BookStack Versions Save

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Updated view-only code block line highlighting to only show on focus. (#4254)
• Updated System CLI. (#4252)
  • Fixed issues regarding symlinked folders for backup and restore.
  • Fixed incorrect app directory searching.
• Updated image/attachment file upload buttons to allow selection of mulitple files. (#4241)
• Updated translations with latest Crowdin changes. (#4239)
• Updated attachment drag handling so they can be dragged via their name/link. (#591)

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Updated system CLI. (#4229)
  • Fixed wrong env details being used on restore.
  • Updated update-url on restore to actually work.
  • Added better support for symlink-ed locations.
  • Added warning against updating in docker-like (non git controlled) environments.
• Updated "update-url" command to allow running non-interactively. (#4223)
• Updated translations with latest Crowdin changes. (#4211)
• Updated WYSWIYG code editor focus handling to more accurately return to editor. (#4109)
• Fixed code block formatting in print/export views. (#4215)
• Fixed extra spacing being added around horizontal rules within collapsible blocks within the WYSIWYG editor. (#3963)
• Fixed "Custom HTML Head Content" style blocks not being used for code blocks within the WYSWIYG editor. (#4228)
• Fixed UI shortcuts being incorrectly active within code blocks. (#4227)

Links

• Release video overview
• Update instructions
• Update details on blog

Upgrade Notices

• Page Include Tags - Nesting is now allowed for include tags, up to 3 levels of depth. You may now see more content loaded for pages which previously had unparsed nested include tags.
• SAML2 - Single LogOut (SLO) requests will now include a "session_index" for the current user. This technically brings BookStack's implementation closer to the spec, and is not expected to cause issues, but if using SLO it may be wise to check your identity provider behavior remains the same as before during logout.
• Custom Code Block Themes - Due to a change of library, the method of defining custom codeblock themes has significantly changed, and "window.CodeTheme" code is no longer used. Refer to our "Changing Code Block Themes" documentation for further information.
• Editor Event - editor-markdown::setup - This event no longer contains "codeMirrorInstance" in the event data. It instead has a "cmEditorView" property. See the event docs for more details.
• Editor Event - editor-markdown-cm::pre-init - This event has been renamed to "editor-markdown-cm6::pre-init" and no longer contains "config" in the event data. It instead has a "editorViewConfig" property. See the event docs for more details.
• Upload Timeouts - The use of "window.uploadTimeout" has been removed as a way to control upload timeouts. This would previously only be used in certain cases. Instead, if required, timeouts can usually be enforced at the web-server level.

Full List of Changes

• Added system CLI for admin operations. (#4206, #3149)
• Added image gallery API Endpoints. (#4103)
• Added content permission API endpoints. (#2702, #4099)
• Added new logical theme event to customize OIDC ID token data. (#4200)
• Added Clojure syntax highlighting for code blocks. (#4112)
• Added option to disable SSL verification with SMTP email sending. Thanks to @vincentbernat. (#4126, #3166)
• Added support for three-levels of nested include tags. Thanks to @jasonF1000. (#4192, #2845)
• Added detailed documentation for public JS events. (#4179)
• Added standard JS codebase formatting via ESLint. (#4181, #4180)
• Updated code blocks & markdown editor to CodeMirror 6. (#3617, #3518)
• Updated file upload handling for images and attachments. (#4193)
• Updated SAML2 SLO requests to include a session index. (#3936)
• Updated translations with latest Crowdin changes. (#4163)
• Fixed audit log type filter leading to wrong location. (#4201)
• Fixed large videos within content escaping content area. Thanks to @chopin2712. (#4204)
• Fixed missing WKHTMLTOPDF in .env.example.complete file. Thanks to @7nohe. (#4145)
• Fixed not being able to search for terms containing backslashes . Thanks to @esakkiraja100116. (#4202, #4175)
• Fixed timestamp in API docs example chapter response. Thanks to @tigsikram. (#4191)

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Fixed issue where user delete fails when no "migration" user is selected. (#4162)
• Fixed tag selection via mouse on Safari. (#4139)
• Updated translations with latest Crowdin changes. (#4131)

