]> BookStack Code Mirror - website/blob - content/blog/2020/beta-security-release-v0-30-7.md
projects / website / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Script refresh, now compatible with RHEL 8.9 with PHP 8.1
[website] / content / blog / 2020 / beta-security-release-v0-30-7.md
1 +++
2 categories = ["Releases"]
3 tags = ["Releases"]
4 title = "Beta Security Release v0.30.7"
5 date = 2020-12-18T14:00:00Z
6 author = "Dan Brown"
7 image = "/images/blog-cover-images/unsplash/lock-aubrey-odom.jpg"
8 description = "In continuation of the patches in v0.30.6, BookStack v0.30.7 has been released to address an issue that could lead to restricted page content being made visible in exports."
9 slug = "beta-release-v0-30-7"
10 draft = false
11 +++
12
13
14 In continuation of the patches in v0.30.6, BookStack v0.30.7 has been released to address an issue that could lead to restricted page content being made visible in exports.
15 As with the last release, You should upgrade to this released as soon as possible if you make use of page-level permissions at all. Apologies for the frequency of security releases.
16
17 * [Update instructions](https://www.bookstackapp.com/docs/admin/updates)
18 * [GitHub release page](https://github.com/BookStackApp/BookStack/releases/tag/v0.30.7)
19
20
21 ### Impact
22
23 The content of pages made non-viewable to a user via permissions, within a visible parent, could be seen via the plaintext export option. Before v0.30.6 this would have applied only to scenarios where all pages within the chapter were made non-visible. In v0.30.6 this would make all pages within the chapter visible.
24
25 ### Patches
26
27 This has been patched in v0.30.7.
28
29 ### Workarounds
30
31 Please update. As a temporary workaround you could make parent chapters/books non accessible.
32
33 ### References
34
35 * [BookStack Beta v0.30.7](https://github.com/BookStackApp/BookStack/releases/tag/v0.30.7)
36 * [GitHub Issue #2414](https://github.com/BookStackApp/BookStack/issues/2414)
37
38 ### Attribution
39
40 A big thanks again to [@cdrfun](https://github.com/cdrfun) for [discovering and reporting](https://github.com/BookStackApp/BookStack/issues/2414) this issue.
41
42 ### For more information
43
44 If you have any questions or comments about this advisory:
45 * Open an issue in [the BookStack GitHub repository](https://github.com/BookStackApp/BookStack/issues).
46 * Ask on the [BookStack Discord chat](https://discord.gg/ztkBqR2).
47 * Follow the [BookStack Security Advice](https://github.com/BookStackApp/BookStack#-security) to contact someone privately.
48
49 ----
50
51 <span style="font-size: 0.8em;opacity:0.9;">Header Image Credits: <span>Photo by <a href="https://unsplash.com/@octoberroses?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText">Aubrey Odom</a> on <a href="https://unsplash.com/s/photos/lock?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText">Unsplash</a></span></span>
The source for the BookStack website, docs and blog.