BookStack v0.30.5 Release Notes
Release Date: 2020-12-06 // over 3 years ago-
๐ Security Release
- โก๏ธ Update Instructions
- ๐ Vulnerability Report: Server Side Request Forgery Through Content Exports
- ๐ Update details on blog
๐ Phishing and and server-side request forgery vulnerabilities have been found within BookStack. Release v0.30.5 will remove this server-side request forgery issue while bringing updated wording and advisories to prevent the potential phishing vulnerability. You should ensure you've set the
APP_URLoption in your.envfile to prevent likelihood of the phishing attack. Please view the above report or blogpost links for more detail.
Previous changes from v0.30.4
-
๐ Security Release
- โก๏ธ Update Instructions
- Vulnerability Reports:
- ๐ Update details on blog
๐ This release addresses XSS and user-injected auto-redirect vulnerabilities within the page content & attachment components of BookStack. These are primarily a concern if untrusted users can edit content on your BookStack instance. Please view the above report or blogpost links for more detail.