Bookstack - Package updates

girish

You can use this thread to track updates to the Bookstack package.

Please open issues in a separate topic instead of replying here.

girish

Pushed on update to Bookstack 0.29.1

girish

Pushed a security update to Bookstack 0.29.2

girish

[1.6.2]

• Update Bookstack to 0.29.3
• Full changelog
• Security fix - this release addresses issue #2111 where the name of a restricted book could be viewed by non-authorised users when the book was on a shelf, and the shelves were viewed in "List View"
• Move apache out of port 80 (so it doesn't need root perms)

girish

[1.7.0]

• Fix tags
• Update postinstall
• Add forumUrl

girish

[1.8.0]

• Update Bookstack to 0.30.0
• Full changelog
• Security Notice - Possible Privilege Escalation
• Added API endpoints for chapters.
• Added audit log to the settings area. (#2173, #1167)
• Added the ability to insert an attachment link directly into the current editor window. (#1460)
• Added session-based code-block editor auto-save to prevent potential loss of content. (#1398)
• Added warning wording around role system permissions to indicate what permissions could allow privilege escalation. (#2105)
• Added the ability to log login failures to a file. Thanks to @benrubson. (#1881, #728)
• Updated Simplified Chinese translations. Thanks to @Honvid. (#2157)
• Updated WYSIWYG editor css to put editor in it's own layer to improve degraded dark mode performance. (#2154)
• Updated Czech translations. Thanks to @jakubboucek. (#2238)
• Updated permission system so that the permission map table does not contain ID's since database limits could be met in scenarios where permissions were automatically refreshed on a frequent basis. (#2091)

girish

[1.8.1]

• Update Bookstack to 0.30.1
• Full changelog
• Updated translations. (#2262)
• Updated settings header bar to adapt better for longer-text languages. (#2265)
• Updated callout link formatting to use callout text style rather than theme color. Thanks to @alexmannuk. (#2233, #303)
• Updated Book export content so that page includes are parsed. Thanks to @mr-vinn. (#2227, #2228)
• Fixed issue where the markdown editor preview pane would be empty. (#2280)
• Fixed incorrect spelling of "Ubuntu Mono" font definition. Thanks to @abulgatz. (#2274)
• Fixed incorrect AddActivityIndexes migration 'down' action. Thanks to @gertjankrol. (#2268)
• Fixed unexpected scroll bars on code blocks. (#2267)
• Fixed issue where notification would not shown upon SAML login where there's an existing non-matching user. (#2263)

girish

[1.8.2]

• Update Bookstack to 0.30.2
• Full changelog
• Updated JavaScript build system to provide slightly better browser compatibility.
• Updated page-content save parsing to update anchor references on IDs changed by BookStack. (#2278)
• Fixed issue where creating a link attachment after mulitple validation failures would result in many duplicate links being created. (#2286)
• Updated drawing integration to, by default, use diagrams.net instead of draw.io. (#2285, #2044)
• Updated default .htaccess to align with laravel's and allow canonical redirects on non-root url app instances. Thanks to @jakubboucek. (#2272)

nebulon

[1.8.3]

• Update Bookstack to 0.30.3
• Added VBScript syntax highlighting to the code block editor. Thanks to @nutsflag. (#2302, #2255)
• Fixed issue where drawings would not save in the Markdown editor. (#2313, #2321)
• Updated some Spanish and Chinese translations. (#2303)

nebulon

[1.8.4]

• Update Bookstack to 0.30.4
• Various security fixes
• Full changelog

girish

[1.8.5]

• Update BookStack to 0.30.5
• Security issues

nebulon

[1.8.6]

• Update BookStack to 0.30.6
• Full changelog

NOTE: this release was revoked because of a security issue in bookstack.

girish

[1.8.7]

• Update BookStack to 0.30.7
• Full changelog

girish

[1.8.8]

• Add ldap uuid flag file to help migration to new username based ids

girish

[1.9.0]

• Change the default ldap id attribute to username

girish

[1.10.0]

