Security Release
BookStack v25.12.9 has been released.
This is a security release to address a vulnerability where style code in page content could be used to manipulate the page beyond the expected content area in some revision views, opening up risk of potential phishing and/or tracking by bad page editors.
We advise that you update your instance if you allow untrusted users to create or edit pages.
Thanks to Alex Dan (@windbreaker555 on GitHub) for their responsible discovery and reporting of this issue.
Full List of Changes
- Updated page revision diffs to use content filtering.
- Updated preference change redirect with stronger origin checks.
- Updated application PHP dependencies.