Added post for v21.08.5 security release
This commit is contained in:
parent 5c3b64852e
commit b447a46aa8
GPG key ID: 46D9F943C24A2EF9
3 changed files with 53 additions and 1 deletions
39 content/blog/security-release-v21-08-5.md Normal file
39
content/blog/security-release-v21-08-5.md Normal file | | @ -0,0 +1,39 @@ | |||
+++ | ||||
categories = ["Releases"] | ||||
tags = ["Releases"] | ||||
title = "BookStack Security Release v21.08.5" | ||||
date = 2021-10-08T20:53:08Z | ||||
author = "Dan Brown" | ||||
image = "/images/blog-cover-images/lock-calina.jpg" | ||||
slug = "bookstack-release-v21-08-5" | ||||
draft = false | ||||
+++ | ||||
| ||||
BookStack v21.08.5 has been released. This is a security release that covers a vulnerability | ||||
which would allow malicious users, who have permission to update or create pages, to load content | ||||
from files stored within the `storage/` or `public/` directories (Such as application logs) via the | ||||
page HTML export system. | ||||
| ||||
If you allow untrusted users to edit page content you should update as soon as possible. | ||||
| ||||
This release also changes the way browser response caching is performed, while logged in, | ||||
to help prevent navigating back to confidential content after logout. | ||||
| ||||
* [Update instructions](https://www.bookstackapp.com/docs/admin/updates) | ||||
* [GitHub release page](https://github.com/BookStackApp/BookStack/releases/tag/v21.08.5) | ||||
| ||||
### Additional Changes | ||||
| ||||
- Added concurrent page editing warnings upon draft save events. Thanks to [@MatthieuParis](https://github.com/BookStackApp/BookStack/pull/2877) ([#2877](https://github.com/BookStackApp/BookStack/pull/2877)) | ||||
- Updated translations with the latest changes from Crowdin. ([#2953](https://github.com/BookStackApp/BookStack/pull/2953)) | ||||
| ||||
### For more information | ||||
| ||||
If you have any questions or comments about this advisory: | ||||
* Open an issue in [the BookStack GitHub repository](BookStackApp/BookStack/issues). | ||||
* Ask on the [BookStack Discord chat](https://discord.gg/ztkBqR2). | ||||
* Follow the [BookStack Security Advice](https://github.com/BookStackApp/BookStack#-security) to contact someone privately. | ||||
| ||||
---- | ||||
| ||||
<span style="font-size: 0.8em;opacity:0.9;">Header Image Credits: <span>Photo by <a href="https://unsplash.com/@calina?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Georg Bommeli</a> on <a href="https://unsplash.com/?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a></span></span> | ||||
Loading…
Add table
Add a link
Reference in a new issue