]> BookStack Code Mirror - website/blob - content/blog/2021/security-release-v21-10-2.md
projects / website / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Switched discord/mastodon links to site redirects
[website] / content / blog / 2021 / security-release-v21-10-2.md
1 +++
2 categories = ["Releases"]
3 tags = ["Releases"]
4 title = "BookStack Security Release v21.10.2"
5 date = 2021-10-28T15:00:08Z
6 author = "Dan Brown"
7 image = "/images/blog-cover-images/unsplash/lock-chepe-nicoli.jpg"
8 slug = "bookstack-release-v21-10-2"
9 draft = false
10 +++
11
12 BookStack v21.10.2 has been released. This is a security release that builds upon changes
13 in v21.10.1 which covers a vulnerability which would allow malicious users, who have
14 permission to update or create pages, to upload content that could then be utilized
15 for phishing or other general malicious intent.
16
17 If you allow untrusted users to edit page content you should update as soon as possible.
18
19 * [Update instructions](https://www.bookstackapp.com/docs/admin/updates)
20 * [GitHub release page](https://github.com/BookStackApp/BookStack/releases/tag/v21.10.2)
21
22
23 ### Full List of Changes
24
25 * Made further fixes to address image upload vulnerability. Thanks again to @haxatron ([#3019](https://github.com/BookStackApp/BookStack/issues/3019))
26 * Updated translations with latest changes from Crowdin. ([#3014](https://github.com/BookStackApp/BookStack/pull/3014))
27
28
29 ### For More Information
30
31 If you have any questions or comments about this advisory:
32 * Open an issue in [the BookStack GitHub repository](https://github.com/BookStackApp/BookStack/issues).
33 * Ask on the [BookStack Discord chat](https://www.bookstackapp.com/links/discord).
34 * Follow the [BookStack security policy](https://github.com/BookStackApp/BookStack/blob/development/.github/SECURITY.md) to contact someone privately.
35
36 ----
37
38 <span style="font-size: 0.8em;opacity:0.9;">Header Image Credits: <span>Photo by <a href="https://unsplash.com/@nicoli_?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText">Chepe Nicoli</a> on <a href="https://unsplash.com/?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText">Unsplash</a></span></span>
The source for the BookStack website, docs and blog.