• Update BookStack to 0.31.0
• Full changelog
• Added recycle bin implementation. (#2283, #2183, #280)
• Added Norwegian translations to BookStack. Thanks to @Swoy. (#2336)
• Added ownership system for pages, chapters, books and shelves. (#2436, #2246)
• Added host iframe control with cookie security management. (#2427, #2207)
• Added API endpoints for pages. (#2382)
• Added many more activity types to the audit-log. (#2360, #1243)

nebulon

[1.10.1]

• Update BookStack to 0.31.1
• Fixed issue where markdown content would not be stored on first page save (HTML content would still be stored). (#2446)
• Fixed issue where the new content owner fields were not be used for the manage-own-permission role permission. (#2445)
• Fixed recycle bin table style issue which could cause the dropdown menu to be cut-off. (#2442)
• Updated Chinese, Spanish and French translations. (#2441)

girish

[1.10.2]

• Update BookStack to 0.31.3
• Full changelog
• Fixed issue where markdown strikethroughs were not rendering in the markdown editor. (#2470)
• Updated Turkish translations. (#2469)
• Updated some user, page and shelf views to use more efficient database querying.

girish

[1.10.3]

• Update BookStack to 0.31.4
• Full changelog
• Updated framework to prevent potential security vulnerability.
• Updated Chinese Traditional translations. (#2482)

nebulon

[1.10.4]

• Update BookStack to 0.31.5
• Updated laravel/framework to prevent potential security vulnerability.

nebulon

[1.10.5]

• Update BookStack to 0.31.6
• Fixed issue thrown when deleting shelves from the recycle bin. Thanks to @i4j5. (#2543, #2534, #2530)
• Fixed issue where restoring a revision would restore as HTML instead of Markdown. (#2496)

girish

[1.11.0]

• Update base image to v3
• Update PHP to 7.4

nebulon

[1.11.1]

• Update BookStack to 0.31.7
• Fixed incorrect URL being used when using an s3-like file storage service. (#2603)

nebulon

[1.11.2]

• Update BookStack to 0.31.8
• Fixed chapter and page book id misalignment that could occur when the page was in the recycle bin. Could cause some issues with permission generation which have also been addressed. (#2603)

girish

[1.12.0]

• Update BookStack to 21.04
• Full changelog
• Added back-end theme system. (#2639)
• Added APP_VIEWS_BOOKSHELF .env option to set default view type within a shelf. Thanks to @philjak. (#2591)
• Added owned_by search filter. Thanks to @benediktvolke. (#2561)
• Added sorting for Books within Shelves. Thanks to @guillaumehanotel. (#2515, #1742)
• Added user filter to the Audit Log. (#2472)
• Added the ability to configure custom footer links via the settings screen. Thanks to @james-geiger. (#1973)
• Added create buttons to the books and shelves homepage view options. Thanks to @philjak. (#1756)

nebulon

[1.12.1]

• Update BookStack to 21.04.1
• Updated mobile header elements for much better keyboard/screen-reader accessibility. (#2681)
• Updated translations with latest CrowdIn changes. (#2672)
• Updated WYSIWYG editor code-block handling provide a more stable undo/redo experience. (#2602)
• Updated AWS S3 SDK to fix incompatibility with Minio. (#2689)
• Fixed HTTP JSON detection when an encoding is in the response JSON content type. (#2684)

nebulon

[1.12.2]

• Update BookStack to 21.04.2
• Fixed issue where a page could become inaccessible when the creator no longer existed. (#2687)
• Updated translations with latest Crowdin changes. (#2691)

nebulon

[1.12.3]

• Update BookStack to 21.04.3
• Updated migration string column lengths to better fit within restrictive index limits (#2710)
• Updated select box styles with to work around default iOS styles causing issues in dark mode. (#2709)
• Updated translations with latest Crowdin changes. (#2695)
• Updated styles of layout view buttons in mobile screen sizes to respect dark mode.
• Updated image upload behaviour for s3 style uploads to set public permissions as part of the upload request instead of a separate request.
• Fixed issue where "Recently Viewed" would show non-viewed content for new users. (#2703)

girish

[1.12.4]

