Releases: linuxserver/docker-bookstack
v0.31.3-ls119
LinuxServer Changes:
Make APP_URL var required (upstream changes).
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
v0.31.2-ls119
LinuxServer Changes:
Make APP_URL var required (upstream changes).
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
- Updated recycle bin nav header to be wider and not line break on some languages. (#2468)
- Updated Chinese, Italian & Russian translations. (#2464)
- Fixed issue where copying a page would not properly copy the contents. (#2463)
- Fixed issue where tables and task-lists, when saved in the Markdown editor, would not be converted to the page HTML output. (#2452)
- Fixed "FatalThrowableError" that could appear on failed user avatar fetch. (#2449)
v0.31.1-ls119
LinuxServer Changes:
Make APP_URL var required (upstream changes).
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
- Fixed issue where markdown content would not be stored on first page save (HTML content would still be stored). (#2446)
- Fixed issue where the new content owner fields were not be used for the manage-own-permission role permission. (#2445)
- Fixed recycle bin table style issue which could cause the dropdown menu to be cut-off. (#2442)
- Updated Chinese, Spanish and French translations. (#2441)
v0.31.1-ls118
LinuxServer Changes:
Make APP_URL var required (upstream changes).
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
- Fixed issue where markdown content would not be stored on first page save (HTML content would still be stored). (#2446)
- Fixed issue where the new content owner fields were not be used for the manage-own-permission role permission. (#2445)
- Fixed recycle bin table style issue which could cause the dropdown menu to be cut-off. (#2442)
- Updated Chinese, Spanish and French translations. (#2441)
v0.31.0-ls118
LinuxServer Changes:
Make APP_URL var required (upstream changes).
bookstack Changes:
Links
Update Notices
Requirements Change - The minimum required PHP version has changed from 7.2 to 7.2.5. Additionally, the Tidy PHP extension is no longer required.
GitLab Authentication - The read_user scope will now be passed and is required on the "Application" setup within GitLab. Not having this scope may lead to errors when users attempt to authenticate via GitLab.
Security & IFrame Usage - By default BookStack will set headers to prevent usage within an iframe. You can set trusted iframe hosts through the ALLOWED_IFRAME_HOSTS option in your .env file. See the security page for more information on this option.
Full List of Changes
- Added recycle bin implementation. (#2283, #2183, #280)
- Added Norwegian translations to BookStack. Thanks to @Swoy. (#2336)
- Added ownership system for pages, chapters, books and shelves. (#2436, #2246)
- Added host iframe control with cookie security management. (#2427, #2207)
- Added API endpoints for pages. (#2382)
- Added many more activity types to the audit-log. (#2360, #1243)
- Added a sortable "Latest Activity" column to the users list. (#848)
- Replaced revision diff library so that the php tidy extension is no longer required. (#2347, #1553)
- Updated GitLab authentication to use the
read_userscope. (#2359) - Updated revision restore to add sensible default change summary text. Thanks to @rondaa. (#2353, #2349)
- Updated the "Cleanup Images" maintenance option wording for clarity. (#2352)
- Updated dev docker setup to install composer dependencies in Docker entrypoint. Thanks to @timoschwarzer. (#2298)
- Updated chapter delete behaviour so pages are removed instead of being moved to the parent book. (#2164)
- Updated grid-layout book/shelf item names to better fit into two lines. (#1469)
- Updated translations. (#2439, #2327)
- Fixed issue where the export dropdown may show cut-off with options hidden. Thanks to @shubhamosmosys. (#2416)
v0.30.7-ls118
LinuxServer Changes:
Make APP_URL var required (upstream changes).
bookstack Changes:
Security Release
This release addresses an issue where page content could be visible to those without permission via the export options. The content of pages made non-viewable to a user via permissions, within a visible parent, could be seen via the plaintext export option. Before v0.30.6 this would have applied only to scenarios where all pages within the chapter were made non-visible. In v0.30.6 this would make all pages within the chapter visible.
Further details can be found in the vulnerability report.
v0.30.7-ls117
LinuxServer Changes:
Make APP_URL var required (upstream changes).
bookstack Changes:
Security Release
This release addresses an issue where page content could be visible to those without permission via the export options. The content of pages made non-viewable to a user via permissions, within a visible parent, could be seen via the plaintext export option. Before v0.30.6 this would have applied only to scenarios where all pages within the chapter were made non-visible. In v0.30.6 this would make all pages within the chapter visible.
Further details can be found in the vulnerability report.
v0.30.7-ls116
LinuxServer Changes:
Rebase to alpine 3.12. Fix APP_URL setting. Bump php post max and upload max filesizes to 100MB by default.
bookstack Changes:
Security Release
This release addresses an issue where page content could be visible to those without permission via the export options. The content of pages made non-viewable to a user via permissions, within a visible parent, could be seen via the plaintext export option. Before v0.30.6 this would have applied only to scenarios where all pages within the chapter were made non-visible. In v0.30.6 this would make all pages within the chapter visible.
Further details can be found in the vulnerability report.
v0.30.6-ls116
LinuxServer Changes:
Rebase to alpine 3.12. Fix APP_URL setting. Bump php post max and upload max filesizes to 100MB by default.
bookstack Changes:
Security Release
This release addresses an issue where page content could be visible to those without permission. If a chapter was visible to a user, but all of it's pages were made not visible, then the details of these pages could be visible. Within the BookStack interface, the names of the pages and preview content could be seen. If the parent book was exported then this would include the content of the pages that had been restricted.
Further details can be found in the vulnerability report.
v0.30.5-ls116
LinuxServer Changes:
Rebase to alpine 3.12. Fix APP_URL setting. Bump php post max and upload max filesizes to 100MB by default.
bookstack Changes:
Security Release
- Update Instructions
- Vulnerability Report: Server Side Request Forgery Through Content Exports
- Update details on blog
Phishing and and server-side request forgery vulnerabilities have been found within BookStack. Release v0.30.5 will remove this server-side request forgery issue while bringing updated wording and advisories to prevent the potential phishing vulnerability. You should ensure you've set the APP_URL option in your .env file to prevent likelihood of the phishing attack. Please view the above report or blogpost links for more detail.