BookStack v0.26.0 Release Notes
Release Date: 2019-05-06 // almost 5 years ago-
๐ Links
- โก๏ธ Update instructions
- ๐ Update details on blog
โฌ๏ธ Upgrade Notes
๐ Internet Explorer Support - IE11 Support has now been dropped. We may support any critical issues for view-only scenarios otherwise please use a modern browser.
๐ Translations - Since many interfaces and lines of text have been updated, It may take a little while for some translations to catch-up. Expect to see more English text than usual if you're using a non-English language option.
Images - Due to changes how images are handled, as detailed below, some types of images may become inaccessible. Old logo images will be deleted when changed. Unused Book/Shelf cover images & User profile images will be become inaccessible after the update so you may want to delete them before upgrade.
๐ Security - On previous versions of BookStack it was possible for users to insert JavaScript via the Markdown editor using
on*
html attributes. These will now be removed on page render unless you have setALLOW_CONTENT_SCRIPTS=true
. If untrusted users has access to your BookStack you may want to scan for<<space_char>>on
in the HTML column of the pages table to identify any malicious intent.Full List of Changes
- โก๏ธ Updated the application design for better mobile functionality and improved general UX. (#1153)
- โก๏ธ Updated how profile, system & cover images are set & added extra permission checks on image actions. (#1410, #1307, #1128)
- โ Added the possibility to create a book directly within a shelf. Thanks to @cw1998. (#1366, #1260)
- โ Added sign-up link to login form and fixed differing name validation on sign-up. Thanks to @cw1998. (#1395, #1239)
- โ Added code block syntax highlight for OCaml, Haskell, Rust. Thanks to @XVilka. (#1344)
- โก๏ธ Updated page content script escaping logic to strip inline JS event attributes. Thanks to @Xiphoseer for reporting.
- โก๏ธ Updated revision restore to require confirmation and changed the method from GET so it's less likely to be accidentally triggered. (#1321)
- โก๏ธ Updated shortcut used for markdown drawing manager to be cross-platform. (#1228)
- โก๏ธ Updated Swedish translations. Thanks to @Hambern. (#1417)
- ๐ Fixed issue where duplicate ID's could sometimes break pages. (#1393)
- ๐ Fixed issue where user role assignments were not remembered, for roles with a dot in the name, on validation failure. Thanks to @cw1998. (#1392, #1325)
- ๐ Fixed issue where the port would be ignored if a full LDAP server URI was used. (#1386, #1278)
- โฌ๏ธ Dropped IE11 support. (#1164)