BookStack v0.26.4 Release Notes

Release Date: 2019-08-06 // over 4 years ago
  • Security Release

    ⚡️ Update instructions

    🚀 The release enhances the security of BookStack in a few different areas:

    • ⚡️ Updated user profile behaviour so that users cannot change their email address unless they have permission to manage users. This is to prevent a user acting as an imposter, changing their email to one they don't own. Thanks to @Irrational-NX for raising.
    • 👌 Improved the script escaping logic that was enhanced in the previous release, by also checking for iframes using javascript or data urls. Thanks again to @billford for raising this issue. (#1531)
    • ⚡️ Updated the provided, and added an additional, .htaccess file to prevent apache indexes from listing image directories. Thanks to @davidtessier for raising.