Releases: linuxserver/docker-bookstack
v21.10.2-ls168
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Security Release
BookStack v21.10.2 has been released. This is a security release that builds upon changes in v21.10.1 which covers a vulnerability which would allow malicious users, who have permission to update or create pages, to upload content that could then be utilized for phishing or other general malicious intent.
If you allow untrusted users to edit page content you should update as soon as possible.
Full List of Changes
Contributors
Assets 2
v21.10.1-ls167
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Security Release
BookStack v21.10.1 has been released. This is a security release that covers a vulnerability
which would allow malicious users, who have permission to update or create pages, to upload
content that could then be utilized for phishing or other general malicious intent.
If you allow untrusted users to edit page content you should update as soon as possible.
Full List of Changes
Contributors
Assets 2
v21.10-ls167
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Links
Full List of Changes
- Added OpenID Connect authentication option. Thanks to @jasperweyne. (#2960, #2169, #1390, #1157)
- Added Attachment API endpoints. (#2986, #2942)
- Added Estonian language to BookStack via Crowdin. (#2979)
- Added support for SAML2 SLS signing to help address issues with ADFS. Thanks to @theodor-franke. (#2902)
- Added support for base64 image content within markdown text via page POST/PUT. (#2898)
- Updated translations from Crowdin contributors. (#2983)
- Updated SAML ACS post flow to retain user session and therefore redirect to the correct location upon login. (#2996, #2552)
- Fixed padding within book-tree sidebar items. Thanks to @ffranchina. (#3000)
v21.08.6-ls166
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
- Added custom whoops-based debug view which fixes issue where debug view would not show content due to CSP rules. (#2977, #2976)
- Added throttling to password reset requests. (ca764ca)
- Updated translations with latest changes from Crowdin. (#2980)
- Updated DOMPDF chroot directory to prevent potential unintended file access. (#2965)
- Updated DOMPDF chroot directory to prevent potential unintended file access. (#2965)
- Fixed issue where TOTP setup would provide guest email address upon QR code scan when MFA setup was enforced at login. (#2971)
v21.08.6-ls165
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
- Added custom whoops-based debug view which fixes issue where debug view would not show content due to CSP rules. (#2977, #2976)
- Added throttling to password reset requests. (ca764ca)
- Updated translations with latest changes from Crowdin. (#2980)
- Updated DOMPDF chroot directory to prevent potential unintended file access. (#2965)
- Updated DOMPDF chroot directory to prevent potential unintended file access. (#2965)
- Fixed issue where TOTP setup would provide guest email address upon QR code scan when MFA setup was enforced at login. (#2971)
v21.08.6-ls164
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
- Added custom whoops-based debug view which fixes issue where debug view would not show content due to CSP rules. (#2977, #2976)
- Added throttling to password reset requests. (ca764ca)
- Updated translations with latest changes from Crowdin. (#2980)
- Updated DOMPDF chroot directory to prevent potential unintended file access. (#2965)
- Updated DOMPDF chroot directory to prevent potential unintended file access. (#2965)
- Fixed issue where TOTP setup would provide guest email address upon QR code scan when MFA setup was enforced at login. (#2971)
v21.08.5-ls164
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Security Release
This security release covers a vulnerability which would allow malicious users, who have permission to update or create pages, to load content from files stored within the storage/ or public/ directories (Such as application logs) via the page HTML export system.
If you allow untrusted users to edit page content you should update as soon as possible.
This release also changes the way browser response caching is performed, while logged in, to help prevent navigating back to confidential content after logout.
Additional Changes
- Added concurrent page editing warnings upon draft save events. Thanks to @MatthieuParis (#2877)
- Updated translations with the latest changes from Crowdin. (#2953)
v21.08.5-ls163
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Security Release
This security release covers a vulnerability which would allow malicious users, who have permission to update or create pages, to load content from files stored within the storage/ or public/ directories (Such as application logs) via the page HTML export system.
If you allow untrusted users to edit page content you should update as soon as possible.
This release also changes the way browser response caching is performed, while logged in, to help prevent navigating back to confidential content after logout.
Additional Changes
- Added concurrent page editing warnings upon draft save events. Thanks to @MatthieuParis (#2877)
- Updated translations with the latest changes from Crowdin. (#2953)
v21.08.4-ls163
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
- Added IP address to tracked activities and displayed in audit log. Thanks to @johnroyer. (#2936, #2747)
- Added the option to use database table prefixes. Thanks to @floviolleau. (#2935)
- Allowed the use of content includes when using a custom homepage.
- Updated translations with latest content from Crowdin. (#2926)
- Converted old test cases to remove reliance on BrowserKit. (#2928)
- Fixed incorrect audit log detail on social account sign-in. (#2930)
- Fixed issue where QR codes were not readable when using dark mode. (#2925)
v21.08.4-ls162
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
- Added IP address to tracked activities and displayed in audit log. Thanks to @johnroyer. (#2936, #2747)
- Added the option to use database table prefixes. Thanks to @floviolleau. (#2935)
- Allowed the use of content includes when using a custom homepage.
- Updated translations with latest content from Crowdin. (#2926)
- Converted old test cases to remove reliance on BrowserKit. (#2928)
- Fixed incorrect audit log detail on social account sign-in. (#2930)
- Fixed issue where QR codes were not readable when using dark mode. (#2925)