Bookstack - Package Updates

nebulon

[1.15.1]

• Update BookStack to 21.10.1
• Release announcement
• Fixed image upload vulnerability. Thanks to @Haxatron (#3010)
• Fixed capitalization for Estonian language option. Thanks to @IndrekHaav. (#3008)
• Updated PHP packages to prevent abandoned warning. (#3007)
• Updated translations with latest changes from Crowdin. (#3006)

nebulon

[1.15.2]

• Update BookStack to 21.10.2
• Release announcement
• Made further fixes to address image upload vulnerability. Thanks again to @haxatron (#3019)
• Updated translations with latest changes from Crowdin. (#3014)

girish

[1.15.3]

• Update BookStack to 21.10.3
• Release announcement
• Fixed path image file path traversal vulnerability. Thanks @theWorstComrade for reporting. (#3030)
• Prevented HTML attachments being served inline. Thanks @theWorstComrade for reporting. (#3027)
• Updated translations from latest Crowdin changes. (#3023)

nebulon

[1.16.0]

• Update BookStack to 21.11
• Release announcement

girish

[1.16.1]

• Update BookStack to 21.11.1
• Release announcement
• Added custom command support to the logical theme system. (#3072)
• Added support for prefers-contrast media setting to increase contrast in faded areas when active. (#2634)
• Updated TOTP confirmation view to autofocus on code input. Thanks to @raccettura. (#3068)
• Updated translations with latest changes from Crowdin. (#3057)
• Updated any links on homepage lists to be more obvious & accessible. (#3046)
• Fixed faulty page navigation links when headers are nested within other content. Thanks to @Julesdevops. (#3069, #3058)

girish

[1.16.2]

• Update BookStack to 21.11.2
• Release announcement
• This is a security release that address a couple of vulnerabilities relating to API access and page draft related content visibility
• Fixed issue with greater-than-expected visibility on page-draft-related items. Thanks @Haxatron for reporting. (#3086)
• Fixed issue where public API access was not limited by system public control in certain conditions. (#3091)

girish

[1.16.3]

• Update BookStack to 21.11.3
• Release announcement
• This is a security release that helps prevent potential discovery and harvesting of user details including name and email address.
• Helped prevent discovery and harvesting of user information. Thanks @Haxatron for reporting. (#3108)
• Updated search API results to include the highlighted preview content. (#3096)
• Updated search API results to include item URL. (#3080)

girish

[1.17.0]

• Update BookStack to 21.12
• Release announcement
• Added webhooks. (#147, #3099)
• Added ability to copy books, chapters & roles. (#3118, #1123)
• Added audit log IP address search. Thanks to @johnroyer. (#3081)
• Updated translations with latest Crowdin changes. (#3117)
• Fixed issue where non-ascii content could break search result previews. Thanks to @Kristian-Krastev. (#3113)
• Fixed mismatched password validation rules across the application. (#2237)

nebulon

[1.17.1]

• Update BookStack to 21.12.1
• Release announcement
• Security Release

nebulon

[1.17.2]

• Update BookStack to 21.12.2
• Release announcement
• Improved handling of uploaded images when thumbnails fail to load. (#3142)
• Updated translations with latest Crowdin changes. (#3148)
• Fixed issue where webhooks would error for specific recycle bin operations. (#3154)
• Fixed Spanish invite email subject translation. Thanks to @AitorMatxi. (#3153)
• Fixed issue where custom homepage could cause strange deletion behavior and lead to errors. (#3150)

nebulon

[1.17.3]

• Update BookStack to 21.12.3
• Release announcement
• Updated user creation flow to not persist the user on invitation sending failure. Thanks to @Julesdevops. (#3179, #3174)
• Updated "Recently Updated Pages" view to show update author and date. Thanks to @Julesdevops. (#3177, #3045)
• Updated translations with latest Crowdin changes. (#3158)
• Updated PDF page export image display to help fix image sizing issues again. (#3120)
• Updated "Recently Updated Pages" view to show parent context chain. (#3183)
• Fixed potential errors in revision diff view when multi-byte characters are used. (#3170)
• Fixed duplicate display in image gallery when uploading multiple images at once. (#3160)
• Fixed inaccurate markdown editor cursor position upon sidebar usage. (#3186)

nebulon

[1.17.4]

• Update BookStack to 21.12.4
• Release announcement
• Added --external-auth-id option to the bookstack:create-admin command for use with LDAP/SAML2/OIDC instances. (#3222)
• Added the ability select preferred language when creating a new user. (#2408, #2576)
• Added configuration option for PDF export page size. (#995)
• Updated 503 error view to simplify and prevent thrown errors. Thanks to @Julesdevops. (#3210, #3205)
• Updated translations with latest Crowdin changes. (#3214)
• Fixed mis-represented default registration role and allowed disabling of this option. (#3220, #2338)
• Fixed OIDC autodiscovery when keys are provided in a certain format, as provided by Azure. (#3206)

nebulon

[1.17.5]