• Update BookStack to 21.04.4
• Full changelog
• Updated translations with latest Crowdin changes. (#2719)
• Updated Korean translations. Thanks to @Jokuna. (#2716)
• Improved error messaging when attempting to access a non-existent image file. (#2696)
• Updated table style handling across exports types to be consistent. (#2666)

nebulon

[1.12.5]

• Update BookStack to 21.04.5
• Fixed error during PDF export in some cases due to incorrect path. (#2746)
• Fixed error thrown when saving a markdown page with empty content. (#2741)
• Updated S3 ACL setting so ACLs are set via another request, as per pre-v21.04.2, but only when actually use AWS S3. (#2739)
• Updated translations with latest Crowdin changes. (#2737)
• Updated overflowing table content to be consistent. Thanks to @dopyrory3. (#2735, #2732)

nebulon

[1.12.6]

• Update BookStack to 21.04.6
• Added a way to configure options on a social driver, for the initial redirects, through the Theme::addSocialDriver system. (#2759)
• Fixed scenario where recent Image upload visibility changes caused issues on hosting where webserver and PHP process group/user differ. (#2758)

nebulon

[1.13.0]

• Update BookStack to 21.05
• Added shelf/book/chapter/page favourite system. (#2748)
• Added previous/next navigation to chapters and pages. Thanks to @shubhamosmosys. (#2511, #1381)
• Added display of tags within search results. Thanks to @burnoutberni. (#2487, #2462)
• Added the ability to import JPEG user avatar images during LDAP login/registration.

nebulon

[1.13.1]

• Update BookStack to 21.05.1
• Added base64 image extraction within page content. Thanks to @awarre. (#2700, #2631)
• Added Croatian translations. Thanks to @ffranchina. (#2784, #2785)
• Updated item permission roles list to be sorted alphabetically. (#2782)
• Merged in latest Crowdin translations. (#2787, #2777)
• Fixed incorrect styling of favourites sidebar when using a non-default homepage option. (#2783)

nebulon

[1.13.2]

• Update BookStack to 21.05.2
• Added the ability to server attachments without forcing downloads. (#2791)
• Fixed issue where empty HTML comments could cause errors. (#2804)
• Updated translations with latest changes from Crowdin. (#2790)
• Extracted not found text into it's own view for easier overriding (58117bc)

girish

[1.13.3]

• Update BookStack to 21.05.3
• Added a "Skip to content" link as first page focus item for accessibility use. (#2810)
• Updated social account detachment to have CSRF protection. (#2808)
• Updated PHP depedancy versions.
• Fixed issue where translations system may attempt to load from the root directory when a theme was not in use. (#2836)

girish

[1.13.4]

• Update BookStack to 21.05.4
• Added VB.NET code block highlighting option. (#2869)
• Improved audit log user select list stability. (#2863)
• Fixed issue where user profile pages item "View All" links used ids hence did not link to proper searches. (#2857)

girish

[1.14.0]

• Update BookStack to 21.08
• Release announcement
• Markdown Export
• Multi-Factor Authentication
• Non-Download Attachment Links
• Role-Based Export Permissions
• “Skip to content” Link

nebulon

[1.14.1]

• Update BookStack to 21.08.1
• Updated TOTP setup flow to display a URL of the QR code contents during setup for non-QR scanning usage. (#2908)
• Updated translations with latest Crowdin updates. (#2906)
• Fixed broken page ordering on various views. (#2905)

nebulon

[1.14.2]

• Update BookStack to 21.08.2
• This security release is intended to cover a couple of XSS vulnerabilities
• Release announcement

nebulon

[1.14.3]

• Update BookStack to 21.08.3
• Release announcement
• Fixed certain "Custom HTML Head Content" being incorrectly altered or converted. (#2923, #2914)
• Updated translations with latest Crowdin updates. (#2915)

girish

[1.14.4]

