Beta Security Release v0.30.4

XSS and user-injected auto-redirect vulnerabilities have been found within the page content & attachment components of BookStack which BookStack v0.30.4 looks to address. These are primarily a concern if untrusted users can edit content on your BookStack instance. Update instructions GitHub release page Impact A user with permissions to edit a page could insert JavaScript code through the use of javascript: URIs within a link or form which would run, within the context of the current page, when clicked or submitted. »

Beta Release v0.30.0

Although intended to be a quick release cycle, v0.30 is now here 5 months after the last major release. Sketchy personal health, a poorly pet & a busy day-job workload, combined with constant working-from-home, have reduced the amount of time I could afford to spare working on the project but with normality somewhat returning I present BookStack v0.30 which includes an assortment of enhancements. Update instructions GitHub release page Before we get into the features, just a couple of important advisories: »

Beta Security Release v0.29.3

BookStack v0.29.3 has been released to address an issue that could expose the names of private/restricted books. Update instructions GitHub release page Impact The name of a restricted book could be viewed by non-authorised users when the book was on a shelf, and the shelves were viewed in “List View”. This could expose book names to those that did not have permission to see them, when part of a shelf. »

Beta Security Release v0.29.2

Over the last few days some vulnerabilities in the comment system have been identified, which BookStack v0.29.2 looks to address. Update instructions GitHub release page Be sure to run php artisan bookstack:regenerate-comment-content after upgrading if you think your instance may be impacted by this vulnerability. Impact A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the comment. »

Beta Release v0.29.1

After the recent release of v0.29 comes this patch update to fix some bugs while introducing some nice user experience enhancements. On this post we’ll go through a couple of them. Update instructions GitHub release page Book Sort Multi-Select The book sort page has always been the place to do wider-scale organisation and movement of book content. This interface is now even more powerful with the ability to multi-select book items so that pages and chapters can be moved in batch with ease: »

Beta Release v0.29.0

This Easter BookStack release welcomes a range of user-experience improvements, with features such as dark mode and improved right-to-left text support, in addition to a bunch of fixes and enhancements. Update instructions GitHub release page Dark Mode BookStack now has a built-in dark mode. Here’s a comparison of the same content shown in both dark and light mode: Click to open larger view. The dark mode covers all areas of the system including both the WYSIWYG and markdown editors. »

Beta Releases v0.28.1, v0.28.2 & v0.28.3

Following on from the release of v0.28, we’ve had a series of patch releases to apply a range of fixes & enhancements in addition to some translation updates. There’s nothing urgent or security related in these but they collectively include quite a few fixes so it’s still worth updating. Update instructions GitHub release pages: v0.28.1, v0.28.2, v0.28.3 LDAP Authentication Updates 🔒 Within these releases, some attention has been paid to the LDAP auth system which specifically improves compatibility with Active Directory. »

Beta Release v0.28.0

Our first 2020 release arrives with some great new features such as an initial API implementation and SAML2 authentication alongside further new customisation options. Update instructions GitHub release page This release increases the minimum supported PHP version from 7.0.5 to 7.2. Please view the “Update instructions” page above for more details. Initial REST API Implementation The foundations for the API have been constructed as part of this release. This is intended to be a limited trial to ensure the core work and API formats function as required, so only a limited set of endpoints that cover basic “book” CRUD operations are available at this time. »

Beta Release v0.27.0

BookStack v0.27 is now available which adds page templates, a new user invitation flow, a more accessible interface and a bunch of under-the-hood changes to provide a better user & developer experience. Update instructions GitHub release page Page Templating It’s now possible to define page templates that can be used to speed up and standardise the creation & modification of page content: Templates are simply pages that have been marked as a template in the editor sidebar. »

Beta Release v0.26.0

After a long development cycle BookStack v0.26 is finally here, bringing a refreshed design that includes new functionality while providing a much better mobile experience. Update instructions GitHub release page Before jumping into all the changes, there’s a few things to note before upgrading: Internet Explorer Support IE11 Support has now been dropped. We may support any critical issues for view-only scenarios otherwise please use a modern browser. »