Beta Security Release v0.30.7

In continuation of the patches in v0.30.6, BookStack v0.30.7 has been released to address an issue that could lead to restricted page content being made visible in exports. As with the last release, You should upgrade to this released as soon as possible if you make use of page-level permissions at all. Apologies for the frequency of security releases.


The content of pages made non-viewable to a user via permissions, within a visible parent, could be seen via the plaintext export option. Before v0.30.6 this would have applied only to scenarios where all pages within the chapter were made non-visible. In v0.30.6 this would make all pages within the chapter visible.


This has been patched in v0.30.7.


Please update. As a temporary workaround you could make parent chapters/books non accessible.



A big thanks again to @cdrfun for discovering and reporting this issue.

For more information

If you have any questions or comments about this advisory:

Header Image Credits: Photo by Aubrey Odom on Unsplash