v22.09.1-ls40

LinuxServer Changes:

Rebasing to alpine 3.15 with php8. Restructure nginx configs (see changes announcement).

bookstack Changes:

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Added PHPCS for project PHP formatting. (#3728)
• Updated SAML error handling to display additional error detail. (#3731)
• Updated translations with latest Crowdin updates. (#3710)
• Updated locale setting to help apply right locale on Windows. (#3650)

v22.09.1-ls39

LinuxServer Changes:

Rebasing to alpine 3.15 with php8. Restructure nginx configs (see changes announcement).

bookstack Changes:

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Added PHPCS for project PHP formatting. (#3728)
• Updated SAML error handling to display additional error detail. (#3731)
• Updated translations with latest Crowdin updates. (#3710)
• Updated locale setting to help apply right locale on Windows. (#3650)

v22.09-ls38

LinuxServer Changes:

Rebasing to alpine 3.15 with php8. Restructure nginx configs (see changes announcement).

bookstack Changes:

Links

• Release video overview
• Update instructions
• Update details on blog

Upgrade Notices

• Security - This release cycle contained a security release that added detail that's important to consider when BookStack content is used externally. See the v22.07.3 post for more detail.
• Revision Visibility - This update fixes a permission disparity with revisions. Revision content has always been accessible to those with page-view permissions, but the links to the revisions list previously required page-edit permission to show. This has been aligned, which may mean page revision links may now show to those that did not previously see them.
• Revision Limit Change - The default, per-page, revision limit has been doubled from 50 to 100, to account for new system-content updates that may occur. If desired, you can configure this to a custom value.
• Reference Index - New features have been added to track links between content in BookStack, which uses an internal reference index. Upon upgrade from an older BookStack version, this index will need to be rebuilt. This can be done with the "Regenerate References" command or via the "Regenerate References" maintenance action within BookStack.

Full List of Changes

• Added cross-item link reference tracking & updating. (#3656, #3683, #1969)
• Added OIDC group sync functionality. (#3616, #3004)
• Added reference view to shelves, chapters, books & pages. (#2864)
• Added new local_secure_restricted image storage option. (#3693)
• Added "page_include_parse" theme event. (#3698)
• Updated API docs to add detail for the request format. (#3652)
• Updated revision link visibility to show to users. (#2946)
• Updated shelf naming to be consistent across system. (#3553)
• Updated translations with latest Crowdin changes. (#3643, #3701)
• Updated role edit/create form with clarification upon image access permissions. (#3688)
• Fixed dates not using the correct encoding on some systems. (#3590)
• Fixed image delete button showing to those without permission to delete. (#3697)
• Fixed incorrect comment counts on Chinese language options. (#3554)
• Fixed list indentation when next to floated images. (#3672)
• Fixed various RTL text interface issues. (#3702)
• Fixed WYSIWYG drawing update not triggering draft save. (#3682)
• Fixed some additional SVG-based script cases not being filtered. (#3705)

v22.09-ls37

LinuxServer Changes:

Rebasing to alpine 3.15 with php8. Restructure nginx configs (see changes announcement).

bookstack Changes:

Links

• Release video overview
• Update instructions
• Update details on blog

Upgrade Notices

• Security - This release cycle contained a security release that added detail that's important to consider when BookStack content is used externally. See the v22.07.3 post for more detail.
• Revision Visibility - This update fixes a permission disparity with revisions. Revision content has always been accessible to those with page-view permissions, but the links to the revisions list previously required page-edit permission to show. This has been aligned, which may mean page revision links may now show to those that did not previously see them.
• Revision Limit Change - The default, per-page, revision limit has been doubled from 50 to 100, to account for new system-content updates that may occur. If desired, you can configure this to a custom value.
• Reference Index - New features have been added to track links between content in BookStack, which uses an internal reference index. Upon upgrade from an older BookStack version, this index will need to be rebuilt. This can be done with the "Regenerate References" command or via the "Regenerate References" maintenance action within BookStack.

Full List of Changes

• Added cross-item link reference tracking & updating. (#3656, #3683, #1969)
• Added OIDC group sync functionality. (#3616, #3004)
• Added reference view to shelves, chapters, books & pages. (#2864)
• Added new local_secure_restricted image storage option. (#3693)
• Added "page_include_parse" theme event. (#3698)
• Updated API docs to add detail for the request format. (#3652)
• Updated revision link visibility to show to users. (#2946)
• Updated shelf naming to be consistent across system. (#3553)
• Updated translations with latest Crowdin changes. (#3643, #3701)
• Updated role edit/create form with clarification upon image access permissions. (#3688)
• Fixed dates not using the correct encoding on some systems. (#3590)
• Fixed image delete button showing to those without permission to delete. (#3697)
• Fixed incorrect comment counts on Chinese language options. (#3554)
• Fixed list indentation when next to floated images. (#3672)
• Fixed various RTL text interface issues. (#3702)
• Fixed WYSIWYG drawing update not triggering draft save. (#3682)
• Fixed some additional SVG-based script cases not being filtered. (#3705)

v22.07.3-ls36

LinuxServer Changes:

Rebasing to alpine 3.15 with php8. Restructure nginx configs (see changes announcement).

bookstack Changes:

Security Release

• Update Instructions
• Update details on blog

This is a security release that adds additional filtering to page content to prevent certain cross-site-scripting techniques. These cross-site-scripting techniques would be already by blocked by BookStack's usage of Content-Security-Policy, but this change will help scenarios where BookStack content is used externally.