• Update BooKStack to 21.08.4
• Release announcement
• Added IP address to tracked activities and displayed in audit log. Thanks to @johnroyer. (#2936, #2747)
• Added the option to use database table prefixes. Thanks to @floviolleau. (#2935)
• Allowed the use of content includes when using a custom homepage.
• Updated translations with latest content from Crowdin. (#2926)

girish

[1.14.5]

• Update BookStack to 21.08.5
• Release announcement
• This security release covers a vulnerability which would allow malicious users, who have permission to update or create pages, to load content from files stored within the storage/ or public/ directories (Such as application logs) via the page HTML export system.
• Added concurrent page editing warnings upon draft save events.

nebulon

[1.14.6]

• Update BookStack to 21.08.6
• Release announcement

girish

[1.15.0]

• Update BookStack to 21.10
• Release announcement
• Added Attachment API endpoints. (#2986, #2942)
• Added Estonian language to BookStack via Crowdin. (#2979)
• Added support for base64 image content within markdown text via page POST/PUT. (#2898)
• Updated translations from Crowdin contributors. (#2983)
• Fixed padding within book-tree sidebar items. Thanks to @ffranchina. (#3000)

nebulon

[1.15.1]

• Update BookStack to 21.10.1
• Release announcement
• Fixed image upload vulnerability. Thanks to @Haxatron (#3010)
• Fixed capitalization for Estonian language option. Thanks to @IndrekHaav. (#3008)
• Updated PHP packages to prevent abandoned warning. (#3007)
• Updated translations with latest changes from Crowdin. (#3006)

nebulon

[1.15.2]

• Update BookStack to 21.10.2
• Release announcement
• Made further fixes to address image upload vulnerability. Thanks again to @haxatron (#3019)
• Updated translations with latest changes from Crowdin. (#3014)

girish

[1.15.3]

• Update BookStack to 21.10.3
• Release announcement
• Fixed path image file path traversal vulnerability. Thanks @theWorstComrade for reporting. (#3030)
• Prevented HTML attachments being served inline. Thanks @theWorstComrade for reporting. (#3027)
• Updated translations from latest Crowdin changes. (#3023)

nebulon

[1.16.0]

• Update BookStack to 21.11
• Release announcement

girish

[1.16.1]

• Update BookStack to 21.11.1
• Release announcement
• Added custom command support to the logical theme system. (#3072)
• Added support for prefers-contrast media setting to increase contrast in faded areas when active. (#2634)
• Updated TOTP confirmation view to autofocus on code input. Thanks to @raccettura. (#3068)
• Updated translations with latest changes from Crowdin. (#3057)
• Updated any links on homepage lists to be more obvious & accessible. (#3046)
• Fixed faulty page navigation links when headers are nested within other content. Thanks to @Julesdevops. (#3069, #3058)

girish

[1.16.2]

• Update BookStack to 21.11.2
• Release announcement
• This is a security release that address a couple of vulnerabilities relating to API access and page draft related content visibility
• Fixed issue with greater-than-expected visibility on page-draft-related items. Thanks @Haxatron for reporting. (#3086)
• Fixed issue where public API access was not limited by system public control in certain conditions. (#3091)

girish

[1.16.3]

• Update BookStack to 21.11.3
• Release announcement
• This is a security release that helps prevent potential discovery and harvesting of user details including name and email address.
• Helped prevent discovery and harvesting of user information. Thanks @Haxatron for reporting. (#3108)
• Updated search API results to include the highlighted preview content. (#3096)
• Updated search API results to include item URL. (#3080)

girish

[1.17.0]

• Update BookStack to 21.12
• Release announcement
• Added webhooks. (#147, #3099)
• Added ability to copy books, chapters & roles. (#3118, #1123)
• Added audit log IP address search. Thanks to @johnroyer. (#3081)
• Updated translations with latest Crowdin changes. (#3117)
• Fixed issue where non-ascii content could break search result previews. Thanks to @Kristian-Krastev. (#3113)
• Fixed mismatched password validation rules across the application. (#2237)

nebulon

[1.17.1]

• Update BookStack to 21.12.1
• Release announcement
• Security Release

nebulon

[1.17.2]

