LinuxServer Changes:
Rebase to alpine 3.12. Fix APP_URL setting. Bump php post max and upload max filesizes to 100MB by default.
bookstack Changes:
Security Release
- Update Instructions
- Vulnerability Report: Server Side Request Forgery Through Content Exports
- Update details on blog
Phishing and and server-side request forgery vulnerabilities have been found within BookStack. Release v0.30.5 will remove this server-side request forgery issue while bringing updated wording and advisories to prevent the potential phishing vulnerability. You should ensure you've set the APP_URL
option in your .env
file to prevent likelihood of the phishing attack. Please view the above report or blogpost links for more detail.