Releases

Today we have the May 2025 release of BookStack. The headline features of this new version are focused on new comment abilities but we have some other goodies packaged in also!

Today we release BookStack v25.02! This aimed to be a maintenance release with the primary goal of upgrading our core framework, but it grew a little to include some goodies like automatic sorting, theme system additions, and editor improvements.

For this Christmas time period we have BookStack v24.12 which includes the gift of a new import & export format, while improving upon the new editor introduced in the last release.

BookStack v24.10.2 has been released.

This is a security release to address a vulnerability in our dependencies where specifically formatted requests could be used to manipulate application configuration in environments where a certain PHP option (register_argc_argv) is enabled. This is not an option that’s typically enabled in production web-serving environments, but it’s advised to update where uncertain.

This laggard of a release finally lingers to deployment this day in October bringing the first alpha-state inclusion of the new WYSIWYG editor, which has been the main development focus, but that doesn’t stop a few other goodies being included for this release too!

BookStack v24.05.4 has been released.

This is a security release to address issues found in LDAP group syncing, where in certain scenarios a user could be matched to extra roles incorrectly, and an issue with content visibility in “book-show” API responses which would not have permissions applied properly.

BookStack v24.05.1 has been released. This is a security release that adds extra rate-limiting to some forms that are accessible without authentication, while also implementing changes to prevent methods that could be used to indicate if specific user emails exist in the system.

Today we release a new BookStack feature update that’s mainly focused on updating the core underlying framework and some accompanying code, but that work comes with a sprinkling of extra additions and tweaks too.

For our first feature release of 2024 we have a variety enhancements to enjoy! Many of these build upon the work from the previous release, while many others address some common pain-points in BookStack.

BookStack v23.12.3 has been released. This is a security release that addresses a vulnerability in PDF generation that could be exploited to perform blind server-side-request forgery.

As a little Christmas-time treat we have BookStack v23.12 slipping in as the last release of the year. This release focuses on providing a simple WYSIWYG editor for description inputs, along with adding default page templates within books, in addition to some other additional gifts.

BookStack v23.10.3 has been released. This is a security release that addresses a vulnerability in image handling which could be exploited to perform server-side requests or read the contents of files on the server system. Additionally, this update addresses a lack of permission check in some image creation actions.

This October maintenance release brings with it more than originally planned, with a significant revamp of user self-management in addition to an updated editor design, along with many other additions & improvements.

The August release of BookStack is now here! This is focused upon an initial implementation of a notification system for content, but as usual there are a few other improvements to enjoy.

Today brings us BookStack v23.06 which aims to improve how comments are displayed & used, while also providing a revamp to the image manager among many other fixes and improvements.

BookStack v23.05 releases today, sneaking into the start of May with a bunch of additions, updates and changes including a new command line tool to help with admin operations.

BookStack v23.02 is here, acting primarily as a maintenance release to upgrade the underlying framework while optimizing things and making a few other additions.

BookStack v23.01.1 has been released. This is a security release that addresses a potential vulnerability in PDF generation that could be used to make server-side requests or run potential other PHP code.

To start off our releases for the year we have BookStack v23.01 which adds many user experience enhancements & options while also making subtle further back-end changes to permissions.

Just sneaking into November is BookStack v22.11 which comes with a splendid spread of surprises intended to enhance many existing interfaces and features of BookStack. There’s no upgrade notices for this one, so let’s jump right in.

This spooky season supplies us with BookStack v22.10, which continues our work to improve permission control while bringing along some extra treats, without any tricks.

The BookStack September release is here with a variety of desired features that build upon, and enhance, existing BookStack systems. As usual, it also includes language updates and a bunch of tweaks & fixes.

BookStack v22.07.3 has been released. This is a security release that adds additional filtering to page content to prevent certain cross-site-scripting techniques. These cross-site-scripting techniques would be already by blocked by BookStack’s usage of Content-Security-Policy, but this change will help scenarios where BookStack content is used externally.

For July we have what could be considered a “stepping-stone” release since it marks the start of some underlying permission system changes but it does bundle in a rich set of system enhancements & minor features. Let’s jump right in.

BookStack v22.06 is now here! This release was primarily refinement focused but it does include some great new features that may streamline your usage of the platform.

Today brings the release of BookStack v22.04! This includes the much-awaited feature of easier page editor switching, in addition to a bunch of other additions and improvements.

Today we release BookStack v22.03 which features some further additions to the WYSIWYG editor, aiming to align its feature-set with our markdown editor. We also see some changes to the settings view while LDAP users get a useful new debugging option.

BookStack v22.02.3 has been released. This is a security release that adds better protections against embedded content that could be used in malicious ways. This effectively restricts embedded iframe content in an allow-list approach.

Today we announce the first BookStack feature release of 2022. This brings updates & features to the WYSIWYG editor, user management API endpoints and much more. In this post we cover features added in this release in addition to some notable changes in the v21.12 patch releases.

BookStack v21.12.1 has been released. This is a security release that better enforces permissions on book-sort & chapter-move operations to address scenarios where content could be moved to non-permissible locations.

As our last feature release of the year BookStack v21.12 is now available. Upon a bunch of fixes & improvements, this release features outgoing webhooks in addition to the ability of copying entire chapters and books.

BookStack v21.11.3 has been released. This is a security release that helps prevent potential discovery and harvesting of user details including name and email address.

BookStack v21.11.2 has been released. This is a security release that address a couple of vulnerabilities relating to API access and page draft related content visibility:

Today we release BookStack v21.11 which focuses on a couple of areas that have gone untouched for a while; Those areas being tags and the site-wide search system. These changes sit upon more substantial framework upgrade work that has occurred this release cycle.

BookStack v21.10.3 has been released. This is a security release that address a couple of vulnerabilities within the attachment and image serving mechanisms. The attachment vulnerability could result in users uploading content to be served in a way that can be utilized for phishing. The image serving vulnerability could result in unintended file access within your BookStack storage folder.

BookStack v21.10.2 has been released. This is a security release that builds upon changes in v21.10.1 which covers a vulnerability which would allow malicious users, who have permission to update or create pages, to upload content that could then be utilized for phishing or other general malicious intent.

BookStack v21.10.1 has been released. This is a security release that covers a vulnerability which would allow malicious users, who have permission to update or create pages, to upload content that could then be utilized for phishing or other general malicious intent.

October brings us BookStack v21.10. This release is primarily intended to wrap up a few loose ends before we make more substantial framework changes, but it does bring with it a new authentication option in addition to some new API endpoints. In the below we’ll dive into many of the new features and improvements added since v21.08.

BookStack v21.08.5 has been released. This is a security release that covers a vulnerability which would allow malicious users, who have permission to update or create pages, to load content from files stored within the storage/ or public/ directories (Such as application logs) via the page HTML export system.

BookStack v21.08.2 has been released. This security release is intended to cover a couple of XSS vulnerabilities, where a malicious user with page edit access could enter script that would execute upon page view. You should update as soon as possible if you allow untrusted users to edit content in your instance.

Today we release BookStack v21.08, which brings along multi-factor authentication support in addition to a number of other nice features. Within this post we’ll dive into some of the biggest new changes since the v21.05 release.

BookStack v21.05 has now been released which brings along new user interface features & enhancements including a favourites system and easier in-book navigation.

Today is the launch of BookStack v21.04 which is our next feature release after Beta v0.31. For this release we’re dropping the beta and changing our version scheme as detailed below. This release has no single major feature but is instead focused on a range of fixes, improvements and community contributions.

BookStack v0.31.5 has been released. As with the previous release (v0.31.4) this updates the Laravel framework version used to help avoid a potential vulnerability when requests were crafted in a certain manner. While it is not known if such a case exists in BookStack, this release updates the framework as a pre-emptive measure.

BookStack v0.31.4 has been released. This security release updates the Laravel framework version, due to a vulnerability that could occur if request data was crafted and then used in a certain way. While it is not known if such a case exists in BookStack, this release updates the framework as a pre-emptive measure.

We kick of this optimistic year with BookStack v0.31 which includes some great additions & updates to existing functionality including a new recycle bin system, controllable item ownership, audit log changes, page API endpoints and much more.

In continuation of the patches in v0.30.6, BookStack v0.30.7 has been released to address an issue that could lead to restricted page content being made visible in exports. As with the last release, You should upgrade to this released as soon as possible if you make use of page-level permissions at all. Apologies for the frequency of security releases.

BookStack v0.30.6 has been released to address an issue that could lead to restricted page content being visible in certain circumstances. You should upgrade to this released as soon as possible if you make use of page-level permissions at all.

Phishing and and server-side request forgery vulnerabilities have been found within BookStack. Release v0.30.5 will remove this server-side request forgery issue while bringing updated wording and advisories to prevent the potential phishing vulnerability.

XSS and user-injected auto-redirect vulnerabilities have been found within the page content & attachment components of BookStack which BookStack v0.30.4 looks to address. These are primarily a concern if untrusted users can edit content on your BookStack instance.