BookStack v26.05.2
Security Release
This is a security release to address some edge case vulnerabilities related to URL filtering, redirect handling, and permission checking, while also updating dependencies to help prevent known potential vulnerabilities in those being exploited.
Upgrading is advised for instances with public access enabled, or for instances where untrusted users are able to edit content.
Thanks to Gurmandeep Deol (LinkedIn) and MFK25 for responsibly reporting issues addressed in this release.
Full List of Changes
- Added Serbian language to language_select array. Thanks to @PolarniMeda. (#6153)
- Updated PHP package versions.
- Updated translations with the latest crowdin changes.
- Updated content allow-filtering to consider protocols used in srcset attributes.
- Updated URL filtering with a more thorough centralized utility class.
- Updated comment delete action to also check comment visibility permissions.
- Updated referring URL use with stronger source validation.
- Updated translations with latest crowdin changes. (#6166)