LinuxServer Changes:
Rebase to Alpine 3.14.
bookstack Changes:
Links
Upgrade Notices
- Config & Administration - The introduction of multi-factor authentication brings the first use of encryption in the platform.
This uses theAPP_KEY
value in your.env
file. Ensure you have this stored safely since it would be required if you ever
restore/migrate your instance to another system. - Security/Exports - During this release cycle it was highlighted that server-side request forgery could be achieved via the
PDF export system. External fetching in the default PDF renderer has been disabled by default. The WKHTMLtoPDF renderer will now
not be used if active. Either of these changes can be overridden by settingALLOW_UNTRUSTED_SERVER_FETCHING=true
in your.env
file.
This should only be used were only trusted users can create and export content. To support this we've added permissions that allow disabling of exports per role. - Security/Authentication - A slight change was made in relation to how email addresses are confirmed. Email confirmations are now primarily checked at point-of-login rather
than being checked on every request. Enabling email confirmation, or email domain restrictions, may no longer take action on unconfirmed users right away in the future.
Full List of Changes
- Added multi-factor authentication system. (#2827, #1118)
- Added the ability to export content as Markdown. Thanks to @nikhiljha. (#2115, #1717)
- Added role permissions for exporting content. (#2899, #1251)
- Added an advisory notice on the shelf permissions page regarding the lack of cascade. (#2876)
- Added Lithuanian language translations. Thanks to @ffranchina. (#2868)
- Added item parent link in recycle bin restore to make parent item restore easier. Thanks to @arjvand. (#2682, #2594)
- Added some core opengraph tags to content. Thanks to @james-geiger. (#2393, #2348)
- Updated blade views to be more consistent and follow a documented convention. (#2805)
- Fixed markdown blockquotes not rendering correctly in preview. (#2858, #2837)
- Fixed issue on API where page updates can remove HTML. (#2856)
- Fixed inconsistency in list display and nesting. (#2854)
- Standardised styling of the codebase. (#2820)