Skip to content

@ssddanbrown ssddanbrown released this Mar 21, 2019 · 105 commits to master since this release

Security Release

This release patches a security vulnerability that allowed PHP files to be uploaded via image upload endpoints. The PHP files could then be called externally to perform malicious activity.

This is particularly an issue in environments where untrusted users have the necessary permissions to upload images.

Please consider that malicious exploitation of this vulnerability may have allowed access to other files on your server that the PHP process has access to, Including your BookStack .env file, so consider updating any passwords or keys if you think this had a possibility of being exploited on your instance.

It is advised you update your BookStack instance as soon as possible.

Assets 2
You can’t perform that action at this time.