From: Dan Brown <redacted>
Date: Mon, 20 Nov 2023 13:48:00 +0000 (+0000)
Subject: Updated v23.10.3 info
X-Git-Url: http://source.bookstackapp.com/website/commitdiff_plain/630985a36e88f1b88a636cddf4529ceb912a744b

Updated v23.10.3 info
---

diff --git a/content/blog/2023/security-release-v23-10-3.md b/content/blog/2023/security-release-v23-10-3.md
index ed2bbc4..ff16144 100644
--- a/content/blog/2023/security-release-v23-10-3.md
+++ b/content/blog/2023/security-release-v23-10-3.md
@@ -2,7 +2,7 @@
 categories = ["Releases"]
 tags = ["Releases"]
 title = "BookStack Security Release v23.10.3"
-date = 2023-11-20T12:00:00Z
+date = 2023-11-20T14:00:00Z
 author = "Dan Brown"
 image = "/images/blog-cover-images/unsplash/fence-squirrel-mitchell-orr.jpg"
 slug = "bookstack-release-v23-10-3"
@@ -12,6 +12,7 @@ draft = false
 BookStack v23.10.3 has been released.
 This is a security release that addresses a vulnerability in image handling which could be
 exploited to perform server-side requests or read the contents of files on the server system.
+Additionally, this update addresses a lack of permission check in some image creation actions.
 
 Upgrade is strongly advised where untrusted users have permission to create/edit/update page
 content in your instance.
diff --git a/content/docs/admin/updates.md b/content/docs/admin/updates.md
index 8698742..1e8ff4b 100644
--- a/content/docs/admin/updates.md
+++ b/content/docs/admin/updates.md
@@ -43,7 +43,7 @@ the [GitHub releases page](https://github.com/BookStackApp/BookStack/releases).
 
 #### Updating to v23.10.3 or higher
 
-**Security** - v23.10.3 addresses a vulnerability relating to image handling which could be exploited, by users with the ability to create/edit/update page content, to perform server-side requests or read the contents of files on the server system.
+**Security** - v23.10.3 addresses a vulnerability relating to image handling which could be exploited, by users with the ability to create/edit/update page content, to perform server-side requests or read the contents of files on the server system. Additionally, this update addresses a lack of permission check in some image creation actions.
 
 #### Updating to v23.10 or higher