2 categories = ["Releases"]
4 title = "BookStack Security Release v21.08.2"
5 date = 2021-09-04T14:12:36Z
7 image = "/images/blog-cover-images/unsplash/lock-hudsoncrafted.jpg"
8 slug = "bookstack-release-v21-08-2"
12 BookStack v21.08.2 has been released. This security release is intended to cover a couple of XSS
13 vulnerabilities, where a malicious user with page edit access could enter script that would execute
14 upon page view. You should update as soon as possible if you allow untrusted users to edit content
17 In addition, this releases expands the [CSP headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP)
18 set by BookStack to help avoid any similar vulnerabilities from being effective going forward.
19 If you've performed some more advanced customizations on your instance, they may need to be altered
20 to work with the built-in CSP system. Feel free to contact me via the channels listed below for any assistance
23 * [Update instructions](https://www.bookstackapp.com/docs/admin/updates)
24 * [GitHub release page](https://github.com/BookStackApp/BookStack/releases/tag/v21.08.2)
27 ### For more information
29 If you have any questions or comments about this advisory:
30 * Open an issue in [the BookStack GitHub repository](https://github.com/BookStackApp/BookStack/issues).
31 * Ask on the [BookStack Discord chat](https://discord.gg/ztkBqR2).
32 * Follow the [BookStack Security Advice](https://github.com/BookStackApp/BookStack#-security) to contact someone privately.
36 <span style="font-size: 0.8em;opacity:0.9;">Header Image Credits: <span>Photo by <a href="https://unsplash.com/@hudsoncrafted?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Debby Hudson</a> on <a href="https://unsplash.com/?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a></span></span>
projects / website / blob