Skip to content

LinkAce

v2.5.6 Security

This release includes 3 security fixes for security teams reviewing exposed deployments.

Published 24d Productivity & Wikis
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 3 known CVEs

Topics

archive archiving bookmark-manager bookmark-managers bookmarking bookmarks
+4 more
docker laravel php self-hosted

Summary

AI summary

Users can no longer edit other users' entities, closing an access‑control vulnerability.

Full changelog

What's Changed

  • Security fixes:
    • Users are now prohibited from editing other users entities.
    • User names are now properly escaped in activity logs.
    • Line breaks are now disallowed in database configurations during the setup process.
  • LinkAce now provides a TRUSTED_HOSTS .env configuration variable that can be used to change which hostnames are allowed for accessing your instance.
  • There is now a debug command (php artisan debug) which shows essential configuration parameters.
  • Dependencies were updated.

Full Changelog: https://github.com/Kovah/LinkAce/compare/v2.5.5...v2.5.6

Security Fixes

  • Prohibit users from editing other users' entities – fixes unauthorized modification vulnerability
  • Properly escape user names in activity logs
  • Disallow line breaks in database configuration during setup
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track LinkAce

Get notified when new releases ship.

Sign up free

About LinkAce

LinkAce is a self-hosted archive to collect links of your favorite websites.

All releases →

Related context

Related tools

Beta — feedback welcome: [email protected]