In addition, the API documentation has been updated with a section focused on content security to explain the security techniques BookStack uses by default, and to relay considerations for using BookStack content in an external system. The security page of our documentation has also been updated with such considerations:

https://www.bookstackapp.com/docs/admin/security/#using-content-externally

Upgrade is advised where BookStack content, accessible to edit by untrusted users, is used externally.
Those using BookStack content externally (API-based app developers) should read the new documentation and add any advised protections as necessary.

Thanks to the "JPCERT/CC Vulnerability Coordination Group" contact and the original reporter, Kenichi Okuno of Mitsui Bussan Secure Directions, Inc, for disclosing their report of the relevant vulnerability scenarios.

Full List of Changes

• Added API documentation section to advise of content security. (#3636)
• Updated Persian translations. Thanks to @samadha56. (#3639)
• Updated code block rendering to help prevent blank blocks on fresh cache. (#3637)
• Updated HTML filtering to prevent SVG animate case. (#3636)
• Updated translations with latest changes from Crowdin. (#3635)
• Updated revision list view to help prevent system memory exhaustion. (#3633)
• Fixed issue with permission checking prevent certain actions where permission should have allowed. (#3632)

v22.07.3-ls35

LinuxServer Changes:

Rebasing to alpine 3.15 with php8. Restructure nginx configs (see changes announcement).

bookstack Changes:

Security Release

• Update Instructions
• Update details on blog

This is a security release that adds additional filtering to page content to prevent certain cross-site-scripting techniques. These cross-site-scripting techniques would be already by blocked by BookStack's usage of Content-Security-Policy, but this change will help scenarios where BookStack content is used externally.

In addition, the API documentation has been updated with a section focused on content security to explain the security techniques BookStack uses by default, and to relay considerations for using BookStack content in an external system. The security page of our documentation has also been updated with such considerations:

https://www.bookstackapp.com/docs/admin/security/#using-content-externally

Upgrade is advised where BookStack content, accessible to edit by untrusted users, is used externally.
Those using BookStack content externally (API-based app developers) should read the new documentation and add any advised protections as necessary.

Thanks to the "JPCERT/CC Vulnerability Coordination Group" contact and the original reporter, Kenichi Okuno of Mitsui Bussan Secure Directions, Inc, for disclosing their report of the relevant vulnerability scenarios.

Full List of Changes

• Added API documentation section to advise of content security. (#3636)
• Updated Persian translations. Thanks to @samadha56. (#3639)
• Updated code block rendering to help prevent blank blocks on fresh cache. (#3637)
• Updated HTML filtering to prevent SVG animate case. (#3636)
• Updated translations with latest changes from Crowdin. (#3635)
• Updated revision list view to help prevent system memory exhaustion. (#3633)
• Fixed issue with permission checking prevent certain actions where permission should have allowed. (#3632)

v22.07.3-ls34

LinuxServer Changes:

Rebasing to alpine 3.15 with php8. Restructure nginx configs (see changes announcement).

bookstack Changes:

Security Release

• Update Instructions
• Update details on blog

This is a security release that adds additional filtering to page content to prevent certain cross-site-scripting techniques. These cross-site-scripting techniques would be already by blocked by BookStack's usage of Content-Security-Policy, but this change will help scenarios where BookStack content is used externally.

In addition, the API documentation has been updated with a section focused on content security to explain the security techniques BookStack uses by default, and to relay considerations for using BookStack content in an external system. The security page of our documentation has also been updated with such considerations:

https://www.bookstackapp.com/docs/admin/security/#using-content-externally

Upgrade is advised where BookStack content, accessible to edit by untrusted users, is used externally.
Those using BookStack content externally (API-based app developers) should read the new documentation and add any advised protections as necessary.

Thanks to the "JPCERT/CC Vulnerability Coordination Group" contact and the original reporter, Kenichi Okuno of Mitsui Bussan Secure Directions, Inc, for disclosing their report of the relevant vulnerability scenarios.

