A platform to create documentation/wiki content built with PHP & Laravel
This release contains the following fixes and changes:
This release contains the following fixes and changes:
This release contains the following fixes and changes:
AUTH_PRE_REGISTER
logical theme event. (#4833)BookStack v23.12.3 has been released. This is a security release that addresses a vulnerability in PDF generation that could be exploited to perform blind server-side-request forgery.
Upgrade is advised where untrusted users have permission to create/edit/update page content in your instance.
This was simply a follow-up of v23.10.3 to fix the app version number. Please refer to the v23.10.3 security release for details if updating from an earlier version.
This is a security release that addresses a vulnerability in image handling which could be exploited to perform server-side requests or read the contents of files on the server system. Additionally, this update addresses a lack of permission check in some image creation actions.
Upgrade is strongly advised where untrusted users have permission to create/edit/update page content in your instance.
Thanks to Carlos Bello from the Fluid Attacks Research Team for discovering and reporting this vulnerability.