A platform to create documentation/wiki content built with PHP & Laravel
php artisan migrate
upgrade step may take extra time to run, especially where there are a lot of content and/or roles in the system.This release contains the following fixes and changes:
No notices for this release
This release contains the following fixes and changes:
This release contains the following fixes and changes:
local_secure_restricted
image storage option. (#3693)This is a security release that adds additional filtering to page content to prevent certain cross-site-scripting techniques. These cross-site-scripting techniques would be already by blocked by BookStack's usage of Content-Security-Policy, but this change will help scenarios where BookStack content is used externally.
In addition, the API documentation has been updated with a section focused on content security to explain the security techniques BookStack uses by default, and to relay considerations for using BookStack content in an external system. The security page of our documentation has also been updated with such considerations:
https://www.bookstackapp.com/docs/admin/security/#using-content-externally
Upgrade is advised where BookStack content, accessible to edit by untrusted users, is used externally. Those using BookStack content externally (API-based app developers) should read the new documentation and add any advised protections as necessary.
Thanks to the "JPCERT/CC Vulnerability Coordination Group" contact and the original reporter, Kenichi Okuno of Mitsui Bussan Secure Directions, Inc, for disclosing their report of the relevant vulnerability scenarios.
This release contains the following fixes and changes: