v22.02.3-ls6

LinuxServer Changes:

Add symlinks for theme support.

bookstack Changes:

Security Release

• Update Instructions
• Update details on blog

This is a security release that adds better protections against embedded content that could be used in malicious ways. This effectively restricts embedded iframe content in an allow-list approach.

A new ALLOWED_IFRAME_SOURCES option has been added to provide configuration of allowed embed/iframe sources within BookStack pages, and this defaults to a couple of popular services such as YouTube and Vimeo.

Please see this link for more detail regarding this option:

• https://www.bookstackapp.com/docs/admin/security/#iframe-src-control
  • ("Iframe Source Control" section)

It's advised to upgrade as soon as possible if untrusted users can create or update pages within your BookStack instance.

Thanks to @416e6e61 (Anna) for discovering and reporting this vulnerability via huntr.dev.

Full List of Changes

• Added iframe allow-list control to prevent a range of malicious uses of untrusted iframe sources. (#3314)
• Updated translations with latest Crowdin changes. (#3312)