From: Dan Brown <redacted>
Date: Mon, 20 May 2024 21:14:08 +0000 (+0100)
Subject: Prepared v24.05.1 security release post
X-Git-Url: http://source.bookstackapp.com/website/commitdiff_plain/3c2281413e25767a90a00635a3bfa0dd693536ed

Prepared v24.05.1 security release post

Also updated attribution format a little
---

diff --git a/content/blog/2024/security-release-v24-05-1.md b/content/blog/2024/security-release-v24-05-1.md
new file mode 100644
index 0000000..1863dcf
--- /dev/null
+++ b/content/blog/2024/security-release-v24-05-1.md
@@ -0,0 +1,42 @@
++++
+categories = ["Releases"]
+tags = ["Releases"]
+title = "BookStack Security Release v24.05.1"
+date = 2024-05-21T11:00:00Z
+author = "Dan Brown"
+image = "/images/blog-cover-images/cc-by-sa-4/padlocks-dietmar-rabich.jpg"
+slug = "bookstack-release-v24-05-1"
+draft = false
++++
+
+BookStack v24.05.1 has been released.
+This is a security release that adds extra rate-limiting to some forms that are accessible without authentication, while also implementing changes to prevent methods that could be used to indicate if specific user emails exist in the system.
+
+Upgrade is advised for instances accessible on the public web.
+
+* [Update instructions](https://www.bookstackapp.com/docs/admin/updates)
+* [GitHub release page](https://github.com/BookStackApp/BookStack/releases/tag/v24.05.1)
+
+### Full List of Changes
+
+* Updated PHP dependencies.
+* Updated routes with IP-based rate limiting. ([#4993](https://github.com/BookStackApp/BookStack/issues/4993))
+* Updated email confirmation flow to not require email submission form.
+* Updated translations with latest Crowdin changes. ([#4994](https://github.com/BookStackApp/BookStack/pull/4994))
+* Updated WYSIWYG alignment handling to also consider table `align` attributes. ([#5011](https://github.com/BookStackApp/BookStack/issues/5011))
+* Fixed attachment upload validation errors appearing as JSON. ([#4996](https://github.com/BookStackApp/BookStack/issues/4996))
+* Fixed incorrect notification preferences URL in email. Thanks to [@KiDxS](https://github.com/BookStackApp/BookStack/pull/5008). ([#5008](https://github.com/BookStackApp/BookStack/pull/5008), [#5005](https://github.com/BookStackApp/BookStack/issues/5005))
+* Fixed non-visible MFA setup titles in dark mode. ([#5018](https://github.com/BookStackApp/BookStack/issues/5018))
+* Fixed outdated path in visual theme system guidance. ([#4998](https://github.com/BookStackApp/BookStack/issues/4998))
+* Fixed potential cache permission issues by reverting cache location. ([#4999](https://github.com/BookStackApp/BookStack/issues/4999))
+
+### For More Information
+
+If you have any questions or comments about this advisory:
+* Open an issue in [the BookStack GitHub repository](https://github.com/BookStackApp/BookStack/issues).
+* Ask on the [BookStack Discord chat](https://discord.gg/ztkBqR2).
+* Follow the [BookStack security policy](https://github.com/BookStackApp/BookStack/blob/development/.github/SECURITY.md) to contact someone privately.
+
+----
+
+<span style="font-size: 0.8em;opacity:0.9;">Header Image Credits: <span>Photo by <a href="https://commons.wikimedia.org/wiki/File:San_Francisco_(CA,_USA),_Fisherman%27s_Wharf,_Liebesschl%C3%B6sser_--_2022_--_2873.jpg">Dietmar Rabich (CC-BY-SA 4.0)</a> - Image Modified</span></span>
\ No newline at end of file
diff --git a/static/images/blog-cover-images/cc-by-2/attribution.txt b/static/images/blog-cover-images/cc-by-2/attribution.txt
index c576076..c36a322 100644
--- a/static/images/blog-cover-images/cc-by-2/attribution.txt
+++ b/static/images/blog-cover-images/cc-by-2/attribution.txt
@@ -1,4 +1,4 @@
-Copyright Peter Trimming
 peter-trimming-squirrel.jpg
+Copyright Peter Trimming
 Source: https://www.flickr.com/photos/peter-trimming/31839968058/
 Image modified in usage.
\ No newline at end of file
diff --git a/static/images/blog-cover-images/cc-by-4/attribution.txt b/static/images/blog-cover-images/cc-by-4/attribution.txt
index 94a6c02..2846715 100644
--- a/static/images/blog-cover-images/cc-by-4/attribution.txt
+++ b/static/images/blog-cover-images/cc-by-4/attribution.txt
@@ -1,5 +1,5 @@
-Copyright Scott Wylie
 winter-gardens-scott-wylie.jpg
+Copyright Scott Wylie
 Source: https://commons.wikimedia.org/wiki/File:Stowe_Landscape_Gardens_Early_Winter_Morning_Frost_10.jpg
 Image modified from original (Cropped, resized, colours tweaked).
 