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Fixed role deletion failing when submitting with empty migration role. (#4128)
• Fixed ownership migration upon user delete not working. (#4124)
• Updated translations with latest Crowdin changes. (#4074)

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Fixed an issue with language loading in certain scenarios. (#4068)
• Updated translations with latest Crowdin changes. (#4066)

Links

• Release video overview
• Update instructions
• Update details on blog

Upgrade Notices

• PHP Version Requirement Change - The minimum supported PHP version has changed from PHP 7.4 to PHP 8.0.2 in this release. Please see the v23.02 version-specific update instructions for guidance on updating PHP.
• Logical Theme System Event Change - The commonmark_environment_configure event argument and return types have changed. Please see the event definition to understand the new types if using this logical theme system event.

Full List of Changes

• Added user roles API endpoints. (#4051, #4034)
• Added configuration option for the sendmail command. (#4001)
• Added sort actions and accessible controls to the shelf book management interface. (#4049, #4031, #2050)
• Updated framework to Laravel 9. (#4021, #3123)
• Updated project minimum supported PHP version from 7.4 to 8.0.2. (#4029)
• Updated the URL length limit for link attachments to 2k characters. (#4044)
• Updated app icon handling to generate favicon.ico file where possible. (#4032)
• Updated setting loading to be more efficient. (#4062)
• Updated test handling with cleaner centralized filed/image handling. (#3995)
• Updated translations with latest Crowdin changes. (#4025)
• Fixed issue where uploaded images would not show in the gallery for draft pages. (#4028)
• Fixed issue with increasing WYSIWYG editor lag as pages grow. (#3981)
• Fixed potential pluralization issues in some languages. (#4040)
• Fixed slow response time when saving page due to URL parsing and handling. (#3932)

Security Release

• Update Instructions
• Update details on blog

This is a security release that addresses a potential vulnerability in PDF generation that could be used to make server-side requests or run potential other PHP code.

Upgrade is advised where untrusted users have permission to create page content in your instance.

From testing, it appears that successful exploitation of this would require either the disabling of BookStack default security options, or access to the host machine system, but out of caution we're advising upgrade in any environment as specified above.

Full List of Changes

• Updated pdf library to address vulnerability. (#4010)
• Updated translations with latest Crowdin changes. (#4008)
• Fixed missing default 180px icon. (#4006)

Links

• Release video overview
• Update instructions
• Update details on blog

Upgrade Notices

• Permission Changes - There have been changes to the permission system which can affect how permissions apply and therefore could lead to changes in provided abilities upon upgrade. This is only really relevant to complex permission scenarios that have only been possible since BookStack v22.10. Please see the Permission System Changes section below for more details on this.
• Database Upgrade Time - Changes to the permission system have required permissions to be regenerated upon upgrade. Due to this, the php artisan migrate upgrade step may take extra time to run, especially where there are a lot of content and/or roles in the system.

Full List of Changes

• Added ability to control app icon (favicon) via settings. (#3994, #3929, #301)
• Added ability to set separate colors for dark mode. (#2314, #4002)
• Added ability to set separate colors for primary color and links. (#3910, #4002)
• Added accessible controls to book sorting & improved user experience. (#3999, #3987)
• Added Scheme code highlight support. (#3954)
• Added SQL variant code highlighting support. (#3942)
• Added ability to configure an ID claim for OIDC. (#3914)
• Updated permission handling to be better defined and predictable. (#3986)
• Updated tag handling to show new row earlier. (#3931)
• Updated translations with latest Crowdin changes. (#3925)
• Updated codebase to address a range of PHP deprecations. (#3969)
• Updated internal testing to run OIDC tests faster. (#3985)
• Fixed header search results preview not being clickable in Safari. (#3926)
• Fixed informal German not receiving correct pluralisation. (#3976)
• Fixed lack of drawing access leading to infinite loading. (#3955)
• Fixed user image id existing after user avatar removal. (#3977)

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Added smarty and twig template code language support. Thanks to @jhit. (#3879)
• Updated translations with latest Crowdin changes. (#3881)
• Fixed global search focus issue with arrow keys. (#3920)
• Fixed lack of scroll in editor sidebar views. (#2887)
• Fixed not being able to remove all user roles. (#3922)