Skip to content

BookStack v21.10.1

Choose a tag to compare

View all tags
@ssddanbrown ssddanbrown released this 27 Oct 11:39
v21.10.1
This tag was signed with the committer’s verified signature.
ssddanbrown Dan Brown
GPG key ID: 46D9F943C24A2EF9
Verified
Learn about vigilant mode.
91f8012
This commit was signed with the committer’s verified signature.
ssddanbrown Dan Brown
GPG key ID: 46D9F943C24A2EF9
Verified
Learn about vigilant mode.

Security Release

BookStack v21.10.1 has been released. This is a security release that covers a vulnerability
which would allow malicious users, who have permission to update or create pages, to upload
content that could then be utilized for phishing or other general malicious intent.

If you allow untrusted users to edit page content you should update as soon as possible.

Full List of Changes

  • Fixed image upload vulnerability. Thanks to @Haxatron (#3010)
  • Fixed capitalization for Estonian language option. Thanks to @IndrekHaav. (#3008)
  • Updated PHP packages to prevent abandoned warning. (#3007)
  • Updated translations with latest changes from Crowdin. (#3006)

Contributors

Haxatron
Assets 2
Loading