BookStack Versions Save

A platform to create documentation/wiki content built with PHP & Laravel

v23.01

1 year ago

Upgrade Notices

  • Permission Changes - There have been changes to the permission system which can affect how permissions apply and therefore could lead to changes in provided abilities upon upgrade. This is only really relevant to complex permission scenarios that have only been possible since BookStack v22.10. Please see the Permission System Changes section below for more details on this.
  • Database Upgrade Time - Changes to the permission system have required permissions to be regenerated upon upgrade. Due to this, the php artisan migrate upgrade step may take extra time to run, especially where there are a lot of content and/or roles in the system.

Full List of Changes

  • Added ability to control app icon (favicon) via settings. (#3994, #3929, #301)
  • Added ability to set separate colors for dark mode. (#2314, #4002)
  • Added ability to set separate colors for primary color and links. (#3910, #4002)
  • Added accessible controls to book sorting & improved user experience. (#3999, #3987)
  • Added Scheme code highlight support. (#3954)
  • Added SQL variant code highlighting support. (#3942)
  • Added ability to configure an ID claim for OIDC. (#3914)
  • Updated permission handling to be better defined and predictable. (#3986)
  • Updated tag handling to show new row earlier. (#3931)
  • Updated translations with latest Crowdin changes. (#3925)
  • Updated codebase to address a range of PHP deprecations. (#3969)
  • Updated internal testing to run OIDC tests faster. (#3985)
  • Fixed header search results preview not being clickable in Safari. (#3926)
  • Fixed informal German not receiving correct pluralisation. (#3976)
  • Fixed lack of drawing access leading to infinite loading. (#3955)
  • Fixed user image id existing after user avatar removal. (#3977)

v22.11.1

1 year ago

Full List of Changes

This release contains the following fixes and changes:

  • Added smarty and twig template code language support. Thanks to @jhit. (#3879)
  • Updated translations with latest Crowdin changes. (#3881)
  • Fixed global search focus issue with arrow keys. (#3920)
  • Fixed lack of scroll in editor sidebar views. (#2887)
  • Fixed not being able to remove all user roles. (#3922)

v22.11

1 year ago

Upgrade Notices

No notices for this release

Full List of Changes

  • Added user interface shortcuts system. (#3830, #1216)
  • Added global search live preview. (#3850)
  • Added markdown preview pane resize/hide/sync controls. (#2215)
  • Added Dart/Flutter support for code blocks & editor. (#3808)
  • Added Swift language support for code blocks & editor. (#3847)
  • Added login/register message partials for easier use via theme system. (#3848, #608)
  • Added Georgian Language support on Crowdin. (#3823)
  • Updated all interface tabular list views to new format with added functionality. (#3821)
  • Updated markdown codebase to be modular and tidied some styles. (#3875)
  • Updated dark mode styles with fixes and browser color scheme support. (#3878)
  • Updated email confirmation routes to be confirmed via POST. (#3797)
  • Updated JavaScript usage to align on single cleaned-up component system. (#3853)
  • Updated our testing process to ensure PHP8.2 Support. (#3852)
  • Updated tests to cover issue of permission regeneration with chapter in the recycle bin. (#3796)
  • Updated translations with latest Crowdin changes. (#3828)
  • Fixed app logo not being stored for public access when using "local_secure_restricted" images. (#3827)
  • Fixed missing translations for some editor elements. (#3822)
  • Fixed OIDC JWKs parsing when "use" property missing on keys. (#3869)

v22.10.2

1 year ago

Full List of Changes

This release contains the following fixes and changes:

  • Updated translations with latest changes from Crowdin (#3791).

v22.10.1

1 year ago

Full List of Changes

This release contains the following fixes and changes:

  • Fixes issue with generation permissions where a chapter is in the recycle bin. (commit)

v22.10

1 year ago

Upgrade Notices

  • Permission Management Changes - The interface and logic for managing shelf, book, chapter & page permissions has changed significantly in this release. The following should be noted:
    • Content permissions that were not active (where the "Enable Custom Permissions" checkbox was unchecked) will be removed upon upgrade to v22.10.
    • Content permission role entries, that had no permissions provided, will not be reflected/shown as a row in the permissions interface immediately upon upgrade. Instead such cases will be reflected via the "Everyone Else" permission entry being active, in a non-inheriting state, with no permissions set.
    • There should be no functional change to active permissions upon upgrade. Care has been taken to ensure existing permissions are migrated so that access control remains the same as pre-upgrade.

