v0.30.3-ls110

LinuxServer Changes:

Rebase to alpine 3.12. Fix APP_URL setting. Bump php post max and upload max filesizes to 100MB by default.
bookstack Changes:

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Added VBScript syntax highlighting to the code block editor. Thanks to @nutsflag. (#2302, #2255)
• Fixed issue where drawings would not save in the Markdown editor. (#2313, #2321)
• Updated some Spanish and Chinese translations. (#2303)

v0.30.3-ls109

LinuxServer Changes:

Rebase to alpine 3.12. Fix APP_URL setting. Bump php post max and upload max filesizes to 100MB by default.
bookstack Changes:

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Added VBScript syntax highlighting to the code block editor. Thanks to @nutsflag. (#2302, #2255)
• Fixed issue where drawings would not save in the Markdown editor. (#2313, #2321)
• Updated some Spanish and Chinese translations. (#2303)

v0.30.3-ls108

LinuxServer Changes:

Rebase to alpine 3.12. Fix APP_URL setting. Bump php post max and upload max filesizes to 100MB by default.
bookstack Changes:

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Added VBScript syntax highlighting to the code block editor. Thanks to @nutsflag. (#2302, #2255)
• Fixed issue where drawings would not save in the Markdown editor. (#2313, #2321)
• Updated some Spanish and Chinese translations. (#2303)

v0.30.2-ls108

LinuxServer Changes:

Rebase to alpine 3.12. Fix APP_URL setting. Bump php post max and upload max filesizes to 100MB by default.
bookstack Changes:

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Updated JavaScript build system to provide slightly better browser compatibility.
• Updated page-content save parsing to update anchor references on IDs changed by BookStack. (#2278)
• Fixed issue where creating a link attachment after mulitple validation failures would result in many duplicate links being created. (#2286)
• Updated drawing integration to, by default, use diagrams.net instead of draw.io. (#2285, #2044)
• Updated default .htaccess to align with laravel's and allow canonical redirects on non-root url app instances. Thanks to @jakubboucek. (#2272)

v0.30.2-ls107

LinuxServer Changes:

Rebase to alpine 3.12. Fix APP_URL setting. Bump php post max and upload max filesizes to 100MB by default.
bookstack Changes:

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Updated JavaScript build system to provide slightly better browser compatibility.
• Updated page-content save parsing to update anchor references on IDs changed by BookStack. (#2278)
• Fixed issue where creating a link attachment after mulitple validation failures would result in many duplicate links being created. (#2286)
• Updated drawing integration to, by default, use diagrams.net instead of draw.io. (#2285, #2044)
• Updated default .htaccess to align with laravel's and allow canonical redirects on non-root url app instances. Thanks to @jakubboucek. (#2272)

v0.30.2-ls106

LinuxServer Changes:

Rebase to alpine 3.12. Fix APP_URL setting. Bump php post max and upload max filesizes to 100MB by default.
bookstack Changes:

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Updated JavaScript build system to provide slightly better browser compatibility.
• Updated page-content save parsing to update anchor references on IDs changed by BookStack. (#2278)
• Fixed issue where creating a link attachment after mulitple validation failures would result in many duplicate links being created. (#2286)
• Updated drawing integration to, by default, use diagrams.net instead of draw.io. (#2285, #2044)
• Updated default .htaccess to align with laravel's and allow canonical redirects on non-root url app instances. Thanks to @jakubboucek. (#2272)

v0.30.1-ls106

LinuxServer Changes:

Rebase to alpine 3.12. Fix APP_URL setting. Bump php post max and upload max filesizes to 100MB by default.
bookstack Changes:

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Updated translations. (#2262)
• Updated settings header bar to adapt better for longer-text languages. (#2265)
• Updated callout link formatting to use callout text style rather than theme color. Thanks to @alexmannuk. (#2233, #303)
• Updated Book export content so that page includes are parsed. Thanks to @mr-vinn. (#2227, #2228)
• Fixed issue where the markdown editor preview pane would be empty. (#2280)
• Fixed incorrect spelling of "Ubuntu Mono" font definition. Thanks to @abulgatz. (#2274)
• Fixed incorrect AddActivityIndexes migration 'down' action. Thanks to @gertjankrol. (#2268)
• Fixed unexpected scroll bars on code blocks. (#2267)
• Fixed issue where notification would not shown upon SAML login where there's an existing non-matching user. (#2263)

v0.30.0-ls106

LinuxServer Changes:

Rebase to alpine 3.12. Fix APP_URL setting. Bump php post max and upload max filesizes to 100MB by default.
bookstack Changes:

Links

• Update instructions
• Update details on blog

Update Notices

Security Notice - Possible Privilege Escalation

Thanks to @Defelo
it was advised that current privilege escalation situations are not made clear when applying role permissions.
Any user with a "Manage app settings", "Manage users" or "Manage roles & role permissions" system permission
assigned to one of their roles could technically alter their own permissions to gain wider access.
A clear advisory of these cases has been added in the UI in v0.30
but admins are advised to review which users have these permissions with the above in mind.

LDAP & SAML Group Matching - Potential Change

Thanks to @nem1989 it was found that
BookStack roles would be matched to LDAP/SAML groups based upon the role display name, which is expected,
but only those roles with a matching "name" value would be considered for this matching. This "name" field was redundant,
and has now been removed, but it would store a cleaned version the first-set name of the role.
All roles will now be considered before being matched on name which may mean that roles which did not sync before,
that would have been expected to based on their name, may now start to sync.

Full List of Changes

• Added API endpoints for chapters.
• Added audit log to the settings area. (#2173, #1167)
• Added the ability to insert an attachment link directly into the current editor window. (#1460)
• Added session-based code-block editor auto-save to prevent potential loss of content. (#1398)
• Added warning wording around role system permissions to indicate what permissions could allow privilege escalation. (#2105)
• Added the ability to log login failures to a file. Thanks to @benrubson. (#1881, #728)
• Updated Simplified Chinese translations. Thanks to @Honvid. (#2157)
• Updated WYSIWYG editor css to put editor in it's own layer to improve degraded dark mode performance. (#2154)
• Updated Czech translations. Thanks to @jakubboucek. (#2238)
• Updated permission system so that the permission map table does not contain ID's since database limits could be met in scenarios where permissions were automatically refreshed on a frequent basis. (#2091)
• Updated to role table in the database to remove a redundant name field which fixes issue where changing a role name would not change the name used to match with LDAP groups. (#2032)
• Updated URL slug generation to achieve a much cleaner result when non-ascii characters are used. Thanks to @drzippie. (#2165, #2026, #1765)
• Updated error reporting so that not-found errors are not written to the log, causing logs to fill much quicker than expected. (#2110)
• Updated dark mode styles to remove filters applied to images so that they display as expected. (#2045)
• Removed Vue.js from project & started standardisation of custom basic component system. (#2202)
• Replaced dev usage of node-sass with dart-sass. Thanks to @timoschwarzer. (#2166)
• Fixed issue where, upon role delete, users would not be migrated when specified to during role delete flow. (#2211)
• Fixed issue where the system would error on upload of images that contain a hash in the name. (#2161)
• Fixed scenario where page drafts would show as saved where request would actually fail, leading to loss of data. Added a browser-side storage mechanism for emergency use. (#2150)
• Fixed issue where LDAP groups would not sync on initial login due to the email confirmation system taking over before the group sync would run. (#2082)
• Fixed issue where the redirect upon login could lead to an external site. (#2073)
• Fixed low visibility of horizontal lines when dark mode is in use. (#2209)
• Fixed issue where HTML entities would be seen in page preview content. Thanks to @mr-vinn. (#2257, #2114)
• Fixed issue where previous page content would be indexed upon save instead of the fresh content. (#2042)
• Fixed issue where an error would be thrown on SAML logout request from the IdP. (#2002)
• Fixed bad pagination styling which would result in invisible numbering. (#1839)
• Fixed incorrect and misleading behaviour when saving a comment with no content. (#1836)

v0.30.0-ls105

LinuxServer Changes:

Rebase to alpine 3.12. Fix APP_URL setting. Bump php post max and upload max filesizes to 100MB by default.
bookstack Changes:

Links

• Update instructions
• Update details on blog

Update Notices

Security Notice - Possible Privilege Escalation

Thanks to @Defelo
it was advised that current privilege escalation situations are not made clear when applying role permissions.
Any user with a "Manage app settings", "Manage users" or "Manage roles & role permissions" system permission
assigned to one of their roles could technically alter their own permissions to gain wider access.
A clear advisory of these cases has been added in the UI in v0.30
but admins are advised to review which users have these permissions with the above in mind.

