BookStack v22.03.1

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Fixed issue where /settings redirect would lead to wrong location in some scenarios. (#3356)
• Fixed non-active prevention of custom HTML head content on settings views. (#3355)
• Updated translations with latest Crowdin changes. (#3354)
• Updated project PHP dependencies.

BookStack v22.03

Links

• Update instructions
• Update details on blog

Upgrade Notices

• Webhook Data Changes - Properties found at the related_item -> created_by/updated_by/owned_by path of the webhook data will now be an object instead of an ID integer. If you were using these ids you'd now need to access them within the relevant objects. (For example related_item.created_by.id).

Full List of Changes

• Added support for checkbox tasklists in the WYSIWYG editor. (#3333, #4)
• Added WYSIWYG control to remove & edit links. (#3276, #3298)
• Added WYSIWYG Ctrl+Shift+K shortcut to show entity selector popup shortcut in WYSIWYG editor. (#3244, #3298)
• Added LDAP user group debugging option. (#3345)
• Added support for the Basque language. (#3296)
• Updated settings view with a re-organized layout for a less confusing user experience. (#3349, #3221)
• Updated code block rendering in WYSIWYG to help prevent scroll jumping upon undo/redo. (#3326)
• Updated translations with latest Crowdin updates. (#3320)
• Updated webhook data to include details of page/chapter/shelf/book creator/updater/owner. (#3279)
• Updated webhook data to include revision details on page_update and page_create events. (#3218)
• Fixed lack of translation support for some editor buttons. (#3342)
• Fixed incorrect page concatenation in book markdown export. (#3341)
• Fixed usage of <br> tags within code blocks instead of newlines when using the WYSIWYG editor. (#3327)
• Fixed image thumbnail generation not taking EXIF rotation data into account. (#1854)

BookStack v22.02.3

Security Release

• Update Instructions
• Update details on blog

This is a security release that adds better protections against embedded content that could be used in malicious ways. This effectively restricts embedded iframe content in an allow-list approach.

A new ALLOWED_IFRAME_SOURCES option has been added to provide configuration of allowed embed/iframe sources within BookStack pages, and this defaults to a couple of popular services such as YouTube and Vimeo.

Please see this link for more detail regarding this option:

• https://www.bookstackapp.com/docs/admin/security/#iframe-src-control
  • ("Iframe Source Control" section)

It's advised to upgrade as soon as possible if untrusted users can create or update pages within your BookStack instance.

Thanks to @416e6e61 (Anna) for discovering and reporting this vulnerability via huntr.dev.

Full List of Changes

• Added iframe allow-list control to prevent a range of malicious uses of untrusted iframe sources. (#3314)
• Updated translations with latest Crowdin changes. (#3312)

BookStack v22.02.2

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Added cache breaker to WYSIWYG onward loading to prevent plugin errors appearing if cached. (#3303)
• Updated translations with latest Crowdin changes. (#3301)
• Updated sidebar fade to be more subtle when in dark mode. (#3203)
• Fixed WYISWYG editor issue where blank lines would collapse. (#3302)

BookStack v22.02.1

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Updated editor references to avoid caching issue that would prevent WYSIWYG editor from opening. (#3293)
• Updated code blocks within the editor to be more reliable, especially on first insertion. (#3292)
• Updated translations with latest changes from Crowdin. (#3291)

BookStack v22.02

Links

• Update instructions
• Update details on blog

Upgrade Notices

• PHP Requirements Change - The minimum required version of PHP has changed from 7.3 to 7.4.

Full List of Changes

• Added collapsible content blocks support to the WYSIWYG editor. (#78, #3260)
• Added translation support to the WYSIWYG editor. (#1838)
• Added user management API endpoints. (#3238, #1363, #2701)
• Changed minimum PHP version from 7.3 to 7.4. (#3245, #3152)
• Updated translations with latest Crowdin changes. (#3258, #3251, #3259)
• Updated Korean translations. Thanks to @ististyle. (#3256)
• Updated TinyMCE WYSIWYG editor to the latest version. (#3247)
• Improved PDF export rendering of images within tables. (#3190)
• Fixed potential web console error message when loading the editor. (#2461)
• Fixed issue where OIDC token failures would not be shown to the user. (#3264)
• Fixed issue where the editor could jump-scroll to the top after format change on FireFox (#2692)

BookStack v21.12.5

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Added text for "file" validation messages to provide better responses in Attachment API validation failures. (#3248)
• Fixed WYSIWYG editor code block creation across mulitple lines and block elements. Thanks to @Julesdevops. (#3246, #3200)
• Fixed markdown image data URI extraction failing on large images due to regex match limits. (#3249)
• Updated translations with latest Crowdin changes. (#3225)

BookStack v21.12.4

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Added --external-auth-id option to the bookstack:create-admin command for use with LDAP/SAML2/OIDC instances. (#3222)
• Added the ability select preferred language when creating a new user. (#2408, #2576)
• Added configuration option for PDF export page size. (#995)
• Updated 503 error view to simplify and prevent thrown errors. Thanks to @Julesdevops. (#3210, #3205)
• Updated translations with latest Crowdin changes. (#3214)
• Fixed mis-represented default registration role and allowed disabling of this option. (#3220, #2338)
• Fixed OIDC autodiscovery when keys are provided in a certain format, as provided by Azure. (#3206)
• Development change: The default development branch name is now development instead of master. (#3195)

BookStack v21.12.3

Links

• Update instructions

Upgrade Notices

• Composer Version Requirement Change - Composer v2.0 or greater is now required to install or update BookStack.
  • You can check your composer version by running composer -V.
  • You can often update composer by running sudo composer self-update
    • (Or you may be prompted to run sudo composer self-update --2).
  • If you're using a system-supplied composer package you may need to first uninstall that (eg. sudo apt remove composer) then follow the composer download documentation to get the latest version.
    • Take notice of the sudo mv composer.phar /usr/local/bin/composer command shown in the documentation to install composer globally for easier usage.

Full List of Changes

This release contains the following fixes and changes:

• Updated development docker environment with xdebug support. Thanks to @Julesdevops. (#3193)
• Updated user creation flow to not persist the user on invitation sending failure. Thanks to @Julesdevops. (#3179, #3174)
• Updated "Recently Updated Pages" view to show update author and date. Thanks to @Julesdevops. (#3177, #3045)
• Updated translations with latest Crowdin changes. (#3158)
• Updated PDF page export image display to help fix image sizing issues again. (#3120)
• Updated "Recently Updated Pages" view to show parent context chain. (#3183)
• Fixed potential errors in revision diff view when multi-byte characters are used. (#3170)
• Fixed duplicate display in image gallery when uploading multiple images at once. (#3160)
• Fixed inaccurate markdown editor cursor position upon sidebar usage. (#3186)

BookStack v21.12.2

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Improved handling of uploaded images when thumbnails fail to load. (#3142)
• Updated translations with latest Crowdin changes. (#3148)
• Fixed issue where webhooks would error for specific recycle bin operations. (#3154)
• Fixed Spanish invite email subject translation. Thanks to @AitorMatxi. (#3153)
• Fixed issue where custom homepage could cause strange deletion behavior and lead to errors. (#3150)