categories = ["Releases"]
tags = ["Releases"]
title = "BookStack Security Release v23.10.3"
-date = 2023-11-20T12:00:00Z
+date = 2023-11-20T14:00:00Z
author = "Dan Brown"
image = "/images/blog-cover-images/unsplash/fence-squirrel-mitchell-orr.jpg"
slug = "bookstack-release-v23-10-3"
BookStack v23.10.3 has been released.
This is a security release that addresses a vulnerability in image handling which could be
exploited to perform server-side requests or read the contents of files on the server system.
+Additionally, this update addresses a lack of permission check in some image creation actions.
Upgrade is strongly advised where untrusted users have permission to create/edit/update page
content in your instance.
#### Updating to v23.10.3 or higher
-**Security** - v23.10.3 addresses a vulnerability relating to image handling which could be exploited, by users with the ability to create/edit/update page content, to perform server-side requests or read the contents of files on the server system.
+**Security** - v23.10.3 addresses a vulnerability relating to image handling which could be exploited, by users with the ability to create/edit/update page content, to perform server-side requests or read the contents of files on the server system. Additionally, this update addresses a lack of permission check in some image creation actions.
#### Updating to v23.10 or higher
projects / website / commitdiff