Skip to content

BookStack Beta v0.25.5
Compare
Choose a tag to compare
@ssddanbrown ssddanbrown released this 24 Mar 19:58
v0.25.5
This tag was signed with the committer’s verified signature.
ssddanbrown Dan Brown
GPG key ID: 46D9F943C24A2EF9
Learn about vigilant mode.
934512d
This commit was signed with the committer’s verified signature.
ssddanbrown Dan Brown
GPG key ID: 46D9F943C24A2EF9
Learn about vigilant mode.

Security Release

This release works on the changes from v0.25.4 and v0.25.3 to include additional security measures on file uploads.

For this release, Uploaded image files which have a name that includes more than a single extension are prevented from being uploaded since these could be used to upload executable files on some web-servers. In addition, Attachment uploads are now saved with randomly generated file names to make such upload operations safer to file name exploits.

Additional Changes

This release also contains the following translation updates:

Assets 2
Loading