Full List of Changes

• Added API documentation section to advise of content security. (#3636)
• Updated Persian translations. Thanks to @samadha56. (#3639)
• Updated code block rendering to help prevent blank blocks on fresh cache. (#3637)
• Updated HTML filtering to prevent SVG animate case. (#3636)
• Updated translations with latest changes from Crowdin. (#3635)
• Updated revision list view to help prevent system memory exhaustion. (#3633)
• Fixed issue with permission checking prevent certain actions where permission should have allowed. (#3632)

v22.07.3-ls33

LinuxServer Changes:

Rebasing to alpine 3.15 with php8. Restructure nginx configs (see changes announcement).

bookstack Changes:

Security Release

• Update Instructions
• Update details on blog

This is a security release that adds additional filtering to page content to prevent certain cross-site-scripting techniques. These cross-site-scripting techniques would be already by blocked by BookStack's usage of Content-Security-Policy, but this change will help scenarios where BookStack content is used externally.

In addition, the API documentation has been updated with a section focused on content security to explain the security techniques BookStack uses by default, and to relay considerations for using BookStack content in an external system. The security page of our documentation has also been updated with such considerations:

https://www.bookstackapp.com/docs/admin/security/#using-content-externally

Upgrade is advised where BookStack content, accessible to edit by untrusted users, is used externally.
Those using BookStack content externally (API-based app developers) should read the new documentation and add any advised protections as necessary.

Thanks to the "JPCERT/CC Vulnerability Coordination Group" contact and the original reporter, Kenichi Okuno of Mitsui Bussan Secure Directions, Inc, for disclosing their report of the relevant vulnerability scenarios.

Full List of Changes

• Added API documentation section to advise of content security. (#3636)
• Updated Persian translations. Thanks to @samadha56. (#3639)
• Updated code block rendering to help prevent blank blocks on fresh cache. (#3637)
• Updated HTML filtering to prevent SVG animate case. (#3636)
• Updated translations with latest changes from Crowdin. (#3635)
• Updated revision list view to help prevent system memory exhaustion. (#3633)
• Fixed issue with permission checking prevent certain actions where permission should have allowed. (#3632)

v22.07.3-ls32

LinuxServer Changes:

Add symlinks for theme support.

bookstack Changes:

Security Release

• Update Instructions
• Update details on blog

This is a security release that adds additional filtering to page content to prevent certain cross-site-scripting techniques. These cross-site-scripting techniques would be already by blocked by BookStack's usage of Content-Security-Policy, but this change will help scenarios where BookStack content is used externally.

In addition, the API documentation has been updated with a section focused on content security to explain the security techniques BookStack uses by default, and to relay considerations for using BookStack content in an external system. The security page of our documentation has also been updated with such considerations:

https://www.bookstackapp.com/docs/admin/security/#using-content-externally

Upgrade is advised where BookStack content, accessible to edit by untrusted users, is used externally.
Those using BookStack content externally (API-based app developers) should read the new documentation and add any advised protections as necessary.

Thanks to the "JPCERT/CC Vulnerability Coordination Group" contact and the original reporter, Kenichi Okuno of Mitsui Bussan Secure Directions, Inc, for disclosing their report of the relevant vulnerability scenarios.

Full List of Changes

• Added API documentation section to advise of content security. (#3636)
• Updated Persian translations. Thanks to @samadha56. (#3639)
• Updated code block rendering to help prevent blank blocks on fresh cache. (#3637)
• Updated HTML filtering to prevent SVG animate case. (#3636)
• Updated translations with latest changes from Crowdin. (#3635)
• Updated revision list view to help prevent system memory exhaustion. (#3633)
• Fixed issue with permission checking prevent certain actions where permission should have allowed. (#3632)

v22.07.3-ls31

LinuxServer Changes:

Add symlinks for theme support.

bookstack Changes:

Security Release

• Update Instructions
• Update details on blog

This is a security release that adds additional filtering to page content to prevent certain cross-site-scripting techniques. These cross-site-scripting techniques would be already by blocked by BookStack's usage of Content-Security-Policy, but this change will help scenarios where BookStack content is used externally.

In addition, the API documentation has been updated with a section focused on content security to explain the security techniques BookStack uses by default, and to relay considerations for using BookStack content in an external system. The security page of our documentation has also been updated with such considerations:

https://www.bookstackapp.com/docs/admin/security/#using-content-externally

Upgrade is advised where BookStack content, accessible to edit by untrusted users, is used externally.
Those using BookStack content externally (API-based app developers) should read the new documentation and add any advised protections as necessary.

Thanks to the "JPCERT/CC Vulnerability Coordination Group" contact and original reporter (names currently withheld in the interest of privacy) for disclosing their report of the relevant vulnerability scenarios.

Full List of Changes

• Added API documentation section to advise of content security. (#3636)
• Updated Persian translations. Thanks to @samadha56. (#3639)
• Updated code block rendering to help prevent blank blocks on fresh cache. (#3637)
• Updated HTML filtering to prevent SVG animate case. (#3636)
• Updated translations with latest changes from Crowdin. (#3635)
• Updated revision list view to help prevent system memory exhaustion. (#3633)
• Fixed issue with permission checking prevent certain actions where permission should have allowed. (#3632)