• Update BookStack to 21.12.5
• Release announcement
• Added text for "file" validation messages to provide better responses in Attachment API validation failures. (#3248)
• Fixed WYSIWYG editor code block creation across mulitple lines and block elements. Thanks to @Julesdevops. (#3246, #3200)
• Fixed markdown image data URI extraction failing on large images due to regex match limits. (#3249)
• Updated translations with latest Crowdin changes. (#3225)

nebulon

[1.18.0]

• Update BookStack to 22.02
• Release announcement
• Added collapsible content blocks support to the WYSIWYG editor. (#78, #3260)
• Added translation support to the WYSIWYG editor. (#1838)
• Added user management API endpoints. (#3238, #1363, #2701)
• Changed minimum PHP version from 7.3 to 7.4. (#3245, #3152)
• Updated translations with latest Crowdin changes. (#3258, #3251, #3259)
• Updated Korean translations. Thanks to @ististyle. (#3256)
• Updated TinyMCE WYSIWYG editor to the latest version. (#3247)
• Improved PDF export rendering of images within tables. (#3190)
• Fixed potential web console error message when loading the editor. (#2461)
• Fixed issue where OIDC token failures would not be shown to the user. (#3264)
• Fixed issue where the editor could jump-scroll to the top after format change on FireFox (#2692)

nebulon

[1.18.1]

• Update BookStack to 22.02.1
• Release announcement
• Updated editor references to avoid caching issue that would prevent WYSIWYG editor from opening. (#3293)
• Updated code blocks within the editor to be more reliable, especially on first insertion. (#3292)
• Updated translations with latest changes from Crowdin. (#3291)

nebulon

[1.18.2]

• Update BookStack to 22.02.2
• Release announcement
• Added cache breaker to WYSIWYG onward loading to prevent plugin errors appearing if cached. (#3303)
• Updated translations with latest Crowdin changes. (#3301)
• Updated sidebar fade to be more subtle when in dark mode. (#3203)
• Fixed WYISWYG editor issue where blank lines would collapse. (#3302)

nebulon

[1.18.3]

• Update BookStack to 22.02.3
• Release announcement
• Added iframe allow-list control to prevent a range of malicious uses of untrusted iframe sources. (#3314)
• Updated translations with latest Crowdin changes. (#3312)

nebulon

[1.19.0]

• Update BookStack to 22.03.1
• Release announcement
• Added support for checkbox tasklists in the WYSIWYG editor. (#3333, #4)
• Added WYSIWYG control to remove & edit links. (#3276, #3298)
• Added WYSIWYG Ctrl+Shift+K shortcut to show entity selector popup shortcut in WYSIWYG editor. (#3244, #3298)
• Added LDAP user group debugging option. (#3345)
• Added support for the Basque language. (#3296)
• Updated settings view with a re-organized layout for a less confusing user experience. (#3349, #3221)
• Updated code block rendering in WYSIWYG to help prevent scroll jumping upon undo/redo. (#3326)
• Updated translations with latest Crowdin updates. (#3320)
• Updated webhook data to include details of page/chapter/shelf/book creator/updater/owner. (#3279)
• Updated webhook data to include revision details on page_update and page_create events. (#3218)
• Fixed lack of translation support for some editor buttons. (#3342)
• Fixed incorrect page concatenation in book markdown export. (#3341)
• Fixed usage of <br> tags within code blocks instead of newlines when using the WYSIWYG editor. (#3327)
• Fixed image thumbnail generation not taking EXIF rotation data into account. (#1854)
• Fixed issue where /settings redirect would lead to wrong location in some scenarios. (#3356)
• Fixed non-active prevention of custom HTML head content on settings views. (#3355)
• Updated translations with latest Crowdin changes. (#3354)
• Updated project PHP dependencies.

girish

[1.20.0]

• Update BookStack to 22.04
• Release announcement
• Database Changes - This release makes some significant changes to data within the database which may cause the update to take a little longer than usual to run. Please give the update extra time to complete.
• REST API Page Create/Update Changes - Create & update page requests now have the potential to change the current editor type for that page, depending on the content type sent in the request, if the API user has permission to change the page editor.
• URL Handling - The way we handle URLs has changed this release to hopefully address some issues in specific scenarios. These changes have been tested and should not affect existing working environments but there's an increased risk this release for setups with more complex URL handling. Please raise an issue or jump into our Discord server if you have any issues with URLs after upgrading.

girish

[1.20.1]

• Update BookStack to 22.04.1
• Release announcement
• Fixed issue where a duplicate slash could occur in the URL leading to a 404 page. (#3404)
• Updated translations with latest changes from Crowdin. (#3402)