Releases: linuxserver/docker-bookstack
v22.02.3-ls7
LinuxServer Changes:
Add symlinks for theme support.
bookstack Changes:
Security Release
This is a security release that adds better protections against embedded content that could be used in malicious ways. This effectively restricts embedded iframe content in an allow-list approach.
A new ALLOWED_IFRAME_SOURCES option has been added to provide configuration of allowed embed/iframe sources within BookStack pages, and this defaults to a couple of popular services such as YouTube and Vimeo.
Please see this link for more detail regarding this option:
- https://www.bookstackapp.com/docs/admin/security/#iframe-src-control
- ("Iframe Source Control" section)
It's advised to upgrade as soon as possible if untrusted users can create or update pages within your BookStack instance.
Thanks to @416e6e61 (Anna) for discovering and reporting this vulnerability via huntr.dev.
Full List of Changes
Contributors
Assets 2
v22.02.3-ls6
LinuxServer Changes:
Add symlinks for theme support.
bookstack Changes:
Security Release
This is a security release that adds better protections against embedded content that could be used in malicious ways. This effectively restricts embedded iframe content in an allow-list approach.
A new ALLOWED_IFRAME_SOURCES option has been added to provide configuration of allowed embed/iframe sources within BookStack pages, and this defaults to a couple of popular services such as YouTube and Vimeo.
Please see this link for more detail regarding this option:
- https://www.bookstackapp.com/docs/admin/security/#iframe-src-control
- ("Iframe Source Control" section)
It's advised to upgrade as soon as possible if untrusted users can create or update pages within your BookStack instance.
Thanks to @416e6e61 (Anna) for discovering and reporting this vulnerability via huntr.dev.
Full List of Changes
Contributors
Assets 2
v22.02.3-ls5
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Security Release
This is a security release that adds better protections against embedded content that could be used in malicious ways. This effectively restricts embedded iframe content in an allow-list approach.
A new ALLOWED_IFRAME_SOURCES option has been added to provide configuration of allowed embed/iframe sources within BookStack pages, and this defaults to a couple of popular services such as YouTube and Vimeo.
Please see this link for more detail regarding this option:
- https://www.bookstackapp.com/docs/admin/security/#iframe-src-control
- ("Iframe Source Control" section)
It's advised to upgrade as soon as possible if untrusted users can create or update pages within your BookStack instance.
Thanks to @416e6e61 (Anna) for discovering and reporting this vulnerability via huntr.dev.
Full List of Changes
Contributors
Assets 2
v22.02.3-ls4
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Security Release
This is a security release that adds better protections against embedded content that could be used in malicious ways. This effectively restricts embedded iframe content in an allow-list approach.
A new ALLOWED_IFRAME_SOURCES option has been added to provide configuration of allowed embed/iframe sources within BookStack pages, and this defaults to a couple of popular services such as YouTube and Vimeo.
Please see this link for more detail regarding this option:
- https://www.bookstackapp.com/docs/admin/security/#iframe-src-control
- ("Iframe Source Control" section)
It's advised to upgrade as soon as possible if untrusted users can create or update pages within your BookStack instance.
Thanks to @416e6e61 (Anna) for discovering and reporting this vulnerability via huntr.dev.
Full List of Changes
Contributors
Assets 2
v22.02.3-ls3
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Security Release
This is a security release that adds better protections against embedded content that could be used in malicious ways. This effectively restricts embedded iframe content in an allow-list approach.
A new ALLOWED_IFRAME_SOURCES option has been added to provide configuration of allowed embed/iframe sources within BookStack pages, and this defaults to a couple of popular services such as YouTube and Vimeo.
Please see this link for more detail regarding this option:
- https://www.bookstackapp.com/docs/admin/security/#iframe-src-control
- ("Iframe Source Control" section)
It's advised to upgrade as soon as possible if untrusted users can create or update pages within your BookStack instance.
Thanks to @416e6e61 (Anna) for discovering and reporting this vulnerability via huntr.dev.
Full List of Changes
Contributors
Assets 2
v22.02.2-ls3
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
v22.02.2-ls2
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
v22.02.1-ls2
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
v22.02-ls2
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Links
Upgrade Notices
- PHP Requirements Change - The minimum required version of PHP has changed from 7.3 to 7.4.
Full List of Changes
- Added collapsible content blocks support to the WYSIWYG editor. (#78, #3260)
- Added translation support to the WYSIWYG editor. (#1838)
- Added user management API endpoints. (#3238, #1363, #2701)
- Changed minimum PHP version from 7.3 to 7.4. (#3245, #3152)
- Updated translations with latest Crowdin changes. (#3258, #3251, #3259)
- Updated Korean translations. Thanks to @ististyle. (#3256)
- Updated TinyMCE WYSIWYG editor to the latest version. (#3247)
- Improved PDF export rendering of images within tables. (#3190)
- Fixed potential web console error message when loading the editor. (#2461)
- Fixed issue where OIDC token failures would not be shown to the user. (#3264)
- Fixed issue where the editor could jump-scroll to the top after format change on FireFox (#2692)
v21.12.5-ls2
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
- Added text for "file" validation messages to provide better responses in Attachment API validation failures. (#3248)
- Fixed WYSIWYG editor code block creation across mulitple lines and block elements. Thanks to @Julesdevops. (#3246, #3200)
- Fixed markdown image data URI extraction failing on large images due to regex match limits. (#3249)
- Updated translations with latest Crowdin changes. (#3225)