Skip to content

BookStack v26.03.2

Latest
Latest

Choose a tag to compare

View all tags
@ssddanbrown ssddanbrown released this 23 Mar 12:00
· 0 commits to development since this release
v26.03.2
This tag was signed with the committer’s verified signature.
ssddanbrown Dan Brown
GPG key ID: 116094FE15AE65C0
Verified
Learn about vigilant mode.
508cf0a
This commit was signed with the committer’s verified signature.
ssddanbrown Dan Brown
GPG key ID: 116094FE15AE65C0
Verified
Learn about vigilant mode.

Security Release

This is a security release to address a vulnerability where the registration form could be manipulated to gain access to additional roles.

Upgrade is very strongly advised if your instance has user registration enabled.

Thanks to Kwonyong Lee (LinkedIn) for responsibly reporting this issue.
Also thanks to Boustani OSAMA (LinkedIn) for also reporting this before public announcement.

Full List of Changes

  • Updated user creation to only use validated input from registration.
  • Updated PHP package versions.
  • Updated translations with latest Crowdin changes. (#6064)
  • Updated PHP_CodeSniffer repository link. Thanks to @rodrigoprimo. (#6060)
  • Updated WYSIWYG editors to have consistent collapsible block double click behavior. (#6059)
Assets 2
Loading