Skip to content

BookStack Beta v0.29.2

Choose a tag to compare

View all tags
@ssddanbrown ssddanbrown released this 02 May 10:57
v0.29.2
This tag was signed with the committer’s verified signature.
ssddanbrown Dan Brown
GPG key ID: 46D9F943C24A2EF9
Verified
Learn about vigilant mode.
04ecc12
This commit was signed with the committer’s verified signature.
ssddanbrown Dan Brown
GPG key ID: 46D9F943C24A2EF9
Verified
Learn about vigilant mode.

Security Release

This release addresses vulnerabilities in the comment system. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the comment. Through this vulnerability custom JavaScript code could be injected and therefore ran on other user machines.

This most impacts scenarios where not-trusted users are given permission to create comments.

After upgrading, The command php artisan bookstack:regenerate-comment-content should be ran to remove any pre-existing dangerous content.

Assets 2
Loading