Releases: linuxserver/docker-bookstack
v24.05.4-ls164
LinuxServer Changes:
Add php-exif for reading image EXIF data.
bookstack Changes:
Security Release
BookStack v24.05.4 has been released.
This is a security release to address issues found in LDAP group syncing, where in certain scenarios a user could be matched to extra roles incorrectly, and an issue with content visibility in "book-show" API responses which would not have permissions applied properly.
Upgrade is strongly advised for instances where LDAP authentication is used with group syncing, or where the REST API is used to fetch contents of books ("books-read" endpoint).
Thanks to Linus Nagel and their team at WorkSimple GmbH for reporting this API vulnerability.
Full List of Changes
- Updated API docs with consistent parameter types. (#5183)
- Updated default content iframe embed max-width to align with other content types. (#5130)
- Updated LDAP group sync to query via full DN.
- Updated translations with latest Crowdin changes. (#5118)
- Fixed books read API response not applying visibility control to chapter contents.
- Fixed API docs users response showing extra property. (#5178)
- Fixed database error thrown when using out dev docker setup. (#5124)
- Fixed RTL display issues with tasklist checkboxes. (#5134)
v24.05.4-ls163
LinuxServer Changes:
Add php-exif for reading image EXIF data.
bookstack Changes:
Security Release
BookStack v24.05.4 has been released.
This is a security release to address issues found in LDAP group syncing, where in certain scenarios a user could be matched to extra roles incorrectly, and an issue with content visibility in "book-show" API responses which would not have permissions applied properly.
Upgrade is strongly advised for instances where LDAP authentication is used with group syncing, or where the REST API is used to fetch contents of books ("books-read" endpoint).
Thanks to Linus Nagel and their team at WorkSimple GmbH for reporting this API vulnerability.
Full List of Changes
- Updated API docs with consistent parameter types. (#5183)
- Updated default content iframe embed max-width to align with other content types. (#5130)
- Updated LDAP group sync to query via full DN.
- Updated translations with latest Crowdin changes. (#5118)
- Fixed books read API response not applying visibility control to chapter contents.
- Fixed API docs users response showing extra property. (#5178)
- Fixed database error thrown when using out dev docker setup. (#5124)
- Fixed RTL display issues with tasklist checkboxes. (#5134)
v24.05.4-ls162
LinuxServer Changes:
Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.
bookstack Changes:
Security Release
BookStack v24.05.4 has been released.
This is a security release to address issues found in LDAP group syncing, where in certain scenarios a user could be matched to extra roles incorrectly, and an issue with content visibility in "book-show" API responses which would not have permissions applied properly.
Upgrade is strongly advised for instances where LDAP authentication is used with group syncing, or where the REST API is used to fetch contents of books ("books-read" endpoint).
Thanks to Linus Nagel and their team at WorkSimple GmbH for reporting this API vulnerability.
Full List of Changes
- Updated API docs with consistent parameter types. (#5183)
- Updated default content iframe embed max-width to align with other content types. (#5130)
- Updated LDAP group sync to query via full DN.
- Updated translations with latest Crowdin changes. (#5118)
- Fixed books read API response not applying visibility control to chapter contents.
- Fixed API docs users response showing extra property. (#5178)
- Fixed database error thrown when using out dev docker setup. (#5124)
- Fixed RTL display issues with tasklist checkboxes. (#5134)
v24.05.3-ls161
LinuxServer Changes:
Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
- Updated translations with latest Crowdin changes. (#5065)
- Updated callouts with LTR text handling where supported. (#5104)
- Updated project PHP and JavaScript dependencies.
- Fixed blocked diagrams.net loading when using a custom URL that includes a port. (#5107)
- Fixed OIDC incorrectly calling userinfo endpoint when valid empty groups provided. (#5101)
- Fixed image replacement being case-sensitive when it should not be. Thanks to @DanielGordonIT. (#5096) (#5095)
- Fixed HTML code block highlighting when custom self-closing tags are used. (#5078)
- Fixed testing when custom ALLOWED_IFRAME_SOURCES is set. Thanks to @mueller-contria. (#5069) (#5068)
v24.05.3-ls160
LinuxServer Changes:
Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
- Updated translations with latest Crowdin changes. (#5065)
- Updated callouts with LTR text handling where supported. (#5104)
- Updated project PHP and JavaScript dependencies.
