BookStack v0.26.0 Release Notes

Release Date: 2019-05-06 // about 3 years ago
  • ๐Ÿ”— Links

    โฌ†๏ธ Upgrade Notes

    ๐Ÿ‘ Internet Explorer Support - IE11 Support has now been dropped. We may support any critical issues for view-only scenarios otherwise please use a modern browser.

    ๐ŸŒ Translations - Since many interfaces and lines of text have been updated, It may take a little while for some translations to catch-up. Expect to see more English text than usual if you're using a non-English language option.

    Images - Due to changes how images are handled, as detailed below, some types of images may become inaccessible. Old logo images will be deleted when changed. Unused Book/Shelf cover images & User profile images will be become inaccessible after the update so you may want to delete them before upgrade.

    ๐Ÿ”’ Security - On previous versions of BookStack it was possible for users to insert JavaScript via the Markdown editor using on* html attributes. These will now be removed on page render unless you have set ALLOW_CONTENT_SCRIPTS=true. If untrusted users has access to your BookStack you may want to scan for <<space_char>>on in the HTML column of the pages table to identify any malicious intent.

    Full List of Changes

    • โšก๏ธ Updated the application design for better mobile functionality and improved general UX. (#1153)
    • โšก๏ธ Updated how profile, system & cover images are set & added extra permission checks on image actions. (#1410, #1307, #1128)
    • โž• Added the possibility to create a book directly within a shelf. Thanks to @cw1998. (#1366, #1260)
    • โž• Added sign-up link to login form and fixed differing name validation on sign-up. Thanks to @cw1998. (#1395, #1239)
    • โž• Added code block syntax highlight for OCaml, Haskell, Rust. Thanks to @XVilka. (#1344)
    • โšก๏ธ Updated page content script escaping logic to strip inline JS event attributes. Thanks to @Xiphoseer for reporting.
    • โšก๏ธ Updated revision restore to require confirmation and changed the method from GET so it's less likely to be accidentally triggered. (#1321)
    • โšก๏ธ Updated shortcut used for markdown drawing manager to be cross-platform. (#1228)
    • โšก๏ธ Updated Swedish translations. Thanks to @Hambern. (#1417)
    • ๐Ÿ›  Fixed issue where duplicate ID's could sometimes break pages. (#1393)
    • ๐Ÿ›  Fixed issue where user role assignments were not remembered, for roles with a dot in the name, on validation failure. Thanks to @cw1998. (#1392, #1325)
    • ๐Ÿ›  Fixed issue where the port would be ignored if a full LDAP server URI was used. (#1386, #1278)
    • โฌ‡๏ธ Dropped IE11 support. (#1164)