Releases: linuxserver/docker-bookstack
v21.08.3-ls161
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
v21.08.3-ls160
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
v21.08.3-ls159
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
v21.08.3-ls158
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
v21.08.2-ls158
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Security Release
This security release is intended to cover a couple of XSS vulnerabilities, where a malicious user with page edit access could enter script that would execute upon page view. You should update as soon as possible if you allow untrusted users to edit content in your instance.
In addition, this releases expands the CSP headers set by BookStack to help avoid any similar vulnerabilities from being effective going forward. If you've performed some more advanced customizations on your instance, they may need to be altered to work with the built-in CSP system.
v21.08.2-ls157
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Security Release
This security release is intended to cover a couple of XSS vulnerabilities, where a malicious user with page edit access could enter script that would execute upon page view. You should update as soon as possible if you allow untrusted users to edit content in your instance.
In addition, this releases expands the CSP headers set by BookStack to help avoid any similar vulnerabilities from being effective going forward. If you've performed some more advanced customizations on your instance, they may need to be altered to work with the built-in CSP system.
v21.08.2-ls156
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Security Release
This security release is intended to cover a couple of XSS vulnerabilities, where a malicious user with page edit access could enter script that would execute upon page view. You should update as soon as possible if you allow untrusted users to edit content in your instance.
In addition, this releases expands the CSP headers set by BookStack to help avoid any similar vulnerabilities from being effective going forward. If you've performed some more advanced customizations on your instance, they may need to be altered to work with the built-in CSP system.
v21.08.1-ls156
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
v21.08-ls156
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Links
Upgrade Notices
- Config & Administration - The introduction of multi-factor authentication brings the first use of encryption in the platform.
This uses theAPP_KEYvalue in your.envfile. Ensure you have this stored safely since it would be required if you ever
restore/migrate your instance to another system. - Security/Exports - During this release cycle it was highlighted that server-side request forgery could be achieved via the
PDF export system. External fetching in the default PDF renderer has been disabled by default. The WKHTMLtoPDF renderer will now
not be used if active. Either of these changes can be overridden by settingALLOW_UNTRUSTED_SERVER_FETCHING=truein your.envfile.
This should only be used were only trusted users can create and export content. To support this we've added permissions that allow disabling of exports per role. - Security/Authentication - A slight change was made in relation to how email addresses are confirmed. Email confirmations are now primarily checked at point-of-login rather
than being checked on every request. Enabling email confirmation, or email domain restrictions, may no longer take action on unconfirmed users right away in the future.
Full List of Changes
- Added multi-factor authentication system. (#2827, #1118)
- Added the ability to export content as Markdown. Thanks to @nikhiljha. (#2115, #1717)
- Added role permissions for exporting content. (#2899, #1251)
- Added an advisory notice on the shelf permissions page regarding the lack of cascade. (#2876)
- Added Lithuanian language translations. Thanks to @ffranchina. (#2868)
- Added item parent link in recycle bin restore to make parent item restore easier. Thanks to @arjvand. (#2682, #2594)
- Added some core opengraph tags to content. Thanks to @james-geiger. (#2393, #2348)
- Updated blade views to be more consistent and follow a documented convention. (#2805)
- Fixed markdown blockquotes not rendering correctly in preview. (#2858, #2837)
- Fixed issue on API where page updates can remove HTML. (#2856)
- Fixed inconsistency in list display and nesting. (#2854)
- Standardised styling of the codebase. (#2820)
v21.08-ls155
LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Links
Upgrade Notices
- Config & Administration - The introduction of multi-factor authentication brings the first use of encryption in the platform.
This uses theAPP_KEYvalue in your.envfile. Ensure you have this stored safely since it would be required if you ever
restore/migrate your instance to another system. - Security/Exports - During this release cycle it was highlighted that server-side request forgery could be achieved via the
PDF export system. External fetching in the default PDF renderer has been disabled by default. The WKHTMLtoPDF renderer will now
not be used if active. Either of these changes can be overridden by settingALLOW_UNTRUSTED_SERVER_FETCHING=truein your.envfile.
This should only be used were only trusted users can create and export content. To support this we've added permissions that allow disabling of exports per role. - Security/Authentication - A slight change was made in relation to how email addresses are confirmed. Email confirmations are now primarily checked at point-of-login rather
than being checked on every request. Enabling email confirmation, or email domain restrictions, may no longer take action on unconfirmed users right away in the future.
Full List of Changes
- Added multi-factor authentication system. (#2827, #1118)
- Added the ability to export content as Markdown. Thanks to @nikhiljha. (#2115, #1717)
- Added role permissions for exporting content. (#2899, #1251)
- Added an advisory notice on the shelf permissions page regarding the lack of cascade. (#2876)
- Added Lithuanian language translations. Thanks to @ffranchina. (#2868)
- Added item parent link in recycle bin restore to make parent item restore easier. Thanks to @arjvand. (#2682, #2594)
- Added some core opengraph tags to content. Thanks to @james-geiger. (#2393, #2348)
- Updated blade views to be more consistent and follow a documented convention. (#2805)
- Fixed markdown blockquotes not rendering correctly in preview. (#2858, #2837)
- Fixed issue on API where page updates can remove HTML. (#2856)
- Fixed inconsistency in list display and nesting. (#2854)
- Standardised styling of the codebase. (#2820)