BookStack Code Mirror - website/blob - content/blog/security-release-v23-01-1.md

   1 +++
   2 categories = ["Releases"]
   3 tags = ["Releases"]
   4 title = "BookStack Security Release v23.01.1"
   5 date = 2023-02-02T12:25:00Z
   6 author = "Dan Brown"
   7 image = "/images/blog-cover-images/fence-bird-james-wainscoat.jpg"
   8 slug = "bookstack-release-v23-01-1"
   9 draft = false
  10 +++
  11
  12 BookStack v23.01.1 has been released.
  13 This is a security release that addresses a potential vulnerability in PDF generation that could
  14 be used to make server-side requests or run potential other PHP code.
  15
  16 Upgrade is advised where untrusted users have permission to create page content in your instance.
  17
  18 From testing, it appears that successful exploitation of this would require either the disabling
  19 of BookStack default security options, or access to the host machine system, but out of caution
  20 we're advising upgrade in any environment as specified above.
  21
  22 * [Update instructions](https://www.bookstackapp.com/docs/admin/updates)
  23 * [GitHub release page](https://github.com/BookStackApp/BookStack/releases/tag/v23.01.1)
  24
  25
  26 ### Full List of Changes
  27
  28 * Updated pdf library to address vulnerability. ([#4010](https://github.com/BookStackApp/BookStack/pull/4010))
  29 * Updated translations with latest Crowdin changes. ([#4008](https://github.com/BookStackApp/BookStack/pull/4008))
  30 * Fixed missing default 180px icon. ([#4006](https://github.com/BookStackApp/BookStack/issues/4006))
  31
  32 ### For More Information
  33
  34 If you have any questions or comments about this advisory:
  35 * Open an issue in [the BookStack GitHub repository](https://github.com/BookStackApp/BookStack/issues).
  36 * Ask on the [BookStack Discord chat](https://discord.gg/ztkBqR2).
  37 * Follow the [BookStack security policy](https://github.com/BookStackApp/BookStack/blob/development/.github/SECURITY.md) to contact someone privately.
  38
  39 ----
  40
  41 <span style="font-size: 0.8em;opacity:0.9;">Header Image Credits: <span>Photo by <a href="https://unsplash.com/es/@tumbao1949?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">James Wainscoat</a> on <a href="https://unsplash.com/photos/FrO3s74-3Nk?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a>
  42   </span></span>