Releases: linuxserver/docker-bookstack
v22.07.3-ls32
LinuxServer Changes:
Add symlinks for theme support.
bookstack Changes:
Security Release
This is a security release that adds additional filtering to page content to prevent certain cross-site-scripting techniques. These cross-site-scripting techniques would be already by blocked by BookStack's usage of Content-Security-Policy, but this change will help scenarios where BookStack content is used externally.
In addition, the API documentation has been updated with a section focused on content security to explain the security techniques BookStack uses by default, and to relay considerations for using BookStack content in an external system. The security page of our documentation has also been updated with such considerations:
https://www.bookstackapp.com/docs/admin/security/#using-content-externally
Upgrade is advised where BookStack content, accessible to edit by untrusted users, is used externally.
Those using BookStack content externally (API-based app developers) should read the new documentation and add any advised protections as necessary.
Thanks to the "JPCERT/CC Vulnerability Coordination Group" contact and the original reporter, Kenichi Okuno of Mitsui Bussan Secure Directions, Inc, for disclosing their report of the relevant vulnerability scenarios.
Full List of Changes
- Added API documentation section to advise of content security. (#3636)
- Updated Persian translations. Thanks to @samadha56. (#3639)
- Updated code block rendering to help prevent blank blocks on fresh cache. (#3637)
- Updated HTML filtering to prevent SVG animate case. (#3636)
- Updated translations with latest changes from Crowdin. (#3635)
- Updated revision list view to help prevent system memory exhaustion. (#3633)
- Fixed issue with permission checking prevent certain actions where permission should have allowed. (#3632)
v22.07.3-ls31
LinuxServer Changes:
Add symlinks for theme support.
bookstack Changes:
Security Release
This is a security release that adds additional filtering to page content to prevent certain cross-site-scripting techniques. These cross-site-scripting techniques would be already by blocked by BookStack's usage of Content-Security-Policy, but this change will help scenarios where BookStack content is used externally.
In addition, the API documentation has been updated with a section focused on content security to explain the security techniques BookStack uses by default, and to relay considerations for using BookStack content in an external system. The security page of our documentation has also been updated with such considerations:
https://www.bookstackapp.com/docs/admin/security/#using-content-externally
Upgrade is advised where BookStack content, accessible to edit by untrusted users, is used externally.
Those using BookStack content externally (API-based app developers) should read the new documentation and add any advised protections as necessary.
Thanks to the "JPCERT/CC Vulnerability Coordination Group" contact and original reporter (names currently withheld in the interest of privacy) for disclosing their report of the relevant vulnerability scenarios.
Full List of Changes
- Added API documentation section to advise of content security. (#3636)
- Updated Persian translations. Thanks to @samadha56. (#3639)
- Updated code block rendering to help prevent blank blocks on fresh cache. (#3637)
- Updated HTML filtering to prevent SVG animate case. (#3636)
- Updated translations with latest changes from Crowdin. (#3635)
- Updated revision list view to help prevent system memory exhaustion. (#3633)
- Fixed issue with permission checking prevent certain actions where permission should have allowed. (#3632)
v22.07.2-ls30
LinuxServer Changes:
Add symlinks for theme support.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
- Added body-start/end partials to export template, for easier export customization via the visual theme system. (#3630)
- Added activity recording for revision delete/restore. (#3628)
- Updated translations with latest changes from Crowdin. (#3625)
- Updated user validation with sensible limit to name input. (#3614)
- Fixed issue where activity type could not be selected in the audit log. (#3623)
- Fixed possibility of breaking page load due to bad user language input. (#3615)
v22.07.1-ls30
LinuxServer Changes:
Add symlinks for theme support.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
v22.07.1-ls29
LinuxServer Changes:
Add symlinks for theme support.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
v22.07-ls28
LinuxServer Changes:
Add symlinks for theme support.
bookstack Changes:
Links
Full List of Changes
- Added 'Sort Book' action to chapters. (#3598, #2335)
- Added ability to favourite code languages in the WYSIWYG code editor. (#3593, #3542)
- Added option to set IP address storage precision. (#3560)
- Added tag-based css classes to the HTML body tag for tag-based content CSS targeting. (#3583)
- Added new Logical Theme System event, emitted upon any system activity event. (#3572)
- Added editor shortcuts for bullet and numbered lists. (#3599, #1269)
- Updated shelf book management interface with better usability and book search bar. (#3591, #3266)
- Updated translations with latest changes from Crowdin. (#3600, #3545)
- Updated WYSIWYG editor to TinyMCE 6. (#3580, #3517)
- Updated DOMPDF, and other PHP dependencies. (#3579)
- Updated permission system to only "cache" view-based permissions for better performance, and made many other performance improvements. (#3569)
- Updated WYSIWYG color options to have no names, for better cross-language usage. (#3530)
- Updated tests to use ssddanbrown/asserthtml library. (#3519)
- Fixed comment count translation in Chinese translations. Thanks to @GongMingCai. (#3556)
- Fixed issue where
AVATAR_URL=falsewould not properly disable Gravatar fetching. (#1835) - Fixed some German translation typos and grammar. Thanks to @smartshogu. (#3570)
- Fixed issue where WYSIWYG toolbar would remain when after inserting a drawing. (#3597)
v22.06.2-ls27
LinuxServer Changes:
Add symlinks for theme support.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
v22.06.2-ls26
LinuxServer Changes:
Add symlinks for theme support.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
v22.06.2-ls25
LinuxServer Changes:
Add symlinks for theme support.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
v22.06.2-ls24
LinuxServer Changes:
Add symlinks for theme support.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes: