BookStack Release v21.04

Today is the launch of BookStack v21.04 which is our next feature release after Beta v0.31. For this release we’re dropping the beta and changing our version scheme as detailed below. This release has no single major feature but is instead focused on a range of fixes, improvements and community contributions. Update instructions GitHub release page Upgrade Notices PHP 7.3 or greater is now required to run BookStack. »

Beta Security Release v0.31.5

BookStack v0.31.5 has been released. As with the previous release (v0.31.4) this updates the Laravel framework version used to help avoid a potential vulnerability when requests were crafted in a certain manner. While it is not known if such a case exists in BookStack, this release updates the framework as a pre-emptive measure. Update instructions GitHub release page For more information If you have any questions or comments about this advisory: »

Beta Security Release v0.31.4

BookStack v0.31.4 has been released. This security release updates the Laravel framework version, due to a vulnerability that could occur if request data was crafted and then used in a certain way. While it is not known if such a case exists in BookStack, this release updates the framework as a pre-emptive measure. Update instructions GitHub release page Markdown editing in v0.31 In addition to this security release, A range of patch releases (v0. »

Beta Release v0.31.0

We kick of this optimistic year with BookStack v0.31 which includes some great additions & updates to existing functionality including a new recycle bin system, controllable item ownership, audit log changes, page API endpoints and much more. Update instructions GitHub release page Just to note, There were a few security releases for v0.30. If you’re not upgrading from v0.30.7 be sure to read through the version specific notes on the updates page. »

Beta Security Release v0.30.7

In continuation of the patches in v0.30.6, BookStack v0.30.7 has been released to address an issue that could lead to restricted page content being made visible in exports. As with the last release, You should upgrade to this released as soon as possible if you make use of page-level permissions at all. Apologies for the frequency of security releases. Update instructions GitHub release page Impact The content of pages made non-viewable to a user via permissions, within a visible parent, could be seen via the plaintext export option. »

Beta Security Release v0.30.6

BookStack v0.30.6 has been released to address an issue that could lead to restricted page content being visible in certain circumstances. You should upgrade to this released as soon as possible if you make use of page-level permissions at all. Update instructions GitHub release page Impact If a chapter was visible to a user, but all of it’s pages were made not visible, then the details of these pages could be visible. »

Beta Security Release v0.30.5

Phishing and and server-side request forgery vulnerabilities have been found within BookStack. Release v0.30.5 will remove this server-side request forgery issue while bringing updated wording and advisories to prevent the potential phishing vulnerability. Update instructions GitHub release page Impact A user with permissions to edit a page could set certain image URL’s within a page to manipulate functionality in the exporting system, which would allow them to make server side requests and/or have access to a wider scope of files within the BookStack file storage locations. »

Beta Security Release v0.30.4

XSS and user-injected auto-redirect vulnerabilities have been found within the page content & attachment components of BookStack which BookStack v0.30.4 looks to address. These are primarily a concern if untrusted users can edit content on your BookStack instance. Update instructions GitHub release page Impact A user with permissions to edit a page could insert JavaScript code through the use of javascript: URIs within a link or form which would run, within the context of the current page, when clicked or submitted. »

Beta Release v0.30.0

Although intended to be a quick release cycle, v0.30 is now here 5 months after the last major release. Sketchy personal health, a poorly pet & a busy day-job workload, combined with constant working-from-home, have reduced the amount of time I could afford to spare working on the project but with normality somewhat returning I present BookStack v0.30 which includes an assortment of enhancements. Update instructions GitHub release page Before we get into the features, just a couple of important advisories: »

Beta Security Release v0.29.3

BookStack v0.29.3 has been released to address an issue that could expose the names of private/restricted books. Update instructions GitHub release page Impact The name of a restricted book could be viewed by non-authorised users when the book was on a shelf, and the shelves were viewed in “List View”. This could expose book names to those that did not have permission to see them, when part of a shelf. »

Beta Security Release v0.29.2

Over the last few days some vulnerabilities in the comment system have been identified, which BookStack v0.29.2 looks to address. Update instructions GitHub release page Be sure to run php artisan bookstack:regenerate-comment-content after upgrading if you think your instance may be impacted by this vulnerability. Impact A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the comment. »

Beta Release v0.29.1

After the recent release of v0.29 comes this patch update to fix some bugs while introducing some nice user experience enhancements. On this post we’ll go through a couple of them. Update instructions GitHub release page Book Sort Multi-Select The book sort page has always been the place to do wider-scale organisation and movement of book content. This interface is now even more powerful with the ability to multi-select book items so that pages and chapters can be moved in batch with ease: »

Beta Release v0.29.0

This Easter BookStack release welcomes a range of user-experience improvements, with features such as dark mode and improved right-to-left text support, in addition to a bunch of fixes and enhancements. Update instructions GitHub release page Dark Mode BookStack now has a built-in dark mode. Here’s a comparison of the same content shown in both dark and light mode: Click to open larger view. The dark mode covers all areas of the system including both the WYSIWYG and markdown editors. »

Beta Releases v0.28.1, v0.28.2 & v0.28.3

Following on from the release of v0.28, we’ve had a series of patch releases to apply a range of fixes & enhancements in addition to some translation updates. There’s nothing urgent or security related in these but they collectively include quite a few fixes so it’s still worth updating. Update instructions GitHub release pages: v0.28.1, v0.28.2, v0.28.3 LDAP Authentication Updates 🔒 Within these releases, some attention has been paid to the LDAP auth system which specifically improves compatibility with Active Directory. »

Beta Release v0.28.0

Our first 2020 release arrives with some great new features such as an initial API implementation and SAML2 authentication alongside further new customisation options. Update instructions GitHub release page This release increases the minimum supported PHP version from 7.0.5 to 7.2. Please view the “Update instructions” page above for more details. Initial REST API Implementation The foundations for the API have been constructed as part of this release. This is intended to be a limited trial to ensure the core work and API formats function as required, so only a limited set of endpoints that cover basic “book” CRUD operations are available at this time. »

Beta Release v0.27.0

BookStack v0.27 is now available which adds page templates, a new user invitation flow, a more accessible interface and a bunch of under-the-hood changes to provide a better user & developer experience. Update instructions GitHub release page Page Templating It’s now possible to define page templates that can be used to speed up and standardise the creation & modification of page content: Templates are simply pages that have been marked as a template in the editor sidebar. »

Beta Release v0.26.0

After a long development cycle BookStack v0.26 is finally here, bringing a refreshed design that includes new functionality while providing a much better mobile experience. Update instructions GitHub release page Before jumping into all the changes, there’s a few things to note before upgrading: Internet Explorer Support IE11 Support has now been dropped. We may support any critical issues for view-only scenarios otherwise please use a modern browser. »

Beta Security Releases v0.25.[3,4,5] & Our Security Process

Over the last week some security issues have been raised regarding file uploads. BookStack v0.25.3, v0.25.4 & v0.25.5 have been released to cover these issues, in addition to bringing some translation updates. Update instructions GitHub release pages: v0.25.3 v0.25.4 v0.25.5 Security Issues Found First of all, A massive thanks to @inc0x0 for raising these security issues and providing guidance. It was found that BookStack could possibly accept PHP files via the image upload endpoint which could then be called externally to perform malicious activity. »

Project Roadmap & Beta Release v0.25.2

We have another patch release for BookStack v0.25 to fix bugs, update translations & to add some new configuration options. We now also have a project roadmap to provide some visibility of where the BookStack is going. Update instructions GitHub release page Project Roadmap Visibility of BookStack’s direction was becoming increasingly requested as more people get involved with the project. To provide some insight into the development plan, a new section has been added to the project readme to outline a high-level roadmap for BookStack: »

Beta Release v0.25.1

Soon after the v0.25 release last weekend we have the v0.25.1 patch release to fix some bugs, add support for s3 compatible services and to prepare for the upcoming removal of the Google Plus API. Update instructions GitHub release page Google Sign-in Changes Google have announced the shut-down of Google+ API’s which is what BookStack was using for it’s Google authentication option. The API’s are due to be shut down on March the 7th, With API failures starting from January the 28th. »

