v0.29.3-ls93

LinuxServer Changes:

Rebasing to alpine 3.11.
bookstack Changes:

Security Release

• Update Instructions
• Vulnerability Report

This release addresses issue #2111 where the name of a restricted book could be viewed by non-authorised users when the book was on a shelf, and the shelves were viewed in "List View". This could expose book names to those that did not have permission to see them, when part of a shelf.

v0.29.3-ls92

LinuxServer Changes:

Rebasing to alpine 3.11.
bookstack Changes:

Security Release

• Update Instructions
• Vulnerability Report

This release addresses issue #2111 where the name of a restricted book could be viewed by non-authorised users when the book was on a shelf, and the shelves were viewed in "List View". This could expose book names to those that did not have permission to see them, when part of a shelf.

v0.29.3-ls91

LinuxServer Changes:

Rebasing to alpine 3.11.
bookstack Changes:

Security Release

• Update Instructions
• Vulnerability Report

This release addresses issue #2111 where the name of a restricted book could be viewed by non-authorised users when the book was on a shelf, and the shelves were viewed in "List View". This could expose book names to those that did not have permission to see them, when part of a shelf.

v0.29.2-ls91

LinuxServer Changes:

Rebasing to alpine 3.11.
bookstack Changes:

Security Release

• Update Instructions
• Vulnerability Report

This release addresses vulnerabilities in the comment system. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the comment. Through this vulnerability custom JavaScript code could be injected and therefore ran on other user machines.

This most impacts scenarios where not-trusted users are given permission to create comments.

After upgrading, The command php artisan bookstack:regenerate-comment-content should be ran to remove any pre-existing dangerous content.

v0.29.2-ls90

LinuxServer Changes:

Rebasing to alpine 3.11.
bookstack Changes:

Security Release

• Update Instructions
• Vulnerability Report

This release addresses vulnerabilities in the comment system. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the comment. Through this vulnerability custom JavaScript code could be injected and therefore ran on other user machines.

This most impacts scenarios where not-trusted users are given permission to create comments.

After upgrading, The command php artisan bookstack:regenerate-comment-content should be ran to remove any pre-existing dangerous content.

v0.29.1-ls90

LinuxServer Changes:

Rebasing to alpine 3.11.
bookstack Changes:

Links

• Update instructions
• Update details on blog

Full List of Changes

This release contains the following fixes and changes:

• Added multi-item select to the book-sort interface. (#2067)
• Updated authentication system to prevent admins being logged out when changing authentication type, useful when setting up LDAP or SAML. (#2031)
• Updated editor focus so that the title is ready-selected if the default, otherwise the editor is focused. (#2036)
• Updated translations for Dutch, Korean, French, Turkish, Spanish. Thanks to Crowdin Users. (#2028, #2071)
• Fixed issue where callout styles could not be cycled through via shortcut when in-callout formatting was selected in the editor. (#2061)
• Fixed issue where the selection area was not visible in code blocks or the markdown editor when using dark mode. (#2060)
• Fixed issue where callouts and code blocks would overlap floated images. (#2055)
• Fixed issue where no notification would show on an LDAP Login when email already exists. (#2048)
• Fixed API issue where "total" on a listing response would be incorrect when an offset was given. (#2043)

v0.29.0-ls89

LinuxServer Changes:

Rebasing to alpine 3.11.
bookstack Changes:

Links

• Update instructions
• Update details on blog

Full List of Changes

• Added a user-selectable dark-mode option. (#2022, #1234)
• Added the ability to define a custom draw.io URL and therefore use a custom instance if preferred. (#826)
• Added grid-view support, with toggle, to the shelf view. Thanks to @philjak. (#1755, #1221)
• Added a list of bookshelves that a book belongs when viewing a book. Thanks to @cw1998. (#1688, #1598)
• Added a new command to update your BookStack URL in the database. (#1225)
• Added shelf API endpoints. Thanks to @osmansorkar. (#1908)
• Added book-export API endpoints.
• Updated password reset flows to avoid indicating if a email is in use within the system. (#2016)
• Updated WYSIWYG entity-link-insert to set link text to entity name, if input is empty. (#2014)
• Updated styles with better RTL support through the use of CSS logical properties/values. (#2003)
• Updated the name of saved drawings to not include the user's name, to prevent issues with non-standard characters. (#1993)
• Removed BMP and TIFF from the list of allows image upload types since these could not be resized properly. (#1990)
• Updated code-block insert to handle focus, so code blocks can be inserted smoothly via keyboard alone. (#1972)
• Updated namespacing used in tests to avoid warnings on recent versions of composer. (#1924)
• Updated Chinese translations. Thanks to @jzoy. (#2023)
• Updated translations for Turkish, Slovenian, Swedish, Spanish, Italian, Russian, German Informal, German, French, Chinese Simplified, Portuguese, Brazilian & Hungarian. Thanks to Crowdin Users.
• Updated default .htaccess to allow Authorization header for API usage. Thanks to @osmansorkar. (#1908)
• Updated GitHub authorization library to avoid use of deprecated auth methods. (#1879)
• Fixed issue where ordered list numbers could be cut-off. This was most apparent on Safari.(#1978)

v0.29.0-ls87

LinuxServer Changes:

Rebasing to alpine 3.11.
bookstack Changes:

