Skip to content

BookStack v24.05.1
Compare
Choose a tag to compare
@ssddanbrown ssddanbrown released this 21 May 10:13
· 13 commits to development since this release
v24.05.1
This tag was signed with the committer’s verified signature.
ssddanbrown Dan Brown
GPG key ID: 46D9F943C24A2EF9
Learn about vigilant mode.
b537511
This commit was signed with the committer’s verified signature.
ssddanbrown Dan Brown
GPG key ID: 46D9F943C24A2EF9
Learn about vigilant mode.

Security Release

BookStack v24.05.1 has been released.
This is a security release that adds extra rate-limiting to some forms that are accessible without authentication, while also implementing changes to prevent methods that could be used to indicate if specific user emails exist in the system.

Upgrade is advised for instances accessible on the public web.

Full List of Changes

  • Updated PHP dependencies.
  • Updated routes with IP-based rate limiting. (#4993)
  • Updated email confirmation flow to not require email submission form.
  • Updated translations with latest Crowdin changes. (#4994)
  • Updated WYSIWYG alignment handling to also consider table align attributes. (#5011)
  • Fixed attachment upload validation errors appearing as JSON. (#4996)
  • Fixed incorrect notification preferences URL in email. Thanks to @KiDxS. (#5008, #5005)
  • Fixed non-visible MFA setup titles in dark mode. (#5018)
  • Fixed outdated path in visual theme system guidance. (#4998)
  • Fixed potential cache permission issues by reverting cache location. (#4999)
Assets 2