BookStack v0.25.3 Release NotesRelease Date: 2019-03-21 // about 3 years ago
🚀 This release patches a security vulnerability that allowed PHP files to be uploaded via image upload endpoints. The PHP files could then be called externally to perform malicious activity.
This is particularly an issue in environments where untrusted users have the necessary permissions to upload images.
⚡️ Please consider that malicious exploitation of this vulnerability may have allowed access to other files on your server that the PHP process has access to, Including your BookStack
.envfile, so consider updating any passwords or keys if you think this had a possibility of being exploited on your instance.
⚡️ It is advised you update your BookStack instance as soon as possible.