Skip to content

Releases: linuxserver/docker-bookstack

v24.05.4-ls164

16 Sep 18:35
9e5e0c3
Compare
Choose a tag to compare

LinuxServer Changes:

Add php-exif for reading image EXIF data.

bookstack Changes:

Security Release

BookStack v24.05.4 has been released.

This is a security release to address issues found in LDAP group syncing, where in certain scenarios a user could be matched to extra roles incorrectly, and an issue with content visibility in "book-show" API responses which would not have permissions applied properly.

Upgrade is strongly advised for instances where LDAP authentication is used with group syncing, or where the REST API is used to fetch contents of books ("books-read" endpoint).

Thanks to Linus Nagel and their team at WorkSimple GmbH for reporting this API vulnerability.

Full List of Changes

  • Updated API docs with consistent parameter types. (#5183)
  • Updated default content iframe embed max-width to align with other content types. (#5130)
  • Updated LDAP group sync to query via full DN.
  • Updated translations with latest Crowdin changes. (#5118)
  • Fixed books read API response not applying visibility control to chapter contents.
  • Fixed API docs users response showing extra property. (#5178)
  • Fixed database error thrown when using out dev docker setup. (#5124)
  • Fixed RTL display issues with tasklist checkboxes. (#5134)

v24.05.4-ls163

06 Sep 15:27
d4a1179
Compare
Choose a tag to compare

LinuxServer Changes:

Add php-exif for reading image EXIF data.

bookstack Changes:

Security Release

BookStack v24.05.4 has been released.

This is a security release to address issues found in LDAP group syncing, where in certain scenarios a user could be matched to extra roles incorrectly, and an issue with content visibility in "book-show" API responses which would not have permissions applied properly.

Upgrade is strongly advised for instances where LDAP authentication is used with group syncing, or where the REST API is used to fetch contents of books ("books-read" endpoint).

Thanks to Linus Nagel and their team at WorkSimple GmbH for reporting this API vulnerability.

Full List of Changes

  • Updated API docs with consistent parameter types. (#5183)
  • Updated default content iframe embed max-width to align with other content types. (#5130)
  • Updated LDAP group sync to query via full DN.
  • Updated translations with latest Crowdin changes. (#5118)
  • Fixed books read API response not applying visibility control to chapter contents.
  • Fixed API docs users response showing extra property. (#5178)
  • Fixed database error thrown when using out dev docker setup. (#5124)
  • Fixed RTL display issues with tasklist checkboxes. (#5134)

v24.05.4-ls162

29 Aug 15:45
9c224f5
Compare
Choose a tag to compare

LinuxServer Changes:

Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.

bookstack Changes:

Security Release

BookStack v24.05.4 has been released.

This is a security release to address issues found in LDAP group syncing, where in certain scenarios a user could be matched to extra roles incorrectly, and an issue with content visibility in "book-show" API responses which would not have permissions applied properly.

Upgrade is strongly advised for instances where LDAP authentication is used with group syncing, or where the REST API is used to fetch contents of books ("books-read" endpoint).

Thanks to Linus Nagel and their team at WorkSimple GmbH for reporting this API vulnerability.

Full List of Changes

  • Updated API docs with consistent parameter types. (#5183)
  • Updated default content iframe embed max-width to align with other content types. (#5130)
  • Updated LDAP group sync to query via full DN.
  • Updated translations with latest Crowdin changes. (#5118)
  • Fixed books read API response not applying visibility control to chapter contents.
  • Fixed API docs users response showing extra property. (#5178)
  • Fixed database error thrown when using out dev docker setup. (#5124)
  • Fixed RTL display issues with tasklist checkboxes. (#5134)

v24.05.3-ls161

26 Aug 18:31
dfc1d31
Compare
Choose a tag to compare

LinuxServer Changes:

Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.

bookstack Changes:

Links

Full List of Changes

This release contains the following fixes and changes:

  • Updated translations with latest Crowdin changes. (#5065)
  • Updated callouts with LTR text handling where supported. (#5104)
  • Updated project PHP and JavaScript dependencies.
  • Fixed blocked diagrams.net loading when using a custom URL that includes a port. (#5107)
  • Fixed OIDC incorrectly calling userinfo endpoint when valid empty groups provided. (#5101)
  • Fixed image replacement being case-sensitive when it should not be. Thanks to @DanielGordonIT. (#5096) (#5095)
  • Fixed HTML code block highlighting when custom self-closing tags are used. (#5078)
  • Fixed testing when custom ALLOWED_IFRAME_SOURCES is set. Thanks to @mueller-contria. (#5069) (#5068)

v24.05.3-ls160

19 Aug 18:37
951399b
Compare
Choose a tag to compare

LinuxServer Changes:

Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.

bookstack Changes:

Links

Full List of Changes

This release contains the following fixes and changes:

  • Updated translations with latest Crowdin changes. (#5065)
  • Updated callouts with LTR text handling where supported. (#5104)
  • Updated project PHP and JavaScript dependencies.
  • Fixed blocked diagrams.net loading when using a custom URL that includes a port. (#5107)
  • Fixed OIDC incorrectly calling userinfo endpoint when valid empty groups provided. (#5101)
  • Fixed image replacement being case-sensitive when it should not be. Thanks to @DanielGordonIT. (#5096) (#5095)
  • Fixed HTML code block highlighting when custom self-closing tags are used. (#5078)
  • Fixed testing when custom ALLOWED_IFRAME_SOURCES is set. Thanks to @mueller-contria. (#5069) (#5068)

v24.05.3-ls159

13 Aug 15:23
6790cfa
Compare
Choose a tag to compare

LinuxServer Changes:

Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.

bookstack Changes:

Links

Full List of Changes

This release contains the following fixes and changes:

  • Updated translations with latest Crowdin changes. (#5065)
  • Updated callouts with LTR text handling where supported. (#5104)
  • Updated project PHP and JavaScript dependencies.
  • Fixed blocked diagrams.net loading when using a custom URL that includes a port. (#5107)
  • Fixed OIDC incorrectly calling userinfo endpoint when valid empty groups provided. (#5101)
  • Fixed image replacement being case-sensitive when it should not be. Thanks to @DanielGordonIT. (#5096) (#5095)
  • Fixed HTML code block highlighting when custom self-closing tags are used. (#5078)
  • Fixed testing when custom ALLOWED_IFRAME_SOURCES is set. Thanks to @mueller-contria. (#5069) (#5068)

v24.05.3-ls158

12 Aug 18:33
Compare
Choose a tag to compare

LinuxServer Changes:

Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.

bookstack Changes:

Links

Full List of Changes

This release contains the following fixes and changes:

  • Updated translations with latest Crowdin changes. (#5065)
  • Updated callouts with LTR text handling where supported. (#5104)
  • Updated project PHP and JavaScript dependencies.
  • Fixed blocked diagrams.net loading when using a custom URL that includes a port. (#5107)
  • Fixed OIDC incorrectly calling userinfo endpoint when valid empty groups provided. (#5101)
  • Fixed image replacement being case-sensitive when it should not be. Thanks to @DanielGordonIT. (#5096) (#5095)
  • Fixed HTML code block highlighting when custom self-closing tags are used. (#5078)
  • Fixed testing when custom ALLOWED_IFRAME_SOURCES is set. Thanks to @mueller-contria. (#5069) (#5068)

v24.05.3-ls157

05 Aug 18:33
Compare
Choose a tag to compare

LinuxServer Changes:

Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.

bookstack Changes:

Links

Full List of Changes

This release contains the following fixes and changes:

  • Updated translations with latest Crowdin changes. (#5065)
  • Updated callouts with LTR text handling where supported. (#5104)
  • Updated project PHP and JavaScript dependencies.
  • Fixed blocked diagrams.net loading when using a custom URL that includes a port. (#5107)
  • Fixed OIDC incorrectly calling userinfo endpoint when valid empty groups provided. (#5101)
  • Fixed image replacement being case-sensitive when it should not be. Thanks to @DanielGordonIT. (#5096) (#5095)
  • Fixed HTML code block highlighting when custom self-closing tags are used. (#5078)
  • Fixed testing when custom ALLOWED_IFRAME_SOURCES is set. Thanks to @mueller-contria. (#5069) (#5068)

v24.05.3-ls156

29 Jul 18:33
Compare
Choose a tag to compare

LinuxServer Changes:

Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.

bookstack Changes:

Links

Full List of Changes

This release contains the following fixes and changes:

  • Updated translations with latest Crowdin changes. (#5065)
  • Updated callouts with LTR text handling where supported. (#5104)
  • Updated project PHP and JavaScript dependencies.
  • Fixed blocked diagrams.net loading when using a custom URL that includes a port. (#5107)
  • Fixed OIDC incorrectly calling userinfo endpoint when valid empty groups provided. (#5101)
  • Fixed image replacement being case-sensitive when it should not be. Thanks to @DanielGordonIT. (#5096) (#5095)
  • Fixed HTML code block highlighting when custom self-closing tags are used. (#5078)
  • Fixed testing when custom ALLOWED_IFRAME_SOURCES is set. Thanks to @mueller-contria. (#5069) (#5068)

v24.05.3-ls155

19 Jul 21:45
Compare
Choose a tag to compare

LinuxServer Changes:

Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.

bookstack Changes:

Links

Full List of Changes

This release contains the following fixes and changes:

  • Updated translations with latest Crowdin changes. (#5065)
  • Updated callouts with LTR text handling where supported. (#5104)
  • Updated project PHP and JavaScript dependencies.
  • Fixed blocked diagrams.net loading when using a custom URL that includes a port. (#5107)
  • Fixed OIDC incorrectly calling userinfo endpoint when valid empty groups provided. (#5101)
  • Fixed image replacement being case-sensitive when it should not be. Thanks to @DanielGordonIT. (#5096) (#5095)
  • Fixed HTML code block highlighting when custom self-closing tags are used. (#5078)
  • Fixed testing when custom ALLOWED_IFRAME_SOURCES is set. Thanks to @mueller-contria. (#5069) (#5068)