BookStack latest version

« Changelog History

BookStack v0.30.5 Release Notes

• 🚀 Security Release

  • ⚡️ Update Instructions
  • 🔒 Vulnerability Report: Server Side Request Forgery Through Content Exports
  • 🚀 Update details on blog

  🚀 Phishing and and server-side request forgery vulnerabilities have been found within BookStack. Release v0.30.5 will remove this server-side request forgery issue while bringing updated wording and advisories to prevent the potential phishing vulnerability. You should ensure you've set the APP_URL option in your .env file to prevent likelihood of the phishing attack. Please view the above report or blogpost links for more detail.

Previous changes from v0.30.4

• 🚀 Security Release

  • ⚡️ Update Instructions
  • Vulnerability Reports:
    • Cross-Site Scripting and Redirects Through Page Content
    • Cross-Site Scripting Through Link Attachments
  • 🚀 Update details on blog

  🚀 This release addresses XSS and user-injected auto-redirect vulnerabilities within the page content & attachment components of BookStack. These are primarily a concern if untrusted users can edit content on your BookStack instance. Please view the above report or blogpost links for more detail.

• All Versions
• Previous v0.30.4