diff --git a/static/images/blog-cover-images/cc-by-sa-2/attribution.txt b/static/images/blog-cover-images/cc-by-sa-2/attribution.txt
index 4eb25a0..06e3cfd 100644
--- a/static/images/blog-cover-images/cc-by-sa-2/attribution.txt
+++ b/static/images/blog-cover-images/cc-by-sa-2/attribution.txt
@@ -1,4 +1,4 @@
-Copyright Steven Brown
 burnieside-steven-brown.jpg
+Copyright Steven Brown
 Source: https://www.geograph.org.uk/photo/7714511
 Image modified in usage.
\ No newline at end of file
diff --git a/static/images/blog-cover-images/cc-by-sa-3/attribution.txt b/static/images/blog-cover-images/cc-by-sa-3/attribution.txt
index 70ce72e..e56da14 100644
--- a/static/images/blog-cover-images/cc-by-sa-3/attribution.txt
+++ b/static/images/blog-cover-images/cc-by-sa-3/attribution.txt
@@ -1,4 +1,4 @@
-Copyright David Iliff
 seven-sisters-cliffs-david-iliff.jpg
+Copyright David Iliff
 Source: https://commons.wikimedia.org/wiki/File:Seven_Sisters_Panorama,_East_Sussex,_England_-_May_2009.jpg
 Image modified in usage, cropped and colouring altered.
\ No newline at end of file
diff --git a/static/images/blog-cover-images/cc-by-sa-4/attribution.txt b/static/images/blog-cover-images/cc-by-sa-4/attribution.txt
index 367d8a4..af9fbb7 100644
--- a/static/images/blog-cover-images/cc-by-sa-4/attribution.txt
+++ b/static/images/blog-cover-images/cc-by-sa-4/attribution.txt
@@ -1,5 +1,9 @@
 mountains-milan-baliÅ¡in.jpg
+Copyright Milan BaliÅ¡in
 Source: https://commons.wikimedia.org/wiki/File:Min%C4%8Dol_(vrch_v_%C4%8Cergove)_08.JPG
 Image modified in usage (Cropped and resized).
-
-
+---
+padlocks-dietmar-rabich.jpg
+Copyright Dietmar Rabich
+Source: https://commons.wikimedia.org/wiki/File:San_Francisco_(CA,_USA),_Fisherman%27s_Wharf,_Liebesschl%C3%B6sser_--_2022_--_2873.jpg
+Image modified in usage (Cropped and resized).
\ No newline at end of file
diff --git a/static/images/blog-cover-images/cc-by-sa-4/padlocks-dietmar-rabich.jpg b/static/images/blog-cover-images/cc-by-sa-4/padlocks-dietmar-rabich.jpg
new file mode 100644
index 0000000..c7708bd
--- /dev/null
+++ b/static/images/blog-cover-images/cc-by-sa-4/padlocks-dietmar-rabich.jpg
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4aca2dbdc1aeafdd3e769d1731262ce07593cc4854ef245f91efa3cb5c59b98a
+size 381029
