v0.29.2-ls90
·
515 commits
to master
since this release
LinuxServer Changes:
Rebasing to alpine 3.11.
bookstack Changes:
Security Release
This release addresses vulnerabilities in the comment system. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the comment. Through this vulnerability custom JavaScript code could be injected and therefore ran on other user machines.
This most impacts scenarios where not-trusted users are given permission to create comments.
After upgrading, The command php artisan bookstack:regenerate-comment-content should be ran to remove any pre-existing dangerous content.