Added v0.30.6 post

diff --git a/content/blog/beta-security-release-v0-30-6.md b/content/blog/beta-security-release-v0-30-6.md
new file mode 100644 (file) index 0000000..f159954
--- /dev/null
+++ b/content/blog/beta-security-release-v0-30-6.md
@@ -0,0 +1,51 @@
++++
+categories = ["Releases"]
+tags = ["Releases"]
+title = "Beta Security Release v0.30.6"
+date = 2020-12-17T21:30:00Z
+author = "Dan Brown"
+image = "/images/blog-cover-images/lock-door-waldemar-brandt.jpg"
+description = "BookStack v0.30.6 has been released to address an issue that could lead to restricted page content being visible in certain circumstances."
+slug = "beta-release-v0-30-6"
+draft = false
++++
+
+
+BookStack v0.30.6 has been released to address an issue that could lead to restricted page content being visible in certain circumstances.
+You should upgrade to this released as soon as possible if you make use of page-level permissions at all.
+
+* [Update instructions](https://www.bookstackapp.com/docs/admin/updates)
+* [GitHub release page](https://github.com/BookStackApp/BookStack/releases/tag/v0.30.6)
+
+
+### Impact
+
+If a chapter was visible to a user, but all of it's pages were made not visible, then the details of these pages could be visible. Within the BookStack interface, the names of the pages and preview content could be seen. If the parent book was exported then this would include the content of the pages that had been restricted.
+
+### Patches
+
+This has been patched in v0.30.6.
+
+### Workarounds
+
+Please update. As a temporary workaround you could ensure that there is at least one other page within a chapter that's visible to users. 
+
+### References
+
+* [BookStack Beta v0.30.6](https://github.com/BookStackApp/BookStack/releases/tag/v0.30.6)
+* [GitHub Issue #2414](https://github.com/BookStackApp/BookStack/issues/2414)
+
+### Attribution
+
+A big thanks to [@cdrfun](https://github.com/cdrfun) for [discovering and reporting](https://github.com/BookStackApp/BookStack/issues/2414) this issue.
+
+### For more information
+
+If you have any questions or comments about this advisory:
+* Open an issue in [the BookStack GitHub repository](BookStackApp/BookStack/issues).
+* Ask on the [BookStack Discord chat](https://discord.gg/ztkBqR2).
+* Follow the [BookStack Security Advice](https://github.com/BookStackApp/BookStack#-security) to contact someone privately.
+
+----
+
+<span style="font-size: 0.8em;opacity:0.9;">Header Image Credits: <span>Photo by <a href="https://unsplash.com/@waldemarbrandt67w?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText">Waldemar Brandt</a> on <a href="https://unsplash.com/s/photos/lock?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText">Unsplash</a></span></span>

diff --git a/content/docs/admin/updates.md b/content/docs/admin/updates.md
index 5d7bbc30395aa786803ec266e29c44862f73b79c..bdcd8bfbe7e64d89d951f1e492a3e92ab0a751ee 100644 (file)
--- a/content/docs/admin/updates.md
+++ b/content/docs/admin/updates.md
@@ -33,6 +33,10 @@ Check the below list for the version you are updating to for any additional inst
 
 The below lists things you may need to be aware of when upgrading to a newer version of BookStack.
 
+#### Updating to v0.30.6 or higher
+
+**Security** - v0.30.6 addresses an issue where page content could be visible to those without permission. If a chapter was visible to a user, but all of it's pages were made not visible, then the details of these pages could be visible. Within the BookStack interface, the names of the pages and preview content could be seen. If the parent book was exported then this would include the content of the pages that had been restricted. Please see the [blog release page for more details](/blog/beta-release-v0-30-6/).
+
 #### Updating to v0.30.5 or higher
 
 **Security** - v0.30.5 fixes an potential vulnerability where a user with edit permissions could perform server-side requests using the export system. Additionally it was found that, if using standard email/password authentication, the system host URL could be manipulated on the forgot password form which could allow for email phishing attempts. Ensure you have set the `APP_URL` option in your `.env` file to help prevent this. Please see the [blog release page for more details](/blog/beta-release-v0-30-5/).
@@ -83,7 +87,7 @@ sudo systemctl restart nginx.service
 
 #### Updating to v0.26 or higher
 
-**Internet Explorer Support** - IE11 Support has now been dropped. We *may* support any critical issues for view-only scenarios otherwise please use a modern browser.
+**Internet Explorer Support** - IE11 Support has now been dropped. Please use a modern browser.
 
 **Translations** - Since many interfaces and lines of text have been updated, It may take a little while for some translations to catch-up. Expect to see more English text than usual if you're using a non-English language option.
 

diff --git a/static/images/blog-cover-images/lock-door-waldemar-brandt.jpg b/static/images/blog-cover-images/lock-door-waldemar-brandt.jpg
new file mode 100644 (file) index 0000000..3de0d4b
--- /dev/null
+++ b/static/images/blog-cover-images/lock-door-waldemar-brandt.jpg
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8549305cb408ff9e41d2e306af415cdee444f3e6a20a6106d33a4fe271ba5cc1
+size 266321