Releases: linuxserver/docker-bookstack
v0.25.4-pkg-285ed901-ls36
LinuxServer Changes:
Switching to new Base images, shift to arm32v7 tag.
bookstack Changes:
Security Release
This release patches a security vulnerability that allowed PHP files, using a non-.php extension, to be uploaded via image upload endpoints. The PHP files could then be called externally to perform malicious activity.
This is a continuation upon the security updates enforced in v0.25.3. Please see that release for further information on this kind of vulnerability.
This update applies a whitelist to file extensions for uploaded images to ensure php-like files, such as .phtml or .php3, cannot exploit web servers that execute such files.
v0.25.4-pkg-a9e285e4-ls35
LinuxServer Changes:
Added php7-curl
bookstack Changes:
Security Release
This release patches a security vulnerability that allowed PHP files, using a non-.php extension, to be uploaded via image upload endpoints. The PHP files could then be called externally to perform malicious activity.
This is a continuation upon the security updates enforced in v0.25.3. Please see that release for further information on this kind of vulnerability.
This update applies a whitelist to file extensions for uploaded images to ensure php-like files, such as .phtml or .php3, cannot exploit web servers that execute such files.
v0.25.3-pkg-a9e285e4-ls35
LinuxServer Changes:
Added php7-curl
bookstack Changes:
Security Release
This release patches a security vulnerability that allowed PHP files to be uploaded via image upload endpoints. The PHP files could then be called externally to perform malicious activity.
This is particularly an issue in environments where untrusted users have the necessary permissions to upload images.
Please consider that malicious exploitation of this vulnerability may have allowed access to other files on your server that the PHP process has access to, Including your BookStack .env file, so consider updating any passwords or keys if you think this had a possibility of being exploited on your instance.
It is advised you update your BookStack instance as soon as possible.
v0.25.2-pkg-a9e285e4-ls35
LinuxServer Changes:
Added php7-curl
bookstack Changes:
This release contains the following fixes and changes:
- Added PowerShell code highlighting to code blocks. Thanks to @christophert. (#1263, #1040)
- Added LUA code highlighting to code blocks. (#1223)
- Added LDAP option to set a custom "Display Name" property. Thanks to @dfanara. (#1317, #1306)
- Added possibility to set a password for Redis connections. (#1283)
- Updated front-end file upload size limit to be configurable. (#1293)
- Updated Dutch translations for the password hint. Thanks to @maantje. (#1314)
- Updated image paste/drop uploads to properly set page relations so image permissions are active. (#1287)
- Updated German translations to include translations for shelves. Thanks to @Xiphoseer. (#1272)
- Updated permissions checked for "Page Copy" function to be more accurate to what permissions are actually required. Thanks to @mark-james. (#1202, #1199)
- Updated permissions checked for the "Shelves" header item to be visible. Now takes into account custom shelve-level permissions. (#1201)
- Fixed bug where using alignment properties could break tables. (#1284)
- Fixed issue where default system language would not be reflected when viewing another user's profile. (#1316)
- Fixed issue where image-manager tooltips could be cut-off. Thanks to @Abijeet. (#1238, #1186)
v0.25.1-pkg-c12c953d-ls34
LinuxServer Changes:
Added php7-curl
bookstack Changes:
This release contains the following fixes and changes:
- Updated revision listing so dates can show localised if the relevant locale is installed on the host system. (#1214)
- Added support for s3 compatible storage services such as Minio. (#1195, #1192)
- Updated Google authentication to not use Google+ API. (#1190)
- Fixed "Rubber banding" effect when scrolling in certain conditions when comments were disabled. (#1218)
- Fixed isssue causing only show a single page to show when using Firefox's print option. (#1211)
v0.25.1-pkg-c12c953d-ls33
LinuxServer Changes:
Bot Updating Templated Files
bookstack Changes:
This release contains the following fixes and changes:
- Updated revision listing so dates can show localised if the relevant locale is installed on the host system. (#1214)
- Added support for s3 compatible storage services such as Minio. (#1195, #1192)
- Updated Google authentication to not use Google+ API. (#1190)
- Fixed "Rubber banding" effect when scrolling in certain conditions when comments were disabled. (#1218)
- Fixed isssue causing only show a single page to show when using Firefox's print option. (#1211)
v0.25.1-pkg-c12c953d-ls32
LinuxServer Changes:
Bot Updating Package Versions
bookstack Changes:
This release contains the following fixes and changes:
- Updated revision listing so dates can show localised if the relevant locale is installed on the host system. (#1214)
- Added support for s3 compatible storage services such as Minio. (#1195, #1192)
- Updated Google authentication to not use Google+ API. (#1190)
- Fixed "Rubber banding" effect when scrolling in certain conditions when comments were disabled. (#1218)
- Fixed isssue causing only show a single page to show when using Firefox's print option. (#1211)
v0.25.1-pkg-6b97d2ce-ls31
LinuxServer Changes:
Bot Updating Templated Files
bookstack Changes:
This release contains the following fixes and changes:
- Updated revision listing so dates can show localised if the relevant locale is installed on the host system. (#1214)
- Added support for s3 compatible storage services such as Minio. (#1195, #1192)
- Updated Google authentication to not use Google+ API. (#1190)
- Fixed "Rubber banding" effect when scrolling in certain conditions when comments were disabled. (#1218)
- Fixed isssue causing only show a single page to show when using Firefox's print option. (#1211)
v0.25.1-pkg-6b97d2ce-ls30
LinuxServer Changes:
Bot Updating Package Versions
bookstack Changes:
This release contains the following fixes and changes:
- Updated revision listing so dates can show localised if the relevant locale is installed on the host system. (#1214)
- Added support for s3 compatible storage services such as Minio. (#1195, #1192)
- Updated Google authentication to not use Google+ API. (#1190)
- Fixed "Rubber banding" effect when scrolling in certain conditions when comments were disabled. (#1218)
- Fixed isssue causing only show a single page to show when using Firefox's print option. (#1211)
v0.25.1-pkg-61b91e6f-ls29
LinuxServer Changes:
Bot Updating Package Versions
bookstack Changes:
This release contains the following fixes and changes:
- Updated revision listing so dates can show localised if the relevant locale is installed on the host system. (#1214)
- Added support for s3 compatible storage services such as Minio. (#1195, #1192)
- Updated Google authentication to not use Google+ API. (#1190)
- Fixed "Rubber banding" effect when scrolling in certain conditions when comments were disabled. (#1218)
- Fixed isssue causing only show a single page to show when using Firefox's print option. (#1211)