BookStack Security Release v21.12.1

BookStack v21.12.1 has been released. This is a security release that better enforces permissions on book-sort & chapter-move operations to address scenarios where content could be moved to non-permissible locations.

It’s advised to upgrade as soon as possible if untrusted users can update books or chapters in your BookStack instance.

Thanks again to @haxatron for discovering and reporting this vulnerability via

Full List of Changes

  • Added timeout and debugging statuses to webhooks. (#3139)
  • Added new webhook_call_before logical theme system event hook. (#3138)
  • Updated support for APNG images to retain animation. (#3136)
  • Updated book sort and chapter move handling to enforce more permissions. (#3134)
  • Updated item-search/select box to autofocus on search field. (#3127)
  • Updated webhooks to not stop application on endpoint call failure. (#3122)
  • Updated translations with latest Crowdin changes. (#3117)
  • Fixed webhooks list view issue where columns would become to narrow. (#3135)
  • Fixed linked images showing small in PDF export. (#3120)
  • Fixed issue where pasting certain code blocks would cause erratic editor behavior. (#3133)

For More Information

If you have any questions or comments about this advisory:

Header Image Credits: Photo by Jornada Produtora on Unsplash