Beta Release v0.25.0

2019 is here and to kick it off we have BookStack v0.25. This release does not contain any major new features but instead is focused on making improvements to existing systems within BookStack. Update instructions GitHub release page Please Note, During this release cycle it was found that page content includes could leak their content as preview text to users that don’t have permission to view the included content. »

Beta Release v0.24.0

Need a way to categorise your Books? Well BookStack v0.24 is the release for you bringing Bookshelves along with a host of other notable features such as revision removals, social authentication auto-registration and Arabic support. Please Note, Due to required re-working of some settings you may have to re-apply any homepage options you’ve previously set upon updating to v0.24. See the update instructions page linked below for further info. Update instructions GitHub release page Bookshelves Bookshelves have now been added as a new layer to the organisation system. »

Beta Release v0.23.0

Quicker editing, better LDAP integration and Discord login are now here with BookStack v0.23 along with a good set of fixes and improvements. I must admit this release comes a little later than expected due to an unusually warm English summer making working conditions in my home office exhausting but luckily we’ve had a good number of code contributions to keep things moving. Update instructions GitHub release page Team Updates To start things off I’d like to welcome lommes as an official member of the BookStack team. »

Beta Release v0.22.0

BookStack v0.22 is here with a much requested homepage option in addition to changes to the drawing system and improvements. Let’s get into it: Update instructions GitHub release page Books Homepage Option Setting the ‘/books’ view as the homepage was the most-requested issue we had so @Abijeet went ahead and built this in as a new setting. Just like the ‘/books’ view a grid or list layout can be selected. »

Beta Release v0.21.0

A new version of BookStack is here. Version 0.21 improves upon a number of existing features in addition to bringing its own new capabilities to BookStack. If you are updating to this release from v0.20.0 or before it’s also worth reviewing the hefty update v0.20.1 which included a good number of fixes and improvements itself. Update instructions GitHub release page New Team Member Before we dive into the depths of the new features in this release I’d like to announce that BookStack team has grown a little bit. »

Beta Release v0.20.1

Today we release BookStack v0.20.1. Although this update does not include any major new features it bundles up some big behind-the-scenes changes along with a great deal of fixes and updates. Update instructions GitHub release page Image Improvements Previously you could upload GIF images but, due to resizing, they would not remain in their animated state once in the page. Abijeet has now fixed this so you can go ahead and litter your pages with animated cat GIFs. »

Beta Release v0.20.0

Here we have the first release of 2018 and it’s a chunky one! Not only do we have integration but thanks to a range of contributors we have extra languages and authentication options. Additionally, In this release we are testing options for theming as well as authenticated image access. Update instructions GitHub release page Integration Often when creating documentation there are some things that are much better explained as drawings rather than text hence why drawing support had been requested a few times for BookStack. »

1000 Stars and Beta Release v0.19

Before 2017 is up we have managed to hit 1000 stars on GitHub! This reflects the continued growing momentum that the project has experienced over time considering the 500 star milestone was only passed in March of this year. Throughout 2017 there’s been a growing amount of community contributions to the project in various forms which includes making pull requests, creating issues and supporting on existing issues. A massive thanks to everyone that’s made such a contribution since it’s great to see people that care about a project like this. »

Beta Security Release v0.18.5 + Other Bugfix Releases

Security Release v0.18.5 This release fixes the following security issue: Fixed issue where email confirmation was not forced when domain restriction was enabled. (#573) This issue meant that if you have domain restriction enabled on sign-up, and you did not enable email confirmation, a user could sign up via email (Using an approved email domain) but then login right away without confirming they own the email. It is suggested that if you had email confirmation disabled but domain restriction enabled you check all user accounts to ensure they are legitimate. »

Beta Release v0.18.0

We’re now over two years into the life of BookStack and to celebrate we have a new release, v0.18. This release unexpectedly grew in scope during development but it brings a good bunch of highly-requested features along with the biggest design change since October 2015. Update instructions GitHub release page Design Changes As features have built up the existing design was becoming cluttered. There was little visual separation between different sections and a lack of consistency in how pages were laid out. »

Beta Bugfix Releases v0.17.1 to v0.17.4

Since the v0.17 feature release at the start of the month a good bunch of fixes and feature tweaks have made their way into BookStack. After 4 bugfix release we’re now at version v0.17.4. Here are some details on the changes made over the last month: UTF8mb4 / Emoji Support As part of v0.17 a database change was included to add support for Emoji. To achieve this the encoding used in the database was changed upon upgrade. »

Beta Release v0.17.0

After a few quiet months I’m happy to announce BookStack v0.17 is now ready for release. This release focuses mainly on the code editing experience throughout BookStack. Here are the handy quick-links: Update instructions GitHub release page Also, We’re back into July which means BookStack is now almost two years old. It’s worth checking out this post from last year to see how BookStack originally evolved if you’re new to the project. »

Beta Bugfix Releases v0.16.2 and v0.16.3

Just a quick update on some bugfix point releases. Last month v0.16.2 was released. This fixes issues in the permission system when using the non-native php-mysql driver. More information can be found in the issue thread here. Today an issue with role permissions was picked up. Permissions removed from a role would not take effect. Version 0.16.3 has been released to cover this issue. If you use the permission system and have removed permissions from roles at any point I’d recommend running the command php artisan bookstack:regenerate-permissions from your BookStack install folder to ensure all permissions are set correctly. »

Beta Bugfix Release v0.16.1

One week after v0.16.0 we have our first v0.16 Bugfix release. This contains the following changes and fixes: Fixed permission updates on large books failing due to MySQL placeholder count (#374) Added functionality to check ‘Accept-Language’ header to provide translations when not logged in. (#375) Added HTML support back into the Markdown editor. (#378) Refactored permission system for general speedups. Update instructions GitHub release page Header Image Credits: Timo Vijn »

Beta Release v0.16.0

Another BookStack release is upon us. Since the last release work has been put into spring-cleaning the search system which is detailed below. Community contributions have gained some momentum bringing in some fantastic new features and fixes. Update instructions GitHub release page New Search System The old search system had some issues. It was based on MySQL fulltext indexes which allowed the search to be efficient but smaller search terms would be ignored or non-english characters would not be matched. »

500 Stars & Release v0.15.2

Over 500 Stars BookStack now has over 500 stars on GitHub! Yeah yeah yeah, I know, GitHub stars aren’t a great way to track the success of a project but it is nice as a periodical milestone and to give a relative idea of user growth. As well as stars, GitHub Issues (which include feature requests and discussions) have also been growing steadily with the count hovering around 80 which is still manageable. »

Beta Release v0.15.0

Sneaking in before February closes we have another BookStack release. As well as your usual handful of bugfixes this release also comes with new sign-in options and better export functionality. Update instructions GitHub release page Quick note: There was a bug in v0.15.0 that could cause errors when upon update. This has now been addressed and v0.15.1 has been released to cover this. Rerun the update commands if you had trouble updating previously. »

Beta Security Release v0.14.3

Security Bugfix release. Fixes for the following major issue: On 404 (Not found) views page/chapter/book names were visible. No content of those items were visible, just the names. This includes instances that had ‘public viewing’ turned off. Sincere apologies for this issue. Update instructions GitHub release page Header Image Credits: Cristina Gottardi »

Beta Bugfix Release v0.14.2

Bugfix release. Fixes for the following issues: Missing subscript styling (#284) Fixed book contents not showing in some instances (#287, #294) Fixed possible issue with bad user thumbnails (#292) Update instructions GitHub release page Header Image Credits: Timo Vijn »

Beta Bugfix Release v0.14.1

This is a quick bugfix release for following single major bug: Possibility that all permissions could be deleted on book sort. (#282) If this issue occurs in your BookStack instance permission can be regenerated via the command line using php artisan permissions:regen from your BookStack install folder. Apologies if this issue caused you any problems. Update instructions GitHub release page Header Image Credits: Alain Wong »