• Update BookStack to 21.12.2
• Release announcement
• Improved handling of uploaded images when thumbnails fail to load. (#3142)
• Updated translations with latest Crowdin changes. (#3148)
• Fixed issue where webhooks would error for specific recycle bin operations. (#3154)
• Fixed Spanish invite email subject translation. Thanks to @AitorMatxi. (#3153)
• Fixed issue where custom homepage could cause strange deletion behavior and lead to errors. (#3150)

nebulon

[1.17.3]

• Update BookStack to 21.12.3
• Release announcement
• Updated user creation flow to not persist the user on invitation sending failure. Thanks to @Julesdevops. (#3179, #3174)
• Updated "Recently Updated Pages" view to show update author and date. Thanks to @Julesdevops. (#3177, #3045)
• Updated translations with latest Crowdin changes. (#3158)
• Updated PDF page export image display to help fix image sizing issues again. (#3120)
• Updated "Recently Updated Pages" view to show parent context chain. (#3183)
• Fixed potential errors in revision diff view when multi-byte characters are used. (#3170)
• Fixed duplicate display in image gallery when uploading multiple images at once. (#3160)
• Fixed inaccurate markdown editor cursor position upon sidebar usage. (#3186)

nebulon

[1.17.4]

• Update BookStack to 21.12.4
• Release announcement
• Added --external-auth-id option to the bookstack:create-admin command for use with LDAP/SAML2/OIDC instances. (#3222)
• Added the ability select preferred language when creating a new user. (#2408, #2576)
• Added configuration option for PDF export page size. (#995)
• Updated 503 error view to simplify and prevent thrown errors. Thanks to @Julesdevops. (#3210, #3205)
• Updated translations with latest Crowdin changes. (#3214)
• Fixed mis-represented default registration role and allowed disabling of this option. (#3220, #2338)
• Fixed OIDC autodiscovery when keys are provided in a certain format, as provided by Azure. (#3206)

nebulon

[1.17.5]

• Update BookStack to 21.12.5
• Release announcement
• Added text for "file" validation messages to provide better responses in Attachment API validation failures. (#3248)
• Fixed WYSIWYG editor code block creation across mulitple lines and block elements. Thanks to @Julesdevops. (#3246, #3200)
• Fixed markdown image data URI extraction failing on large images due to regex match limits. (#3249)
• Updated translations with latest Crowdin changes. (#3225)

nebulon

[1.18.0]

• Update BookStack to 22.02
• Release announcement
• Added collapsible content blocks support to the WYSIWYG editor. (#78, #3260)
• Added translation support to the WYSIWYG editor. (#1838)
• Added user management API endpoints. (#3238, #1363, #2701)
• Changed minimum PHP version from 7.3 to 7.4. (#3245, #3152)
• Updated translations with latest Crowdin changes. (#3258, #3251, #3259)
• Updated Korean translations. Thanks to @ististyle. (#3256)
• Updated TinyMCE WYSIWYG editor to the latest version. (#3247)
• Improved PDF export rendering of images within tables. (#3190)
• Fixed potential web console error message when loading the editor. (#2461)
• Fixed issue where OIDC token failures would not be shown to the user. (#3264)
• Fixed issue where the editor could jump-scroll to the top after format change on FireFox (#2692)

nebulon

[1.18.1]

• Update BookStack to 22.02.1
• Release announcement
• Updated editor references to avoid caching issue that would prevent WYSIWYG editor from opening. (#3293)
• Updated code blocks within the editor to be more reliable, especially on first insertion. (#3292)
• Updated translations with latest changes from Crowdin. (#3291)

nebulon

[1.18.2]

• Update BookStack to 22.02.2
• Release announcement
• Added cache breaker to WYSIWYG onward loading to prevent plugin errors appearing if cached. (#3303)
• Updated translations with latest Crowdin changes. (#3301)
• Updated sidebar fade to be more subtle when in dark mode. (#3203)
• Fixed WYISWYG editor issue where blank lines would collapse. (#3302)