Beta Security Release v0.31.4

Dan Brown posted on the 16th of January 2021

BookStack v0.31.4 has been released. This security release updates the Laravel framework version, due to a vulnerability that could occur if request data was crafted and then used in a certain way. While it is not known if such a case exists in BookStack, this release updates the framework as a pre-emptive measure.

Markdown editing in v0.31

In addition to this security release, A range of patch releases (v0.31.1, v0.31.2 & v0.31.3) have been made available recently which largely covers issues in how markdown content is rendered upon save. In BookStack v0.31 I changed the way we render markdown content so it’s done server-side upon save. This was done so that markdown could be used via the API and to prepare for future changes. These patch releases have worked to better align the abilities of the new back-end renderer and the existing front-end renderer, that you see as a preview when editing a page.

For more information

If you have any questions or comments about this advisory:

Open an issue in the BookStack GitHub repository.
Ask on the BookStack Discord chat.
Follow the BookStack Security Advice to contact someone privately.

Header Image Credits: Photo by Masaaki Komori on Unsplash

Want to let me know what you think of BookStack or this post?
You can find me on Mastodon @danb@fosstodon.org or on the BookStack Discord server.

Subscribe to Updates

There are two lists you can sign-up to for updates, A general news & updates list, sent on a weekly basis, and a security alerts list that's sent when new security updates are available.

News and Updates | Security Alerts