From: Dan Brown <redacted>
Date: Mon, 26 Feb 2024 12:05:54 +0000 (+0000)
Subject: Added v23.12.3 security release post
X-Git-Url: http://source.bookstackapp.com/website/commitdiff_plain/83a9df6de567a98d3cc4ee325e262fc4de067a17

Added v23.12.3 security release post
---

diff --git a/content/blog/2024/security-release-v23-12-3.md b/content/blog/2024/security-release-v23-12-3.md
new file mode 100644
index 0000000..f0072f6
--- /dev/null
+++ b/content/blog/2024/security-release-v23-12-3.md
@@ -0,0 +1,35 @@
++++
+categories = ["Releases"]
+tags = ["Releases"]
+title = "BookStack Security Release v23.12.3"
+date = 2024-02-26T12:00:00Z
+author = "Dan Brown"
+image = "/images/blog-cover-images/unsplash/fence-duong-chung.jpg"
+slug = "bookstack-release-v23-12-3"
+draft = false
++++
+
+BookStack v23.12.3 has been released.
+This is a security release that addresses a vulnerability in PDF generation
+that could be exploited to perform blind server-side-request forgery.
+
+Upgrade is advised where untrusted users have permission to create/edit/update page
+content in your instance.
+
+* [Update instructions](https://www.bookstackapp.com/docs/admin/updates)
+* [GitHub release page](https://github.com/BookStackApp/BookStack/releases/tag/v23.12.3)
+
+### Full List of Changes
+
+* Updated PHP dependencies, primarily to update php-svg-lib package.
+
+### For More Information
+
+If you have any questions or comments about this advisory:
+* Open an issue in [the BookStack GitHub repository](https://github.com/BookStackApp/BookStack/issues).
+* Ask on the [BookStack Discord chat](https://discord.gg/ztkBqR2).
+* Follow the [BookStack security policy](https://github.com/BookStackApp/BookStack/blob/development/.github/SECURITY.md) to contact someone privately.
+
+----
+
+<span style="font-size: 0.8em;opacity:0.9;">Header Image Credits: <span>Photo by <a href="https://unsplash.com/@chungharu?utm_content=creditCopyText&utm_medium=referral&utm_source=unsplash">duong chung</a> on <a href="https://unsplash.com/photos/selective-focus-photography-of-wooden-fence-3QDe3kGZjXY?utm_content=creditCopyText&utm_medium=referral&utm_source=unsplash">Unsplash</a></span></span>
\ No newline at end of file
diff --git a/static/images/blog-cover-images/unsplash/fence-duong-chung.jpg b/static/images/blog-cover-images/unsplash/fence-duong-chung.jpg
new file mode 100644
index 0000000..33437f4
--- /dev/null
+++ b/static/images/blog-cover-images/unsplash/fence-duong-chung.jpg
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:61a45be805ab601b45be5f3840c2c5902712b3485b9f04ce3e8a05daaa19d0a6
+size 396761