v0.25.4-pkg-285ed901-ls36
·
615 commits
to master
since this release
LinuxServer Changes:
Switching to new Base images, shift to arm32v7 tag.
bookstack Changes:
Security Release
This release patches a security vulnerability that allowed PHP files, using a non-.php extension, to be uploaded via image upload endpoints. The PHP files could then be called externally to perform malicious activity.
This is a continuation upon the security updates enforced in v0.25.3. Please see that release for further information on this kind of vulnerability.
This update applies a whitelist to file extensions for uploaded images to ensure php-like files, such as .phtml or .php3, cannot exploit web servers that execute such files.