]> BookStack Code Mirror - website/blob - content/blog/security-release-v21-10-1.md
projects / website / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Update filesystem-permissions.md
[website] / content / blog / security-release-v21-10-1.md
1 +++
2 categories = ["Releases"]
3 tags = ["Releases"]
4 title = "BookStack Security Release v21.10.1"
5 date = 2021-10-27T11:30:08Z
6 author = "Dan Brown"
7 image = "/images/blog-cover-images/lock-muhammad-zaqy-al-fattah.jpg"
8 slug = "bookstack-release-v21-10-1"
9 draft = false
10 +++
11
12 BookStack v21.10.1 has been released. This is a security release that covers a vulnerability
13 which would allow malicious users, who have permission to update or create pages, to upload
14 content that could then be utilized for phishing or other general malicious intent.
15
16 If you allow untrusted users to edit page content you should update as soon as possible.
17
18 * [Update instructions](https://www.bookstackapp.com/docs/admin/updates)
19 * [GitHub release page](https://github.com/BookStackApp/BookStack/releases/tag/v21.10.1)
20
21 Thanks to @haxatron on [huntr.dev](https://huntr.dev/) for the discovery and reporting of this issue.
22
23 ### Full List of Changes
24
25 * Fixed image upload vulnerability. Thanks to @haxatron ([#3010](https://github.com/BookStackApp/BookStack/issues/3010))
26 * Fixed capitalization for Estonian language option. Thanks to [@IndrekHaav](https://github.com/BookStackApp/BookStack/pull/3008). ([#3008](https://github.com/BookStackApp/BookStack/pull/3008))
27 * Updated PHP packages to prevent abandoned warning. ([#3007](https://github.com/BookStackApp/BookStack/issues/3007))
28 * Updated translations with latest changes from Crowdin. ([#3006](https://github.com/BookStackApp/BookStack/pull/3006))
29
30
31 ### For More Information
32
33 If you have any questions or comments about this advisory:
34 * Open an issue in [the BookStack GitHub repository](https://github.com/BookStackApp/BookStack/issues).
35 * Ask on the [BookStack Discord chat](https://discord.gg/ztkBqR2).
36 * Follow the [BookStack security policy](https://github.com/BookStackApp/BookStack/blob/development/.github/SECURITY.md) to contact someone privately.
37
38 ----
39
40 <span style="font-size: 0.8em;opacity:0.9;">Header Image Credits: <span>Photo by <a href="https://unsplash.com/@dizzydizz?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText">Muhammad Zaqy Al Fattah</a> on <a href="https://unsplash.com/?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText">Unsplash</a></span></span>
The source for the BookStack website, docs and blog.