Releases: linuxserver/docker-bookstack
v0.29.3-ls98
LinuxServer Changes:
Rebasing to alpine 3.11.
bookstack Changes:
Security Release
This release addresses issue #2111 where the name of a restricted book could be viewed by non-authorised users when the book was on a shelf, and the shelves were viewed in "List View". This could expose book names to those that did not have permission to see them, when part of a shelf.
v0.29.3-ls97
LinuxServer Changes:
Rebasing to alpine 3.11.
bookstack Changes:
Security Release
This release addresses issue #2111 where the name of a restricted book could be viewed by non-authorised users when the book was on a shelf, and the shelves were viewed in "List View". This could expose book names to those that did not have permission to see them, when part of a shelf.
v0.29.3-ls96
LinuxServer Changes:
Rebasing to alpine 3.11.
bookstack Changes:
Security Release
This release addresses issue #2111 where the name of a restricted book could be viewed by non-authorised users when the book was on a shelf, and the shelves were viewed in "List View". This could expose book names to those that did not have permission to see them, when part of a shelf.
v0.29.3-ls95
LinuxServer Changes:
Rebasing to alpine 3.11.
bookstack Changes:
Security Release
This release addresses issue #2111 where the name of a restricted book could be viewed by non-authorised users when the book was on a shelf, and the shelves were viewed in "List View". This could expose book names to those that did not have permission to see them, when part of a shelf.
v0.29.3-ls94
LinuxServer Changes:
Rebasing to alpine 3.11.
bookstack Changes:
Security Release
This release addresses issue #2111 where the name of a restricted book could be viewed by non-authorised users when the book was on a shelf, and the shelves were viewed in "List View". This could expose book names to those that did not have permission to see them, when part of a shelf.
v0.29.3-ls93
LinuxServer Changes:
Rebasing to alpine 3.11.
bookstack Changes:
Security Release
This release addresses issue #2111 where the name of a restricted book could be viewed by non-authorised users when the book was on a shelf, and the shelves were viewed in "List View". This could expose book names to those that did not have permission to see them, when part of a shelf.
v0.29.3-ls92
LinuxServer Changes:
Rebasing to alpine 3.11.
bookstack Changes:
Security Release
This release addresses issue #2111 where the name of a restricted book could be viewed by non-authorised users when the book was on a shelf, and the shelves were viewed in "List View". This could expose book names to those that did not have permission to see them, when part of a shelf.
v0.29.3-ls91
LinuxServer Changes:
Rebasing to alpine 3.11.
bookstack Changes:
Security Release
This release addresses issue #2111 where the name of a restricted book could be viewed by non-authorised users when the book was on a shelf, and the shelves were viewed in "List View". This could expose book names to those that did not have permission to see them, when part of a shelf.
v0.29.2-ls91
LinuxServer Changes:
Rebasing to alpine 3.11.
bookstack Changes:
Security Release
This release addresses vulnerabilities in the comment system. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the comment. Through this vulnerability custom JavaScript code could be injected and therefore ran on other user machines.
This most impacts scenarios where not-trusted users are given permission to create comments.
After upgrading, The command php artisan bookstack:regenerate-comment-content should be ran to remove any pre-existing dangerous content.
v0.29.2-ls90
LinuxServer Changes:
Rebasing to alpine 3.11.
bookstack Changes:
Security Release
This release addresses vulnerabilities in the comment system. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the comment. Through this vulnerability custom JavaScript code could be injected and therefore ran on other user machines.
This most impacts scenarios where not-trusted users are given permission to create comments.
After upgrading, The command php artisan bookstack:regenerate-comment-content should be ran to remove any pre-existing dangerous content.