Full List of Changes

  • Added Greek language. (#3732)
  • Added MATLAB code syntax highlighting. (#3744)
  • Added toolbar for code blocks in WYSIWYG editor to make mobile editing possible. (#2815)
  • Updated content permissions interface & logic to allow more selective/intuitive control. (#3760)
  • Update WYSIWYG table toolbar icons to be a little more legible. (#3397)
  • Updated auth controller components to not depend on older Laravel library. (#3745, #3627)
  • Updated book copy behaviour to copy book-shelf relations if permissions allow. (#3699)
  • Updated books-read API endpoint to list child book/chapter tree. (#3734)
  • Updated list style handling to align deeply nested list styling in & out of editor. (#3685)
  • Updated shelf book management for easier touch device usage. (#2301)
  • Updated tag suggestions to provide more accurate results. (#3720)
  • Updated testing to support parallel running. (#3751)
  • Updated tests to align/clean-up certain common actions. (#3757)
  • Updated translations with latest Crowdin changes. (#3737)
  • Fixed custom code block theme not used within the WYSIWYG editor. (#3753)
  • Fixed issue where revision delete control would show to those without permission. (#3723)
  • Fixed justified text not applying to list content. (#3750)
  • Fixed not being able to deselect "Created/Update by me" search options. Thanks to @Wertisdk. (#3770, #3762)
  • Fixed page popover being hidden behind content in chromium-based browsers. (#3774)
  • Fixed SAML2 metadata display depending on external IDP metadata page. (#2480)
  • Fixed squashing of columns in users list. (#3787)

v22.09.1

1 year ago

Full List of Changes

This release contains the following fixes and changes:

  • Added PHPCS for project PHP formatting. (#3728)
  • Updated SAML error handling to display additional error detail. (#3731)
  • Updated translations with latest Crowdin updates. (#3710)
  • Updated locale setting to help apply right locale on Windows. (#3650)

v22.09

1 year ago

Upgrade Notices

  • Security - This release cycle contained a security release that added detail that's important to consider when BookStack content is used externally. See the v22.07.3 post for more detail.
  • Revision Visibility - This update fixes a permission disparity with revisions. Revision content has always been accessible to those with page-view permissions, but the links to the revisions list previously required page-edit permission to show. This has been aligned, which may mean page revision links may now show to those that did not previously see them.
  • Revision Limit Change - The default, per-page, revision limit has been doubled from 50 to 100, to account for new system-content updates that may occur. If desired, you can configure this to a custom value.
  • Reference Index - New features have been added to track links between content in BookStack, which uses an internal reference index. Upon upgrade from an older BookStack version, this index will need to be rebuilt. This can be done with the "Regenerate References" command or via the "Regenerate References" maintenance action within BookStack.

Full List of Changes

  • Added cross-item link reference tracking & updating. (#3656, #3683, #1969)
  • Added OIDC group sync functionality. (#3616, #3004)
  • Added reference view to shelves, chapters, books & pages. (#2864)
  • Added new local_secure_restricted image storage option. (#3693)
  • Added "page_include_parse" theme event. (#3698)
  • Updated API docs to add detail for the request format. (#3652)
  • Updated revision link visibility to show to users. (#2946)
  • Updated shelf naming to be consistent across system. (#3553)
  • Updated translations with latest Crowdin changes. (#3643, #3701)
  • Updated role edit/create form with clarification upon image access permissions. (#3688)
  • Fixed dates not using the correct encoding on some systems. (#3590)
  • Fixed image delete button showing to those without permission to delete. (#3697)
  • Fixed incorrect comment counts on Chinese language options. (#3554)
  • Fixed list indentation when next to floated images. (#3672)
  • Fixed various RTL text interface issues. (#3702)
  • Fixed WYSIWYG drawing update not triggering draft save. (#3682)
  • Fixed some additional SVG-based script cases not being filtered. (#3705)

v22.07.3

1 year ago

Security Release

This is a security release that adds additional filtering to page content to prevent certain cross-site-scripting techniques. These cross-site-scripting techniques would be already by blocked by BookStack's usage of Content-Security-Policy, but this change will help scenarios where BookStack content is used externally.

In addition, the API documentation has been updated with a section focused on content security to explain the security techniques BookStack uses by default, and to relay considerations for using BookStack content in an external system. The security page of our documentation has also been updated with such considerations:

https://www.bookstackapp.com/docs/admin/security/#using-content-externally

Upgrade is advised where BookStack content, accessible to edit by untrusted users, is used externally. Those using BookStack content externally (API-based app developers) should read the new documentation and add any advised protections as necessary.

Thanks to the "JPCERT/CC Vulnerability Coordination Group" contact and the original reporter, Kenichi Okuno of Mitsui Bussan Secure Directions, Inc, for disclosing their report of the relevant vulnerability scenarios.

Full List of Changes

  • Added API documentation section to advise of content security. (#3636)
  • Updated Persian translations. Thanks to @samadha56. (#3639)
  • Updated code block rendering to help prevent blank blocks on fresh cache. (#3637)
  • Updated HTML filtering to prevent SVG animate case. (#3636)
  • Updated translations with latest changes from Crowdin. (#3635)
  • Updated revision list view to help prevent system memory exhaustion. (#3633)
  • Fixed issue with permission checking prevent certain actions where permission should have allowed. (#3632)

v22.07.2

1 year ago

Full List of Changes

This release contains the following fixes and changes:

  • Added body-start/end partials to export template, for easier export customization via the visual theme system. (#3630)
  • Added activity recording for revision delete/restore. (#3628)
  • Updated translations with latest changes from Crowdin. (#3625)
  • Updated user validation with sensible limit to name input. (#3614)
  • Fixed issue where activity type could not be selected in the audit log. (#3623)
  • Fixed possibility of breaking page load due to bad user language input. (#3615)