Links

• Update instructions
• Update details on blog

Full List of Changes

• Added a user-selectable dark-mode option. (#2022, #1234)
• Added the ability to define a custom draw.io URL and therefore use a custom instance if preferred. (#826)
• Added grid-view support, with toggle, to the shelf view. Thanks to @philjak. (#1755, #1221)
• Added a list of bookshelves that a book belongs when viewing a book. Thanks to @cw1998. (#1688, #1598)
• Added a new command to update your BookStack URL in the database. (#1225)
• Added shelf API endpoints. Thanks to @osmansorkar. (#1908)
• Added book-export API endpoints.
• Updated password reset flows to avoid indicating if a email is in use within the system. (#2016)
• Updated WYSIWYG entity-link-insert to set link text to entity name, if input is empty. (#2014)
• Updated styles with better RTL support through the use of CSS logical properties/values. (#2003)
• Updated the name of saved drawings to not include the user's name, to prevent issues with non-standard characters. (#1993)
• Removed BMP and TIFF from the list of allows image upload types since these could not be resized properly. (#1990)
• Updated code-block insert to handle focus, so code blocks can be inserted smoothly via keyboard alone. (#1972)
• Updated namespacing used in tests to avoid warnings on recent versions of composer. (#1924)
• Updated Chinese translations. Thanks to @jzoy. (#2023)
• Updated translations for Turkish, Slovenian, Swedish, Spanish, Italian, Russian, German Informal, German, French, Chinese Simplified, Portuguese, Brazilian & Hungarian. Thanks to Crowdin Users.
• Updated default .htaccess to allow Authorization header for API usage. Thanks to @osmansorkar. (#1908)
• Updated GitHub authorization library to avoid use of deprecated auth methods. (#1879)
• Fixed issue where ordered list numbers could be cut-off. This was most apparent on Safari.(#1978)

v0.29.0-ls86

LinuxServer Changes:

Rebasing to alpine 3.11.
bookstack Changes:

Links

• Update instructions
• Update details on blog

Full List of Changes

• Added a user-selectable dark-mode option. (#2022, #1234)
• Added the ability to define a custom draw.io URL and therefore use a custom instance if preferred. (#826)
• Added grid-view support, with toggle, to the shelf view. Thanks to @philjak. (#1755, #1221)
• Added a list of bookshelves that a book belongs when viewing a book. Thanks to @cw1998. (#1688, #1598)
• Added a new command to update your BookStack URL in the database. (#1225)
• Added shelf API endpoints. Thanks to @osmansorkar. (#1908)
• Added book-export API endpoints.
• Updated password reset flows to avoid indicating if a email is in use within the system. (#2016)
• Updated WYSIWYG entity-link-insert to set link text to entity name, if input is empty. (#2014)
• Updated styles with better RTL support through the use of CSS logical properties/values. (#2003)
• Updated the name of saved drawings to not include the user's name, to prevent issues with non-standard characters. (#1993)
• Removed BMP and TIFF from the list of allows image upload types since these could not be resized properly. (#1990)
• Updated code-block insert to handle focus, so code blocks can be inserted smoothly via keyboard alone. (#1972)
• Updated namespacing used in tests to avoid warnings on recent versions of composer. (#1924)
• Updated Chinese translations. Thanks to @jzoy. (#2023)
• Updated translations for Turkish, Slovenian, Swedish, Spanish, Italian, Russian, German Informal, German, French, Chinese Simplified, Portuguese, Brazilian & Hungarian. Thanks to Crowdin Users.
• Updated default .htaccess to allow Authorization header for API usage. Thanks to @osmansorkar. (#1908)
• Updated GitHub authorization library to avoid use of deprecated auth methods. (#1879)
• Fixed issue where ordered list numbers could be cut-off. This was most apparent on Safari.(#1978)

v0.28.3-ls85

LinuxServer Changes:

Rebasing to alpine 3.11.
bookstack Changes:

Links

• Update instructions
• Update details on blog

Full List of Changes

This release contains the following fixes and changes:

• Added Slovenian language support. Thanks to @mrjaboozy. (#1946)
• Added Vietnamese Language support. Thanks to @vuongtrunghieu (#1883)
• Added Hebrew Translations. Thanks to @Binternet. (#1827)
• Added support for Fortran language code blocks. Thanks to @JHenneberg. (#1878)
• Updated spacing in colour picker components to be consistent and prevent text-dropdown on longer-text languages. Thanks to @Statium. (#1943, #1930)
• Updated login and registration header actions to be consistent with other header links. Thanks to @Statium. (#1942)
• Updated install instructions and scripts to not install development composer packages. (#1928)
• Updated list styles to prevent additional margin/padding showing in nested lists. Thanks to @MikeyMJCO. (#1913, #1911)
• Updated Russian translations. Thanks to @kostefun & @Statium. (#1885, #1837)
• Updated translations for Vietnamese, Danish, Slovenian, Russian, German Informal; German, French, Czech, Swedish, Spanish, Hungarian, Portuguese, Brazilian, Japanese & Chinese Simplified. Thanks to Crowdin Users.
• Updated "Intended URL" logic to work when "Public Access" is enabled. Thanks to @Xiphoseer. (#1817, #1706)
• Fixed error that would throw if a user logs in with GitHub while having has a blank 'name'. (#1853)
• Fixed validation issues that could occur on image uploads in some environments. Thanks to @TBK. (#1900, #1570)
• Fixed 'interaction_required' response returned for the Azure login that would show when MFA is enabled. Thanks to @ch0wm3in. (#1889, #1903)