github BookStackApp/BookStack v21.10.3
BookStack v21.10.3

latest releases: v24.10.2, v24.10.1, v24.10...
3 years ago

Security Release

BookStack v21.10.3 has been released. This is a security release that address a couple of vulnerabilities within the attachment and image
serving mechanisms. The attachment vulnerability could result in users uploading content to be served in a way that can be utilized for phishing. The image serving vulnerability could result in unintended file access within your BookStack storage folder.

If you allow untrusted users to login or upload attachments you should update as soon as possible.

Full List of Changes

  • Updated AzureAD login library to work with the new Microsoft Graph API. (#3028)
  • Fixed path image file path traversal vulnerability. Thanks @theWorstComrade for reporting. (#3030)
  • Prevented HTML attachments being served inline. Thanks @theWorstComrade for reporting. (#3027)
  • Updated translations from latest Crowdin changes. (#3023)

Don't miss a new BookStack release

NewReleases is sending notifications on new releases.