Beta Release v0.14.0

The first release of 2017 is upon us with v0.14. Since the last release, back in November, focus has been put on adding support mulitple languages as was planned but a range of additional features & bugfixes have also been added. As usual, Here are the update links: Update instructions GitHub release page Language Support All of the text used in BookStack has been moved into language-specific text files so different languages can be easily added. »

Beta Bugfix Release v0.13.1

Due to some critical issues, A bugfix release has been released for BookStack v0.13. Update instructions GitHub release page Fixes & Changes Moved page tag display to the sidebar to prevent visual positioning issues with other elements. Fixed broken callout display. Fixed social login/registration which was broken in the last update. Header Image Credits: Jayden Yoon »

Beta Release v0.13.0

BookStack v0.13.0 has now been released. This release has taken a while but it did require some large under-the-hood updates and brings a few chunky features. Here are the update links: Update instructions GitHub release page Please read the additional information at the bottom of the update instructions page as there are some changes in v0.13 that will likely require some manual intervention due to new system requirements. »

Beta Bugfix Release v0.12.2

A second bugfix release has been put together to patch up a some issues found in v0.12.1. Update instructions GitHub release page Fixes & Changes Fixed callouts from overflowing over tags. Fixed ordered list numbers being cut off over two digits (Now allows up to 3 digits). Fixed table width in PDF exports, They are now made to go full-width. Improved reset password UI with additional notifications and links. »

Beta Bugfix Release v0.12.1

A new bugfix has been released to patch up a few issues found in v0.12. Update instructions GitHub release page It was found that I had accidentally set two shortcuts on the same keys, The draft quick save and inline-code format were both mapped to ctrl+s. This has now been updated so that inline code is mapped to Ctrl+Shift+E. Also, as part of this bugfix the WYSIWYG editor shortcuts on mac will use the command key instead of the ctrl key to better fit with other Mac shortcuts. »

Beta Release v0.12.0

BookStack v0.12.0 has now been released bringing a range of new features and bug fixes. Let’s get to it: Update instructions GitHub release page Edit Summaries When editing a page you can now add a one-liner to summarise the changes you’ve made. This allows you to build a changelog of a page to assist with looking over revisions. The option to set a changelog summary can be found next to the save button when editing a page: »

Beta Bugfix Release v0.11.1

A new BookStack bug-fix release has now been released to resolve a few issues found over the last month. Here are the fixes and updates: Updated all URL references to allow BookStack to be placed at a non-root location on a domain. Fixed no borders on table heading rows. Fixed creation of books/chapters/pages with only punctuation titles. Fixed issues with double braces in both editors. Fixed safari rendering of page tag manager. »

Beta Release v0.11.0

BookStack v0.11 has now been released. This version is a cleanup and bugfix release with a few new handy features to make nicer pages and to help organise books easier. Here are the useful links for this release: Update instructions GitHub release page Editor Updates Callouts The WYSIWYG editor now supports callouts. These are styled blocks that can be used to highlight or alert specific bits of information. These are ideal for catching the attention of the user for snippets of text that are important. »

Beta Release v0.10.0

It’s been a short while since the last release (43 days to be exact) but BookStack v0.10 is finally here. Here are some handy links: Update instructions GitHub release page GitHub milestone v0.9 Bugfixes: v0.9.1 v0.9.2 v0.9.3 Most of the development time for this release was spent implementing a tagging system and overhauling the permissions systems which, although mainly for internal purposes, brings some useful extra functionality. »

Beta Release v0.9.0

BookStack v0.9.0 is now available. Update instructions can be found in the new documentation pages here. If you have not yet read through the changes of v0.8.2 I’d recommend doing so as there were some fairly large changes to the permission system as well as a nice little header fix. The changes are detailed here. Markdown Editor A much requested addition to BookStack was a markdown editor. An initial implementation has now been added which includes a live preview of your content. »