if you ever
    restore/migrate your instance to another system.
  • Security/Exports - During this release cycle it was highlighted that server-side request forgery could be achieved via the
    PDF export system. External fetching in the default PDF renderer has been disabled by default. The WKHTMLtoPDF renderer will now
    not be used if active. Either of these changes can be overridden by setting ALLOW_UNTRUSTED_SERVER_FETCHING=true in your .env file.
    This should only be used were only trusted users can create and export content. To support this we've added permissions that allow disabling of exports per role.
  • Security/Authentication - A slight change was made in relation to how email addresses are confirmed. Email confirmations are now primarily checked at point-of-login rather
    than being checked on every request. Enabling email confirmation, or email domain restrictions, may no longer take action on unconfirmed users right away in the future.

Full List of Changes

  • Added multi-factor authentication system. (#2827, #1118)
  • Added the ability to export content as Markdown. Thanks to @nikhiljha. (#2115, #1717)
  • Added role permissions for exporting content. (#2899, #1251)
  • Added an advisory notice on the shelf permissions page regarding the lack of cascade. (#2876)
  • Added Lithuanian language translations. Thanks to @ffranchina. (#2868)
  • Added item parent link in recycle bin restore to make parent item restore easier. Thanks to @arjvand. (#2682, #2594)
  • Added some core opengraph tags to content. Thanks to @james-geiger. (#2393, #2348)
  • Updated blade views to be more consistent and follow a documented convention. (#2805)
  • Fixed markdown blockquotes not rendering correctly in preview. (#2858, #2837)
  • Fixed issue on API where page updates can remove HTML. (#2856)
  • Fixed inconsistency in list display and nesting. (#2854)
  • Standardised styling of the codebase. (#2820)

v21.08-ls155

31 Aug 21:32
Compare
Choose a tag to compare

LinuxServer Changes:

Rebase to Alpine 3.14.

bookstack Changes:

Links

Upgrade Notices

  • Config & Administration - The introduction of multi-factor authentication brings the first use of encryption in the platform.
    This uses the APP_KEY value in your .env file. Ensure you have this stored safely since it would be required if you ever
    restore/migrate your instance to another system.
  • Security/Exports - During this release cycle it was highlighted that server-side request forgery could be achieved via the
    PDF export system. External fetching in the default PDF renderer has been disabled by default. The WKHTMLtoPDF renderer will now
    not be used if active. Either of these changes can be overridden by setting ALLOW_UNTRUSTED_SERVER_FETCHING=true in your .env file.
    This should only be used were only trusted users can create and export content. To support this we've added permissions that allow disabling of exports per role.
  • Security/Authentication - A slight change was made in relation to how email addresses are confirmed. Email confirmations are now primarily checked at point-of-login rather
    than being checked on every request. Enabling email confirmation, or email domain restrictions, may no longer take action on unconfirmed users right away in the future.

Full List of Changes

  • Added multi-factor authentication system. (#2827, #1118)
  • Added the ability to export content as Markdown. Thanks to @nikhiljha. (#2115, #1717)
  • Added role permissions for exporting content. (#2899, #1251)
  • Added an advisory notice on the shelf permissions page regarding the lack of cascade. (#2876)
  • Added Lithuanian language translations. Thanks to @ffranchina. (#2868)
  • Added item parent link in recycle bin restore to make parent item restore easier. Thanks to @arjvand. (#2682, #2594)
  • Added some core opengraph tags to content. Thanks to @james-geiger. (#2393, #2348)
  • Updated blade views to be more consistent and follow a documented convention. (#2805)
  • Fixed markdown blockquotes not rendering correctly in preview. (#2858, #2837)
  • Fixed issue on API where page updates can remove HTML. (#2856)
  • Fixed inconsistency in list display and nesting. (#2854)
  • Standardised styling of the codebase. (#2820)

v21.05.4-ls154

26 Aug 16:14
Compare
Choose a tag to compare

LinuxServer Changes:

Rebase to Alpine 3.14.

bookstack Changes:

Links

Full List of Changes

This release contains the following fixes and changes:

  • Added VB.NET code block highlighting option. (#2869)
  • Improved audit log user select list stability. (#2863)
  • Fixed issue where user profile pages item "View All" links used ids hence did not link to proper searches. (#2857)

v21.05.4-ls153

12 Aug 16:13
Compare
Choose a tag to compare

LinuxServer Changes:

Rebase to Alpine 3.14.

bookstack Changes:

Links

Full List of Changes

This release contains the following fixes and changes:

  • Added VB.NET code block highlighting option. (#2869)
  • Improved audit log user select list stability. (#2863)
  • Fixed issue where user profile pages item "View All" links used ids hence did not link to proper searches. (#2857)

v21.05.4-ls152

05 Aug 16:12
Compare
Choose a tag to compare

LinuxServer Changes:

Rebase to Alpine 3.14.

bookstack Changes:

Links

Full List of Changes

This release contains the following fixes and changes:

  • Added VB.NET code block highlighting option. (#2869)
  • Improved audit log user select list stability. (#2863)
  • Fixed issue where user profile pages item "View All" links used ids hence did not link to proper searches. (#2857)

v21.05.4-ls151

04 Aug 21:31
Compare
Choose a tag to compare

LinuxServer Changes:

Rebase to Alpine 3.14.

bookstack Changes:

Links

Full List of Changes

This release contains the following fixes and changes:

  • Added VB.NET code block highlighting option. (#2869)
  • Improved audit log user select list stability. (#2863)
  • Fixed issue where user profile pages item "View All" links used ids hence did not link to proper searches. (#2857)

v21.05.3-ls151

30 Jul 19:09
Compare
Choose a tag to compare

LinuxServer Changes:

Rebase to Alpine 3.14.

bookstack Changes:

Links

Full List of Changes

This release contains the following fixes and changes:

  • Added a "Skip to content" link as first page focus item for accessibility use. (#2810)
  • Updated social account detachment to have CSRF protection. (#2808)
  • Updated PHP dependency versions.
  • Fixed issue where translations system may attempt to load from the root directory when a theme was not in use. (#2836)