BookStack v23.02.2

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Fixed role deletion failing when submitting with empty migration role. (#4128)
• Fixed ownership migration upon user delete not working. (#4124)
• Updated translations with latest Crowdin changes. (#4074)

BookStack v23.02.1

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Fixed an issue with language loading in certain scenarios. (#4068)
• Updated translations with latest Crowdin changes. (#4066)

BookStack v23.02

Links

• Release video overview
• Update instructions
• Update details on blog

Upgrade Notices

• PHP Version Requirement Change - The minimum supported PHP version has changed from PHP 7.4 to PHP 8.0.2 in this release. Please see the v23.02 version-specific update instructions for guidance on updating PHP.
• Logical Theme System Event Change - The commonmark_environment_configure event argument and return types have changed. Please see the event definition to understand the new types if using this logical theme system event.

Full List of Changes

• Added user roles API endpoints. (#4051, #4034)
• Added configuration option for the sendmail command. (#4001)
• Added sort actions and accessible controls to the shelf book management interface. (#4049, #4031, #2050)
• Updated framework to Laravel 9. (#4021, #3123)
• Updated project minimum supported PHP version from 7.4 to 8.0.2. (#4029)
• Updated the URL length limit for link attachments to 2k characters. (#4044)
• Updated app icon handling to generate favicon.ico file where possible. (#4032)
• Updated setting loading to be more efficient. (#4062)
• Updated test handling with cleaner centralized filed/image handling. (#3995)
• Updated translations with latest Crowdin changes. (#4025)
• Fixed issue where uploaded images would not show in the gallery for draft pages. (#4028)
• Fixed issue with increasing WYSIWYG editor lag as pages grow. (#3981)
• Fixed potential pluralization issues in some languages. (#4040)
• Fixed slow response time when saving page due to URL parsing and handling. (#3932)

BookStack v23.01.1

Security Release

• Update Instructions
• Update details on blog

This is a security release that addresses a potential vulnerability in PDF generation that could be used to make server-side requests or run potential other PHP code.

Upgrade is advised where untrusted users have permission to create page content in your instance.

From testing, it appears that successful exploitation of this would require either the disabling of BookStack default security options, or access to the host machine system, but out of caution we're advising upgrade in any environment as specified above.

Full List of Changes

• Updated pdf library to address vulnerability. (#4010)
• Updated translations with latest Crowdin changes. (#4008)
• Fixed missing default 180px icon. (#4006)

BookStack v23.01

Links

• Release video overview
• Update instructions
• Update details on blog

Upgrade Notices

• Permission Changes - There have been changes to the permission system which can affect how permissions apply and therefore could lead to changes in provided abilities upon upgrade. This is only really relevant to complex permission scenarios that have only been possible since BookStack v22.10. Please see the Permission System Changes section below for more details on this.
• Database Upgrade Time - Changes to the permission system have required permissions to be regenerated upon upgrade. Due to this, the php artisan migrate upgrade step may take extra time to run, especially where there are a lot of content and/or roles in the system.

Full List of Changes

• Added ability to control app icon (favicon) via settings. (#3994, #3929, #301)
• Added ability to set separate colors for dark mode. (#2314, #4002)
• Added ability to set separate colors for primary color and links. (#3910, #4002)
• Added accessible controls to book sorting & improved user experience. (#3999, #3987)
• Added Scheme code highlight support. (#3954)
• Added SQL variant code highlighting support. (#3942)
• Added ability to configure an ID claim for OIDC. (#3914)
• Updated permission handling to be better defined and predictable. (#3986)
• Updated tag handling to show new row earlier. (#3931)
• Updated translations with latest Crowdin changes. (#3925)
• Updated codebase to address a range of PHP deprecations. (#3969)
• Updated internal testing to run OIDC tests faster. (#3985)
• Fixed header search results preview not being clickable in Safari. (#3926)
• Fixed informal German not receiving correct pluralisation. (#3976)
• Fixed lack of drawing access leading to infinite loading. (#3955)
• Fixed user image id existing after user avatar removal. (#3977)

