Skip to content

v0.26.4-ls55
Compare
Choose a tag to compare
@LinuxServer-CI LinuxServer-CI released this 06 Aug 21:47
· 561 commits to master since this release
v0.26.4-ls55
3b754a3

LinuxServer Changes:

Use old version of tidyhtml pending upstream fixes.
bookstack Changes:

Security Release

Update instructions

The release enhances the security of BookStack in a few different areas:

  • Updated user profile behaviour so that users cannot change their email address unless they have permission to manage users. This is to prevent a user acting as an imposter, changing their email to one they don't own. Thanks to @Irrational-NX for raising.
  • Improved the script escaping logic that was enhanced in the previous release, by also checking for iframes using javascript or data urls. Thanks again to @billford for raising this issue. (#1531)
  • Updated the provided, and added an additional, .htaccess file to prevent apache indexes from listing image directories. Thanks to @davidtessier for raising.
Assets 2
Loading