BookStack v0.26.4 Release Notes
Release Date: 2019-08-06 // over 4 years ago-
Security Release
🚀 The release enhances the security of BookStack in a few different areas:
- ⚡️ Updated user profile behaviour so that users cannot change their email address unless they have permission to manage users. This is to prevent a user acting as an imposter, changing their email to one they don't own. Thanks to @Irrational-NX for raising.
- 👌 Improved the script escaping logic that was enhanced in the previous release, by also checking for iframes using javascript or data urls. Thanks again to @billford for raising this issue. (#1531)
- ⚡️ Updated the provided, and added an additional,
.htaccess
file to prevent apache indexes from listing image directories. Thanks to @davidtessier for raising.