Beta Security Release v0.29.3

BookStack v0.29.3 has been released to address an issue that could expose the names of private/restricted books.

Impact

The name of a restricted book could be viewed by non-authorised users when the book was on a shelf, and the shelves were viewed in “List View”. This could expose book names to those that did not have permission to see them, when part of a shelf.

Patches

This has been patched in version v0.29.3.

Workarounds

Please update otherwise you could temporarily change the name of any private books to remove any sensitive content.

References

Attribution

More Information

If you have any questions or comments about this advisory:


Header Image Credits:   unsplash-logoShogo Narita