Releases: linuxserver/docker-bookstack
v0.29.3-ls94
LinuxServer Changes:
Rebasing to alpine 3.11.
bookstack Changes:
Security Release
This release addresses issue #2111 where the name of a restricted book could be viewed by non-authorised users when the book was on a shelf, and the shelves were viewed in "List View". This could expose book names to those that did not have permission to see them, when part of a shelf.
v0.29.3-ls93
LinuxServer Changes:
Rebasing to alpine 3.11.
bookstack Changes:
Security Release
This release addresses issue #2111 where the name of a restricted book could be viewed by non-authorised users when the book was on a shelf, and the shelves were viewed in "List View". This could expose book names to those that did not have permission to see them, when part of a shelf.
v0.29.3-ls92
LinuxServer Changes:
Rebasing to alpine 3.11.
bookstack Changes:
Security Release
This release addresses issue #2111 where the name of a restricted book could be viewed by non-authorised users when the book was on a shelf, and the shelves were viewed in "List View". This could expose book names to those that did not have permission to see them, when part of a shelf.
v0.29.3-ls91
LinuxServer Changes:
Rebasing to alpine 3.11.
bookstack Changes:
Security Release
This release addresses issue #2111 where the name of a restricted book could be viewed by non-authorised users when the book was on a shelf, and the shelves were viewed in "List View". This could expose book names to those that did not have permission to see them, when part of a shelf.
v0.29.2-ls91
LinuxServer Changes:
Rebasing to alpine 3.11.
bookstack Changes:
Security Release
This release addresses vulnerabilities in the comment system. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the comment. Through this vulnerability custom JavaScript code could be injected and therefore ran on other user machines.
This most impacts scenarios where not-trusted users are given permission to create comments.
After upgrading, The command php artisan bookstack:regenerate-comment-content should be ran to remove any pre-existing dangerous content.
v0.29.2-ls90
LinuxServer Changes:
Rebasing to alpine 3.11.
bookstack Changes:
Security Release
This release addresses vulnerabilities in the comment system. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the comment. Through this vulnerability custom JavaScript code could be injected and therefore ran on other user machines.
This most impacts scenarios where not-trusted users are given permission to create comments.
After upgrading, The command php artisan bookstack:regenerate-comment-content should be ran to remove any pre-existing dangerous content.
v0.29.1-ls90
LinuxServer Changes:
Rebasing to alpine 3.11.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
- Added multi-item select to the book-sort interface. (#2067)
- Updated authentication system to prevent admins being logged out when changing authentication type, useful when setting up LDAP or SAML. (#2031)
- Updated editor focus so that the title is ready-selected if the default, otherwise the editor is focused. (#2036)
- Updated translations for Dutch, Korean, French, Turkish, Spanish. Thanks to Crowdin Users. (#2028, #2071)
- Fixed issue where callout styles could not be cycled through via shortcut when in-callout formatting was selected in the editor. (#2061)
- Fixed issue where the selection area was not visible in code blocks or the markdown editor when using dark mode. (#2060)
- Fixed issue where callouts and code blocks would overlap floated images. (#2055)
- Fixed issue where no notification would show on an LDAP Login when email already exists. (#2048)
- Fixed API issue where "total" on a listing response would be incorrect when an offset was given. (#2043)
v0.29.0-ls89
LinuxServer Changes:
Rebasing to alpine 3.11.
bookstack Changes:
Links
Full List of Changes
- Added a user-selectable dark-mode option. (#2022, #1234)
- Added the ability to define a custom draw.io URL and therefore use a custom instance if preferred. (#826)
- Added grid-view support, with toggle, to the shelf view. Thanks to @philjak. (#1755, #1221)
- Added a list of bookshelves that a book belongs when viewing a book. Thanks to @cw1998. (#1688, #1598)
- Added a new command to update your BookStack URL in the database. (#1225)
- Added shelf API endpoints. Thanks to @osmansorkar. (#1908)
- Added book-export API endpoints.
- Updated password reset flows to avoid indicating if a email is in use within the system. (#2016)
- Updated WYSIWYG entity-link-insert to set link text to entity name, if input is empty. (#2014)
- Updated styles with better RTL support through the use of CSS logical properties/values. (#2003)
- Updated the name of saved drawings to not include the user's name, to prevent issues with non-standard characters. (#1993)
- Removed BMP and TIFF from the list of allows image upload types since these could not be resized properly. (#1990)
- Updated code-block insert to handle focus, so code blocks can be inserted smoothly via keyboard alone. (#1972)
- Updated namespacing used in tests to avoid warnings on recent versions of composer. (#1924)
- Updated Chinese translations. Thanks to @jzoy. (#2023)
- Updated translations for Turkish, Slovenian, Swedish, Spanish, Italian, Russian, German Informal, German, French, Chinese Simplified, Portuguese, Brazilian & Hungarian. Thanks to Crowdin Users.
- Updated default .htaccess to allow Authorization header for API usage. Thanks to @osmansorkar. (#1908)
- Updated GitHub authorization library to avoid use of deprecated auth methods. (#1879)
- Fixed issue where ordered list numbers could be cut-off. This was most apparent on Safari.(#1978)
v0.29.0-ls87
LinuxServer Changes:
Rebasing to alpine 3.11.
bookstack Changes:
Links
Full List of Changes
- Added a user-selectable dark-mode option. (#2022, #1234)
- Added the ability to define a custom draw.io URL and therefore use a custom instance if preferred. (#826)
- Added grid-view support, with toggle, to the shelf view. Thanks to @philjak. (#1755, #1221)
- Added a list of bookshelves that a book belongs when viewing a book. Thanks to @cw1998. (#1688, #1598)
- Added a new command to update your BookStack URL in the database. (#1225)
- Added shelf API endpoints. Thanks to @osmansorkar. (#1908)
- Added book-export API endpoints.
- Updated password reset flows to avoid indicating if a email is in use within the system. (#2016)
- Updated WYSIWYG entity-link-insert to set link text to entity name, if input is empty. (#2014)
- Updated styles with better RTL support through the use of CSS logical properties/values. (#2003)
- Updated the name of saved drawings to not include the user's name, to prevent issues with non-standard characters. (#1993)
- Removed BMP and TIFF from the list of allows image upload types since these could not be resized properly. (#1990)
- Updated code-block insert to handle focus, so code blocks can be inserted smoothly via keyboard alone. (#1972)
- Updated namespacing used in tests to avoid warnings on recent versions of composer. (#1924)
- Updated Chinese translations. Thanks to @jzoy. (#2023)
- Updated translations for Turkish, Slovenian, Swedish, Spanish, Italian, Russian, German Informal, German, French, Chinese Simplified, Portuguese, Brazilian & Hungarian. Thanks to Crowdin Users.
- Updated default .htaccess to allow Authorization header for API usage. Thanks to @osmansorkar. (#1908)
- Updated GitHub authorization library to avoid use of deprecated auth methods. (#1879)
- Fixed issue where ordered list numbers could be cut-off. This was most apparent on Safari.(#1978)
v0.29.0-ls86
LinuxServer Changes:
Rebasing to alpine 3.11.
bookstack Changes:
Links
Full List of Changes
- Added a user-selectable dark-mode option. (#2022, #1234)
- Added the ability to define a custom draw.io URL and therefore use a custom instance if preferred. (#826)
- Added grid-view support, with toggle, to the shelf view. Thanks to @philjak. (#1755, #1221)
- Added a list of bookshelves that a book belongs when viewing a book. Thanks to @cw1998. (#1688, #1598)
- Added a new command to update your BookStack URL in the database. (#1225)
- Added shelf API endpoints. Thanks to @osmansorkar. (#1908)
- Added book-export API endpoints.
- Updated password reset flows to avoid indicating if a email is in use within the system. (#2016)
- Updated WYSIWYG entity-link-insert to set link text to entity name, if input is empty. (#2014)
- Updated styles with better RTL support through the use of CSS logical properties/values. (#2003)
- Updated the name of saved drawings to not include the user's name, to prevent issues with non-standard characters. (#1993)
- Removed BMP and TIFF from the list of allows image upload types since these could not be resized properly. (#1990)
- Updated code-block insert to handle focus, so code blocks can be inserted smoothly via keyboard alone. (#1972)
- Updated namespacing used in tests to avoid warnings on recent versions of composer. (#1924)
- Updated Chinese translations. Thanks to @jzoy. (#2023)
- Updated translations for Turkish, Slovenian, Swedish, Spanish, Italian, Russian, German Informal, German, French, Chinese Simplified, Portuguese, Brazilian & Hungarian. Thanks to Crowdin Users.
- Updated default .htaccess to allow Authorization header for API usage. Thanks to @osmansorkar. (#1908)
- Updated GitHub authorization library to avoid use of deprecated auth methods. (#1879)
- Fixed issue where ordered list numbers could be cut-off. This was most apparent on Safari.(#1978)