- Fixed blocked diagrams.net loading when using a custom URL that includes a port. (#5107)
- Fixed OIDC incorrectly calling userinfo endpoint when valid empty groups provided. (#5101)
- Fixed image replacement being case-sensitive when it should not be. Thanks to @DanielGordonIT. (#5096) (#5095)
- Fixed HTML code block highlighting when custom self-closing tags are used. (#5078)
- Fixed testing when custom ALLOWED_IFRAME_SOURCES is set. Thanks to @mueller-contria. (#5069) (#5068)
v24.05.3-ls159
LinuxServer Changes:
Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
- Updated translations with latest Crowdin changes. (#5065)
- Updated callouts with LTR text handling where supported. (#5104)
- Updated project PHP and JavaScript dependencies.
- Fixed blocked diagrams.net loading when using a custom URL that includes a port. (#5107)
- Fixed OIDC incorrectly calling userinfo endpoint when valid empty groups provided. (#5101)
- Fixed image replacement being case-sensitive when it should not be. Thanks to @DanielGordonIT. (#5096) (#5095)
- Fixed HTML code block highlighting when custom self-closing tags are used. (#5078)
- Fixed testing when custom ALLOWED_IFRAME_SOURCES is set. Thanks to @mueller-contria. (#5069) (#5068)
v24.05.3-ls158
LinuxServer Changes:
Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
- Updated translations with latest Crowdin changes. (#5065)
- Updated callouts with LTR text handling where supported. (#5104)
- Updated project PHP and JavaScript dependencies.
- Fixed blocked diagrams.net loading when using a custom URL that includes a port. (#5107)
- Fixed OIDC incorrectly calling userinfo endpoint when valid empty groups provided. (#5101)
- Fixed image replacement being case-sensitive when it should not be. Thanks to @DanielGordonIT. (#5096) (#5095)
- Fixed HTML code block highlighting when custom self-closing tags are used. (#5078)
- Fixed testing when custom ALLOWED_IFRAME_SOURCES is set. Thanks to @mueller-contria. (#5069) (#5068)
v24.05.3-ls157
LinuxServer Changes:
Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
- Updated translations with latest Crowdin changes. (#5065)
- Updated callouts with LTR text handling where supported. (#5104)
- Updated project PHP and JavaScript dependencies.
- Fixed blocked diagrams.net loading when using a custom URL that includes a port. (#5107)
- Fixed OIDC incorrectly calling userinfo endpoint when valid empty groups provided. (#5101)
- Fixed image replacement being case-sensitive when it should not be. Thanks to @DanielGordonIT. (#5096) (#5095)
- Fixed HTML code block highlighting when custom self-closing tags are used. (#5078)
- Fixed testing when custom ALLOWED_IFRAME_SOURCES is set. Thanks to @mueller-contria. (#5069) (#5068)
v24.05.3-ls156
LinuxServer Changes:
Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
- Updated translations with latest Crowdin changes. (#5065)
- Updated callouts with LTR text handling where supported. (#5104)
- Updated project PHP and JavaScript dependencies.
- Fixed blocked diagrams.net loading when using a custom URL that includes a port. (#5107)
- Fixed OIDC incorrectly calling userinfo endpoint when valid empty groups provided. (#5101)
- Fixed image replacement being case-sensitive when it should not be. Thanks to @DanielGordonIT. (#5096) (#5095)
- Fixed HTML code block highlighting when custom self-closing tags are used. (#5078)
- Fixed testing when custom ALLOWED_IFRAME_SOURCES is set. Thanks to @mueller-contria. (#5069) (#5068)
v24.05.3-ls155
LinuxServer Changes:
Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
- Updated translations with latest Crowdin changes. (#5065)
- Updated callouts with LTR text handling where supported. (#5104)
- Updated project PHP and JavaScript dependencies.
- Fixed blocked diagrams.net loading when using a custom URL that includes a port. (#5107)
- Fixed OIDC incorrectly calling userinfo endpoint when valid empty groups provided. (#5101)
- Fixed image replacement being case-sensitive when it should not be. Thanks to @DanielGordonIT. (#5096) (#5095)
- Fixed HTML code block highlighting when custom self-closing tags are used. (#5078)
- Fixed testing when custom ALLOWED_IFRAME_SOURCES is set. Thanks to @mueller-contria. (#5069) (#5068)