BookStack v22.11.1

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Added smarty and twig template code language support. Thanks to @jhit. (#3879)
• Updated translations with latest Crowdin changes. (#3881)
• Fixed global search focus issue with arrow keys. (#3920)
• Fixed lack of scroll in editor sidebar views. (#2887)
• Fixed not being able to remove all user roles. (#3922)

BookStack v22.11

Links

• Release video overview
• Update instructions
• Update details on blog

Upgrade Notices

No notices for this release

Full List of Changes

• Added user interface shortcuts system. (#3830, #1216)
• Added global search live preview. (#3850)
• Added markdown preview pane resize/hide/sync controls. (#2215)
• Added Dart/Flutter support for code blocks & editor. (#3808)
• Added Swift language support for code blocks & editor. (#3847)
• Added login/register message partials for easier use via theme system. (#3848, #608)
• Added Georgian Language support on Crowdin. (#3823)
• Updated all interface tabular list views to new format with added functionality. (#3821)
• Updated markdown codebase to be modular and tidied some styles. (#3875)
• Updated dark mode styles with fixes and browser color scheme support. (#3878)
• Updated email confirmation routes to be confirmed via POST. (#3797)
• Updated JavaScript usage to align on single cleaned-up component system. (#3853)
• Updated our testing process to ensure PHP8.2 Support. (#3852)
• Updated tests to cover issue of permission regeneration with chapter in the recycle bin. (#3796)
• Updated translations with latest Crowdin changes. (#3828)
• Fixed app logo not being stored for public access when using "local_secure_restricted" images. (#3827)
• Fixed missing translations for some editor elements. (#3822)
• Fixed OIDC JWKs parsing when "use" property missing on keys. (#3869)

BookStack v22.10.2

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Updated translations with latest changes from Crowdin (#3791).

BookStack v22.10.1

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Fixes issue with generation permissions where a chapter is in the recycle bin. (commit)

BookStack v22.10

Links

• Release video overview
• Update instructions
• Update details on blog

Upgrade Notices

• Permission Management Changes - The interface and logic for managing shelf, book, chapter & page permissions has changed significantly in this release. The following should be noted:
  • Content permissions that were not active (where the "Enable Custom Permissions" checkbox was unchecked) will be removed upon upgrade to v22.10.
  • Content permission role entries, that had no permissions provided, will not be reflected/shown as a row in the permissions interface immediately upon upgrade. Instead such cases will be reflected via the "Everyone Else" permission entry being active, in a non-inheriting state, with no permissions set.
  • There should be no functional change to active permissions upon upgrade. Care has been taken to ensure existing permissions are migrated so that access control remains the same as pre-upgrade.

Full List of Changes

• Added Greek language. (#3732)
• Added MATLAB code syntax highlighting. (#3744)
• Added toolbar for code blocks in WYSIWYG editor to make mobile editing possible. (#2815)
• Updated content permissions interface & logic to allow more selective/intuitive control. (#3760)
• Update WYSIWYG table toolbar icons to be a little more legible. (#3397)
• Updated auth controller components to not depend on older Laravel library. (#3745, #3627)
• Updated book copy behaviour to copy book-shelf relations if permissions allow. (#3699)
• Updated books-read API endpoint to list child book/chapter tree. (#3734)
• Updated list style handling to align deeply nested list styling in & out of editor. (#3685)
• Updated shelf book management for easier touch device usage. (#2301)
• Updated tag suggestions to provide more accurate results. (#3720)
• Updated testing to support parallel running. (#3751)
• Updated tests to align/clean-up certain common actions. (#3757)
• Updated translations with latest Crowdin changes. (#3737)
• Fixed custom code block theme not used within the WYSIWYG editor. (#3753)
• Fixed issue where revision delete control would show to those without permission. (#3723)
• Fixed justified text not applying to list content. (#3750)
• Fixed not being able to deselect "Created/Update by me" search options. Thanks to @Wertisdk. (#3770, #3762)
• Fixed page popover being hidden behind content in chromium-based browsers. (#3774)
• Fixed SAML2 metadata display depending on external IDP metadata page. (#2480)
• Fixed squashing of columns in users list. (#3787)