bookstack/website
Fork 4
Code Issues 5 Pull requests Activity

Added v21.10.2 release blogpost

Browse source 
Also fixed some gramatical errors in third-party-auth page
This commit is contained in:
Dan Brown 2021-10-28 15:53:04 +01:00
commit 47ec2c5cad
Signed by: danb
GPG key ID: 46D9F943C24A2EF9
4 changed files with 46 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

38
content/blog/security-release-v21-10-2.md Normal file
View file

@ -0,0 +1,38 @@
+++
categories = ["Releases"]
tags = ["Releases"]
title = "BookStack Security Release v21.10.2"
date = 2021-10-28T15:00:08Z
author = "Dan Brown"
image = "/images/blog-cover-images/lock-chepe-nicoli.jpg"
slug = "bookstack-release-v21-10-2"
draft = false
+++
BookStack v21.10.2 has been released. This is a security release that build upon changes
in v21.10.2 which covers a vulnerability which would allow malicious users, who have
permission to update or create pages, to upload content that could then be utilized
for phishing or other general malicious intent.
If you allow untrusted users to edit page content you should update as soon as possible.
* [Update instructions](https://www.bookstackapp.com/docs/admin/updates)
* [GitHub release page](https://github.com/BookStackApp/BookStack/releases/tag/v21.10.2)
### Full List of Changes
* Made further fixes to address image upload vulnerability. Thanks to again @haxatron ([#3019](https://github.com/BookStackApp/BookStack/issues/3019))
* Updated translations with latest changes from Crowdin. ([#3014](https://github.com/BookStackApp/BookStack/pull/3014))
### For More Information
If you have any questions or comments about this advisory:
* Open an issue in [the BookStack GitHub repository](BookStackApp/BookStack/issues).
* Ask on the [BookStack Discord chat](https://discord.gg/ztkBqR2).
* Follow the [BookStack security policy](https://github.com/BookStackApp/BookStack/blob/master/.github/SECURITY.md) to contact someone privately.
----
<span style="font-size: 0.8em;opacity:0.9;">Header Image Credits: <span>Photo by <a href="https://unsplash.com/@nicoli_?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText">Chepe Nicoli</a> on <a href="https://unsplash.com/?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText">Unsplash</a></span></span>

3
content/docs/admin/third-party-auth.md
View file

@ -35,7 +35,8 @@ GOOGLE_AUTO_REGISTER=true
TWITCH_AUTO_REGISTER=true
```
This will allow registration using these services even if registrations are disabled. It also allows registration if using LDAP as you main authentication option.
This will allow registration using these services even if registrations are disabled.
It also allows registration if using LDAP as your main authentication option.
#### Automatic Email Confirmation

6
content/docs/admin/updates.md
View file

@ -37,9 +37,9 @@ This is primarily a list of breaking changes & security notices.
Details of updates can be found on [our blog](https://www.bookstackapp.com/blog/) or via
the [GitHub releases page](https://github.com/BookStackApp/BookStack/releases).
#### Updating to v21.10.1 or higher
#### Updating to v21.10.1/v21.10.2 or higher
**Security** - v21.10.1 fixes a vulnerability
**Security** - Both v21.10.1 and v21.10.2 were released to address a vulnerability
which would allow malicious users, who have permission to update or create pages, to upload
content that could then be utilized for phishing or other general malicious intent.
@ -203,5 +203,5 @@ The v0.13 release contained some new features and updates which change the requi
Upgrade your PHP version if below 5.6.4.
* PHP-Tidy extension is now required.
- On Ubuntu 16.04 this can be installed via `sudo apt install php7.0-tidy`.
- On Ubuntu 14.04 (Using the defauly PHP option) this can be installed via `sudo apt-get install php5-tidy`.
- On Ubuntu 14.04 (Using the default PHP option) this can be installed via `sudo apt-get install php5-tidy`.
* Page attachments will be stored in the `storage/uploads` folder (Unless you use Amazon S3). This folder will be created on update. Ensure your webserver has write permissions for this folder.

BIN
static/images/blog-cover-images/lock-chepe-nicoli.jpg (Stored with Git LFS) Normal file
View file

Binary file not shown.