Beta Security Release v0.31.4
Dan Brown posted on the 16th of January 2021
BookStack v0.31.4 has been released. This security release updates the Laravel framework version, due to a vulnerability that could occur if request data was crafted and then used in a certain way. While it is not known if such a case exists in BookStack, this release updates the framework as a pre-emptive measure.
Markdown editing in v0.31
In addition to this security release, A range of patch releases (v0.31.1, v0.31.2 & v0.31.3) have been made available recently which largely covers issues in how markdown content is rendered upon save. In BookStack v0.31 I changed the way we render markdown content so it’s done server-side upon save. This was done so that markdown could be used via the API and to prepare for future changes. These patch releases have worked to better align the abilities of the new back-end renderer and the existing front-end renderer, that you see as a preview when editing a page.
For more information
If you have any questions or comments about this advisory:
- Open an issue in the BookStack GitHub repository.
- Ask on the BookStack Discord chat.
- Follow the BookStack Security Advice to contact someone privately.