Added v24.10.2 post

[website] / content / blog / 2024 / security-release-v24-10-2.md

+++
categories = ["Releases"]
tags = ["Releases"]
title = "BookStack Security Release v24.10.2"
date = 2024-11-13T12:00:00Z
author = "Dan Brown"
image = "/images/blog-cover-images/cc-by-sa-4/fence2-dietmar-rabich.jpg"
slug = "bookstack-release-v24-10-2"
draft = false
+++

BookStack v24.10.2 has been released.

This is a security release to address a vulnerability in our dependencies where specifically formatted requests could be used to manipulate application configuration in environments where a certain PHP option (register_argc_argv) is enabled. This is not an option that's typically enabled in production web-serving environments, but it's advised to update where uncertain.

* [Update instructions](https://www.bookstackapp.com/docs/admin/updates)
* [GitHub release page](https://github.com/BookStackApp/BookStack/releases/tag/v24.10.2)

### Full List of Changes

* Updated application PHP dependencies.
* Updated translations with latest Crowdin changes. ([#5317](https://github.com/BookStackApp/BookStack/pull/5317))

### For More Information

If you have any questions or comments about this advisory:
* Open an issue in [the BookStack GitHub repository](https://github.com/BookStackApp/BookStack/issues).
* Ask on the [BookStack Discord chat](https://discord.gg/ztkBqR2).
* Follow the [BookStack security policy](https://github.com/BookStackApp/BookStack/blob/development/.github/SECURITY.md) to contact someone privately.

----

<span style="font-size: 0.8em;opacity:0.9;">Header Image Credits: <span>Photo by <a href="https://commons.wikimedia.org/wiki/File:D%C3%BClmen,_Kirchspiel,_Wiese_in_der_Bauerschaft_B%C3%B6rnste_--_2016_--_1523-9.jpg">Dietmar Rabich (CC-BY-SA 4.0)</a> - Image Modified</span></span>