BookStack v22.11

Links

• Release video overview
• Update instructions
• Update details on blog

Upgrade Notices

No notices for this release

Full List of Changes

• Added user interface shortcuts system. (#3830, #1216)
• Added global search live preview. (#3850)
• Added markdown preview pane resize/hide/sync controls. (#2215)
• Added Dart/Flutter support for code blocks & editor. (#3808)
• Added Swift language support for code blocks & editor. (#3847)
• Added login/register message partials for easier use via theme system. (#3848, #608)
• Added Georgian Language support on Crowdin. (#3823)
• Updated all interface tabular list views to new format with added functionality. (#3821)
• Updated markdown codebase to be modular and tidied some styles. (#3875)
• Updated dark mode styles with fixes and browser color scheme support. (#3878)
• Updated email confirmation routes to be confirmed via POST. (#3797)
• Updated JavaScript usage to align on single cleaned-up component system. (#3853)
• Updated our testing process to ensure PHP8.2 Support. (#3852)
• Updated tests to cover issue of permission regeneration with chapter in the recycle bin. (#3796)
• Updated translations with latest Crowdin changes. (#3828)
• Fixed app logo not being stored for public access when using "local_secure_restricted" images. (#3827)
• Fixed missing translations for some editor elements. (#3822)
• Fixed OIDC JWKs parsing when "use" property missing on keys. (#3869)

BookStack v22.10.2

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Updated translations with latest changes from Crowdin (#3791).

BookStack v22.10.1

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Fixes issue with generation permissions where a chapter is in the recycle bin. (commit)

BookStack v22.10

Links

• Release video overview
• Update instructions
• Update details on blog

Upgrade Notices

• Permission Management Changes - The interface and logic for managing shelf, book, chapter & page permissions has changed significantly in this release. The following should be noted:
  • Content permissions that were not active (where the "Enable Custom Permissions" checkbox was unchecked) will be removed upon upgrade to v22.10.
  • Content permission role entries, that had no permissions provided, will not be reflected/shown as a row in the permissions interface immediately upon upgrade. Instead such cases will be reflected via the "Everyone Else" permission entry being active, in a non-inheriting state, with no permissions set.
  • There should be no functional change to active permissions upon upgrade. Care has been taken to ensure existing permissions are migrated so that access control remains the same as pre-upgrade.

Full List of Changes

• Added Greek language. (#3732)
• Added MATLAB code syntax highlighting. (#3744)
• Added toolbar for code blocks in WYSIWYG editor to make mobile editing possible. (#2815)
• Updated content permissions interface & logic to allow more selective/intuitive control. (#3760)
• Update WYSIWYG table toolbar icons to be a little more legible. (#3397)
• Updated auth controller components to not depend on older Laravel library. (#3745, #3627)
• Updated book copy behaviour to copy book-shelf relations if permissions allow. (#3699)
• Updated books-read API endpoint to list child book/chapter tree. (#3734)
• Updated list style handling to align deeply nested list styling in & out of editor. (#3685)
• Updated shelf book management for easier touch device usage. (#2301)
• Updated tag suggestions to provide more accurate results. (#3720)
• Updated testing to support parallel running. (#3751)
• Updated tests to align/clean-up certain common actions. (#3757)
• Updated translations with latest Crowdin changes. (#3737)
• Fixed custom code block theme not used within the WYSIWYG editor. (#3753)
• Fixed issue where revision delete control would show to those without permission. (#3723)
• Fixed justified text not applying to list content. (#3750)
• Fixed not being able to deselect "Created/Update by me" search options. Thanks to @Wertisdk. (#3770, #3762)
• Fixed page popover being hidden behind content in chromium-based browsers. (#3774)
• Fixed SAML2 metadata display depending on external IDP metadata page. (#2480)
• Fixed squashing of columns in users list. (#3787)

BookStack v22.09.1

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Added PHPCS for project PHP formatting. (#3728)
• Updated SAML error handling to display additional error detail. (#3731)
• Updated translations with latest Crowdin updates. (#3710)
• Updated locale setting to help apply right locale on Windows. (#3650)

BookStack v22.09

Links

• Release video overview
• Update instructions
• Update details on blog

Upgrade Notices

• Security - This release cycle contained a security release that added detail that's important to consider when BookStack content is used externally. See the v22.07.3 post for more detail.
• Revision Visibility - This update fixes a permission disparity with revisions. Revision content has always been accessible to those with page-view permissions, but the links to the revisions list previously required page-edit permission to show. This has been aligned, which may mean page revision links may now show to those that did not previously see them.
• Revision Limit Change - The default, per-page, revision limit has been doubled from 50 to 100, to account for new system-content updates that may occur. If desired, you can configure this to a custom value.
• Reference Index - New features have been added to track links between content in BookStack, which uses an internal reference index. Upon upgrade from an older BookStack version, this index will need to be rebuilt. This can be done with the "Regenerate References" command or via the "Regenerate References" maintenance action within BookStack.

