]> BookStack Code Mirror - website/blob - content/blog/2021/security-release-v21-08-5.md
projects / website / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Actualiser content/docs/admin/installation.md
[website] / content / blog / 2021 / security-release-v21-08-5.md
1 +++
2 categories = ["Releases"]
3 tags = ["Releases"]
4 title = "BookStack Security Release v21.08.5"
5 date = 2021-10-08T20:53:08Z
6 author = "Dan Brown"
7 image = "/images/blog-cover-images/unsplash/lock-calina.jpg"
8 slug = "bookstack-release-v21-08-5"
9 draft = false
10 +++
11
12 BookStack v21.08.5 has been released. This is a security release that covers a vulnerability
13 which would allow malicious users, who have permission to update or create pages, to load content
14 from files stored within the `storage/` or `public/` directories (Such as application logs) via the
15 page HTML export system.
16
17 If you allow untrusted users to edit page content you should update as soon as possible.
18
19 This release also changes the way browser response caching is performed, while logged in, 
20 to help prevent navigating back to confidential content after logout.
21
22 * [Update instructions](https://www.bookstackapp.com/docs/admin/updates)
23 * [GitHub release page](https://github.com/BookStackApp/BookStack/releases/tag/v21.08.5)
24
25 ### Additional Changes
26
27 - Added concurrent page editing warnings upon draft save events. Thanks to [@MatthieuParis](https://github.com/BookStackApp/BookStack/pull/2877) ([#2877](https://github.com/BookStackApp/BookStack/pull/2877))
28 - Updated translations with the latest changes from Crowdin. ([#2953](https://github.com/BookStackApp/BookStack/pull/2953))
29
30 ### For more information
31
32 If you have any questions or comments about this advisory:
33 * Open an issue in [the BookStack GitHub repository](https://github.com/BookStackApp/BookStack/issues).
34 * Ask on the [BookStack Discord chat](https://discord.gg/ztkBqR2).
35 * Follow the [BookStack Security Advice](https://github.com/BookStackApp/BookStack#-security) to contact someone privately.
36
37 ----
38
39 <span style="font-size: 0.8em;opacity:0.9;">Header Image Credits: <span>Photo by <a href="https://unsplash.com/@calina?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText">Georg Bommeli</a> on <a href="https://unsplash.com/?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText">Unsplash</a></span></span>
The source for the BookStack website, docs and blog.