BookStack v0.25.0 Release Notes
Release Date: 2019-01-12 // over 5 years ago-
Security - During the release cycle for Version v0.25 it was found that page content includes could leak their content as preview text to users that donβt have permission to view the included content. Itβs recommended to re-save any pages that included other page content thatβs restricted to ensure included text is not shown in page preview text.
Requirements Change - Minimum required version of PHP has changed from 7.0.0 to 7.0.5.
π§ Configuration Change - The .env option
GRAVATAR_URL=falsehas been replaced byAVATAR_URL=false.- β‘οΈ Update instructions
- π Update details on blog
Full List of Changes
- β Added Ukrainian translations. Thanks to @Mant1kor. (#1183)
- β Added German informal translations. Thanks to @ezzra. (#1159, #890)
- π Updated Polish translations. Thanks to @vasiliev123. (#1180)
- β‘οΈ Updated Spanish translation formatting. Thanks to @moucho. (#1197)
- β Added proper escaping to LDAP authentication variables. (#1163)
- β Added anchor links to user profile sections and added "Register" to header for guest users. Thanks to @qianmengnet. (#1146)
- β Added configurable timeout for file & image uploads. Thanks to @Abijeet. (#1133, #876)
- β Added system to prevent the last admin from removing themselves as an admin. (#1124)
- β Added link to manage users in header if user has permission to do so but does not have permission to change system settings. Thanks to @cw1998. (#1119, #1110)
- β Added support for custom avatar provider. Thanks to @Vinrobot. (#1111)
- β Added option to disable LDAPS Certificate Validation. Thanks to @christophert. (#1065)
- β Added testing coverage to user avatar fetching. (#1193)
(#1096) - β‘οΈ Updated times in page exports to use absolute time formats instead of relative formats.
- β‘οΈ Updated "Move" operations so that "Delete" permissions are required on the item being moved. (#1200)
- β‘οΈ Updated page preview/search system to prevent leaks in included content when permissions are set on included content. (#1178)
- Re-enabled missing plaintext copies on system-generated emails. (#1182)
- π Improved 'SQL' code block highlighting. (#1181)
- Simplified ".env.example" file and created full example version. (#1205)
- π Fixed WYSIWYG editor issue that could reset cursor position on code block click. (#1162).