BookStack
Productivity & WikisA platform to create documentation/wiki content built with PHP & Laravel
Features
- Opinionated documentation platform with simple out‑of‑the‑box experience
- Intuitive interface requiring only basic word‑processing skills for contributors
- Provides advanced power features without compromising core simplicity
Recent releases
View all 15 releases →
v26.03.4
Security relevant
Security fixes
- Improved attachment-related permission checks
- URL validation for webhooks to prevent escaping workarounds
Full changelog
Security Release
This is a security release to improve attachment related permission checks, and URL validation for webhooks.
Upgrade is advised if you allow untrusted users to delete attachments, or if untrusted users have permission to create webhooks on instances which make use of the ALLOWED_SSR_HOSTS BookStack env file option.
Thanks to 404_pkj (GitHub) and naruhodoowl (GitHub) for responsibly reporting these issues.
Full List of Changes
- Updated PHP package versions.
- Updated attachment actions to align page access check.
- Updated URL validation in webhooks to help prevent escaping workarounds.
- Fixed issue where exact search term negation would lead to no results. (#6121)
v26.03.2
Security relevant
Security fixes
- Registration form could be manipulated to gain access to additional roles
v26.03.1
Security relevant
Security fixes
- Hidden page content visible during markdown exports due to permission bypass
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
About
Stars
18,804
Forks
2,384
Languages
PHP
TypeScript
Blade