Full List of Changes

• Added cross-item link reference tracking & updating. (#3656, #3683, #1969)
• Added OIDC group sync functionality. (#3616, #3004)
• Added reference view to shelves, chapters, books & pages. (#2864)
• Added new local_secure_restricted image storage option. (#3693)
• Added "page_include_parse" theme event. (#3698)
• Updated API docs to add detail for the request format. (#3652)
• Updated revision link visibility to show to users. (#2946)
• Updated shelf naming to be consistent across system. (#3553)
• Updated translations with latest Crowdin changes. (#3643, #3701)
• Updated role edit/create form with clarification upon image access permissions. (#3688)
• Fixed dates not using the correct encoding on some systems. (#3590)
• Fixed image delete button showing to those without permission to delete. (#3697)
• Fixed incorrect comment counts on Chinese language options. (#3554)
• Fixed list indentation when next to floated images. (#3672)
• Fixed various RTL text interface issues. (#3702)
• Fixed WYSIWYG drawing update not triggering draft save. (#3682)
• Fixed some additional SVG-based script cases not being filtered. (#3705)

BookStack v22.07.3

Security Release

• Update Instructions
• Update details on blog

This is a security release that adds additional filtering to page content to prevent certain cross-site-scripting techniques. These cross-site-scripting techniques would be already by blocked by BookStack's usage of Content-Security-Policy, but this change will help scenarios where BookStack content is used externally.

In addition, the API documentation has been updated with a section focused on content security to explain the security techniques BookStack uses by default, and to relay considerations for using BookStack content in an external system. The security page of our documentation has also been updated with such considerations:

https://www.bookstackapp.com/docs/admin/security/#using-content-externally

Upgrade is advised where BookStack content, accessible to edit by untrusted users, is used externally.
Those using BookStack content externally (API-based app developers) should read the new documentation and add any advised protections as necessary.

Thanks to the "JPCERT/CC Vulnerability Coordination Group" contact and the original reporter, Kenichi Okuno of Mitsui Bussan Secure Directions, Inc, for disclosing their report of the relevant vulnerability scenarios.

Full List of Changes

• Added API documentation section to advise of content security. (#3636)
• Updated Persian translations. Thanks to @samadha56. (#3639)
• Updated code block rendering to help prevent blank blocks on fresh cache. (#3637)
• Updated HTML filtering to prevent SVG animate case. (#3636)
• Updated translations with latest changes from Crowdin. (#3635)
• Updated revision list view to help prevent system memory exhaustion. (#3633)
• Fixed issue with permission checking prevent certain actions where permission should have allowed. (#3632)

BookStack v22.07.2

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Added body-start/end partials to export template, for easier export customization via the visual theme system. (#3630)
• Added activity recording for revision delete/restore. (#3628)
• Updated translations with latest changes from Crowdin. (#3625)
• Updated user validation with sensible limit to name input. (#3614)
• Fixed issue where activity type could not be selected in the audit log. (#3623)
• Fixed possibility of breaking page load due to bad user language input. (#3615)

BookStack v22.07.1

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Fixed issue where old WYSWYG editor code would be cached, preventing the editor from showing. (#3611)
• Updated translations with latest Crowdin changes. (#3605)

BookStack v22.07

Links

• Update instructions
• Update details on blog

Full List of Changes

• Added 'Sort Book' action to chapters. (#3598, #2335)
• Added ability to favourite code languages in the WYSIWYG code editor. (#3593, #3542)
• Added option to set IP address storage precision. (#3560)
• Added tag-based css classes to the HTML body tag for tag-based content CSS targeting. (#3583)
• Added new Logical Theme System event, emitted upon any system activity event. (#3572)
• Added editor shortcuts for bullet and numbered lists. (#3599, #1269)
• Updated shelf book management interface with better usability and book search bar. (#3591, #3266)
• Updated translations with latest changes from Crowdin. (#3600, #3545)
• Updated WYSIWYG editor to TinyMCE 6. (#3580, #3517)
• Updated DOMPDF, and other PHP dependencies. (#3579)
• Updated permission system to only "cache" view-based permissions for better performance, and made many other performance improvements. (#3569)
• Updated WYSIWYG color options to have no names, for better cross-language usage. (#3530)
• Updated tests to use ssddanbrown/asserthtml library. (#3519)
• Fixed comment count translation in Chinese translations. Thanks to @GongMingCai. (#3556)
• Fixed issue where AVATAR_URL=false would not properly disable Gravatar fetching. (#1835)
• Fixed some German translation typos and grammar. Thanks to @smartshogu. (#3570)
• Fixed issue where WYSIWYG toolbar would remain when after inserting a drawing. (#3597)