LDAP & SAML Group Matching - Potential Change

Thanks to @nem1989 it was found that
BookStack roles would be matched to LDAP/SAML groups based upon the role display name, which is expected,
but only those roles with a matching "name" value would be considered for this matching. This "name" field was redundant,
and has now been removed, but it would store a cleaned version the first-set name of the role.
All roles will now be considered before being matched on name which may mean that roles which did not sync before,
that would have been expected to based on their name, may now start to sync.

Full List of Changes

• Added API endpoints for chapters.
• Added audit log to the settings area. (#2173, #1167)
• Added the ability to insert an attachment link directly into the current editor window. (#1460)
• Added session-based code-block editor auto-save to prevent potential loss of content. (#1398)
• Added warning wording around role system permissions to indicate what permissions could allow privilege escalation. (#2105)
• Added the ability to log login failures to a file. Thanks to @benrubson. (#1881, #728)
• Updated Simplified Chinese translations. Thanks to @Honvid. (#2157)
• Updated WYSIWYG editor css to put editor in it's own layer to improve degraded dark mode performance. (#2154)
• Updated Czech translations. Thanks to @jakubboucek. (#2238)
• Updated permission system so that the permission map table does not contain ID's since database limits could be met in scenarios where permissions were automatically refreshed on a frequent basis. (#2091)
• Updated to role table in the database to remove a redundant name field which fixes issue where changing a role name would not change the name used to match with LDAP groups. (#2032)
• Updated URL slug generation to achieve a much cleaner result when non-ascii characters are used. Thanks to @drzippie. (#2165, #2026, #1765)
• Updated error reporting so that not-found errors are not written to the log, causing logs to fill much quicker than expected. (#2110)
• Updated dark mode styles to remove filters applied to images so that they display as expected. (#2045)
• Removed Vue.js from project & started standardisation of custom basic component system. (#2202)
• Replaced dev usage of node-sass with dart-sass. Thanks to @timoschwarzer. (#2166)
• Fixed issue where, upon role delete, users would not be migrated when specified to during role delete flow. (#2211)
• Fixed issue where the system would error on upload of images that contain a hash in the name. (#2161)
• Fixed scenario where page drafts would show as saved where request would actually fail, leading to loss of data. Added a browser-side storage mechanism for emergency use. (#2150)
• Fixed issue where LDAP groups would not sync on initial login due to the email confirmation system taking over before the group sync would run. (#2082)
• Fixed issue where the redirect upon login could lead to an external site. (#2073)
• Fixed low visibility of horizontal lines when dark mode is in use. (#2209)
• Fixed issue where HTML entities would be seen in page preview content. Thanks to @mr-vinn. (#2257, #2114)
• Fixed issue where previous page content would be indexed upon save instead of the fresh content. (#2042)
• Fixed issue where an error would be thrown on SAML logout request from the IdP. (#2002)
• Fixed bad pagination styling which would result in invisible numbering. (#1839)
• Fixed incorrect and misleading behaviour when saving a comment with no content. (#1836)

v0.29.3-ls104

LinuxServer Changes:

Rebase to alpine 3.12. Fix APP_URL setting. Bump php post max and upload max filesizes to 100MB by default.
bookstack Changes:

Security Release

• Update Instructions
• Vulnerability Report

This release addresses issue #2111 where the name of a restricted book could be viewed by non-authorised users when the book was on a shelf, and the shelves were viewed in "List View". This could expose book names to those that did not have permission to see them, when part of a shelf.