linuxserver/docker-bookstack v21.11.2-ls172

on GitHub

LinuxServer Changes:

Rebase to Alpine 3.14.

bookstack Changes:

Security Release

• Update Instructions
• Update details on blog

BookStack v21.11.2 has been released.
This is a security release that address a couple of vulnerabilities relating to API access and page draft related content visibility:

• If the "Public" role was provided API access then the API could be accessed, in certain scenarios by non-authenticated users even if the "Allow public access" setting was disabled.
• In some specific scenarios, content related to page drafts (Such as attachments) could be visible to non-owners (Whom would have permission to view the page if saved as a non-draft at that point).

It's advised to upgrade as soon as possible if the API has been enabled for roles within your instance or if draft page content visibility could be a security concern for you.

Full List of Changes

• Fixed issue with greater-than-expected visibility on page-draft-related items. Thanks @Haxatron for reporting. (#3086)
• Fixed issue where public API access was not limited by system public control in certain conditions. (#3091)
• Updated translations from latest Crowdin changes. (#3076)